Guest Submission: Howto Disable SSDP

Posted 968 days ago - Security, Windows · 1 Comment

SSDP Packet Capture SSDP - Simple Service Discovery Protocol - can actually turn out to be a disservice, if this protocol acts in the way pictured to the left. As you can see from the Wireshark capture, SSDP is causing some unnecessary congestion in my LAN; in fact, it's not unusual for SSDP to broadcast about 10 frames every couple of minutes. That's annoying, and if it's causing the same problem for you, the following instructions may help stop this spam.

Continue reading Guest Submission: Howto Disable SSDP

Comment Posting Issue and Other Misc.

Posted 995 days ago - Debian, Development, Off-topic, Security, Wordpress · Leave a Comment

Rapid7 Logo Unfortunately, if you've posted a comment to a Nullamatix.com post between July 24th and August 29th, they weren't submitted to the queue for approval. This was due to a php.ini setting modification in an effort to enhance security. My apologies if anyone wrote a novel during this time frame. The issue has been resolved and the comment submission form is now working as intended.

Continue reading Comment Posting Issue and Other Misc.

Discontinued Security Support for Debian 4.0

Posted 1216 days ago - Debian, Security · Leave a Comment

Debian Linux Logo One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and nearly three years after the release of Debian GNU/Linux 4.0 alias 'etch' the security support for the old distribution (4.0 alias 'etch') is coming to an end next month. The Debian project is proud to be able to support its old distribution for such a long time and even for one year after a new version has been released.

Continue reading Discontinued Security Support for Debian 4.0

Invalid Packets From the DoD

Posted 1240 days ago - Security · Leave a Comment

The firewall policies on Nullamatix.com DROP invalid connection attempts. Specifically, if an attempt to start a new tcp connection is not a syn packet, the packet is rejected. This morning I noticed a few dropped connection attempts from an unusual source, The U.S. Department of Defense. Here are the logs:

Continue reading Invalid Packets From the DoD

New Tool: Daily [Mod] Security Reports

Posted 1243 days ago - Development, Security · Leave a Comment

After the Lighttpd mod security post and the DDoS attack that followed, I began working on a script that parses the Lighttpd server-error.log and inserts matched records into MySQL. The result? Check it out here: security.nullamatix.com Daily Security Reports. With the abundance of ideas I have for the project, it's far from complete, but definitely worth a beta release. Plans for the future include, but aren't limited to:

Continue reading New Tool: Daily [Mod] Security Reports

Nullamatix.com – DDoS Attack 12-2009

Posted 1255 days ago - Security · 1 Comment

The attack started around 03:05:07 EST on Saturday, December 12th, 2009. As far as I know, the attack is still going on. My service provider has null routed the target IP (old IP for www.nullamatix.com), at least until the attack subsides. Fortunately, Nullamatix.com is back up and running as of 14:30:00 EST on Sunday, December 13th, 2009. Here are some details of the attack.

Continue reading Nullamatix.com – DDoS Attack 12-2009

529 Attacks in 9 Days: id1.txt, RFI, & More

Posted 1258 days ago - Development, Security · Leave a Comment

Long time Nullamatix readers know how much I love reviewing log files. Logs can provide detailed incite into not only the overall health of a system, but information one can use to mitigate the risks of automated attacks. In this post, I'll go over a couple ways to harden a PHP enabled web server and hopefully prevent: fx29id1.txt, id23.txt, id.txt, id1.txt, fxid.txt, one.txt, fx1.txt, and several other automated attacks from successfully exploiting common weaknesses.

Continue reading 529 Attacks in 9 Days: id1.txt, RFI, & More

Count the Total Number of IPs From CIDR

Posted 1277 days ago - Development, Security · Leave a Comment

After adding a few IPs to a firewall drop list, I wondered, "exactly how many IPs are in this drop list?" Since the list contained 187 entries, all in CIDR notation, adding up the total number of IPs in my head was impossible. So, I put together this little script and figured someone else out there might also benefit.

Continue reading Count the Total Number of IPs From CIDR

6 Pages: 1 2 3 » Last »