In last few days, I've been getting a lot of possible attack warning from my IDS. Before, i always get some local port scan, brut force attack. Yesterday, I found one form Hong Kong.. i was like.. how could that be?
Then, I found the reason. 1,2 days ago.. I login to a photography site and post some of my photos, and I updated my profile and put my domain name on it. That site is from HK.. so.. I guess that explain why I got more attacker from HK.
Nes: 20090603:2030
I totally forgot to mention about "spider". I believe after posting that photo site (dcfever.com) I got attack from HK. I believe somehow some hacker use spider program to search every one's profile and see if there is a site. I believe that's how they got my site. I'm putting myself in a hacker's situation, I would do this. Why waste the time to surf every one's profile and see if there is any possible site to attack?:-)
I've been thinking to do something interesting to my possible attacker. I was thinking to hack them back.. but. hehe... i'm not a good hacker and i dun wanna get in big trouble. So, I've been thinking to telnet their mail port (25) and use snmp protocol to send them an email and tell them that there is 'someone' trying to hack other people's network. (hey, if someone trying to login my ssh with root or ssh more than 5 and it's not me, i'm sure that's not accident!!) That would be fun.. but I think i'll have to mangle my IP too. Just send that mail command, i wouldn't care if i got receive back.
Unfortunately, my Rogers broadband block port 25.. sigh.. I've been thinking to switch an other ISP.. found one for $45 with a static IP and all port open!! That seems to be a good choice tho.
Wednesday, June 3, 2009
Monday, May 18, 2009
My IDS has some Interesting reports.. got attacks from a security blog server
In the LUC course, we wrote an IDS program in perl. After setting up my own server, I put my IDS there and add on some simple features. When ever there is an possible attack, no matter if it's brute force, port scan, I will block the source IP and also port scan back with "nmap -A -PN", then output the result in my apache directory. It's been running for a while. And my IDs has collected quite a lot of interesting reports.
As far as I know, the source IP can be a hacked machine or from a network. Althought I may not able to track down the attacker, but I would like to see where it's from. One of the source has an entry mentioned about an site called "http://echelon.pl/", it blog talk about IT security or.. IPSec... I'm thinking how could it end up attacking my server? haha...
Tne entry:
106/tcp open pop3pw Poppassd 1.8.5 (http://echelon.pl/pubs/poppassd.html)
Anywya, if you're interested, you can see all the nmap result here.. And have some mercy.. don't hack my server.. ;-)
http://bossanesta.ath.cx/NesIds/nmap/
As far as I know, the source IP can be a hacked machine or from a network. Althought I may not able to track down the attacker, but I would like to see where it's from. One of the source has an entry mentioned about an site called "http://echelon.pl/", it blog talk about IT security or.. IPSec... I'm thinking how could it end up attacking my server? haha...
Tne entry:
106/tcp open pop3pw Poppassd 1.8.5 (http://echelon.pl/pubs/poppassd.html)
Anywya, if you're interested, you can see all the nmap result here.. And have some mercy.. don't hack my server.. ;-)
http://bossanesta.ath.cx/NesIds/nmap/
Sunday, May 3, 2009
FREE Photogrphier for Open Source and Seneca!!
Dessert Flower, love the contrastJust bought a new lens, Nikkor 50mm F1.4. It's super amazing!!! It's not expensive tho, I bought a used one for $320, a new one is around $350. It's actually a mid-priced lens. cos the top one should be 50mm F1.2 or 80mm F1.4. But.. u know what? this is amazing!! When I first saw the photos, i was like.. OMG.. are those really my photos? hahaha..
I would love to dedicate my hobby to all every one involved in open source and Seneca. Let me know if I could help you. And I'll try my best!
PS: look at my tittle, geez.. i should be in media instead of computing. Maybe I've read too much gossip magazine, hahaha..
SHOW TIME!! Great deep of view from my Nikkor 50mm F1.4
Zen, love the colour match and the peaceful sweet scene
CDOT Student Presentation 200904 in Flickr
Finally, I've uploaded it, hehe.. If you want the original, please let me know.
CDOT Student Presentation 200904 in Flickr
(Full Screen, flash required)
CDOT Student Presentation 200904 in Flickr
Thursday, April 30, 2009
Another Andrio Phone, Samsung i7500
Cool.. finally, another Android!! Really looking forward to see the real thing. I actually have been using my iPhone at home when I have problem with my network. It's just so cool and convenience. When every I need to test WLAN or LAN, I would use it.I can run ping, nmap, sniffer, tcpdump, ifconfig, etc networking tool on my phone. And in last few days, on my brother's request, I setup tittering for his brand new Asus 1000HE, so he can connect the internet any where with his 3G network. And he loves it!!
And it should be practical at work also. You know, in some critical production site or some data center, it's quite hard to get internet connection. Using your phone, which allow you connect to the internet without affect the production site network, this is amazing.
When there is a new iPhone coming up(next year?), i may get a new phone, it should be either the new iPhone or an Android. Frankly, mostly i'll get the new iPhone. But if I do use it to type command.. well.. an Linux based smarphone with slide keyboard should be a better choice tho. Although I do love the touch screen on iPhone.. but for typing? A physical keyboard is much more better tho.
Consider Linux SmartPhone is going to be the future, should every Sys admin get a smart phone?
Samsung i7500 in cent
Hands on preview in a Russian site
Friday, April 17, 2009
mNm Release 0.9
mNm Release 0.9
= integrated multi-language support
= progress bar & message
= Existing Code migrate with Fedora First Boot, as a plug-in in 'Create User' Module
= Improved Auto Mount (instead of un-mount every thing, it only mount non-existing one)
Sunday, April 12, 2009
OH.. My gosh... i almost delete all my post in blogger..
I was managing my label/tag of my post to prepare my project presentation.. i click on the 'delete' below 'apply label', it thought it's delete the label. But no!! it deleted my blog. I actually doubt about it already, but as labeling a blog has an undo function, i thought delete a blog should have an undo, right?
NO!!! IT DOSE NOT!!
Lucky that I was playing blogger because my FreeBSD assignment needs to import post from blogger to wordpress. And I did have a backup... that I didn't even remember. Thanks god.. every thing is here.. :-) I still wanna show my blog to my grand children... LOL
Lucky that I was playing blogger because my FreeBSD assignment needs to import post from blogger to wordpress. And I did have a backup... that I didn't even remember. Thanks god.. every thing is here.. :-) I still wanna show my blog to my grand children... LOL
Subscribe to:
Posts (Atom)
