Simple Linux Firewall Tricks
The 7 Uncommon Uses of iptables over at linuxaria shows fairly easy to use solutions for the following:
- Block known dirty hosts from reaching your machine; block spammers and other known bad networks
- unlock a pre-determined port, once someone “knocks” ; ie "port knocking_
- use a restricted externally, but a high port on the server – port forwarding
- use your proxy only for external access, not in the local LAN – I’ve done this with PAC files
- Limit the number of ssh connections to 10
- Limit ssh to have just 1 session every 15 seconds
- Give multiple directives with a single command
Fail2ban can be used to address some concerns, but you may need to limit the connection count and rate from some IP addresses that could be considered system abusers.
Your Computer is Impacting Foreign Elections
The BBC is reporting that internet connectivity with Burma (Myanmar) has been effectively shut down in advance of the first elections held there in 20 years.
Only 200 PCs Needed
If the BBC report is true, it would only take 200 relatively low speed internet connected PCs to take the country of Burma off line. Let me explain. In the BBC story about Burma, it is stated the entire country is connected to the internet over a 45Mbps link, that’s a DS3 to the network and telecom people. It isn’t much bandwidth for an entire country.
To take any network or servers off line, all that any attacker needs to do is effectively cause your network to be too busy for user connections to get through. Just like a busy signal on your telephone. Doing that’s isn’t very hard.
Only 15 PCs connected with common home bandwidth could take down the country of Burma. That isn’t many PCs is it. Even the slowest broadband connections have 256 Kbps, which means only 200 PCs are needed with that upstream connectivity to take Burma effectively off line. If a botnet controller wanted to attack an IP and they have 100,000 PCs, that translates to 25 Gbps. Most companies, even with large pipes like a Fortune 100 company has, would be taken off line. 200 PCs is a small number and could be quickly blocked, which is why botnet owners have 100,000 – 5M PCs.
MKV Containers - Why Use Them + Scripts 5
So the HD-Nation video-cast (available online or on your TiVo) did a few episodes about what you can do with MKV containers for your media.
- Episode 68-MKV Basics
- Episode 69-User Feedback – MKV part is about 28 minutes in.
Below are a few other links about MKV Containers and a few shell scripts to get the MKVs to playback correctly.
