Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to properly protect sysctl on Linux from spoofing and Syn flooding ??
1) This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
Linux
2) User with sudo privileges
Note: I will be demonstrating an example on Ubuntu Server 18.04, but the process is the same for most Linux distributions.
3) How to edit sysctl config file
Log into your Linux server or desktop and open a terminal window.
4) In the terminal enter the command:
sudo nano /etc/sysctl.conf
5) First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
6) Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
7) Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
8) Add the following line below this:
net.ipv4.conf.default.accept_redirects = 0
9) Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 45
The above settings do the following:
10 ) Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
Save and close the file.
11) How to reload the configuration
You can reload the configuration with the command:
sudo sysctl -p
I found that the sysctl -p command did not load the tcp_max_syn_backlog correctly.
Only after a reboot was the value 2048 added.
So, after running the sudo sysctl -p command, enter the command:
sudo less / proc / sys / net / ipv4 / tcp_max_syn_backlog
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to properly protect sysctl on Linux from spoofing and Syn flooding ??
1) This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
Linux
2) User with sudo privileges
Note: I will be demonstrating an example on Ubuntu Server 18.04, but the process is the same for most Linux distributions.
3) How to edit sysctl config file
Log into your Linux server or desktop and open a terminal window.
4) In the terminal enter the command:
sudo nano /etc/sysctl.conf
5) First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
6) Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
7) Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
8) Add the following line below this:
net.ipv4.conf.default.accept_redirects = 0
9) Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 45
The above settings do the following:
10 ) Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
Save and close the file.
11) How to reload the configuration
You can reload the configuration with the command:
sudo sysctl -p
I found that the sysctl -p command did not load the tcp_max_syn_backlog correctly.
Only after a reboot was the value 2048 added.
So, after running the sudo sysctl -p command, enter the command:
sudo less / proc / sys / net / ipv4 / tcp_max_syn_backlog
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Eight departments: In 2025, express e-commerce mail can effectively no longer be repackaged.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I know which process is listening on a specific port in the Windows operating system?
This article will help you find the name of the process listening on a specific port on a Windows system.
Sometimes, when installing an application, you might encounter a " port in use " problem .
You can choose one of the two methods below.
The first method uses netstat to find the pid of the process listening on a specific port, then uses the task list to find the process name by pid.
2) Using the command line
Use the following command to find out the process id (pid) listening on port 433 .
You can change this value to look for a different port.
netstat -aon | findstr ": 443" | findstr "LISTENING"
Conclusion:
TCP 0.0.0.0:443 0.0.0.0 0 LISTENING 2180
TCP 127.0.0.1:44312 0.0.0.0 0 LISTENING 4620
TCP [::]: 443 [::]: 0 LISTENING 2180
2) The last column of the output displays the process ID.
The output will shows on your screan the pid is 2189 and 4620 for processes listening on port 443.
Use this process ID with the task list command to find the process name.
tasklist / fi "pid eq 2190"
3) Using PowerShell Get-Process
The second method uses a PowerShell command to identify the process running on a specific port on Windows.
Start a PowerShell terminal and run the following command to find the name of the process running on port 443.
You can change the port number to check for other ports.
Get-Process -Id (Get-NetTCPConnection -LocalPort 443) .OwningProcess
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I know which process is listening on a specific port in the Windows operating system?
This article will help you find the name of the process listening on a specific port on a Windows system.
Sometimes, when installing an application, you might encounter a " port in use " problem .
You can choose one of the two methods below.
The first method uses netstat to find the pid of the process listening on a specific port, then uses the task list to find the process name by pid.
2) Using the command line
Use the following command to find out the process id (pid) listening on port 433 .
You can change this value to look for a different port.
netstat -aon | findstr ": 443" | findstr "LISTENING"
Conclusion:
TCP 0.0.0.0:443 0.0.0.0 0 LISTENING 2180
TCP 127.0.0.1:44312 0.0.0.0 0 LISTENING 4620
TCP [::]: 443 [::]: 0 LISTENING 2180
2) The last column of the output displays the process ID.
The output will shows on your screan the pid is 2189 and 4620 for processes listening on port 443.
Use this process ID with the task list command to find the process name.
tasklist / fi "pid eq 2190"
3) Using PowerShell Get-Process
The second method uses a PowerShell command to identify the process running on a specific port on Windows.
Start a PowerShell terminal and run the following command to find the name of the process running on port 443.
You can change the port number to check for other ports.
Get-Process -Id (Get-NetTCPConnection -LocalPort 443) .OwningProcess
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Google & youtube
Having maintenance now, for updates, use vpn to Saudy, and it workβs well
Having maintenance now, for updates, use vpn to Saudy, and it workβs well
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
An attack or technical problem? Google server downtime issue, and all google services such Gmail, YouTube, Google Docs.. down!
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to keep iptables firewall rules on Linux forever?
1) Permanently saving iptables firewall rules on Linux
You need to use the following commands to keep your iptables firewall rules permanently:
Iptables-save or ip6tables-save command - saves or dumps the contents of IPv4 or IPv6 tables in an easily parsed format to the screen or to a specified file.
Iptables-restore command or ip6tables-restore command -
2) Restores IPv4 or IPv6 firewall rules and tables from a given file on Linux.
Step 1 - Open Terminal
Open a terminal application and enter the following commands.
3) To log into a remote server using the ssh command:
$ ssh admin@server1.iundercode.help
You must enter the following command as root using the sudo or su command.
Step 2. Save the Linux firewall rules for IPv4 and IPv6.
Debian ΠΈ Ubuntu Linux:
$ sudo /sbin/iptables-save > /etc/iptables/rules.v4
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/iptables/rules.v6
CentOS / RHEL:
$ sudo /sbin/iptables-save > /etc/sysconfig/iptables
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/sysconfig/ip6tables
4) Displaying saved rules on Linux
We can display the saved file using cat command or search using grep / egrep command:
$ cat /etc/iptables/rules.v4
Step 3. Restoring the Linux firewall rules for IPv4 and IPv6.
We'll just reverse the above commands in reverse order for each operating system:
## Debian or Ubuntu ##
$ sudo /sbin/iptables-restore < /etc/iptables/rules.v4
$ sudo /sbin/ip6tables-restore < /etc/iptables/rules.v6
## CentOS/RHEL ##
$ sudo /sbin/iptables-save < /etc/sysconfig/iptables
$ sudo /sbin/ip6tables-save < /etc/sysconfig/ip6tables
Step 4 - Installing the iptables-persistent package for Debian or Ubuntu Linux
5) Note that the following command will conflict with iptables interfaces such as ufw or firewall-cmd. Avoid using the following packages if you are using these tools.
We need to install iptables-persistent.
It will act as a loader for Netfilter rules, the iptables netfilter-persistent plugin, which is a loader for Netfilter configuration using a plugin based architecture.
In other words, automatic loading of saved iptables rules from above files.
6) Enter the following apt command or apt-get command:
$ sudo apt install iptables-persistent
$ sudo apt-get install iptables-persistent
7) Make sure services are enabled on Debian or Ubuntu using the systemctl command:
$ sudo systemctl is-enabled netfilter-persistent.service
If not, enable:
$ sudo systemctl enable netfilter-persistent.service
Checking status:
$ sudo systemctl status netfilter-persistent.service
Step 5 - Install the iptables-services package for RHEL / CentOS
By default, RHEL / CentOS 7 or 8 comes with firewalld.
If you want a good old file firewall, enter the following commands:
$ sudo systemctl stop firewalld.service
$ sudo systemctl disable firewalld.service
$ sudo systemctl mask firewalld.service
$ sudo yum install iptables-services
$ sudo systemctl enable iptables
$ sudo systemctl enable ip6tables
$ sudo systemctl status iptables
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to keep iptables firewall rules on Linux forever?
1) Permanently saving iptables firewall rules on Linux
You need to use the following commands to keep your iptables firewall rules permanently:
Iptables-save or ip6tables-save command - saves or dumps the contents of IPv4 or IPv6 tables in an easily parsed format to the screen or to a specified file.
Iptables-restore command or ip6tables-restore command -
2) Restores IPv4 or IPv6 firewall rules and tables from a given file on Linux.
Step 1 - Open Terminal
Open a terminal application and enter the following commands.
3) To log into a remote server using the ssh command:
$ ssh admin@server1.iundercode.help
You must enter the following command as root using the sudo or su command.
Step 2. Save the Linux firewall rules for IPv4 and IPv6.
Debian ΠΈ Ubuntu Linux:
$ sudo /sbin/iptables-save > /etc/iptables/rules.v4
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/iptables/rules.v6
CentOS / RHEL:
$ sudo /sbin/iptables-save > /etc/sysconfig/iptables
## IPv6 ##
$ sudo /sbin/ip6tables-save > /etc/sysconfig/ip6tables
4) Displaying saved rules on Linux
We can display the saved file using cat command or search using grep / egrep command:
$ cat /etc/iptables/rules.v4
Step 3. Restoring the Linux firewall rules for IPv4 and IPv6.
We'll just reverse the above commands in reverse order for each operating system:
## Debian or Ubuntu ##
$ sudo /sbin/iptables-restore < /etc/iptables/rules.v4
$ sudo /sbin/ip6tables-restore < /etc/iptables/rules.v6
## CentOS/RHEL ##
$ sudo /sbin/iptables-save < /etc/sysconfig/iptables
$ sudo /sbin/ip6tables-save < /etc/sysconfig/ip6tables
Step 4 - Installing the iptables-persistent package for Debian or Ubuntu Linux
5) Note that the following command will conflict with iptables interfaces such as ufw or firewall-cmd. Avoid using the following packages if you are using these tools.
We need to install iptables-persistent.
It will act as a loader for Netfilter rules, the iptables netfilter-persistent plugin, which is a loader for Netfilter configuration using a plugin based architecture.
In other words, automatic loading of saved iptables rules from above files.
6) Enter the following apt command or apt-get command:
$ sudo apt install iptables-persistent
$ sudo apt-get install iptables-persistent
7) Make sure services are enabled on Debian or Ubuntu using the systemctl command:
$ sudo systemctl is-enabled netfilter-persistent.service
If not, enable:
$ sudo systemctl enable netfilter-persistent.service
Checking status:
$ sudo systemctl status netfilter-persistent.service
Step 5 - Install the iptables-services package for RHEL / CentOS
By default, RHEL / CentOS 7 or 8 comes with firewalld.
If you want a good old file firewall, enter the following commands:
$ sudo systemctl stop firewalld.service
$ sudo systemctl disable firewalld.service
$ sudo systemctl mask firewalld.service
$ sudo yum install iptables-services
$ sudo systemctl enable iptables
$ sudo systemctl enable ip6tables
$ sudo systemctl status iptables
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Fiji Miner Botnet, which bloomed in the debate on vulnerability, mines cryptocurrency.
#Vulnerabilities
#Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Is Tor Safe?
1) That seems to be the question, alright. And to that, well, it really depends on whom you ask, because there are always wolves in sheep's clothing out there who stand to gain from your ignorance. Many say no. A few say yes. The media, for all their expertise in things political and social, come up woefully lacking when something as complex as Tor is discussed.
2) Case in point: Gizmodo reported that in December, 2014, a group of hackers managed to compromise enough Tor relays to decloak Tor users. If you're just hearing this for the first time, part of what makes Tor anonymous is that it relays your data from one node to another. It was believed that if they compromised enough of them, then they could track individual users on the Tor network and reveal their real life identities. Kind of like how the agents in The Matrix find those who've been unplugged.
3) Anyway as luck would have it, it turned out to be kiddie script-hackers with too much time on their hands who simply wanted a new target to hack. Who knows why. Could be that they'd toyed with the Playstation Network and Xbox users long enough and simply wanted a curious peak here and there. These were not superhacker-level NSA members, either.
4) But as is usually the case with the media, this attack attracted the attention of a few bloggers and tech journalists unsympathetic to Tor and frankly, ignorant of what really constitutes a threat. The Tor devs commented on it, too:
"This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."
(from tor book)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Is Tor Safe?
1) That seems to be the question, alright. And to that, well, it really depends on whom you ask, because there are always wolves in sheep's clothing out there who stand to gain from your ignorance. Many say no. A few say yes. The media, for all their expertise in things political and social, come up woefully lacking when something as complex as Tor is discussed.
2) Case in point: Gizmodo reported that in December, 2014, a group of hackers managed to compromise enough Tor relays to decloak Tor users. If you're just hearing this for the first time, part of what makes Tor anonymous is that it relays your data from one node to another. It was believed that if they compromised enough of them, then they could track individual users on the Tor network and reveal their real life identities. Kind of like how the agents in The Matrix find those who've been unplugged.
3) Anyway as luck would have it, it turned out to be kiddie script-hackers with too much time on their hands who simply wanted a new target to hack. Who knows why. Could be that they'd toyed with the Playstation Network and Xbox users long enough and simply wanted a curious peak here and there. These were not superhacker-level NSA members, either.
4) But as is usually the case with the media, this attack attracted the attention of a few bloggers and tech journalists unsympathetic to Tor and frankly, ignorant of what really constitutes a threat. The Tor devs commented on it, too:
"This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."
(from tor book)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The 5G security forum is held by the Korea Information Security Industry Association.
#international
#international
Forwarded from UNDERCODE NEWS
Oracle escapes from Silicon Valley. Experts: Wow, how the state-owned company collapsed!
#international
#international
