Saturday, March 17, 2007, 12:41 AM - Linux
As simple as this:
lsof -n -u^65534,^`cat /etc/passwd | awk -F':' '{if($3 < 32000) print $3}' | xargs | sed -e 's/ /,\^/g'` -i | awk '{if ($2 ~ /[0-9]*/) print $3, $1}' | sort | uniq -c | sort -n
The awk part is for excluding the system users ids < 32000.




( 3.1 / 61 )
Wednesday, February 21, 2007, 11:36 PM - Linux
tcpdump
# tcpdump -ne dst port 80 and 'tcp[13] & 2 == 2'
This way effectively filtering only SYN packets on port 80.
# tcpdump -c 30000 -ne dst port 80 and 'tcp[13] & 2 == 2' | awk '{print $11}' | cut -d. -f1|sort | uniq -c | sort -n
Dumping 30K packets,cutting the first octet from the IPs and sorting by number of packets originating from this A class net.
A bit more complicated:
# for i in `tcpdump -c 30000 -ne dst port 80 and 'tcp[13] & 2 == 2' | awk '{print $11} | cut -d. -f1|sort | uniq -c | awk '{if ($1 > 4000) print $2}'`; do \
iptables -I INPUT -s $i.0.0.0/8 -j DROP; \
done
Dumping 30K packets and if more than 4000 packets originate from the same A class net - block the net via iptables.
Sunday, February 18, 2007, 12:59 AM - Linux
It is a bit tricky (took me almost two days :), but basically this is the procedure:- configure your wireless card
(using ndiswrapper is described in another article)
in case your wifi card is identified as wlan0 add the following to /etc/network/interfaces
auto wlan0
iface wlan0 inet dhcp
pre-up wpa_supplicant -Bw -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
post-down killall -q wpa_supplicant
- install and configure wpasupplicant
# apt-get install wpasupplicantcreate /etc/wpa_supplicant.conf with simular content
network={
ssid="testwlan"
psk="7cHBV294H_something_long_and complicate"
scan_ssid=1
key_mgmt=WPA-PSK
proto=WPA
pairwise=CCMP TKIP
group=CCMP TKIP
}
This would automatically engage/shutdown wpasupplicant on up/down of the wlan0 interface.
Works nice for me :)
Sunday, February 18, 2007, 12:48 AM - Linux
~/.bash_profileThis code would do the trick:
if [ "$TERM" = "xterm" ] ; then
export PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}\007"'
else
unset PROMPT_COMMAND
fi
After logon the terminal title would be updated in the form 'jack@server' and after logout the old value will be restored.
Sunday, February 18, 2007, 12:27 AM - FreeBSD
/etc/rc.firewallAdd this code at the end of the set_loopback function:
if [ -f "${banned_ips}" ]; then
for i in `cat ${banned_ips} | grep -vE "^#"`; do
echo ${fwcmd} add deny ip from ${i} to me
done
fi
This expects a variable banned_ips to be defined in rc.conf and to point to a file containing list (one per line) of blacklisted IPs/NETs in the form:
192.168.1.0/24
10.2.2.2
# This is a comment
Firewall rules would be up on the next reboot or after running /etc/netstart.
This is more a way to preserve blocked IPs/NETs across the reboots.


Archives



