Honest spam
Everyone knows that recently the Internet has become used, on the one hand, much simpler and more convenient - a lot of different services have appeared, the interfaces of sites…

Continue reading →

We work on a & nb p; secure protocol
Imagine this situation. You have a website located on an external server. You, as an administrator, perform certain actions on it, connecting under a certain login and password. The second…

Continue reading →

Electronic money as a means of payment on the Internet
At the moment, more and more services are provided on the Internet, and very often you need to pay for an interesting program, some kind of service or product. In…

Continue reading →

Warning network attacks.

An intrusion into a computer system usually begins with a preliminary assessment of the flaws in the protection of the network perimeter of your server connected to the network. In the course of such a “shoot-in,” the hacker first needs to know the list of open ports and evaluate the identity of your computer’s operating system. The previous article described the scanlogd program, which allows analyzing attempts to scan your server. However, attacks using veiled scanning techniques like “stealth” have become widespread in the modern Web. Based on this, using scanlogd alone will not give unambiguously positive results.

If you are not satisfied with the modest capabilities of scanlogd, there is a more advanced scan attempts analyzer – PortSentry. This program allows you not only to fix the scan of your computer over the network. It also provides an opportunity to adequately respond to this process (not to scan in response, of course, but simply to block access to the offending host to your server). You can analyze the scanning process of your host and run external programs (like iptables).

Installing PortSentryThe AltLinux installation of the PortSentry utility is performed using Synaptic and is a routine procedure. PortSentry, like scanlogd, runs in daemon mode. After the installation process is complete (in any Linux distribution), you should check the functioning of the daemon autorun script. To do this, check the presence of a symbolic link in the /etc/rc5.d/ directory of the /etc/init.d/portsentry file, for example, using the following command:
# ls -l /etc/rc5.d/*portsentry*
Of course, if there is no such link, it should be created (how to do this with reference to scanlogd, described above).

PortSentry main features PortSentry main features:

possibility of wide customization of default behavior policy. The PortSentry daemon can be run in one of three modes of operation. Thus, you can choose what is more important for you – stop the intruder of your network perimeter or fix the penetration attempt (the ability is regulated by specifying certain command line parameters, for which you should edit the init script (/etc/init.d/portsentry) to start the PortSentry daemon );
the ability to perform retaliatory actions (the author of the program highly recommends that you limit yourself to blocking the hacker’s host, and not take adequate measures such as a response scan) in relation to the intruder of your network boundaries. For example, you can add such a rule to the table of your firewall that will exclude the possibility of information exchange with the offending host (you can also add a line to the /etc/hosts.deny file);
fine-tuning of the ranges of ports to be listened to and ignored, and the ability to create a list of ignored hosts. The ability is necessary to eliminate the false positives of the protection system built on PortSentry. Thus, for example, you can exclude port 53 in order not to receive further warnings about scanning of this port by gaming programs that use network capabilities somewhat frivolously (ADVANCED_EXCLUDE_TCP or ADVANCED_EXCLUDE_UDP parameters, which are used in the advanced mode of launching the PortSentry daemon). Ignored hosts are listed in the file, which is described in the IGNORE_FILE configuration parameter.
PortSentry launch modesThe PortSentry daemon can be run in the following modes:

Classic (the daemon startup key -tcp or -udp). In this mode, the PortSentry daemon waits for connections on the ports listed in the TCP_PORTS configuration file settings (or UDP_PORTS), and blocks packet exchange with the remote host when trying to reconnect or scan. This mode of operation does not allow determining “stealth” scan of your computer;
enhanced (Enchanced) detection mode for stealth scans (start keys -stcp or -sudp). When you try to scan or connect to the ports listed in TCP_PORTS (or UDP_PORTS), the remote computer is blocked;
Advanced (Advanced) mode of detecting “stealth” scans. In this mode, all ports from the first to the specified in the ADVANCED_PORT_TCP parameter (ADVANCED_PORT_UDP) are checked for connectivity or scanning. The mode is activated by the command line switches -atcp or -audp.
Depending on the importance of your host, you should choose one of the three options for starting the PortSentry daemon. It should be noted that only one launch mode can be selected for each protocol at a time. For example, you can specify for both TCP and UDP protocols advanced detection mode for stealth scans. In this case, the value of the MODES variable should be edited in the /etc/init.d/portsentry file. For the specified combination of protocols and protection modes, you must specify MODES = “audp atcp” (in AltLinux 2.4, this value is set in /etc/init.d/portsentry by default).

Five myths and misconceptions about 5G networks and one fly in the ointment
Very soon, already in 2019, the first commercial 5G networks will appear in Russia. On the eve of this event, the first 5G-compatible smartphones will begin to appear in the…

...

What is contextual advertising
It's no secret that search engines provide the highest quality traffic on the modern Internet. And indeed, people who find a website for search queries, in most cases, know exactly…

...

8 things that in no case can not be done on the Internet, so as not to lose personal data
With the spread of the Internet, the era of accessible content, fast exchange of information and rapid communication at any distance began. However, along with all this came the problems,…

...

Manage tabs "fire fox"
If you often search for information you need on the Web, sooner or later you will have to use some mechanism that simplifies working with open browser windows. Most modern…

...