Banning Repeat Offenders With fail2ban

More and more I see fail2ban banning the same hosts repeatedly. One way to tackle this could be to increase the ban time but you could also have fail2ban monitor itself to find “repeat offenders” and then ban them for an extended period of time. Firstly, create a filter definition:

This will be used against the fail2ban log and will find any hosts that have been unbanned. We don’t want to

DHCP Option 43 Generator for Cisco Lightweight APs

I got lazy after having to create a load of DHCP scopes for Cisco Lightweight Access Points, each requiring Option 43 in TLV format. And now you can be lazy too. Save the following as a HTML file and open in your favorite browser. In the text area enter your WLC IP addresses one per line and hit submit. This will generate the hex string to use in DHCP Option 43. Linux Feedback Agent

I’ve been working with some appliances recently, load balancing traffic over MySQL and Apache servers running Linux. The load balancer supports a feedback agent where it can query the real server to gauge how utilised it is based on, for example, CPU load and then distribute the request to the real server that should perform the best. Over on the blog is an article about the feedback agent and how to implement it

Cisco VSS, Domain ID and Virtual MAC Addresses

The other weekend I connected a L2 circuit between two sites. At both ends were Cisco 6500 Catalyst switches running VSS. The interfaces they connected to were configured as L3 and EIGRP was run between the two sites to share routes. But as soon as they were connected the neighbors started flapping. Troubleshooting started and as always you start at the lowest OSI layer and work up. Bingo! The issue

Root Shell on DrayTek AP 800

The DrayTek AP 800 is a 2.4Ghz 802.11n Access Point with the ability to make it dual band, 2.4Ghz and 5Ghz, with an optional USB dongle. It supports multi-SSID with VLAN tagging, built in RADIUS server, per-SSID/station bandwidth control and can act as a bridge, repeater etc. As with all of these SOHO products it’d built on Linux. Which means somewhere there is a root shell lurking. The DrayTek AP

Show Me The Config!

Back in the days before stacks and VSS, doing a “show run” to look at something was easy. You pressed space a few times to page through the output and found the section you were interested in. Now when you’ve got a stack of several switches or switch running VSS with hundreds of interfaces you’ll be pressing space forever and a day paging through the config. In IOS you can pipe output to a selection of

Cisco Crypto ACLs – Do They Really Need to Match?

When starting out with IPsec tunnels it seems to be a common misconception that the crypto ACL, sometimes referred to as the encryption domain or the interesting traffic, must match 100% or be mirrored at both peers or the tunnel won’t come up. This isn’t strictly true. Whilst the ISAKMP phase 1 and IPsec phase 2 proposals must match, the crypto ACL can be different. Assume that at the local

Auditing Cisco ASA Firewall Rules

Today I was auditing a firewall rule set on a Cisco ASA firewall. The firewall has around 399 ACLs (Access Control Lists) comprising of 7272 ACEs (Access Control Entries). Quite a task! Unfortunately I didn’t have any tools to hand such as Cisco Security Manager or something like FirePac to audit the rules and give me some suggestions. Stage 1 was to visually look at the ACLs and spot the obvious

Open Curtains – VNC With No Authentication

A few weeks ago I read an article about mass scanning the Internet for VNC servers that don’t require authentication. Dubbed “open curtains” because it’s like having your curtains open allowing anyone passing by to glance in. The person doesn’t need to bypass any security in place or have a key to your door to get this access – it’s open for everyone to take a peek inside. To achieve

Custom Kernel On a DigitalOcean Droplet

A few days ago I decided to create a VPS, known as a “droplet”, with DigitalOcean. They claim a deployment time of 55 seconds. And 55 seconds after hitting the button I had a Debian 7 x64 droplet running. The plan was to migrate my current VPS to this DigitalOcean droplet. The first task I always undertake with any Linux deployment is to create a custom stripped down kernel patched