β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§LINUX SECURITY TIP
How to monitor packets passing through the firewall
Configure rsyslog to use the log file /var/log/firewall_trace.log for firewall tracing.
$ cat << EOF | sudo tee /etc/rsyslog.d/01-firewall_trace.conf
# Log messages generated by iptables firewall to file
if \ $ syslogfacility-text == 'kern' and \ $ msg contains 'TRACE' then /var/log/firewall_trace.log
# stop processing it further
& stop
EOF
Apply rsyslog configuration.
$ sudo systemctl restart rsyslog
Rotate the log file to save disk space.
$ cat << EOF | sudo tee /etc/logrotate.d/firewall_trace.conf
/var/log/firewall_trace.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog rotate> / dev / null
endscript
}
EOF
You should be sure to rate these logs hourly by size or send them to an external logging service, which I highly recommend.
How to track incoming packages
Use raw and PREROUTING to monitor packets coming in on any network interface.
$ sudo iptables -t raw -A PREROUTING -p tcp --destination 1.2.3.4 --dport 443 -j TRACE
Let's see the raw table
$ sudo iptables -t raw -L -v -n --line-numbers
Chain PREROUTING (policy ACCEPT 3501 packets, 946K bytes)
num pkts bytes target prot opt ββin out source destination
1 468 28159 TRACE tcp - * * 0.0.0.0/0 1.2.3.4 tcp dpt: 443
Chain OUTPUT (policy ACCEPT 885 packets, 695K bytes)
num pkts bytes target prot opt ββin out source destination
The trail to the internal network will look like this.
[...]
Jul 18 18:33:27 cerberus kernel: [68907.892027] TRACE: raw: PREROUTING: policy: 2 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892093] TRACE: mangle: INPUT: policy: 1 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892113] TRACE: filter: INPUT: rule: 6 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892150] TRACE: raw: PREROUTING: policy: 2 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64784 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477569 WINDOW = 82 RES = 0x00 ACK RST URGP = 0
[...]
Map the filyer table, INPUT chain, rule number 6, which will accept bound and established connections.
$ sudo iptables -t filter -L INPUT 6 -v -n --line-numbers
6 979K 851M ACCEPT all - * * 0.0.0.0/0 0.0.0.0/0
Remove the first rule in the raw table, the PREROUTING chain.
$ sudo iptables -t raw -D PREROUTING 1
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§LINUX SECURITY TIP
How to monitor packets passing through the firewall
Configure rsyslog to use the log file /var/log/firewall_trace.log for firewall tracing.
$ cat << EOF | sudo tee /etc/rsyslog.d/01-firewall_trace.conf
# Log messages generated by iptables firewall to file
if \ $ syslogfacility-text == 'kern' and \ $ msg contains 'TRACE' then /var/log/firewall_trace.log
# stop processing it further
& stop
EOF
Apply rsyslog configuration.
$ sudo systemctl restart rsyslog
Rotate the log file to save disk space.
$ cat << EOF | sudo tee /etc/logrotate.d/firewall_trace.conf
/var/log/firewall_trace.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog rotate> / dev / null
endscript
}
EOF
You should be sure to rate these logs hourly by size or send them to an external logging service, which I highly recommend.
How to track incoming packages
Use raw and PREROUTING to monitor packets coming in on any network interface.
$ sudo iptables -t raw -A PREROUTING -p tcp --destination 1.2.3.4 --dport 443 -j TRACE
Let's see the raw table
$ sudo iptables -t raw -L -v -n --line-numbers
Chain PREROUTING (policy ACCEPT 3501 packets, 946K bytes)
num pkts bytes target prot opt ββin out source destination
1 468 28159 TRACE tcp - * * 0.0.0.0/0 1.2.3.4 tcp dpt: 443
Chain OUTPUT (policy ACCEPT 885 packets, 695K bytes)
num pkts bytes target prot opt ββin out source destination
The trail to the internal network will look like this.
[...]
Jul 18 18:33:27 cerberus kernel: [68907.892027] TRACE: raw: PREROUTING: policy: 2 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892093] TRACE: mangle: INPUT: policy: 1 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892113] TRACE: filter: INPUT: rule: 6 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64783 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477568 WINDOW = 82 RES = 0x00 ACK URGP = 0
Jul 18 18:33:27 cerberus kernel: [68907.892150] TRACE: raw: PREROUTING: policy: 2 IN = eth0 OUT = MAC = 00: 15: 17: c3: a1: aa: 00: 15: 17: c3: fb : 07: 01: 00 SRC = 172.69.63.16 DST = 1.2.3.4 LEN = 40 TOS = 0x00 PREC = 0x00 TTL = 56 ID = 64784 DF PROTO = TCP SPT = 62598 DPT = 443 SEQ = 234589096 ACK = 404477569 WINDOW = 82 RES = 0x00 ACK RST URGP = 0
[...]
Map the filyer table, INPUT chain, rule number 6, which will accept bound and established connections.
$ sudo iptables -t filter -L INPUT 6 -v -n --line-numbers
6 979K 851M ACCEPT all - * * 0.0.0.0/0 0.0.0.0/0
Remove the first rule in the raw table, the PREROUTING chain.
$ sudo iptables -t raw -D PREROUTING 1
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Alibaba is subject to another class action, and plaintiffs argue that compensation focuses on mediation rather than victory.
#international
#international
Forwarded from UNDERCODE NEWS
The two leading wireless headsets plummeted, the company responded: everything is normal.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Malware on your phone IS possible ?
Most people doubt that mobile devices can get infected with malware.
It's true?
That's 101% possible, well, maybe not in the standard traditional method, for iPhone and Apple devices.
But, technically, the same process applies.
Let's look at the problem more specifically.
1) Once the malware connects to your phone, it performs several operations.
2) Competing with your phone's resources and destroying many programs.
The classic signs of malware on your phone are:
Apps take longer to load
> Your battery is draining faster than usual
> Apps you haven't downloaded appear as available
#FastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Malware on your phone IS possible ?
Most people doubt that mobile devices can get infected with malware.
It's true?
That's 101% possible, well, maybe not in the standard traditional method, for iPhone and Apple devices.
But, technically, the same process applies.
Let's look at the problem more specifically.
1) Once the malware connects to your phone, it performs several operations.
2) Competing with your phone's resources and destroying many programs.
The classic signs of malware on your phone are:
Apps take longer to load
> Your battery is draining faster than usual
> Apps you haven't downloaded appear as available
#FastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Master In Ethical Hacking All Tutorials
https://www.mediafire.com/file/6s6l144339ja2ydal/Masters-In-Ethical-Hacking-Course-2-Gib-.7z/file
https://www.mediafire.com/file/6s6l144339ja2ydal/Masters-In-Ethical-Hacking-Course-2-Gib-.7z/file
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some Good websites for Steam Games:
www.gamecards.com
www.offgamers.com
www.gamersgate.com
www.instant-gaming.com
www.kinguin.net
www.getgamesgo.com
www.bundlestars.com
www.dlgamer.us
www.yuplay.com
www.elitekeys.com
www.gog.com
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some Good websites for Steam Games:
www.gamecards.com
www.offgamers.com
www.gamersgate.com
www.instant-gaming.com
www.kinguin.net
www.getgamesgo.com
www.bundlestars.com
www.dlgamer.us
www.yuplay.com
www.elitekeys.com
www.gog.com
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Apple customer service responds to iPhone 12 screen "green" situation: will be fixed in the new system
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to edit a file without changing its timestamp on Linux ?
Editing a file without changing its timestamp on Linux
The file time stamp can be updated using the touch command .
Time stamps are also updated when we manually add content to or remove data from the file.
If you want to change the contents of files without changing its timestamps, there is no direct way to do this. But it is possible!
We can use one of the touch command options -r (link) to preserve the timestamps of the file after editing or modification. The -r parameter is used to set the timestamps of one file to the timestamps of another.
I have a text file named undercode .txt.
Let's take a look at the timestamps of this file using the stat command:
$ stat undercode .txt
File: undercode .txt
Size: 38 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 4351679 Links: 1
Access: (0775/-rwxrwxr-x) Uid: ( 1000/ sk) Gid: ( 1000/ sk)
Access: 2020-11-17 19:47:55.992788870 +0530
Modify: 2020-11-17 19:47:55.992788870 +0530
Change: 2020-11-17 19:47:55.992788870 +0530
Birth: -
As mentioned, if we change the content or metadata of this file, the timestamps will also change.
$ touch -r undercode.txt undercode .timestamp
Let's check the timestamps of the new file:
$ stat undercode.timestamp
File: undercode .timestamp
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 801h/2049d Inode: 4328645 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/ sk) Gid: ( 1000/ sk)
Access: 2020-11-17 19:47:55.992788870 +0530
Modify: 2020-11-17 19:47:55.992788870 +0530
Change: 2020-11-17 19:48:48.934235300 +0530
Birth: -
See?
The atime and mtime of both files are the same!
Now make your changes to the main file, i.e. undercode .txt.
As you might have guessed, the timestamps of the main file will change.
Finally, copy the timestamps of the new file, for example undercode .timestamp, into the main file:
$ touch -r undercode .timestamp undercode.txt
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to edit a file without changing its timestamp on Linux ?
Editing a file without changing its timestamp on Linux
The file time stamp can be updated using the touch command .
Time stamps are also updated when we manually add content to or remove data from the file.
If you want to change the contents of files without changing its timestamps, there is no direct way to do this. But it is possible!
We can use one of the touch command options -r (link) to preserve the timestamps of the file after editing or modification. The -r parameter is used to set the timestamps of one file to the timestamps of another.
I have a text file named undercode .txt.
Let's take a look at the timestamps of this file using the stat command:
$ stat undercode .txt
File: undercode .txt
Size: 38 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 4351679 Links: 1
Access: (0775/-rwxrwxr-x) Uid: ( 1000/ sk) Gid: ( 1000/ sk)
Access: 2020-11-17 19:47:55.992788870 +0530
Modify: 2020-11-17 19:47:55.992788870 +0530
Change: 2020-11-17 19:47:55.992788870 +0530
Birth: -
As mentioned, if we change the content or metadata of this file, the timestamps will also change.
$ touch -r undercode.txt undercode .timestamp
Let's check the timestamps of the new file:
$ stat undercode.timestamp
File: undercode .timestamp
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 801h/2049d Inode: 4328645 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/ sk) Gid: ( 1000/ sk)
Access: 2020-11-17 19:47:55.992788870 +0530
Modify: 2020-11-17 19:47:55.992788870 +0530
Change: 2020-11-17 19:48:48.934235300 +0530
Birth: -
See?
The atime and mtime of both files are the same!
Now make your changes to the main file, i.e. undercode .txt.
As you might have guessed, the timestamps of the main file will change.
Finally, copy the timestamps of the new file, for example undercode .timestamp, into the main file:
$ touch -r undercode .timestamp undercode.txt
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to solve the failure of copy and paste function in win10 system ?
What to do if the copy and paste function of win10 system fails
1) First, you need to right-click the blank space of the win10 system taskbar, and click the "Task Manager" item in the pop-up right-click menu.
2) At this time, the Task Manager window will pop up, find the item "Windows Explorer" in the "Process" tab in the window, right-click with the mouse and select "Restart".
3) If you still cannot copy and paste after restarting the Explorer, you can try to open the specified folder according to the path of "C:\Windows\System32" and find out whether there is a "clip" folder, if not, create a new folder and rename it Just "clip".
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to solve the failure of copy and paste function in win10 system ?
What to do if the copy and paste function of win10 system fails
1) First, you need to right-click the blank space of the win10 system taskbar, and click the "Task Manager" item in the pop-up right-click menu.
2) At this time, the Task Manager window will pop up, find the item "Windows Explorer" in the "Process" tab in the window, right-click with the mouse and select "Restart".
3) If you still cannot copy and paste after restarting the Explorer, you can try to open the specified folder according to the path of "C:\Windows\System32" and find out whether there is a "clip" folder, if not, create a new folder and rename it Just "clip".
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Intel is being sold out piece by piece. The company's important business goes to the Chinese
#international
#international
π¦Now it's free--Learn Amazon Web Services (AWS): The complete introduction
Sign up to Amazon Web Services (AWS)
Navigate around the AWS console
Use the command line interface to control AWS
Build a simple AWS serverless system
Build Windows and Linux servers
Create a Wordpress website in 5 minutes!
Be familiar with every service in AWS today
https://www.udemy.com/course/learn-amazon-web-services-the-complete-introduction/
Sign up to Amazon Web Services (AWS)
Navigate around the AWS console
Use the command line interface to control AWS
Build a simple AWS serverless system
Build Windows and Linux servers
Create a Wordpress website in 5 minutes!
Be familiar with every service in AWS today
https://www.udemy.com/course/learn-amazon-web-services-the-complete-introduction/
Udemy
Online Courses - Learn Anything, On Your Schedule | Udemy
Udemy is an online learning and teaching marketplace with over 220,000 courses and 70 million students. Learn programming, marketing, data science and more.
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to properly protect sysctl on Linux from spoofing and Syn flooding
1) The sysctl system also helps prevent attacks such as SYN floods and IP spoofing.
It also logs some types of suspect packets - spoofed packets, source routed packets, and forwarded packets.
2) You can change kernel parameters at run time using the sysctl command, or you can make changes to the system configuration file to make these changes more permanent.
3) I want to show you how you can protect sysctl by quickly editing the config file.
This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
4) Linux
User with sudo privileges
Note: I will be demonstrating an example on Ubuntu Server 18.04, but the process is the same for most Linux distributions.
How to edit sysctl config file
Log into your Linux server or desktop and open a terminal window.
5) In the terminal, enter the command:
sudo nano /etc/sysctl.conf
First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
Add the following line below that:
net.ipv4.conf.default.accept_redirects = 0
Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 45
6) The above settings do the following:
Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to properly protect sysctl on Linux from spoofing and Syn flooding
1) The sysctl system also helps prevent attacks such as SYN floods and IP spoofing.
It also logs some types of suspect packets - spoofed packets, source routed packets, and forwarded packets.
2) You can change kernel parameters at run time using the sysctl command, or you can make changes to the system configuration file to make these changes more permanent.
3) I want to show you how you can protect sysctl by quickly editing the config file.
This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
4) Linux
User with sudo privileges
Note: I will be demonstrating an example on Ubuntu Server 18.04, but the process is the same for most Linux distributions.
How to edit sysctl config file
Log into your Linux server or desktop and open a terminal window.
5) In the terminal, enter the command:
sudo nano /etc/sysctl.conf
First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
Add the following line below that:
net.ipv4.conf.default.accept_redirects = 0
Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 45
6) The above settings do the following:
Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
β β β Uππ»βΊπ«Δπ¬πβ β β β