On Thu, January 5, 2017 17:23, Always Learning wrote:
Cyber attacks are gradually replacing armed conflicts.
Better fight with bits than blood.
James B. Byrne wrote:
On Thu, January 5, 2017 17:23, Always Learning wrote:
Cyber attacks are gradually replacing armed conflicts.
Better fight with bits than blood.
Yes, but... attacks on the friggin' IoT could result in lots of blood. Or, less so, what do you mean all the rail lines have been knocked out of commission for a week, and we can't get food to the eastern half of the country? Or power?
mark
On Fri, 2017-01-06 at 12:54 -0500, m.roth@5-cent.us wrote:
James B. Byrne wrote:
On Thu, January 5, 2017 17:23, Always Learning wrote:
Cyber attacks are gradually replacing armed conflicts.
Better fight with bits than blood.
Yes, but... attacks on the friggin' IoT could result in lots of blood. Or, less so, what do you mean all the rail lines have been knocked out of commission for a week, and we can't get food to the eastern half of the country? Or power?
(1) For national infrastructures, a "parallel" Internet-type communications network, totally isolated from the real Internet.
(2) Governments should educate their country's computer people to recognise vulnerabilities and how to block them; too many self-declared "komputar xperts" haven't a clue about robust security.
Query: How did the Reds get into the Democrats computer systems ? Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up.
On Mon, Jan 09, 2017 at 04:33:01PM +0000, Always Learning wrote:
recognise vulnerabilities and how to block them; too many self-declared "komputar xperts" haven't a clue about robust security.
Thank you SO very much for this. I am still laughing at the irony after 5 whole minutes. This made my entire Monday.
John
--
Pessimists just can't win: the damned glass is half full of air.
-- Logos01, #rhel
On 1/9/2017 8:33 AM, Always Learning wrote:
Query: How did the Reds get into the Democrats computer systems ? Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up.
primary attack was cracking a too easy password on Podesta's webmail account, quite probably via phishing/human engineering. doesn't matter what the OS is.
On Fri, 2017-01-06 at 11:08 -0500, James B. Byrne wrote:
On Thu, January 5, 2017 17:23, Always Learning wrote:
Cyber attacks are gradually replacing armed conflicts.
Better fight with bits than blood.
Agreed. One of my Apache defences is to redirect probes/hacks to 127.0.0.1 :-)
Another is to use sudo to block their IPs.
On Mon, Jan 09, 2017 at 04:23:05PM +0000, Always Learning wrote:
Agreed. One of my Apache defences is to redirect probes/hacks to 127.0.0.1 :-)
Would you be willing to share this rewrite rule with the list, please? Some may find it useful. Thank you.
John
On Mon, 2017-01-09 at 11:06 -0600, John R. Dennison wrote:
On Mon, Jan 09, 2017 at 04:23:05PM +0000, Always Learning wrote:
Agreed. One of my Apache defences is to redirect probes/hacks to 127.0.0.1 :-)
Would you be willing to share this rewrite rule with the list, please? Some may find it useful. Thank you.
(1) Hosting several web sites on a single IPv4 address.
(2) Create Apache Virtual Hosts for each web site plus one extra.
(3) Assuming the IP address is 1.2.3.4 and that IP address has a host name of dummy.domain.com *and* no web site is hosted with the name dummy.domain.com
(4) The 'extra' Apache Virtual Host file contains ....
<VirtualHost 1.2.3.4:80 dummy.domain.com:80> DocumentRoot /prod/web/domains/dummy/ ServerName 1.2.3.4 CustomLog ............ ErrorLog ........... HostnameLookups Off
<Directory /prod/web/domains/dummy/> Header set Access-Control-Allow-Methods "GET" Order Deny,Allow Allow from all
RedirectMatch permanent ^/(.*)$ http://127.0.0.1/
</Directory> </VirtualHost>
(5) Any attempt to access:-
* using the IP address as a web site host name, or
* the host name of the IP address as a web site host name,
is diverted to 127.0.0.1
Hello Paul,
On Tue, 2017-01-10 at 12:00 +0000, Always Learning wrote:
(4) The 'extra' Apache Virtual Host file contains ....
<VirtualHost 1.2.3.4:80 dummy.domain.com:80>
Why do you add dummy.domain.com:80 here as the match is done on the ServerName?
DocumentRoot /prod/web/domains/dummy/ ServerName 1.2.3.4 CustomLog ............ ErrorLog ........... HostnameLookups Off
Regards, Leonard.
Goeiemiddag Leonard,
On Tue, 2017-01-10 at 12:00 +0000, Always Learning wrote:
(4) The 'extra' Apache Virtual Host file contains ....
<VirtualHost 1.2.3.4:80 dummy.domain.com:80>
Why do you add dummy.domain.com:80 here as the match is done on the ServerName?
DocumentRoot /prod/web/domains/dummy/ ServerName 1.2.3.4 CustomLog ............ ErrorLog ........... HostnameLookups Off
(5) IP addresses hosting multiple web sites will have a host name. That host name is unlikely to be the name of one of the hosted web sites. For example
1.2.3.4 4-3-2-1-static.friendly-ip.com
Thus, if an attempt is made to connect to "a web site" with a domain name of "4-3-2-1-static.friendly-ip.com", it will not be a genuine access attempt, by a genuine web user, to a genuine web site.
It is likely an access attempt to a non-hosted web site name on 1.2.3.4 will automatically be redirected by Apache to the 1.2.3.4 virtual domain. One could say the host name, 4-3-2-1-static.friendly-ip.com, is not absolutely required in the 1.2.3.4 virtual host file.
Not knowing whether all access attempts to the IP host name will always be directed to the 1.2.3.4 virtual host file, I included the host name.
(6) Another example is a Virtual Private Server (VPS) hosting multiple web sites and a mail server (Mail Transfer Agent = MTA) on a single IP address.
The web sites could be:-
sunshine-in-winter.com centos-is-wonderful.eu ilovelinux.uk ikhouvanmijbuurvrouw.nl etc.
The mail server (MTA) could be:-
mail3.example.com
When someone attempts to access web site "mail3.example.com", having that "web site name" in the Apache virtual host file, results in the request instantly being redirected to 127.0.0.1 One can have several "web site names" in the virtual host file, in addition to the IP address.
Similarly, if someone attempts to send emails to .....@mail3.example.com the mail server should reject it because that "domain name" is not a genuine email address domain name for the MTA.
(7) I developed an Apache error processing system. It consists of several PHP routines. It does not work for status codes of 400 or 500 (I do not know why) but it does for 403 and 404.
That system, shared by all hosted web sites, examines the requested web page name and compares it to two lists, one starting with /... and the other with keywords in any position. If a match is found, the IP address is placed in a monthly table (in IPtables) and blocked (sudo command in a PHP routine). This means after the first conspicuously wrong (deliberately wrong) attempt to access a non-existent web page, the IP address is instantly blocked.
I'm a self-taught Linux user who chose Centos years ago. I am glad I did. I am continually learning new things almost every day.
Hi Paul,
On Wed, 2017-01-11 at 12:43 +0000, Always Learning wrote:
Goeiemiddag Leonard,
Heh :) . I was just thinking yesterday, "lekker ananas" :-) .
One could say the host name, 4-3-2-1-static.friendly-ip.com, is not absolutely required in the 1.2.3.4 virtual host file.
Not knowing whether all access attempts to the IP host name will always be directed to the 1.2.3.4 virtual host file, I included the host name.
After replying to your mail I realized that I've been using a fallback on my server for quite while now. Not a redirect to localhost, but a fallback page.
The fact that all this stuff just works makes you forget the details. So I looked it up, and indeed, you do *not* need to specify the specific host name(s). I use a catch all virtual host
<VirtualHost 176.9.136.165:80> ServerName 176.9.136.165
which catches web access to a.o. mail.ottolander.nl and kelapa.ottolander.nl (coconuts not pineapples these days ;) ) without having to specify each domain name individually.
Regards, Leonard.
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Always Learning Sent: Monday, January 09, 2017 11:23 AM To: Centos centos@centos.org Subject: Re: [CentOS] Firefox Issue
On Thu, January 5, 2017 17:23, Always Learning wrote:
Cyber attacks are gradually replacing armed conflicts.
Better fight with bits than blood.
Agreed. One of my Apache defenses is to redirect probes/hacks to 127.0.0.1 :-)
I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here, plus using mod_geoip, ipset, and the mother of all network level blacklists in ipset. One large list that cut the number of attacks was blocking ALL Amazon AWS services. That reduced attacks by at least half.
-- Cinderella works for the CIA.
On Mon, January 9, 2017 11:16 am, Albert McCann wrote:
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Always Learning Sent: Monday, January 09, 2017 11:23 AM To: Centos centos@centos.org Subject: Re: [CentOS] Firefox Issue
On Thu, January 5, 2017 17:23, Always Learning wrote:
Cyber attacks are gradually replacing armed conflicts.
Better fight with bits than blood.
Agreed. One of my Apache defenses is to redirect probes/hacks to 127.0.0.1 :-)
I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here, plus using mod_geoip, ipset, and the mother of all network level blacklists in ipset. One large list that cut the number of attacks was blocking ALL Amazon AWS services. That reduced attacks by at least half.
Clousflare would be another one worth mentioning. They are much nastier, BTW, IMHO:
https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/
Valeri
-- Cinderella works for the CIA.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Valeri Galtsev Sent: Monday, January 09, 2017 12:26 PM To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] Firefox Issue
One large list that cut the number of attacks was blocking ALL Amazon AWS services. That reduced attacks by at least half.
Clousflare would be another one worth mentioning. They are much nastier, BTW, IMHO:
Yeah, thanks, I added them too.
-- My computer was sold to me by Mad Man Muntz.
-
Albert McCann -
Always Learning -
James B. Byrne -
John R Pierce -
John R. Dennison -
Leonard den Ottolander -
m.roth@5-cent.us -
Valeri Galtsev