linux filters and queuing discipline

TC is used to configure traffic control in Linux kernel. Traffic control consists of the following:

1) Shaping: Shaping is done at the outgoing interface, and includes throttling the bandwidth and/or smoothing the traffic bursts of the outgoing flows.

2) Scheduling: Scheduling is also done at the outgoing interface and makes it possible to improve interactivity for traffic that needs it while still guaranteeing bandwidth to bulk transfers.

3) Policing: Policing is done at the ingress and is primarily used for throttling the rate at which flows may arrive. Dropping is a severe form of policing.

how to implement filter on linux machine using tc scripts for mpls?

The filter implemented in the RSVP-TE daemon for DiffServ over MPLS package was implemented using the CBQ qdisc, which is known to be complicated and inefficient [26]. This filter was rewritten using the HTB qdisc for the given network topology and can be viewed on a logical level as follows [19,25]:

Iptables Command

You are here: DD-WRT wiki mainpage / Scripting / SSH/Telnet & The CLI / iptables

Iptables is a powerful administration tool for IPv4 packet filtering and NAT. It is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.

Iptables commands can be entered by command line interface, and/or saved as a Firewall script in the dd-wrt Administration panel. I tend to recommend testing and confirming your rules at the command line first. This way, if you happen to make a big mistake (like blocking access to the router), simply rebooting the router should repair it rather than having to do a hard reset. To get your rules to survive a reboot of the router, save them in a Firewall script as mentioned earlier.

I think we should have something about Firewall Builder on this page, since they're kind of related...

good routing website

http://packetlife.net/
http://www.net-gyver.com/?p=1105
http://showipbgp.com/
http://routemyworld.com/

windows xp rip listener

General Information

None at this time

Windows 7

Default Description

Listens for route updates sent by routers that use the Routing Information Protocol version 1 (RIPv1).

Additional Information

This service is not installed by default. You can add or remove this service by heading to:

1. Head to Start
2. Select Control Panel
3. Select Programs
4. Select Programs and Features
5. Select Turn Windows Features on or off
6. Check or Uncheck RIP Listener

Default Startup Type

OS	SP0
Windows 7 Starter	Not Installed (Automatic, Started)
Windows 7 Home Basic	Not Installed (Automatic, Started)
Windows 7 Home Premium	Not Installed (Automatic, Started)
Windows 7 Professional	Not Installed (Automatic, Started)
Windows 7 Ultimate	Not Installed (Automatic, Started)
Windows 7 Enterprise	Not Installed (Automatic, Started)

Sharing Koneksi Internet dengan Routing Static dengan Speedy menggunakan Windows 2003

Kondisi:

• Tersedia 1 Modem ADSL (di lab ini menggunakan Aztech 605)
• Tersedia 1 Switch untuk LAN
• Pada Server windows 2003 tersedia 2 NIC, di Lab ini namanya NIC Atas (tersambung ke modem ADSL) dan NIC Tengah (tersambung ke Switch)

IP dari NIC Atas adalah :192.168.1.5
Subnet Mask :255.255.255.0
Gateway :192.168.1.1
IP dari NIC Tengah adalah :192.168.0.1
Subnet Mask :255.255.255.0

Mikrotik hotspot

http://wiki.mikrotik.com/wiki/Manual:User_Manager
http://www.kotainternet.com/setting-billing-hotspot-integrasi-router-mikrotik.html

Advanced Policy Firewall

http://www.rfxn.com/downloads/apf-current.tar.gz
http://www.rfxn.com/appdocs/README.apf
http://www.rfxn.com/appdocs/CHANGELOG.apf

Description:
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.

(D)DoS Deflate

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

IP addresses with over a pre-configured number of connections are automatically blocked in the server's firewall, which can be direct iptables or Advanced Policy Firewall (APF). (We highly recommend that you use APF on your server in general, but deflate will work without it.)

A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

This suite of scripts provides:

• Straight-forward SPI iptables firewall script
• Daemon process that checks for login authentication failures for:
• Courier imap, Dovecot, uw-imap, Kerio
• openSSH
• cPanel, WHM, Webmail (cPanel servers only)
• Pure-ftpd, vsftpd, Proftpd
• Password protected web pages (htpasswd)
• Mod_security failures (v1 and v2)
• Suhosin failures
• Exim SMTP AUTH
• Custom login failures with separate log file and regular expression matching

DDOS FAQ

• Squid To Stop DC DDoS.
• Squid On VPS
• Can I Do This With Squid
• How To Test Squid
• Install Squid With Yum
• Squid Error
• Squid And REMOTE_ADDR
• How To Install Squid
• Squid Proxy
• Installing Squid 2.6 On FC4
• SQUID Proxy Config
• Squid + CPanel (Apache)
• Webproxy Trough Squid
• Squid - Shows Clients IP
• Using Squid To Speed Things Up
• IP Address And Squid Proxy Configuration
• Internal Cpanel Port Squid
• Count Network Traffic With Squid Proxy
• Squid Frontend Gives 0 Network Output For Seconds At The Time
• DDoS Protection Providers Vs DDoS Protection Scripts
• Reverse Proxy For Server-A Through Server-B Using Squid
• DDoS?
• UDP DDoS
• Getting Ddos ...
• Bad DDos
• It's A Ddos
• DDos
• DDoS
• DDOS Attack

What is Distributed Denial of Service (DDOS) and How To Protect Your Site

A denial of service against a web site is launched by overwhelming the site and related services (such as DNS) with tsunami requests from multiple infected computers - "a botnet" under the control of the attacker. With 1000s of infected computers in a botnet connected via high speed DSL / cable modem from all over the world, a serious denial of service attack can scale to multiple gigabits per second of traffic.

The Top 10 Things To Do While Under DDoS Attack

In my past decade-plus dealing with distributed denial-of-service attacks, I have noticed a few patterns in the way that companies handle these attacks. Usually when an unprepared virgin company is first attacked, all hell breaks loose. The lack of preparedness causes several chain reactions that make the situation worse. Addressing these most common mistakes ahead of time can help a situation tremendously.
When someone calls me for advice, the first few items I go over have nothing to do with fixing the attack. I’m giving advice that I think is common sense, and I’ve been surprised that others don’t find it obvious.
Here are my Top 10 To-do’s for making life less painful during an attack.

Using Squid Proxy to Fight DDoS

Complicated web applications are often difficult to scale, as a result they become easy DDoS targets. However, making them scale is easy with front-end proxy servers. The added scale gives an application more resiliency to DDoS attacks.

When setup correctly, the proxy “network” becomes the target of any malicious activity and can be placed globally while still keeping the original web application in same location for content.

This is by no means new, it’s been done all over the Internet and in some cases is the base of a bunch of different companies. This is just a simple tutorial that is meant to help people understand how this works.

ddos mitigation video

Zombie Recruitment: How Attackers Find, Exploit, and Employ You

A crucial element of a DDoS attack is the ability to employ hundreds, thousands, or even millions of infected hosts to do the attacker’s bidding.  The reasons are obvious – the end target(s) of the attack will find it more difficult to fend off the malicious traffic, and the attack is less likely to be traced back to the actual perpetrator.  These “zombie” hosts are rarely related to the source host of the attack, and are rather infected by other compromised hosts – but can end up causing more damage than the machine that originated the attack in the first place. So you may be wondering – where do zombies come from?

Captcha Based Protection against HTTP GET DDos Attacks

 especially HTTP GET attacks can be crippling to a web server. These attacks can come in two varieties, large amounts of requests per second, or small amounts of requests per second from any given IP, so that it becomes difficult to distinguish between a legitimate request and one that is powered by a botnet.

Barret Lyon on DDoS and how to use Squid to Stop it.

In the world of Information Security, especially DDoS, Barrett Lyon is no stranger. Barrett was one of the co-founders of Prolexic (a company that specializes in DDoS Protection).  Barrett recently launched a new venture, called 3Crowd.

What intrigued me – is how I could possibly overlook a post by Barrett on his blog regarding DDoS. Albeit, he writes a lot of stuff concerning security, this mini-tutorial is worth looking into.

• Using Squid proxy to Fight DDoS
• and also this article “The Top 10 Things to Do While Under DDoS“

The latter is okay, but the Squid Proxy tutorial is something worthy for newbies to look into. How a Squid Proxy can really deflate a lot of the attack traffic, not to mention that most providers such as Prolexic, Gigenet, Staminus, etc. use SNORT and FreeBSD based boxes running PF (Packet Filter). A FreeBSD Box running PF can scale quite well and is very good an thwarting traffic. A lot of new small service providers are propping up – using a distributed FBSD setup, they are able to break up the incoming traffic and filter it – to quite a significant extent, and then parsing the traffic onto a secure (read: optimized for Anti-DDoS efforts) squid box and it deflate the incoming DDoS attack to a very large extent.

However, as with everything else in life, no one will provide you with the complete recipe that works for DDoS protection.

Understanding Setup Rates on your DDoS Mitigation Appliance

Within the DDoS appliance space, those appliances that do DPI or session handling, it is very important to understand how the setup rates comes into play.

Each appliance, be it DPI or Sessions based Proxy appliance or just plain Layer 2/3 Filtering devices, these devices have to look at traffic at very high speeds.

Each appliance has what it called a “connection setup rate” typically quoted in X many connections/second.

cpanel setup Traceroute Tweak SMTP Tweak

Traceroute Tweak, buat nyembunyiin IP server, sehingga cracker (biskuit) mau tak mau harus menDdOS domain.
Kondisi ini akan mengamanken server, karena domain si VPS (hostname) tidak diketahui, jadi kemungkinan yang terkena serangan hanya salah-satu klien saja. Begitu bandwith klien abis, tinggal ditambahin lagi dari VPSnya, sekalian si VPS memblok IP si biskuit.

We provide professional Cpanel server setup and hardening service. We can setup Cpanel control panel on RedHat Enterprise Linux, CentOS, Fedora Linux and FreeBSD.

Default installation of Cpanel servers provided by most of the data centers are not secure. If you got an unmanaged server, you have to secure your server yourself. Keeping the server with default settings can make the hackers job easy.

Our Cpanel server setup package offers:

Network Management System

Network Management System/Platform (Commercial Softwares)
Zoho Corp. (formerly AdventNet Inc) ManageEngine OpManager - Comprehensive Network, Systems, and Application Management Software for Small and Medium Enterprises.
OpManager is an award winning network monitoring software that helps administrators discover, map, monitor and manage complete IT infrastructure. Download a 30-day trial to test the software live in your network.

mikrotik script

10.10.1.1
up
/interface set 0 name=ether1-gateway
/ip route enable 0
/ip route disable 1

down
/interface set 0 name=ether1-down
/ip route disable 0
/ip route enable 1

10.10.2.1
up
/interface set 1 name=ether1-gateway

down
/interface set 1 name=ether2-down

Belajar VRRP dalam network

Dalam dunia routing kita pasti mengenal static atau default route.
Biasanya static route dan default route dibuat untuk lebih simpel konfigurasi dan memudahkan dalam maintenance.

Untuk lebih mudah berikut ilustrasi default route :

VRRP di Router Juniper

IP adalah protokol jaringan yang digunakan untuk melakukan surfing di internet, download musik, atau game. PC akan memiliki IP address serta default gateway untuk mencapai setiap tujuan yang tidak berada pada subnet lokal. Default gateway dapat didefinisikan oleh pengguna baik secara static atau melalui proses Dynamic Host Configuration Protocol (DHCP). Apapun metode tersebut, default gateway akan digunakan sebagai hop berikutnya untuk rute default yang akan dibuat untuk mencapai tujuan.

Jika default gateway adalah single device dan device tersebut failed, maka PC tidak akan mampu mencapai tujuan di luar subnet lokal. Dalam jaringan fault-tolerant, akan sangat ideal untuk memiliki cadangan gateway device, tanpa harus memodifikasi konfigurasi pada PC, serta dapat di-share dengan beberapa PC di LAN.

VRRP Virtual Router Redundancy Protocol [Mikrotik]

Virtual Router atau VRRP Group merupakan sekumpulan router yang berfungsi untuk kebutuhan redundancy. Secara konseptual VRRP mempunyai satu deviceyang berperan sebagai master dan beberapa router yang akan berfungsi sebagai backup. Pada VRRP, Router Master prioritynya diset 255, sedangkan pada Backup diset antara 1-254, dengan nilai default prioritynya adalah 100 yang masing-masingnya mempunyai sebuah VRID (Virtual Router ID) yang unik.

Spanning Tree Attack

MAC Overflow Attack

Denial of Service (DoS) Attack

DHCP Starvation Attack

DHCP Rogue Server Attack

Double-tag VLAN Hopping Attack

Basic VLAN Hopping Attack

Address Resolution Protocol (ARP) Spoofing Attack

VLAN pada 3Com SuperStack dan Mikrotik Router OS

Tulisan ini menceritakan langkah-langkah setup dan konfigurasi port untuk keperluan VLAN pada switch 3C13700A SuperStack 3 Switch 4200 26-port, pada topologi jaringan sederhana yang menggunakan Mikrotik Router OS pada Router.
Asumsi;

• Setup awal swicth 3com telah dilakukan sebelumnya
• Sudah dapat melakukan konfigurasi melalui CLI, telnet

Sekilas mengenai VLAN

VLAN berdasarkan definisi adalah logical independent network within a physical network, sebagai ilustrasi yang lebih mudah mungkin serupa tapi tak sama dengan pembagian partisi pada HDD.

Beberapa keuntungan VLAN, disadur dari http://en.wikipedia.org/wiki/VLAN;

• Menambah jumlah broadcast domain tapi mengurangi ukuran masing-masing, yang otomatis menurunkan traffic jaringan dan meningkatkan keamanan.
• Mengurangi kebutuhan untuk membuat subnetwork.
• Mengurangi kebutuhan hardware, jaringan dapat dipisahkan secara logical, tidak harus secara fisik.
• Menambah kendali terhadap berbagai jenis trafiic.
• Membuat beberapa logical swicth di dalam sebuah logical switch.

Layer 2 and security - protecting from attack

Before your access lists or firewall rules comes layer 2(L2). This is the Data link layer where your MAC addressing lives. Why do we need to protect L2…?

Man in the middle attacks happen via L2

Rogue DHCP on a single segment

DHCP server starvation attack

ARP attacks against your switches

Lets hit these guys one at a time:

Man in the middle attack
What is a man in the middle attack? Here’s what wikipedia says about it. In a nutshell I tell the router that I am you, and I tell you that I am the router. What happens is that all your traffic passes through me…while I intercept everything possible about what you are doing. I wait for you to attempt a bank transaction and hand you a bunk site certificate and steal your monies  I do this by sending gratuitous ARPs. These are unprovoked ARP announcements. I send ARPs over and over to the router saying I’m you. I then send you ARPs over and over saying that I am the router.

What is DHCP Option 82?

To put it simply, DHCP Option 82 is the "DHCP Relay Agent Information Option". Wasn't that easy?

Option 82 was designed to allow a DHCP Relay Agent to insert circuit specific information into a request that is being forwarded to a DHCP server. Specifically the option works by setting two sub-options: Circuit ID and Remote ID.

network engineer tool

SNMP Enabler for Windows

(17)

 | 

Write Review

Save time by remotely installing, enabling, and configuring SNMP on multiple Windows servers and workstations.

Download Now »

Network Analysis Module

Our industry leading Flexible NetFlow support includes Medianet and NAM (Network Analysis Module) support for voice and video latency, Jitter, ToS and DSCP, advanced application recognition via NBAR integration, and what we call Deep Flow Inspection capabilities for MPLS, QoS, ToS, and DSCP (Differentiated Services Code Point) fields. Vess staked the claim that the SevOne NetFlow solution is not just the fastest in the industry providing support for 250,000 flows per second (and going to 1M) in a single 2U appliance, but it is the only NetFlow solution today that provides both IPv4 and IPv6 flows in the same report.

Freeware NetFlow Software

Caida

Freeware Collector and Reporting

• Cflowd Analysis Software 
• NetraMet 
  

Dynamic Networks

Is a step by step process to build a detailed Network Usage Reports using RRDTool, flow-tools, FlowScan, and CUFlow.

• Dynamic Networks 
  

Suhosin

Suhosin is an advanced protection system for PHPinstallations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Unlike the PHP Hardening-Patch Suhosin is binary compatible to normal PHP installation, which means it is compatible to 3rd party binary extension like ZendOptimizer.

http://www.hardened-php.net/suhosin/

HTTPS Performance Tuning

An often overlooked aspect of web performance tuning is the effect of using the HTTPS protocol to create a secure web site. As applications move from the desktop onto the web, the need for security and privacy means that HTTPS is now heavily used by web sites that need to be responsive enough for every day use.

The tips shown below may help you to avoid some of the common performance and development problems encountered on sites using HTTPS:

Bad block HOWTO for smartmontools

Bruce Allen

      <smartmontools-support@lists.sourceforge.net>
     

Douglas Gilbert

      <smartmontools-support@lists.sourceforge.net>
     

Copyright © 2004, 2005, 2006, 2007 Bruce Allen

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.
For an online copy of the license see www.fsf.org/copyleft/fdl.html.

2007-01-23

Revision History
Revision 1.1	2007-01-23	dpg
add sections on ReiserFS and partition table damage
Revision 1.0	2006-11-14	dpg
merge BadBlockHowTo.txt and BadBlockSCSIHowTo.txt

Abstract

This article describes what actions might be taken when smartmontools detects a bad block on a disk. It demonstrates how to identify the file associated with an unreadable disk sector, and how to force that sector to reallocate.

---

Table of Contents

Introduction

Repairs in a file system

ext2/ext3 first example

ext2/ext3 second example

Unassigned sectors

ReiserFS example

Repairs at the disk level

Partition table problems

LVM repairs

Bad block reassignment

Introduction

Handling bad blocks is a difficult problem as it often involves decisions about losing information. Modern storage devices tend to handle the simple cases automatically, for example by writing a disk sector that was read with difficulty to another area on the media. Even though such a remapping can be done by a disk drive transparently, there is still a lingering worry about media deterioration and the disk running out of spare sectors to remap.
Can smartmontools help? As the SMART acronym ^[1] suggests, the smartctl command and the smartd daemon concentrate on monitoring and analysis. So apart from changing some reporting settings, smartmontools will not modify the raw data in a device. Also smartmontools only works with physical devices, it does not know about partitions and file systems. So other tools are needed. The job of smartmontools is to alert the user that something is wrong and user intervention may be required.
When a bad block is reported one approach is to work out the mapping between the logical block address used by a storage device and a file or some other component of a file system using that device. Note that there may not be such a mapping reflecting that a bad block has been found at a location not currently used by the file system. A user may want to do this analysis to localize and minimize the number of replacement files that are retrieved from some backup store. This approach requires knowledge of the file system involved and this document uses the Linux ext2/ext3 and ReiserFS file systems for examples. Also the type of content may come into play. For example if an area storing video has a corrupted sector, it may be easiest to accept that a frame or two might be corrupted and instruct the disk not to retry as that may have the visual effect of causing a momentary blank into a 1 second pause (while the disk retries the faulty sector, often accompanied by a telltale clicking sound).
Another approach is to ignore the upper level consequences (e.g. corrupting a file or worse damage to a file system) and use the facilities offered by a storage device to repair the damage. The SCSI disk command set is used elaborate on this low level approach.

Risk Management: Market Risk

http://www.riskbook.com/link_topic/risk_management_market_risk.htm

Durability

The Durability of a product design is a key requirement in industry today. Customers expect a robust design. Late changes in the design cycle to respond to test results are expensive and create production and system risks. Simulation of the product durability provides early results and tremendous insight into the design for the product development team. 

Altair Hyperworks provides load prediction, stress analysis using the Finite element method, and fatigue prediction using stress-life or strain-life methods. The entire Durability process can be managed by the Durability Director Process management tool.

hardisk ssd vs sata III

 Originally Posted by GIMPfree 

@tridentcore
jadi, perbedaan yg mencolok adalah di seek time nya ya bro..oke lah kita berkesimpulan bahwa HDD terhalang oleh spindle nya..

bahkan WD Veloci 600GB yg katanya HDD tercepat di dunia (saat ini) masih dibawah sodara sepabriknya (WD SiliconEdge Blue) dalam hal seek time

saat ini harga SSD masih teramat mahal.. coba kita melirik USB flashdisk yg sama-sama ngga ada spindle nya.kira2 gimana kalo flashdisk di RAID 0. flashdisk dalam RAID saya belum pernah dengar juga.. apa bro tridentcore ada info?

Utk masalah UFD sendiri saya juga berpikir seperti bro GIMPfree dari dulu.. kenapa UFD yg notabene sebangsa dgn SSD tapi transfer rate-nya jauh lebih rendah.

Logika saya sih begini... "ada performa ada harga", jadi maksud saya disini adalah kualitas chip flash NAND yg dipakai utk produk UFD jelas beda kualitasnya dgn SSD. Makanya harganya bisa murah-meriah, meskipun ada produk UFD tertentu yg menawarkan kecepatan lebih tetap saja harganya menjulang tinggi tapi masih lebih cepat SSD.

 Originally Posted by andy_ayajiw 

Dari tadi bahas ssd vs sata 3, nah ini yg ada lage yg janggal dipikiran ane...,kalo sata3 dgn raptor mana lbh kencang ya.......,kalo sata 3 hanya 7200rpm dgn transfer rate 6gb/s , n kalo raptor sudah 10000 n 15000rpm ,kira2 mana yang lebih kencang ya???

karena HDD performanya terbatas di putaran spindle HDD jadi jelas aja kecepatan rpm menentukan performanya, namun efeknya adalah panas dan konsumsi watt yg lebih tinggi. VelociRaptor aja ampe butuh HeatSink yg menyelimuti seluruh casingnya tuh...

http://forum.chip.co.id/f20-storage-optical-devices/157672-ask-hardisk-ssd-vs-sata-iii-3.html

Welcome to the Reiser4 Wiki

Contents  [hide] 1 ReiserFS mount options 1.1 acl 1.2 conv 1.3 nolog 1.4 notail 1.5 replayonly 1.6 jdev 1.7 user_xattr 1.8 resize 1.9 block-allocator 2 Linux 2.6 specific mount options 2.1 data 3 Linux 2.4 specific mount options 3.1 hash

ReiserFS mount options

acl

Enable POSIX Access Control Lists. See the acl(5) manual page.

Example:

mount -t reiserfs -o acl /dev/sdb1 /mnt/scsi-disk-b