Valid XHTML 1.0!

Valid CSS!

Powered by PHP

Get FireFox

1&1 Internet

Archived News

Mobile WiFi performanceMonday 29th November 2010
There is an option on my mobile phone that allows me to put set my WiFi to good performance or good battery life.

Not sure the impact on battery life (after 3 years of use), but I just spotted the performance difference on a poor signal:

4ms ping response

50-500ms ping response

Not sure if the world is a better place for this information, but hey, I always wondered...

Updating DNSTuesday 23rd November 2010
I recently stumbled across a problem with updating my new BIND DNS server.

To maintain security, my DHCP server will perform updates to BIND using a TSIG key. This means my main Zone file is setup to receive updates.

I also have some devices configured on my network with static IP addresses (routers and such), which won't contact DHCP for an IP, and so cannot have their records updated automatically.

Previously I've just gone and put a line in the zone master file and had done with it. After a reboot my DNS failed with the error:
"journal rollforward failed: journal out of sync with zone"

Bummer. The fix to this is to delete the *.jnl file for that zone and restart BIND, it will rebuild it and everybody is happy. Apart from me. As this is hardly the answer.

The obvious answer is to send a dynamic update to the DNS server in the same manner DHCP would. Using the "nsupdate" tool. Thanks to this article for the pointer.

Basically you need to run (putting in the appropriate TSIG key file name):
nslookup -v -k /etc/named.d/mykey.key

You will be presented with a console and you simply do this:

update add myhost.mydomain 86400 a

update add 86400 ptr myhost.mydomain.

Note the trailing dot on the reverse lookup FQDN. This is required.

Type quit to quit!

Authentication failureFriday 5th November 2010
I'm seeing a new pattern in my logs for logon failures to my server.

Whereas before I've seen people attempt to send a list of usernames to my server in the hope that one of them is passwordless. I am now seeing just one attempt to be made to the root logon and that's it.

Just from lots of different IPs with a fair time gap in-between each one.

This is something I expected to see a long time ago and I'm surprised it's taken the kiddies to get their botnets up to doing this.

It essentially defeats Fail2Ban by not spamming the server, but instead leaving a small interval to not trip it's logging attempt thresholds (which of course could be tightened up).

Still - it's going to take a very long time to dictionary attack a single user account at this rate and that's assuming that the username they have chosen (root) even exists.

Previous Next