How to understand that someone is following our correspondence on the web and take all necessary measures
In recent years, there are more and more scandals associated with data leakage on the Web and spying on people - both for individuals and for companies or even states.…

Continue reading →

Hacking sites and CC
It's no secret that there are quite a few hackers on the modern Internet. Some of them are really high-class specialists, well versed in many technologies. Others, on the contrary,…

Continue reading →

One site & nb p; & mda h; two servers?
In most cases, the placement of the site is as follows. All information is hosted on the server. In the future, requests from the user's computer using the DNS system…

Continue reading →

Warning network attacks.

An intrusion into a computer system usually begins with a preliminary assessment of the flaws in the protection of the network perimeter of your server connected to the network. In the course of such a “shoot-in,” the hacker first needs to know the list of open ports and evaluate the identity of your computer’s operating system. The previous article described the scanlogd program, which allows analyzing attempts to scan your server. However, attacks using veiled scanning techniques like “stealth” have become widespread in the modern Web. Based on this, using scanlogd alone will not give unambiguously positive results.

If you are not satisfied with the modest capabilities of scanlogd, there is a more advanced scan attempts analyzer – PortSentry. This program allows you not only to fix the scan of your computer over the network. It also provides an opportunity to adequately respond to this process (not to scan in response, of course, but simply to block access to the offending host to your server). You can analyze the scanning process of your host and run external programs (like iptables).

Installing PortSentryThe AltLinux installation of the PortSentry utility is performed using Synaptic and is a routine procedure. PortSentry, like scanlogd, runs in daemon mode. After the installation process is complete (in any Linux distribution), you should check the functioning of the daemon autorun script. To do this, check the presence of a symbolic link in the /etc/rc5.d/ directory of the /etc/init.d/portsentry file, for example, using the following command:
# ls -l /etc/rc5.d/*portsentry*
Of course, if there is no such link, it should be created (how to do this with reference to scanlogd, described above).

PortSentry main features PortSentry main features:

possibility of wide customization of default behavior policy. The PortSentry daemon can be run in one of three modes of operation. Thus, you can choose what is more important for you – stop the intruder of your network perimeter or fix the penetration attempt (the ability is regulated by specifying certain command line parameters, for which you should edit the init script (/etc/init.d/portsentry) to start the PortSentry daemon );
the ability to perform retaliatory actions (the author of the program highly recommends that you limit yourself to blocking the hacker’s host, and not take adequate measures such as a response scan) in relation to the intruder of your network boundaries. For example, you can add such a rule to the table of your firewall that will exclude the possibility of information exchange with the offending host (you can also add a line to the /etc/hosts.deny file);
fine-tuning of the ranges of ports to be listened to and ignored, and the ability to create a list of ignored hosts. The ability is necessary to eliminate the false positives of the protection system built on PortSentry. Thus, for example, you can exclude port 53 in order not to receive further warnings about scanning of this port by gaming programs that use network capabilities somewhat frivolously (ADVANCED_EXCLUDE_TCP or ADVANCED_EXCLUDE_UDP parameters, which are used in the advanced mode of launching the PortSentry daemon). Ignored hosts are listed in the file, which is described in the IGNORE_FILE configuration parameter.
PortSentry launch modesThe PortSentry daemon can be run in the following modes:

Classic (the daemon startup key -tcp or -udp). In this mode, the PortSentry daemon waits for connections on the ports listed in the TCP_PORTS configuration file settings (or UDP_PORTS), and blocks packet exchange with the remote host when trying to reconnect or scan. This mode of operation does not allow determining “stealth” scan of your computer;
enhanced (Enchanced) detection mode for stealth scans (start keys -stcp or -sudp). When you try to scan or connect to the ports listed in TCP_PORTS (or UDP_PORTS), the remote computer is blocked;
Advanced (Advanced) mode of detecting “stealth” scans. In this mode, all ports from the first to the specified in the ADVANCED_PORT_TCP parameter (ADVANCED_PORT_UDP) are checked for connectivity or scanning. The mode is activated by the command line switches -atcp or -audp.
Depending on the importance of your host, you should choose one of the three options for starting the PortSentry daemon. It should be noted that only one launch mode can be selected for each protocol at a time. For example, you can specify for both TCP and UDP protocols advanced detection mode for stealth scans. In this case, the value of the MODES variable should be edited in the /etc/init.d/portsentry file. For the specified combination of protocols and protection modes, you must specify MODES = “audp atcp” (in AltLinux 2.4, this value is set in /etc/init.d/portsentry by default).

Installing Gentoo Linux on & nb p; remote server
Installing Linux on a local machine in most cases is not difficult - in the pursuit of an audience, developers supply distributions with sufficiently high-quality installers. When your server is…

...

How to increase blog traffic
At this stage of the development of the Internet, the blogosphere is of serious interest from the business. Thus, the value of one unit of the blogosphere, that is, the…

...

7 "hard" examples of how in different countries they are trying to control the functioning of the Internet
Recently, politicians, businessmen and even “media” personalities are talking more and more about various aspects of the Internet and, increasingly, the words about it sound in a positive way. The…

...

Manage tabs "fire fox"
If you often search for information you need on the Web, sooner or later you will have to use some mechanism that simplifies working with open browser windows. Most modern…

...