Computers
Blocking Script Kiddies
by sakuramboo on Dec.08, 2010, under Computers, Linux
This is a continuation to my previous post on Dealing With Korean Hackers.
When I last left off, I started banning all IP addresses with iptables because the mod-rewrite utility in apache was not giving me the result I wanted. The problem I had with mod-rewrite was that the request was still being made, which meant that my log files were still getting flooded with page requests. I wanted to remove those entries from the logs entirely and to do that, I needed to stop them at the network level instead of the application level. So, back I go to iptables.
There is one little known feature with iptables that lets you scan the packets for a given string and allows you to determine what you want your firewall to do with it. Since I started modifying the ipchains, I decided to make it a little more modular and systematic. To achieve this, we will create two new chains.
iptables -N BANNED
iptables -N IPBAN
I will be using the BANNED chain to match all strings in the incoming packets. IPBAN will be used to ban specific offenders by IP address. Now, we need to apply these chains to the INPUT chain.
iptables -I INPUT -j IPBAN
iptables -I INPUT -j BANNED
This will check the packets against the BANNED chain and then the IPBAN chain. If both check out, it will proceed with the other checks (if there are any) and if it passes that, then they will go on to their final destination.
Now we need to populate the chains with the proper rules. Here is the list of rules I created for the BANNED chain. These will block the top six website scanners.
iptables -A BANNED -m string --string "wantsfly" --algo bm -j DROP
iptables -A BANNED -m string --string "ZmEu" --algo bm -j DROP
iptables -A BANNED -m string --string "w00tw00t" --algo bm -j DROP
iptables -A BANNED -m string --string "Toata" --algo bm -j DROP
iptables -A BANNED -m string --string "proxyjudge" --algo bm -j DROP
iptables -A BANNED -m string --string "Morfeus" --algo bm -j DROP
The only option there that might not make much sense is “–algo bm”. This tells iptables which algorythm to use when scanning the packet for the given string. There are two different options for this, but “bm” will work just fine for our needs. The rest should make sense by looking at it.
The following is a list of specific offenders that I have gathered from my logs. These are offenders because of their actions of trying to find a web page that does not exist and should be known to not exist by anyone on our network.
iptables -A IPBAN -s 222.186.24.74 -j DROP
iptables -A IPBAN -s 61.128.121.138 -j DROP
iptables -A IPBAN -s 207.234.184.149 -j DROP
iptables -A IPBAN -s 210.127.253.99 -j DROP
iptables -A IPBAN -s 196.40.74.18 -j DROP
iptables -A IPBAN -s 174.142.38.185 -j DROP
iptables -A IPBAN -s 72.167.203.63 -j DROP
iptables -A IPBAN -s 202.194.15.192 -j DROP
iptables -A IPBAN -s 123.65.246.154 -j DROP
iptables -A IPBAN -s 173.203.240.14 -j DROP
iptables -A IPBAN -s 188.65.51.246 -j DROP
iptables -A IPBAN -s 206.223.157.244 -j DROP
iptables -A IPBAN -s 180.211.129.38 -j DROP
iptables -A IPBAN -s 83.242.145.34 -j DROP
iptables -A IPBAN -s 94.23.63.40 -j DROP
iptables -A IPBAN -s 218.38.12.0/24 -j DROP
iptables -A IPBAN -s 67.212.67.7 -j DROP
iptables -A IPBAN -s 123.182.6.214 -j DROP
iptables -A IPBAN -s 61.183.15.9 -j DROP
iptables -A IPBAN -s 221.192.199.35 -j DROP
iptables -A IPBAN -s 62.193.225.80 -j DROP
iptables -A IPBAN -s 221.1.220.185 -j DROP
With these chains and rules in place, I have yet to see any malicious activity on our servers since I put them in place two weeks ago. Of course, I will continue to monitor the logs to see if there are any other automatic scanners attacking our servers, but for the time being, things seem to be flowing smoothly.
Dealing With Korean Hackers
by sakuramboo on Oct.05, 2010, under Computers, Linux
One day, at work, I took a look through the logs and noticed that one of our servers was being attacked by a whole bunch of different IP addresses. They were not continuous attacks, really, only happening once a day at a certain time. My guess is, it is an automated script just doing its thing. Even though, the attacks they were doing were not going to do anything to the system, It would be best if I prevented their scripts from even returning any positive error codes. So, I decided to set up some security up in various places.
The first step I did was I created two rules in iptables that would drop all packets if more then 8 NEW state packets are sent within 10 seconds. This was a very common thing, in fact, for about 5 minutes, there were more then 100 page requests from their scanner.
iptables -I INPUT -i eth0 -p tcp –dport 80 -m state –state NEW -m recent –set –name DEAULT
iptables -I INPUT -i eth0 -p tcp –dport 80 -m state –state NEW –m recent –update –seconds 10 –hitcount 8 –rttl –name DEFAULT -j DROP
This seemed to slowed their scanning down, however, did not prevent it. On to the second method.
After looking in the httpd access.log file, The scanner they are using has its own HTTP_USER_AGENT variable. Since we have htaccess in place to restrict access to certain directories, I figured I would place some rules in the htaccess file, using the mod_rewrite module to restrict their access.
RewriteCond %{HTTP_USER_AGENT} ^ZmEu
RewriteRule ^.*$ - [F]
RewriteCond %{HTTP_USER_AGENT} ^Morfeus
RewriteRule ^.*$ - [F]
RewriteCond %{HTTP_USER_AGENT} ^Toata
RewriteRule ^.*$ - [F]
This seemed to get rid of the ZmEu, Morfeus and Toata scripts from accessing the site, however, there was another problem that came up. Someone was using our site as a sort of proxy, accessing certain files from some other website. Since there seems to be a lot of traffic from Korea, I decided to just block the entire subnet. My companies handles local news papers, not really something people in Korea would be interested in.
iptables -I INPUT -i eth0 -s 218.38.12.0/24 -j DROP
This works, but if I restart the server, the rules get flushed, so I need to create a way for the rules to get inserted on start up.
mkdir /etc/iptables
iptables-save > /etc/iptables/iptables.rules
echo “iptables-restore < /etc/iptables/iptables.rules” >> /etc/rc.d/rc.local
After a few days of watching the logs, there does not seem to be any more scripted attacks coming from Korea anymore.
Software Patents
by sakuramboo on Oct.02, 2010, under Computers, Technology
There have been two stories recently that really got my nerve on end. Both of them are dealing with Microsoft. The first is that Microsoft has banded together with a giant group of other technology companies to hopes of bringing to the attention to congress of the problems facing the US patent system, in hopes of fixing this. I think this is a very noble and much needed action on the part of the technology industry as a whole. The second story is Microsoft suing Motorola for their use of the Android Operating System in some of their phones, claiming that they have violated nine of their patents. Does anyone else feel that this is counter productive? This brings me to my next blog post, software patents and why their should not be any.
The idea of a patent system can be used as a great tool to help innovation. Allowing someone with an idea to make money off said idea, without having the resources to build said idea, market it, mass produce it and deliver it to the masses. It creates a 15 year monopoly for the creator to make their millions. This has its own flaws and merits, but in general, I do not have a problem with patents, when they deal with products of substance, things that are tangible. But, once we cross over to the world of technology, most specifically, software, we now enter a world where nothing is new anymore. The problem arises when you take something that does not have any substance, does not have any physical form or shape, a concept, a way of doing something, and claiming that you are the creator of said way of doing something.
To give you an example, allow me to describe something…
A method of changing, adjusting, altering, modifying a border or frame that encases or surrounds a body of information, audio or video.
What I just described are window borders and being able to change the thickness of them. Look at the window that this website is in. Do you see how there is a border around the entire page? With a status bar at the bottom, some buttons on top, well, if you wanted to make that border thicker or thinner, you would have to contact the person who owns the patent to that concept and pay them a royalty. If you wanted to add a transparency to the boarder, you would have to contact them. And all of this is assuming that they are willing to do business with you.
This is not creating innovation, in fact, it is hindering it. If you put one million people in a room and ask them to come up with a way of doing something, the huge majority of them will come up with the same exact way. How can a method of doing something be patentable? In short, it shouldn’t be, but with how the US handles patents, it most certainly is.
This is how the system needs to be fixed. First, methods and concepts can NOT be allowed to be patentable. Second, software can NOT be patentable, in fact, if it is not tangible, it can NOT have a patent. Now, there is something that can be done to retain ownership and that rests on the same thing that artists do to retain ownership, copyrights. How can you copyright software? You copyright the source code. But, this also has some problems, such as, using API’s that are owned by another company. Say, for example, you wrote a piece of software for Windows using the WinAPI from within the VC++ development environment. You are writing code that uses functions and routines that were created by Microsoft to achieve what it is your program does. Microsoft, there for, is entitled to royalties for your creation, either in a one time payment for their devkit or on a yearly license deal like they currently offer with their operating systems. But, they already do charge to use their API’s, you might be saying right about now. And you would be correct. But, this prohibits Microsoft from now owning your creating.
To give you another example of what I am talking about…
I decided to write some music. In my song, I have a part that says “Happy birthday to you.” In order for me to use that, I need to contact the owners of the Happy Birthday song, Mildred J. Hill and Patty Smith Hill. Since they are dead, I need to contact their next of kin or who ever inherited their copyright. Now, just apply the same logic to the software industry.
I know there are going to be some major problems, such as, how can someone claim ownership of “hello World!”? This is where we would use the same idea from the patent system in that if there is known prior art, the copyright would be null and void. The same is already true with the copyright system to a point. If some try to copyright something that is already copyrighted, then you get rejected. I would extend that to, if there is prior art, it becomes public domain.
Now, I know that the patent system has something known as prior art and also an obviousness clause, where by denying a patent is the item in question has already been created or is so obvious that it can’t be done. But, in there is a problem as well, not with the idea or method, but in who checks the patents. It has gotten to the point now that if you throw enough techologic and terminology in the patent, it will get passed, even though it’s something as obvious as changing the width of the border of a window.
The easiest thing to do is to just get rid of software patents all together and I am all for that. However, that is not going to happen. There needs to be a slow progression. Human do not like drastic change. Therefore, I say take baby steps and change software patents to copyright of source code.
This will also do one other thing, remove patent trolls. Now, this makes it so for you to own a copyright to something, means that you actually have source code to prove that you created something. However, this will also create a problem, what about revisions? Well… no system is perfect.
Windows Is Still To Blame For Spam
by sakuramboo on Apr.29, 2010, under Computers, Linux, Technology
Recently, there was an article that came out that stated that Linux has a higher ratio of spam computers running Linux than Windows. Even though the ratio is higher, to which the ratio is always supposed to be looked at as appose to the total number, there is a reason for this that many people are not bothering to look at.
If we were to look at the actual number of desktops verse servers, the ratio of Linux based desktops would be close to non-existent like the OSX counter part. Security on the desktop in Windows is a joke. Not that it can’t be done. It very well can be done right and made secure enough to never get any piece of malware ever. But, the problem with this is, almost every Windows user knows close to nothing of computer security. They, for the most part, run as administrator and will run just about any unsigned binary just because they want some free piece of software to copy DVDs or to illegally download games and other pieces of commercial-ware. Malware writers know that and they take advantage of this. Now, can this be done in Linux? Sure. But Linux does not have the market share in the desktop market for them to actually gain anything substantial.
One of the articles I read said that one of the reasons why the ratio is higher is because of the fact that many ISPs run Linux mail servers and that will act like a proxy when sending out spam from someones infected Windows desktop. To a point, this makes a bit of sense when explained, but this is the wrong reason.
The real reason why the Linux ratio is higher is because of the server market. Spammers require two things to be considered successful, high bandwidth and high uptime. That is the definition of a Linux server. This is further multiplied because a lot of Linux administrators think that because they are running Linux that they are secured by default. This is one of the biggest reasons why Linux servers are highly attacked and become infected with spam servers.
The original article posted by MessageLabs also hinted that the reason for the higher Linux ratio is because of the ISP mail redirect. So, let us look at this logically.
- Windows makes up the largest number of spammers.
- Linux has a higher ratio as seen in the mail headers by the received field in the mail headers.
- This means that many of the computers behind the Linux email redirects could, in fact, be Windows based.
- This means that the Windows ratio is actually much higher and the Linux ratio is much lower.
- Many of the Linux numbers are actually Linux-based servers and not desktops.
- Email traffic was analyzed but the original sender was not.
- They used desktop market share only.
- Server traffic was included in the article but was not included in the market share.
- This article is flawed.
So, in a nut shell, MessageLabs are posting articles that are bogus.
Beware The Koala
by sakuramboo on Nov.29, 2009, under Computers, Linux
Now that Ubuntu 9.10 is finally released and everyone has finished praising/pandering it, I felt that I should talk about what happened with me, and boy, what a story this is.
It all started when my update manager notified me that a new version of Ubuntu is available. So, naturally, I would wait a few weeks before doing the upgrade, just to make sure that I would have a pretty good connection to the servers. This time, I decided to jump right into it. The download was the longest part of the whole ordeal, which lasted about 12 hours. But, once the download was finished, the update was pretty painless. A few minutes later and a reboot, I was starting up in 9.10. Or, was I?
I have multiple hard drives in my desktop. I had one with Ubuntu 9.04, another one with UbuntuStudio 9.04 and the third was a media storage hard drive shared between the two. This is where the mix up came from. I was using the second hard drive’s master boot record to boot into the first hard drives OS. When the update to 9.10 finished, I swapped the boot order so that I was using the first hard drive exclusively, but Grub did not update correctly. I was booting into an older kernel with a newer OS on the wrong hard drive. Needless to say, nothing was working. So, after I fixed that problem, I was booting right into 9.10 without a hitch. But, there is more.
There is a new hard drive SMART reader that monitors the life of your drives. Once 9.10 booted, I was notified that my primary hard drive has many bad sectors and that I should replace it soon. The current count was around 32 bad sectors. I can live with 32 bad sectors. But, then the slowdowns started happening. Not in the OS or in Gnome or anything, but in games. Frame rates dropped by more than half. Then there was the sound issue. Music would play just fine, but when I would play a game, the sound became very distorted and filled with static. So, I figured, I’ll just buy a new hard drive, do a fresh install and be done with it.
Now, I need to point that out that I screwed up the initial install of Ubuntu by not partitioning the hard drive properly. If I would have partitioned the home directory, I could have just done a fresh install on the current hard drive and still keep all of my configurations. But, like an idiot, I figured I would just click right through the install. Now, I’m paying the price.
So, I decided on ordering up a brand new 1TB Western Digital hard drive. The price was really great, about 80 bucks. But, when it finally arrived, I slapped it into my desktop, booted into the live CD version of Ubuntu and noticed the SMART manager telling me of a bad hard drive. Right away, I just pushed it off, thinking it was telling me of the current bad one with 32 bad sectors. But, I decided to look at it anyway. The brand new 1TB WD hard drive had a reported 1265 bad sectors and I was told that it will fail any minute. I thought it was maybe a bug in the reporting, so I installed Ubuntu anyway. That was easy, but when it booted up, it worked for about 10 minutes, then dmesg got flooded with I/O errors on /dev/sda. It got flooded to the point that nothing was working. I would go to launch something and got error messages popping up. So, needless to say, I had to send the drive back.
Got the hard drive replaced and installed 9.10 yet again. This time, everything worked and I was just amazed at how well it worked. I tried playing a game, frame rate was top notch. Music worked perfectly. I added all the old software from before, video played fine, web browsing, flash, all worked. But, then I noticed the sound problem that I mentioned before was not fixed. So, back to Google I went. After a while of searching, I found that some other people were experiencing the same exact problem. However, no one was using the same soundcard as I was. I have a Creative SoundBlaster Live Audigy Platinum soundcard. The soundcard that everyone was reporting problems with was either the Intel HDA or the Nvidia HDA chipsets. There were many solutions that I came across, all of which I did not want to do because they involved removing Pulseaudio. Even though I am not a fan of Pulseaudio, I do think that it is best to keep my system as true to what they recommend as possible, for stability reasons. I finally came across a solution that required upgrading ALSA. It turns out that Ubuntu 9.10 shipped with a buggy version of ALSA and no one noticed until AFTER it shipped. Good thing is, I found someone on Ubuntuforums.org that decided to write a shell script to handle the process of downloading, compiling and installing the latest ALSA drive and its dependencies. After running the script and waiting for everything to run its course, I rebooted the machine and now Betsy is running at top notch.
There was also one minor bug that I came across that will be a slight pain in the ass for me to fix. I was copying all of my music from my media hard drive on to my new 1TB hard drive. I figured, I have the space, might as well use it and get rid of the extra hard drive from my system. The copying finally finished and now I’m listening to my music, I go to one of my Duke Ellington albums and then noticed that there was a song that played twice. I checked the list and there were no duplicate entries. It turned out that during the copy, the same song was copied twice but was renamed. So, now I have to find the song and copy over the right one. But, the problem is, I don’t know how many other times that happened. Now I have the arduous task of checking all of my music.
All in all, I must say that Ubuntu is growing into quite the operating system and that everyone really should watch it. I’m not saying that you need to use it, but just watch out. I have a feeling that you will be seeing Ubuntu loaded computers in the stores soon.
Desktop Powered By Linux
by sakuramboo on Sep.30, 2009, under Computers, Linux
Many Linux companies have publicly stated that it would be rather foolish to try to take on Microsoft in the desktop market. That Linux on the desktop is a steep uphill battle that is not worth the trouble. This comes from companies who make and offer Linux with various desktop-like software. For these companies to sit here and tell the Linux community flat out that we should not focus on Linux on the desktop is rather insane. But, that is not really the point of this post.
The point that I want to try to make is that even though it has been reported that Linux has finally surpassed the 1 percent mark in desktop market share, many companies actually think that there IS such a thing as Linux on the desktop and that we really should be focusing more on getting Linux out there in replacement of the other operating systems.
The first example I have for this is Adobe. Now, we all know that Adobe has had a rather blind eye to Linux in the past, this is true. They made available Coldfusion for Linux servers and that was about it for the longest time. But, what about the desktop? Unfortunately, we won’t be seeing Photoshop ported to Linux any time soon. This is just not going to happen without having a complete rewrite of the entire program and plugins. But, if Linux was not viable on the desktop, why did they even bother to port their Flash player to Linux? And, not just port it, but maintain it and make sure that their Flash player on Linux is just as current as their offerings for Windows and OSX. If this 1 percent market share really meant nothing, why spend the developer hours to port it?
The next example is IdSoftware. They have always been making sure that they have working ports of all of their games on Linux. If that 1 percent really meant nothing, porting a game takes a hell of a lot longer than something as relatively simple like Flash. Sure, one can make the argument that for Id, it is rather trivial to port their games to Linux since most of their games are designed in a way to be easily ported because they release their games on Windows, Mac, Playstation, Xbox, etc. That all they really have to do is change some compile flags, maybe add some extra code to take advantage of what ever the hottest video card is at that time, compile and ship. But, the point is, they even see Linux on the desktop as something that is viable.
There are a whole bunch of other examples I can through in here. Adobe’s PDF viewer, Sun’s OpenOffice.org, Renoise, Lightwave3D, Maya, Skype, Google Earth, the ever growing number of independent game developers, the list goes on and on. What is it that these companies and developers see that RedHat or Canonical don’t?
Got any other desktop-esque application that work natively on Linux? Post a comment with links. Let’s show these big wigs that Linux is an option for the desktop.
What technology is to me
by sakuramboo on Feb.02, 2009, under Computers, Linux, Music, Technology
Not everyone feels the same way about technology that I do. This is no surprise. Most people view technology as a convenience. They see it as a box that can record their TV shows, as a way to keep in touch with their friends and family or as an automatic headlight adjuster when they make a turn in their car. They see it as just something that will aid them in their daily life. To me, I see it as something much more. I see technology as a way to achieve exactly what it is I want to in life.
I am not really talking about my profession, but more of a way of life. When a normal person looks at new technology, they will usually react with “Ohh, that is cool.” or “Wow, that is pretty.” But when I look at technology, I will usually respond to it with “Wow, what ELSE can that do?” Of course, your average geek will respond in the same way, which is nothing really amazing. But, what I have a hard time understanding is just exactly WHY that is. Why aren’t people more passionate about technology? Is it because they fear that which they do not understand? Is it because they fear change? Is it because they just have apathy to new things?
Recently, I helped a friend install Ubuntu Linux on an old laptop of hers. The reason for this was because her laptop was just so beat down with malware that it would take 30 minutes for the laptop to completely power on. It would start Windows, but just sit there. Nothing could be “clicked” because it was just so slow. It got to the point where she really just needed it to work. I got a hold of her laptop and installed Ubuntu Linux for her. Now, she is just ecstatic at how fast her laptop really is. The entire operating system boots in a couple minutes and right away, she can browse the Internet, play a game of gaps or mahjongg or check her email.
Could I have just reinstalled Windows XP for her? Sure. Would it have been just as fast for her? Of course it would be. But now, 5 years down the road, it will still be just as fast for her as the day the gave it back to her. She is not the most technically inclined person, not even really as inclined as a casual user. She really only knew about Firefox and that was about it. And even then, she really only knew enough to get to her email and click on links. But, once I showed her the new interface, the new features and how secure it really is, she just loved it. But, do I expect her to become a kernel hacker? Not at all, I just wanted to give her something so she would not have to worry about her computer getting back to the state that it once was.
That is a really good example at what I mean. I looked at her laptop and thought to myself “What can I do with this that would really help her out?” I weighed all my options and decided that Linux really was the best way to go. But, the point is, I did something with her laptop that the manufacturer would not advise, in fact would be so strong against that her warranty, if she still had one, would have become void. And all for what? To get her laptop working again at peek performance. Does that seem fare to her? Does that seem fare to the other hackers out there that just want to get their computers, cell phones, PDAs to work how they want it to? Why must those wanting to extend the functionality of their hardware be penalized for their desires?
Another example of this is the very well known portable media firmware Rockbox. I own two iPods, a fourth generate grayscale 20 GB and a fourth generation iPod photo 30 GB. Both of which has Rockbox installed. Many people ask me “Why did I put Rockbox on it?” There are a few reason for this.
1) I want my audio player to support audio formats that the original iPod does not.
2) I can’t run iTunes.
3) I want functionality that I could not get from the stock iPod firmware.
The elaborate on these a little more. Mp3 has become the standard when it comes to audio on the computer. This has me scratching my head sometimes because out of all the codecs out there, mp3 is not the best, both in terms of quality and legal issues. A better format is Ogg Vorbis. Ogg has a much better quality sound while maintaining a small file size, so much so that most people wouldn’t even notice. And Ogg Vorbis is also free, as in free beer and free speech. I am not bound by any laws if I wanted to encode audio into ogg format. The same can not really be said about mp3.
I do not have the option to run iTunes. I could use something like GTKPod to create the playlists and to put music on the iPod, but I am still subject to the way Apple decides whats best for me. And let’s be real here, they have no clue what is best for me, they only know what is best for their business.
The iPod Photo was only designed to support color on the display. The photo feature was really just something to add to it to make people go “Ooooh, ahhhhh.” But, with Rockbox, there is added functionality. One of which is that I have the ability to view videos on my iPod. This was something that was introduced many years later on the iPod Video. But, now, with Rockbox, I can do this with an iPod that was never really meant to be able to play video. I can even play the original Doom on my iPod if I wanted to (and I have).
So, the moral of this story is, do you want to be just a consumer or do you want to be a ruler? The choice is yours.
