Jason Cooper

Today is tauday, so Happy tauday everyone. :)

What do you want to do that fdisk doesn't let you do? Why do I ask, well without knowing what you want to do we will be just throwing random names of partition software at you like gparted.

For most imaging software they will do a bit for bit copy so the unused space on the drive will be put into the image. If you are using a hard disk then you could create a big file filled with 0's and then delete it. Otherwise your unused space will contain random data from old deleted files which while will compress won't compress as well as a big block of consistent data (dd is a very good tool for creating these files). If you are using SSDs then I wouldn't recommend this as they have a limited number of writes and don't store unused space in the same way.

In my experience SD Cards are pretty resilient. If they are going to die they tend to die early on in their life, so if it has been running fine for a few months it should be fine (make sure you have full backups though).

bzip2 gives better compression that gzip, but takes a substantially longer time. If you want an easy recovery then I would suggest the same as Infiltrator and use disk imaging software. If you want to get the best compression for the backup then I would suggest using tar with either the gzip of bzip2 options. For a full disk I would suggest gzip over bzip2 as I don't personally think the extra time it takes bzip2 is worth the difference in the final size, especially if the backup is a regular event. While there are many other pieces of compression software out there I wouldn't suggest them for a backup purely as you may have to recover the backup at some point and while you can be pretty sure of finding gzip and bzip2 on your basic Linux install other more exotic compression tools can be more awkward to start.

First use netstat to see what is currently using port 10000 (do you already have netstat running?) netstat -lp Once you have figured that out then you can either stop the process that is using port 10000 or ask sslstrip to use a port that isn't in use already. If you want to give up then neither of the commands that you have done are permanent so you can restart the machine to clear them out. If you don't want to restart the machine then you can remove the ip_forward option with sudo bash -c 'echo "0" &gt; /proc/sys/net/ipv4/ip_forward' to remove the forwarding rule you can list iptables rules for the nat table with sudo iptables --line-numbers --list PREROUTING --table nat then find the number of the rule you want to remove and use sudo iptables --table nat --delete PREROUTING &lt;ruleNumber&gt; Note: replace <ruleNumber> with the number of the rule you want to delete.

First read up on the following areas bash (specifically redirection and piping streams) networking (specifically ports and listening services). iptables and redirecting ports then when you understand what port sslstrip is listening on and why you need to redirect port 80 to that port on your local machine you can try sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

for the first line try sudo bash -c 'echo "1" &gt; /proc/sys/net/ipv4/ip_forward' for the second line try replacing <listenPort> with the port that sslstrip is listening on.

you could use the Net::SC module to create a port scanner in Perl that uses a chain of SOCKs proxies. If you want to avoid reinventing the wheel then nmap has both an idle scan and a ftp bounce scan mode. Provided you can find suitable public machines on the internet for acting as a third party in either attack then that is a possibility. The important thing to remember about the idle scan is that it uses IP Spoofing, so you won't be able to do it from behind NAT (i.e. most peoples home routers these days), as the Spoofed IP gets rewritten by the router with its own IP address. In fact that is important to remember for anything that uses IP Spoofing :) The ftp bounce scan requires the ftp server to support the PORT command which is disabled by default these days, so suitable ftp servers can be difficult to find these days.

More ironic, as the guy behind the Rasberry Pi, wrote Elite for the BBC micro :) Oh, and "Micro Men" is great. Though it does make me very nostalgic when watching it.

Hopefully we will be able to get our hands on them. I would love to get one running a BBC emulator playing elite. :)

mythtv and media portal are two others you could have a look at. I tried them both, but my hardware caused some problems for them. In the end I went with Windows 7 media center, which is working great.

You can't. If you block user access to the folders then their browsers won't be able access anything in those folders, so it won't be able to render your webpages. You could set Apache to require the referer URL to start with your full qualified domain name (FQDN) e.g. (Just replace FQDN with your servers fully qualified domain name). RewriteCond %{HTTP_REFERER} !^https?://&lt;FQDN&gt;/ [NC] RewriteRule /css/.*$ / [R] RewriteCond %{HTTP_REFERER} !^https?://&lt;FQDN&gt;/ [NC] RewriteRule /img/.*$ / [R] RewriteCond %{HTTP_REFERER} !^https?://&lt;FQDN&gt;/ [NC] RewriteRule /files/.*$ / [R] This won't stop most people getting at the content as they will be using their browser which will automatically send the correct referer URL when requesting the page. It will also cause problems for search bots and so would probably hit your page rankings on Google. To get around the search bot problem you can add a list of search bots into your RewriteConds e.g. RewriteCond %{HTTP_REFERER} !^https?://&lt;FQDN&gt;/ [NC] RewriteCond %{HTTP_USER_AGENT} !Googlebot [NC] RewriteRule /files/.*$ / [R]

What spec is your machine? These days water cooling doesn't tend to leak unless you make a mistake. It is a lot more hassle than air cooling though. Unless it is running very hot (i.e. you have a very powerful graphics card or you are over clocking it) then I wouldn't bother with water cooling. In my opinion air cooling is better than water cooling for most people.

IPv6 has what is called a link-local address range (fe80::/10) that will only work on the local LAN and won't be routeable over the internet. If you have IPv6 access to your network from the internet then you should also have a IPv6 network range for you network, so every device will also have an internet routable IPv6 address. Because everything that can connect to the Internet via IPv6 should have an internet routeable address it will also be visible from the internet, without the need to forward any ports. This does mean that you will have to make sure that you have a firewall in their blocking access to those IPs that you don't want reachable and allowing access to those that you do. For the most part you won't need to set static IP addresses, except for those machines that you wish to remain static. DynDns will potentially get easier as it is unlikely that our ISP will keep changing the IPv6 range assigned to you as it will be easier for them to keep it static. This means that your IPv6 addresses of your servers should remain static and any DNS records pointing to them will not need updating regularly.

xmodmap. I use it a lot when creating Linux kiosk type machines. It even lets you alter how the mouse buttons work.

I assume you are referring to two way ssl authentication. For this not only will the apache proxy need an ssl certificate but so will each client that is connecting. This SSL Tutorial might be useful for you.

Have you checked Wikipedia as it has useful list of some denial of service attacks.

An attacker logging in, in this situation could mean any of the following: The attacker is given an account and password by the owner The attacker finds an account without a password The attacker guesses an easy password to the account (deliberately chosen to be easy to guess to draw the attacker in) The attacker guesses a very hard to guess password (a password with the only intention of not being guessed) In the first case the attacker isn't breaking the law, unless they then use an exploit or similar method to gain higher privileges than the account they have been given. In the second case it is arguable that as their was no password set on the account it is a public account, and if it is a public account the attacker wouldn't be breaking the law. In the third case it would be harder for the attacker to argue that it is a public account as it is password protected, but by deliberately using an easy to guess password then it would also be hard for the defender to argue that they didn't intend for an attacker to get in. The fourth case would be a very strong defence for the defender but it would also be very unlikely that the attacker gained entry to the account as it wouldn't be a password they bots would try before they gave up and moved onto the next site. So assuming that the fourth option isn't used, as the intention is to get the attacker to download and run the booby trapped code, there is a chance that the attacker would be able to argue that they didn't break the law in accessing the server (A lot would depend on the attackers country and their local laws for this). Now the defender will have booby trapped code on their server and in some countries knowingly having the code is illegal, in others owning is fine but distribution is illegal and in others both are legal. So if the defender is in a counter where owning and/or distributing such code is illegal they would be breaking the law by using it to attack the attacker. So to sum up the post, it all depends on how the attacker gains access and the laws in their country and the laws in the defenders country as to who would be breaking the law. Of course unless the defender is a government agency or large corporation and the attackers were in the same country as the defender it would be very unlikely to make it to court, so it is a bit of a mute point.

Using the example of someone breaking into your house, it would also be arguable that if you leave your front door open hoping that someone enters so you can attack them, then it wouldn't be self defense. Instead it would be assault (it is very hard to argue self defense for something that is premeditated). With leaving an open ftp account it would be arguable that you are giving the attacker permission to enter as if you didn't want someone to enter you would have used a password. As such they wouldn't be breaking the law, yet by leaving them a booby trapped file you could be breaking the law. Of course this all gets even more awkward if you give the account an easy to guess password hoping that they will guess it an pick up the file. Note: As with all legal issues there are lots of grey areas and different countries have different rules and you should never take legal advice off strangers on the internet. Always get legal advice from lawyers/solicitors who are experts in your countries laws, yes it will cost you money but you are less likely to end up in prison from following bad advice.

The legalities of what you are asking depend on both your country and the country of the attacker (you should know which country you are in but it will be very hard to tell which country your attacker is coming from as they could be routed through proxies, etc). You would be much better off simply moving away from FTP and over to SFTP using keys rather than passwords. Once you are no longer accepting passwords for remote authentication then all those attempts at guessing passwords will disappear.

Just out of interest when on the machine you reinstalled what do you get when you run ipconfig /all Is its IP address in the correct subnet (if it starts 169. then it hasn't picked up its details from your DHCP server. Check that the DNS servers are correct. If everything looks OK there then try doing nslookup www.google.coom See if it can resolve it.

My advice to people who have an infected machine is to reinstall from scratch. Install the OS then your anti-virus and update both. Then install your other software and data (remembering to scan everything you are restoring from a backup.) It takes a while, but you are much more likely to have a clean usable machine at the end than trying to remove malware yourself. It is a bit harder for you as it isn't your machine, so you would probably have to check with your customers that they are alright with the re-install and that they have backups of all their data and software.

The best solution I have found for this is to not allow password authentication. Move over to using public/private keys only and suddenly those failed login attempts in your logs stop appearing.

Exchange boxes like most systems can be big targets, especially if you don't keep them patched. A lot of organisations like to set up a Unix/Linux/BSD box running one of the more secure mail transfer agents (MTA), e.g. postfix. They then use that MTA server to do a lot of the processing of emails (e.g. spam-filtering, dropping malformed emails, virus scanning attachments) before forwarding the emails on to their exchange servers. This gives them a number of benefits, the exchange server is never in direct communication with a potential attacker which reduces the number of possible attacks against the exchange server. Also when the exchange server fails or is taken down for maintenance the MTA server can store up the email and then forward them on when the exchange server is back up again. The MTA server is almost always heavily locked down, just running the SMTP service and SSH. The latter of which is only accessible from a limited number of machines. The downside to this approach, other than the extra hardware requirement, is that your mail admins need to understand both exchange and the MTA system in use.