June 17, 2010

Cisco IOS Security: Quiet Period Login

Cisco’s IOS Quiet Period refers to the period in which telnet/ssh/http access are disabled for an X amount of time after an Y amount of failed attempt. While it is quite unusual to have router virtual access allowed from the WAN link, it may not hurt to go further by enabling this cisco feature to prevent a potential DOS dictionary attack from the WAN link or possibly as well from the LAN link. ... Read more

December 10, 2008

Port Knocking - Firewall Security I

There has been a lot of buzz lately on security layer when it comes to running services/open ports and how to step away from the security risk line, at least with just one step. Port Knocking can be summarized in three steps My service’s port is locked by default My service’s port will not open unless you send some packets to a sequence of port I selected My service’s port therefore remains unseen to brute force bots and script kiddies scanners. ... Read more

November 5, 2008

Wrap your shell commands

One of the most annoying matter I have met when administrating a server was following and fixing messes other users (who happen to have root password) would do on the server. Random users with root passwords often know two things… “sh” and “history -c”… and of course “I didn’t do it”. Now, while it is important to keep logs of activities on the server, it is even better to be able to pull up logs of every single commands entered plus their arguments. ... Read more

October 8, 2008

A quick fix when under DDOS attack

A friend of mine asked me what he should do when experiencing a DDOS attack. Well the excerpt itself would be long as on how to handle a DDOS attack, as each type of Denial of Service needs different handles… as experienced is a sys-admin, as throughout he/she would be able to handle the attack. However, for all here is a simple straight forward methodology.. 1) Find the IPs from which the SYN flood is coming from ... Read more

October 8, 2008

Denial of Service - Sockstress

Sock Stress is a new type of Denial of Service which was developed by Jack C. Louis. According to nmap creator Fyodor, the attacker sends a TCP SYN packet to a targeted port, but first by making sure that a firewall protects his own machine as to prevent it to interfere with the attack process. The main reason for the protection is as to avoid the attacker’s computer to reset the unexpected returned SYN/ACK packet (2nd step of the TCP 3 way handshake). ... Read more