Thursday 21 July 2005

Needs RAM!

Well, it's been 5 weeks since putting in the new video card in Friday and nothing is blown. I declare this system finally fucking fixed! Goddammit, it had better stay fixed for a long time.

Now it's time to give Chevette some upgrades. Working display is a must. Probably just a messed-up latch so that should be fine. If that works out, then I'll get that fixed and dump some more RAM in her. As much as she can take. Well, I'll aim for a half gig but even 256MB would be a passable upgrade. We shall see.

Saturday 9 July 2005

Tweaks and Filters

Been poking at Friday this week. I was getting a USB extension cord for work so I picked up one that glows red and hooked that up to Friday. It's sweet! And then the old plain one went to work. I also poked at GDM until I figured out how to change the login screen for Friday. My login screen now proudly displays the MDM flag! Heh, it's nice.

The other thing I dug up was firewall rules to block those stupid SSH dictionary attacks that keep flying around. Basically, a compromised host on the Internet attempts to login via SSH using a large number of common user names and presumably either no password or some guessable password (like "password"). If you check your logs you'll find that the attacks come in a big burst and generally all within 5-10 seconds.

So it turns out that the simple way to deal with this in a fairly effective manner is to rate-limit the number of new SSH connections accepted by the host with iptables. The rate-limiting allows a minimal number of malicious login attempts and also has a minimal likelyhood that it can be used for a DoS attack. The rules I use allow a burst of 5 (the default) and then a maximum rate of 10 logins per minute. The effect is that the attacker gets 5 login attempts then the rest get dropped until 6 seconds have elapsed and then the attacker gets 1 more login attempt every 6 seconds. During this time, a legitimate user may get rejected but they just have to wait a minute and things will be back to normal.

-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/min -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable


I've been using the above rules on both Siona and Nikita for a week or so now and it's been very effective and mitigating those attacks. It's NICE!

Sunday 3 July 2005

Mmm Mac!

Heh I gots to twiddle with some peeps Macs on the weekend. An iBook and iMac (14" w/ G4 and 17" w/ G5 respectively). They were cool. From the iBook, we played around with the neighbour's wireless router settings. The thing didn't have a password so we were just trying different channels and stuff to see if we could get a better signal. Not a lot of luck though. Seems that channel 6 was no less noisy then the others. Oh well, them's the breaks. Now I just need a wireless doodad for Friday...

Popular Posts