Re: Bezeq Ruter

2015-04-13 Thread matanya 
g list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> 
> --
> 
> Message: 6
> Date: Mon, 13 Apr 2015 16:29:07 +1000
> From: Amos Shapira 
> To: "E.S. Rosenberg" 
> Cc: Linux-IL 
> Subject: Re: Bezeq Ruter
> Message-ID:
> 
> Content-Type: text/plain; charset="utf-8"
> 
> I wonder - do you have to get the modem from Bezeq? Can't you buy anything
> compatible on the free market?
> 
> On 13 April 2015 at 16:18, E.S. Rosenberg  wrote:
> 
>> In addition to the "fancy" (read crappy) wireless routers that Bezeq
>> will always try to offer you to lease/buy/get/whatever the latest fad
>> is, they also have simple modems.
>> Really these are bridge routers with one ethernet port and one DSL
>> port, also running Linux, you can use them as router and create a DMZ
>> between your wireless router and the bridge, though I don't recommend
>> that because then you:
>> - can't just drop in a replacement when they break down
>> - are relying on the bridges' firmware for security on your DMZ
>> 
>> They have currently 2 models as far as I can tell:
>> - (Rotal) RTA 1320+
>> - D-Link DSL-25xx (newer, haven't seen very often)
>> 
>> Bezeq does not like giving these devices out most likely because it
>> prevents them from having a Bezeq_free network at your address, the
>> last time I had to replace my modem they told me that they actually
>> repair them and aren't making/buying new ones (which makes sense for
>> the rta1320 which is old but supports up to 24M).
>> The fact that they are repairing does seem to be starting to lead to
>> failures happing more often recently...
>> It also prevents them from trouble shooting your network since the
>> most they will have access to is the bridge whereas they generally
>> have remote access to the wireless-routers (you often don't even get
>> full root/admin on the router).
>> 
>> To me using these devices only has advantages:
>> - cost less then the "fancy" modem/routers.
>> - allows me full control over my network infrastructure.
>> - no Bezeq network freeloading on my DSL connection
>> - no Bezeq access to my home network
>> - allows me to easily upgrade my wireless router if/when I want some
>> newer technology/toy.
>> 
>> BTW: It is of course also possible to use a Bezeq wireless router
>> together with your own wireless router either in a DMZ like setup or
>> even as a bridge (though that takes some real effort), but that seems
>> like a major overkill and a waste of money.
>> 
>> HTH,
>> Eliyahu - ?
>> 
>> 2015-04-12 23:15 GMT+03:00 Geoff Shang :
>>> On Sun, 12 Apr 2015, E.S. Rosenberg wrote:
>>> 
>>>> Personally I always insist on Bezeq giving me their simple modem and
>>>> use a decent router of my choosing (obviously vetted for OpenWRT
>>>> support and specs) for WiFi etc (the modem ends up being a bridge
>>>> device about whose fw etc I don't care as much).
>>> 
>>> 
>>> Ha! I didn't know you could do this. Typical that I find out 6 weeks
>>> before I leave the country. :)
>>> 
>>> for the benefit of anyone else who didn't know, please tel more.
>>> 
>>> Geoff.
>>> 
>>> 
>>> 
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> 
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> 
> --
> <http://au.linkedin.com/in/gliderflyer>
> -- next part --
> An HTML attachment was scrubbed...
> URL:
> <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150413/348ffb6e/attachment-0001.html>
> 
> --
> 
> Message: 7
> Date: Mon, 13 Apr 2015 09:43:03 +0300
> From: Moish 
> To: linux-il@cs.huji.ac.il
> Subject: Re: Bezeq Ruter
> Message-ID: <552b6577.20...@mln.co.il>
> Content-Type: text/plain; charset="us-ascii"
> 
> An HTML attachment was scrubbed...
> URL:
> <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150413/6e8d5a03/attachment.html>
> 
> --
> 
> Subject: Digest Footer
> 
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> 
> --
> 
> End of Linux-il Digest, Vol 76, Issue 6
> ***

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

I've been hacked, or not?

2015-04-13 Thread Shachar Shemesh 
Hi all,

I have a server whose apache2 process is generating lots of requests to
http://gthfx.com/. That's it. Nothing seems to be sent, and it's always
the same page. No cookies. No different URLs. Nothing. Eventually, the
apache processes build up, and all the sites stop responding. Restarting
apache resolves this, but, of course, the problem slowly builds up again.

I have no idea what this is. Unless this is a command and control
waiting for instructions, this seems more like a runaway plugin than
some deliberate attack. I cannot, however, seem to find anything that
triggers this. I reinstalled apache and all related packages, greped the
site name over etc, /var/log and where my sites are located.

Even if I have been hacked, I need to understand how before I can handle
this. If I just reinstall the server (both time consuming and expensive,
as I need provision a temporary server to make a smooth transition), I'm
still going to be open to the same attack vector unless I do something.

It seems most likely that the attack (if that's what it was) was
rendered through one of the sites. I should point out, however, that the
apache server has no write access to any of the web sites it is serving.
As such, I cannot see how such an attack can take place, even assuming
it is an attack (unless the attacker got actual root, of course).

What I'd really like to do is take such a process that I know is hanging
on connection to the web site, and find out which request it thinks it
is serving.

Ideas?

Shachar
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

2015-04-13 Thread Shachar Shemesh 
On 13/04/15 19:34, Shachar Shemesh wrote:
>
> What I'd really like to do is take such a process that I know is
> hanging on connection to the web site, and find out which request it
> thinks it is serving.
>
I love this mailing list :-)

No sooner had I sent this message, I knew how to figure out what was
going on. I ran a tcpdump on both incoming and outgoing requests, and
managed to locate record the actual attack. It turns out that there is a
denial of service (phew! No need to reinstall the server) in wordpress
(yes, I've upgraded to the latest version after the last time my server
died).

I've reported it to the wordpress security team, along with network
dumps. I'm hopeful it will be fixed soon, making us all safer. Following
their recommendation, I'm not disclosing any more details at this point
in time.

Shachar
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

2015-04-13 Thread Efraim Flashner 
On Mon, 13 Apr 2015 20:11:57 +0300
Shachar Shemesh  wrote:

> On 13/04/15 19:34, Shachar Shemesh wrote:
> >
> > What I'd really like to do is take such a process that I know is
> > hanging on connection to the web site, and find out which request it
> > thinks it is serving.
> >
> I love this mailing list :-)
> 
> No sooner had I sent this message, I knew how to figure out what was
> going on. I ran a tcpdump on both incoming and outgoing requests, and
> managed to locate record the actual attack. It turns out that there is a
> denial of service (phew! No need to reinstall the server) in wordpress
> (yes, I've upgraded to the latest version after the last time my server
> died).
> 
> I've reported it to the wordpress security team, along with network
> dumps. I'm hopeful it will be fixed soon, making us all safer. Following
> their recommendation, I'm not disclosing any more details at this point
> in time.
> 
> Shachar

Gotta love wordpress

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


pgpboYfgCQ2Ch.pgp
Description: OpenPGP digital signature
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Bezeq Ruter

2015-04-13 Thread Amichai Rotman 
my network infrastructure.
> > - no Bezeq network freeloading on my DSL connection
> > - no Bezeq access to my home network
> > - allows me to easily upgrade my wireless router if/when I want some
> > newer technology/toy.
> >
> > BTW: It is of course also possible to use a Bezeq wireless router
> > together with your own wireless router either in a DMZ like setup or
> > even as a bridge (though that takes some real effort), but that seems
> > like a major overkill and a waste of money.
> >
> > HTH,
> > Eliyahu - ?
> >
> > 2015-04-12 23:15 GMT+03:00 Geoff Shang :
> >
> >> On Sun, 12 Apr 2015, E.S. Rosenberg wrote:
> >>
> >>> Personally I always insist on Bezeq giving me their simple modem and
> >>> use a decent router of my choosing (obviously vetted for OpenWRT
> >>> support and specs) for WiFi etc (the modem ends up being a bridge
> >>> device about whose fw etc I don't care as much).
> >>
> >> Ha! I didn't know you could do this. Typical that I find out 6 weeks
> >> before I leave the country. :)
> >>
> >> for the benefit of anyone else who didn't know, please tel more.
> >>
> >> Geoff.
> >>
> >> ___
> >> Linux-il mailing list
> >> Linux-il@cs.huji.ac.il
> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> > --
> >
> > Message: 6
> > Date: Mon, 13 Apr 2015 16:29:07 +1000
> > From: Amos Shapira 
> > To: "E.S. Rosenberg" 
> > Cc: Linux-IL 
> > Subject: Re: Bezeq Ruter
> > Message-ID:
> > 
> > Content-Type: text/plain; charset="utf-8"
> >
> > I wonder - do you have to get the modem from Bezeq? Can't you buy
> anything
> > compatible on the free market?
> >
> > On 13 April 2015 at 16:18, E.S. Rosenberg 
> wrote:
> >
> >> In addition to the "fancy" (read crappy) wireless routers that Bezeq
> >> will always try to offer you to lease/buy/get/whatever the latest fad
> >> is, they also have simple modems.
> >> Really these are bridge routers with one ethernet port and one DSL
> >> port, also running Linux, you can use them as router and create a DMZ
> >> between your wireless router and the bridge, though I don't recommend
> >> that because then you:
> >> - can't just drop in a replacement when they break down
> >> - are relying on the bridges' firmware for security on your DMZ
> >>
> >> They have currently 2 models as far as I can tell:
> >> - (Rotal) RTA 1320+
> >> - D-Link DSL-25xx (newer, haven't seen very often)
> >>
> >> Bezeq does not like giving these devices out most likely because it
> >> prevents them from having a Bezeq_free network at your address, the
> >> last time I had to replace my modem they told me that they actually
> >> repair them and aren't making/buying new ones (which makes sense for
> >> the rta1320 which is old but supports up to 24M).
> >> The fact that they are repairing does seem to be starting to lead to
> >> failures happing more often recently...
> >> It also prevents them from trouble shooting your network since the
> >> most they will have access to is the bridge whereas they generally
> >> have remote access to the wireless-routers (you often don't even get
> >> full root/admin on the router).
> >>
> >> To me using these devices only has advantages:
> >> - cost less then the "fancy" modem/routers.
> >> - allows me full control over my network infrastructure.
> >> - no Bezeq network freeloading on my DSL connection
> >> - no Bezeq access to my home network
> >> - allows me to easily upgrade my wireless router if/when I want some
> >> newer technology/toy.
> >>
> >> BTW: It is of course also possible to use a Bezeq wireless router
> >> together with your own wireless router either in a DMZ like setup or
> >> even as a bridge (though that takes some real effort), but that seems
> >> like a major overkill and a waste of money.
> >>
> >> HTH,
> >> Eliyahu - ?
> >>
> >> 2015-04-12 23:15 GMT+03:00 Geoff Shang :
> >>> On Sun, 12 Apr 2015, E.S. Rosenberg wrote:
> >>>
> >>>> Personally I always insist on Bezeq giving me their simple modem and
> >>>> use a decent router of my choosing (obviously vetted for OpenWRT
> >>>> support and specs) for WiFi etc (the modem ends up being a bridge
> >>>> device about whose fw etc I don't care as much).
> >>>
> >>>
> >>> Ha! I didn't know you could do this. Typical that I find out 6 weeks
> >>> before I leave the country. :)
> >>>
> >>> for the benefit of anyone else who didn't know, please tel more.
> >>>
> >>> Geoff.
> >>>
> >>>
> >>>
> >>> ___
> >>> Linux-il mailing list
> >>> Linux-il@cs.huji.ac.il
> >>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >>
> >> ___
> >> Linux-il mailing list
> >> Linux-il@cs.huji.ac.il
> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> > --
> > <http://au.linkedin.com/in/gliderflyer>
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL:
> > <
> http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150413/348ffb6e/attachment-0001.html
> >
> >
> > --
> >
> > Message: 7
> > Date: Mon, 13 Apr 2015 09:43:03 +0300
> > From: Moish 
> > To: linux-il@cs.huji.ac.il
> > Subject: Re: Bezeq Ruter
> > Message-ID: <552b6577.20...@mln.co.il>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > An HTML attachment was scrubbed...
> > URL:
> > <
> http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20150413/6e8d5a03/attachment.html
> >
> >
> > --
> >
> > Subject: Digest Footer
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> > --
> >
> > End of Linux-il Digest, Vol 76, Issue 6
> > ***
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

2015-04-13 Thread Amos Shapira 
On 14 April 2015 at 02:34, Shachar Shemesh  wrote:

> If I just reinstall the server (both time consuming and expensive, as I
> need provision a temporary server to make a smooth transition), I'm still
> going to be open to the same attack vector unless I do something.
>

Don't you have a DR plan?
How about automating the server setup, so you can both test changes (ever
heard of Vagrant?) and get it back to life without worrying about it?

Remember - todays servers should be treated like cattle, not pets:
http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg

(from http://www.slideshare.net/gmccance/cern-data-centre-evolution, origin
at
http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story)

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

2015-04-13 Thread Shachar Shemesh 
Yes. That's top advice IF you are working off someone elses money and/or paying for your own time.
If, however, this is something done in your spare time, serving mostly you and being paid for out of your own pocket, the difference between 8€/mo and what you said becomes big.
Shachar
On Apr 14, 2015 3:02 AM, Amos Shapira  wrote:On 14 April 2015 at 02:34, Shachar Shemesh  wrote:
  



  
  If I just reinstall the server (both time consuming and
expensive, as I need provision a temporary server to make a smooth
transition), I'm still going to be open to the same attack vector
unless I do something.Don't you have a DR plan?How about automating the server setup, so you can both test changes (ever heard of Vagrant?) and get it back to life without worrying about it?Remember - todays servers should be treated like cattle, not pets: http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg(from http://www.slideshare.net/gmccance/cern-data-centre-evolution, origin at http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story)--Amos

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

2015-04-13 Thread Amos Shapira 
Please allow me to disagree,

I see top value in spending some time to learn to set it up automatically -
it'll pay itself in spades every time you have to update anything on that
server, let alone migrate or rebuild it.

Setting up a test environment with Vagrant, setting things up with Puppet
(or whatever else is your favourite poison), testing the changes with
Serverspec and friends shouldn't take more than a day of hacking, will make
you much more relaxed about maintaining this server, and give you fantastic
tools to use in your other work.

E.g. I'm hacking now on my own project and see the value of automatic tests
so as my code progresses, I can make sure I didn't break something which
worked before. Sure its a hassle to kickstart it but once it's up it's
invaluable.

On 14 April 2015 at 12:53, Shachar Shemesh  wrote:

> Yes. That's top advice IF you are working off someone elses money and/or
> paying for your own time.
>
> If, however, this is something done in your spare time, serving mostly you
> and being paid for out of your own pocket, the difference between 8€/mo and
> what you said becomes big.
>
> Shachar
> On Apr 14, 2015 3:02 AM, Amos Shapira  wrote:
>
> On 14 April 2015 at 02:34, Shachar Shemesh  wrote:
>
>> If I just reinstall the server (both time consuming and expensive, as I
>> need provision a temporary server to make a smooth transition), I'm still
>> going to be open to the same attack vector unless I do something.
>>
>
> Don't you have a DR plan?
> How about automating the server setup, so you can both test changes (ever
> heard of Vagrant?) and get it back to life without worrying about it?
>
> Remember - todays servers should be treated like cattle, not pets:
> http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg
>
> (from http://www.slideshare.net/gmccance/cern-data-centre-evolution,
> origin at
> http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story
> )
>
> --Amos
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

formatting a disk for a home NAS

2015-04-13 Thread Shlomo Solomon 
I'm setting up a home NAS - Raspberry PI2, Raspbian, Samba, external
disk. It's meant to serve files to a mixed network - Linux, Windows and
Android devices. The new disk comes formatted as NTFS. My "gut" tells
me to re-format as EXT4 - any comments or suggestions?

Additional info: The files will be a mix of music, video and office
files. I will also be backing up at least one of the Linux boxes on
this server, so there will also be a fair number of small files -
e-mail, config files, etc. In the past I used to prefer ReiserFS, but
over the years, I've gradually moved to EXT4 for new disks.

-- 
Shlomo Solomon
http://the-solomons.net
Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il