Setting up equipment for Stream
The article by Peter Didenko “Connecting and saving”, published on the pages of our publication, told about how to save money when connecting to the Stream channel. In today's article…

Continue reading →

Telegram lock and deadline for memes: 5 of the loudest scandals of the IT industry lately
Last year was rich in various scandals in the world of information technology. What is it worth blocking Telegram Roskomnadzor messenger or data leakage of 87 million Facebook social network…

Continue reading →

Spammers began to unite in online clubs
Spammers also know the parable of the broom twigs, which are easy to break individually, but together it is almost impossible. And these bad people, which most normal people hate…

Continue reading →

Warning network attacks.

An intrusion into a computer system usually begins with a preliminary assessment of the flaws in the protection of the network perimeter of your server connected to the network. In the course of such a “shoot-in,” the hacker first needs to know the list of open ports and evaluate the identity of your computer’s operating system. The previous article described the scanlogd program, which allows analyzing attempts to scan your server. However, attacks using veiled scanning techniques like “stealth” have become widespread in the modern Web. Based on this, using scanlogd alone will not give unambiguously positive results.

If you are not satisfied with the modest capabilities of scanlogd, there is a more advanced scan attempts analyzer – PortSentry. This program allows you not only to fix the scan of your computer over the network. It also provides an opportunity to adequately respond to this process (not to scan in response, of course, but simply to block access to the offending host to your server). You can analyze the scanning process of your host and run external programs (like iptables).

Installing PortSentryThe AltLinux installation of the PortSentry utility is performed using Synaptic and is a routine procedure. PortSentry, like scanlogd, runs in daemon mode. After the installation process is complete (in any Linux distribution), you should check the functioning of the daemon autorun script. To do this, check the presence of a symbolic link in the /etc/rc5.d/ directory of the /etc/init.d/portsentry file, for example, using the following command:
# ls -l /etc/rc5.d/*portsentry*
Of course, if there is no such link, it should be created (how to do this with reference to scanlogd, described above).

PortSentry main features PortSentry main features:

possibility of wide customization of default behavior policy. The PortSentry daemon can be run in one of three modes of operation. Thus, you can choose what is more important for you – stop the intruder of your network perimeter or fix the penetration attempt (the ability is regulated by specifying certain command line parameters, for which you should edit the init script (/etc/init.d/portsentry) to start the PortSentry daemon );
the ability to perform retaliatory actions (the author of the program highly recommends that you limit yourself to blocking the hacker’s host, and not take adequate measures such as a response scan) in relation to the intruder of your network boundaries. For example, you can add such a rule to the table of your firewall that will exclude the possibility of information exchange with the offending host (you can also add a line to the /etc/hosts.deny file);
fine-tuning of the ranges of ports to be listened to and ignored, and the ability to create a list of ignored hosts. The ability is necessary to eliminate the false positives of the protection system built on PortSentry. Thus, for example, you can exclude port 53 in order not to receive further warnings about scanning of this port by gaming programs that use network capabilities somewhat frivolously (ADVANCED_EXCLUDE_TCP or ADVANCED_EXCLUDE_UDP parameters, which are used in the advanced mode of launching the PortSentry daemon). Ignored hosts are listed in the file, which is described in the IGNORE_FILE configuration parameter.
PortSentry launch modesThe PortSentry daemon can be run in the following modes:

Classic (the daemon startup key -tcp or -udp). In this mode, the PortSentry daemon waits for connections on the ports listed in the TCP_PORTS configuration file settings (or UDP_PORTS), and blocks packet exchange with the remote host when trying to reconnect or scan. This mode of operation does not allow determining “stealth” scan of your computer;
enhanced (Enchanced) detection mode for stealth scans (start keys -stcp or -sudp). When you try to scan or connect to the ports listed in TCP_PORTS (or UDP_PORTS), the remote computer is blocked;
Advanced (Advanced) mode of detecting “stealth” scans. In this mode, all ports from the first to the specified in the ADVANCED_PORT_TCP parameter (ADVANCED_PORT_UDP) are checked for connectivity or scanning. The mode is activated by the command line switches -atcp or -audp.
Depending on the importance of your host, you should choose one of the three options for starting the PortSentry daemon. It should be noted that only one launch mode can be selected for each protocol at a time. For example, you can specify for both TCP and UDP protocols advanced detection mode for stealth scans. In this case, the value of the MODES variable should be edited in the /etc/init.d/portsentry file. For the specified combination of protocols and protection modes, you must specify MODES = “audp atcp” (in AltLinux 2.4, this value is set in /etc/init.d/portsentry by default).

Secrets of profitable online shopping: 6 ways to properly save on the Internet
In online stores now you can find anything from toys to lawn mowers. Often they are cheaper than regular outlets. And the choice is more - in half an hour…

...

Indices: first step on & nb p; paths to & nb p; speed
Databases are specialized repositories of information, and working with them, we operate with concepts of data sets and operations on these data, forgetting that there is real equipment behind them.…

...

From birch bark to hosting: How information storage has evolved with the development of humanity
Since ancient times, people have tried to keep information known to them - both for themselves and for posterity. At first, the methods of preserving information were the most primitive,…

...

VPS & nb; & mda h; what it is
Solutions for sharing computer resources into mutually independent virtual machines were developed more than forty years ago, back in the era of mainframes. IBM has developed a special operating system…

...