Security

OSX Viruii – The First Two in the Same Weekend

20 February 2006

OSX has gone from no known virus threats on Friday morning, to two threats on Monday morning. What a weekend! From the Symantec Anti-Virus Research Center: OSX.Leap.A OSX.Inqtana.A Both are low risk viruii. OSX.Leap.A is a worm that spreads through iChat. OSX.Inqtana.A is a worm that spreads through the BlueTooth system. At this time, OSX.Inqtana.A [...]

Read the full article →

Five Tips for Securing SSH

26 January 2006

These snippets are all options in the sshd_config file, located at /etc/ssh/sshd_config on most Linux distros. In order of increasing security Dissallow SSHv1 and force SSHv2 connections Protocol 2 SSHv1 is now considered unsecure. Limit the number of SSH connection attempts at one time MaxStartups 2 or MaxStartups start:rate:full From the sshd_config manpage Alternatively, random [...]

Read the full article →

Add Banned IP DNS Info to BFD Emails v2

9 January 2006

Last week I posted a quick and dirty way to add the DNS information to the BFD alert emails. I already grew tired of looking at all the Dig comments, stats and additional info so I updated the snippet to provide only the PTR record and authority section. The updated line: DIG=`dig -x $ATT_HOST +nocomments [...]

Read the full article →

Add Banned IP DNS Info to BFD Emails

4 January 2006

I always look up the DNS info for IPs the Brute Force Detection (BFD) alert emails to see where the attack is coming from. If several attacks come from similar places the ISP or datacenter can be notified of the attack. I added a few lines to the BFD system to automatically supply the DNS [...]

Read the full article →

New Linux Web Services Worm – Linux.Plupii

8 November 2005

An article on eWeek gives the following synopsis of what the worm does: When Plupii is successful in infecting a server, it then sends a notification message to an attacker at a remote IP address via UDP port 7222 or 7111. Which port it attacks appears to be hard-wired into the worm and thus represents [...]

Read the full article →