Jump to content

Mike Gibbs

Active Members
  • Posts

    4
  • Joined

  • Last visited

Posts posted by Mike Gibbs

  1. If your *nix box has a public IP address then chances are that it will have many ssh login attempts. You can easily limit the chances of someone guessing the correct password by installing Denyhosts.

    The program denyhosts keeps track of how many attempts are made and if a configurable amount have failed for a certain IP address then it is automatically blacklisted.

    Installing DenyHosts on CentOS or Redhat

    Install the EPEL repository and YUM priorities

    # rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

    # yum install yum-priorities

    Now install Denyhosts

    # yum install denyhosts

    Finally add it to start-up and initiate the process.

    # chkconfig denyhosts on

    # service denyhosts start

    Any configuration can be made by editing the configuration file located at /etc/denyhosts.conf

    You can watch the IPs of attackers as they get blacklisted in the file /etc/host.deny

    # tail -f -n 50 /etc/hosts.deny

  2. A simple to implement method to help protect your domain from email spoofing is by setting up a Sender Policy Framework.

    When an email is received from your domain, the system would have the ability to check the SPF record on your DNS to see if the email came from a trusted source.

    For example for a google hosted domain name you would add a txt record containing:

    v=spf1 include:_spf.google.com ~all

    Note: ~all is not the same as -all

    An example email header before a SPF record existed would look like:

    Received: from mail-pw0-f46.google.com (mail-pw0-f46.google.com [209.85.160.46])

    by mx.google.com with ESMTPS id c3si23440902ict.140.2011.06.21.14.25.35

    (version=TLSv1/SSLv3 cipher=OTHER);

    Tue, 21 Jun 2011 14:25:35 -0700 (PDT)

    Received-SPF: neutral (google.com: 209.85.160.46 is neither permitted nor denied by best guess record for domain of emailaddress@nexidyne.com) client-ip=209.85.160.46;

    Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.160.46 is neither permitted nor denied by best guess record for domain of emailaddress@nexidyne.com) smtp.mail=emailaddress@nexidyne.com

    After a SPF record has been added the header would look like:

    Received: from mail-iy0-f174.google.com (mail-iy0-f174.google.com [209.85.210.174])

    by mx.google.com with ESMTPS id bi3si3658024icb.148.2012.02.15.12.56.14

    (version=TLSv1/SSLv3 cipher=OTHER);

    Wed, 15 Feb 2012 12:56:15 -0800 (PST)

    Received-SPF: pass (google.com: domain of emailaddress@nexidyne.com designates 209.85.210.174 as permitted sender) client-ip=209.85.210.174;

    Authentication-Results: mx.google.com; spf=pass (google.com: domain of emailaddress@nexidyne.com designates 209.85.210.174 as permitted sender) smtp.mail=emailaddress@nexidyne.com

    For other email servers, for example Dreamhost (http://wiki.dreamhost.com/SPF) you can add something like:

    v=spf1 ip4:64.111.100.0/24 ip4:66.33.201.0/24 ip4:66.33.216.0/24 ip4:208.97.132.0/24 ip4:208.97.187.0/24 ip4:208.113.200.0/24 ip4:208.113.244.0/24 ip4:208.113.175.0/24 mx -all

    You can check to see if you have this record by issuing the *nix command nslookup -query=any domainname.ext

  3. Hey guys this is one of my first posts and I'm looking for some help setting up a VPN for a small business. Right now I have them running of a Ubuntu server running a OpenVPN network, I am looking into setting up most possibly a IPSec VPN. I am trying to keep all the software Open Source (free) to minimize the economic footprint of it in the company. If you guys would recommend something other then IPSec could it possibly be something that would work on Blackberrys and/or iPhones.

    Thank you in advance.

    After trying a couple of different options, including the Cisco RV082 which was expensive and needed to be rebooted often. I had a lot of luck using pfsense (http://www.pfsense.org/) It was super easy to configure and for the client machines shrewsoft (http://www.shrew.net/) is an great option, especially because it allows you to export and import the configs. It was fairly easy to setup an IPSec vpn to get I to connect and haven't had a single problem since.

×
×
  • Create New...