Friday, February 15, 2013

Facebook Computers Compromised - 0 Day Java Exploit

Facebook computers compromised by zero-day Java exploit

http://tinyurl.com/cwmvxrv
https://t.co/M46qJAiH

I'm still reading up on it but wanted to put it out there ASAP!

Thursday, February 14, 2013

Obama's cybersecurity executive order: What you need to know.


Obama's cybersecurity executive order: What you need to know.


Embargoed until the delivery the State of the Union address, US President Obama signed the expected and highly anticipated cybersecurity executive order. With potentially serious implications for US and foreign citizens' privacy, here's what you need to know.

Read more here.

Tuesday, February 12, 2013

Iptables and Blocking by Region

I'm tired of seeing certain network ranges always peppering my linux server, so I'm going to experiment with blocking via region.  I've seen several hints/tips but I want to do this with the server not taking too much of a hit.  Note that I'm mainly concerned with traffic that I typically allow, such as port 80.  I could block via apache, which may well work, but I also want to investigate using iptables.

So far, I've found:


  1. http://www.cyberciti.biz/faq/iptables-read-and-block-ips-subnets-from-text-file/
  2. http://www.parkansky.com/china.htm
  3. http://www.webhostingtalk.com/showthread.php?t=1146401 (and http://www.jsimmons.co.uk/2010/06/08/using-ipset-with-iptables-in-ubuntu-lts-1004-to-block-large-ip-ranges/)
  4. I could possibly use tcpwrappers as well, but I'm not sure tcpwrappers can handle the amount of ranges I want to block.


Solution #1 seems a bit too hackish.  As well, the server may take a performance hit if I decide to drop more than one region (China's netranges are broad enough as it is).

Solution #2 might not be so bad, as it leverages the htaccess function.  I've no idea how performance-intensive this method is, but it may be worth looking into.  A con is that I also run a mail server...this method won't work for mail.

Solution #3 looks good.  This method uses iptables and ipset.  Ipset lessens the performance hit when blocking thousands of IPs.

So, before hitting the bed, I decided to give solution #3 a shot.  I immediately found that the tutorial is out-of-date (it caters to Ubuntu 10.04...I'm using 12.04).  I'm attempting to work through it by leveraging the manual pages and 'ipset info', but I'm running into kernel errors such as:


root@li7-220:~# ipset create feckoff hash:ip
ipset v6.11: Kernel error received: Invalid argument

I do not have full control over my host (it is running on a linode, and the modules are locked down).  I may not be able to use this, but I'll continue to investigate.

EDIT:  Well, I'll be damned!  I got the command to take.  I had to select a more current kernel to boot up (I was using a depreciated Linode kernel).  I guess I should check that more often.  I'll continue this exercise tomorrow...I just have to ensure I've bookmarked all my reference sites.