Latest list of ssh Bot IP's collected

Hey All,

here is a recent list of IP addresses collected by my ssh honeypot that have bot activity behind them
mostly ssh brute force Activity

I have also included a text file you can use to put the list in your blacklist
file

bad-ips

This List is updated regularly with IP’s caught by my ssh honeypot

Encrypting your data with Truecrypt

Hello All,

In this post I will show you how you can protect yourself against data theft using free open source software

You have heard it on the news someone working for some company was taking an usbstick/portable hard drive from one place to another and lost it and now there are thousands of people’s personal data going around and on some cases not even encrypted! So anyone can simply take that usb stick plug it into a computer and now have all those people’s personal data!

As a company what a pr disaster
As a customer your thinking how did this happen? Is my data safe?

the above scenario isn’t just for business think of how many regular people have personal information on these devices that are lost on a daily basis think of it your personal information,pictures,tax returns,emails,documents,resume

These are not out of the ordinary to find on an usb stick
a piece of data as simple as a resume carries a significant amount of information about you that you may not want a stranger knowing such as your email address/phone number /address etc.

So let’s dig in

First what is encryption?

The best way to put encryption into general terms is you have a secret message for example
Hello everybody
Now you don’t want anyone but the person you or someone you want to see your message
So you create a special code to make the text look like gibberish
For example @^&@^#**#*( *#&(*#& << this would be an example of an encrypted message Now with every encryption you need two sets of encryption keys your public key which everyone can see And you’re private key this key only you know the public key is your garbled text and your private key Makes sense of that garbled text to generate an encryption key you need a cipher a cipher depending on the strength can make a longer stronger this is done by the creating the key using the random number generator to generate the keys the whole point about the length of the key is to make a brute force attack against the encryption key not feasible depending on the size and complexity of the key it can takes decades before you would come close to breaking the encryption Now there are also 2 types of encryption the one above I have explained is call public key encryption where you need 2 sets of keys to decrypt the information or this is also known as asymmetrical encryption The other type is symmetrical where two people or computers have the same key on either end to decrypt the information For more information and a complete rundown on how encryption works True crypts documentation has A lot of technical information on how this all works if interested I highly suggest reading it Now let’s install and use this awesome software The software we are going to use to encrypt our flash drives/portable hard drive is called True Crypt available @ http://www.truecrypt.org

I personally use this software and its great not only is it free and open source which I am all for
It supports many industry standard encryptions and is super easy to use which is always nice
The software also gives you an option to encrypt your system drive but for that I would follow the
Manual available on the site

To use the software first we download the software
Now install the software the process in windows is basically next
for Ubuntu/debian sudo apt-get update && sudo apt-get install truecrypt

Once the software is installed you will get to the main screen see below

xp_main-v7.0

Now from this screen you will choose the option “Create volume”

xps_wizard-v6.1a

Select “Encrypt a non-system partition/drive”

Now choose your flash drive click next

You will now be able to choose the encryption type you want

I recommend SHA-512 algorithm with AES-twofish

xps_wizardciphers

Now click next

You will now create your passphrase

please remember your encryption is only as powerful as your password if you use a simple dictionary based password your encryption is useless as someone will be able to guess your passphrase and unencrypt your data I suggest 10 character password with uppercase and lowercase letters and numbers and a special character this type of password would take years to crack with a password brute force attack

You will now format your drive I recommend the slow way (Not the quick format) as a next layer of protection as your drive is now filled with zeros even though its slower quick works well too it depends on how paranoid you are

And voila you have a fully encrypted flash disk now remember you will need the truecrypt portable version with you possibly on another stick or you can get creative and make a second partition on your stick with only the executable on it to mount the drive

And now with all that you now can carry your flash drives and harddrives with confidence that if lost or stolen your information is safe

if you have any questions/comments/suggestions please let me know

Till Next time stay secure !!!!

Protecting Web-browsers against drive by downloads

In this post I will talk about drive by downloads what they and the risks they pose and how to stop them

First off what are drive by downloads?

Drive by downloads are downloads that occur when a web browser surf to a page that hosts a script to download unwanted software on a user’s computer without the user knowing this usually is a popup or an ad that when clicked sends the user to the site that hosts the malware

The way it works in the background is the script on the webserver is looking for the type of request that the webserver receives for instance if the request comes from a Firefox browser the request would look like this
Request Header set User-Agent “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

with the above header we can tell that the browser is Mozilla version 4.0 on a windows system the webserver uses this information to run a exploit that it has in its database to exploit the web browser this is extremely effective since it is running a targeted attack against the browser instead of attacking a Firefox browser with a exploit that is used for internet explorer

This type of attack also analyzes what plugins are available and enabled on the browser for example java and flash to also run attacks on outdated plugins

This type of threat comes with risk of having unwanted software that can spy on your activities (spyware) and install malware on your computer (viruses) that can take control of your system and exploit other systems on your network businesses need to be especially careful from this type of attack

How do you stop it?

In order to stop this type of attack you can use the following layers of security

1.) Run up to date plugins make sure all you plugins on your browser are up to date
2.) Have firewall and antivirus software installed
3.) Enable web filtering when you enable web filtering some software actually has a database that is
Updated via online sources that identify know rouge hosts and block your browser from surfing to that
Site
4.) Keep your browser up to date
5.) Do use the administrator account if you are logged in as administrator you leave yourself open to even more attacks as rouge software can exploit the privileges you are logged in with instead login as a user that has no rights to install software which adds another layer of security
6.) Beware of the sites you surf to make sure to surf to trusted websites
7.) use a webrep plugin for instance avast has a webrep software that when you do a google search can cross reference each link to a database to see of the link is on a black list similar to a web filtering software but its runs a recheck before you even click on the link rather than after
8.) Run anti-spyware software
9). disable scripting in your web browser for example no script for Firefox does not allow scripts to run in the background and require you to run each script manually this can also be a pain

All in all the idea to stop these types of attacks are common sense and making sure you have up to date software and making sure to have the most basic of protection

That’s all for now

Until next time stay secure!!!

And as always if you have any questions/comments /suggestions please let me know!

Protecting Laptops/Mobile devices with VPN while on public WiFi

With the popularity of free public WIFI new precautions need to be taken when using your mobile device on the road free public wifi is a great public service but it can come with severe security risks
In this post I will show you how to protect your connection on a public wifi connection using free and paid for vpn services

To setup up a vpn connection you can use one of two ways

1.) Sign up for a VPN service
2.) Host your own VPN server or VPN router

But before we go into how to do it lets go over some of the security risks you can be exposed to when using a public wifi network

some of the security risks you would find on a public wifi is a lack of security measures to prevent accounts mac spoofing , packet sniffing for example since all of the computers are on the same broadcast domain and are all on the same network a hacker with a packet sniffer would be able to scan the open unencrypted wifi connection for packets over the air for example an application called driftnet would allow an attacker to scan the air for an open wifi connection and listen for tcp streams to contain jpeg images and display the content in a terminal window for the hackers viewing

Worms’s hackers with a laptop or device that hosts a worm can spread the worm and its payload through the network and infect the hosts attached to the network

Router security if you go to a small mom and pop cafe that is offering free wifi by simply ordering an internet connection and using a store bought router with default settings which happens more than you might think could allow an attacker to take it upon themselves to setup rouge dns server in the routers dhcp settings and would make all hosts connect to the infected dns servers which can then be used to hijack unsuspecting users connection and redirect to phishing website and malware sites etc. also a hacker can redirect certain networks and poison the routers routing table

VoIP security if you make a VoIP call it can be possible for an attacker to packet sniff on the wifi connection and record you voip call if your voip is unencrypted

The above are the most common there are of course may other threats that a host can be susceptible to on a public wifi connection

How does VPN secure my connection?

Vpn technology provided a virtual connection between your computer and you network a virtual encrypted tunnel is established over the internet which can be encrypted in many ways the most popular of ways are
PPTP encryption or IPsec VPN is a client server type connection which means that some servers require their own client software in order to connect for example OPENVPN uses its own client software tp connect but some vpn server don’t require a separate client software usually if you use l2tp windows/Linux/mac have a vpn client built in that is compatible with this type of connection

With a VPN connection your computer is essentially put on the network the vpn is hosted on which means you can access all of the networks resources for example shared drivers and printers

as the vpn connection is encrypted all of the traffic to and from the network and the host cannot be intercepted if you were to use a packet sniffer to sniff out a computer using vpn all you would see is l2tp traffic no matter what the traffic really is for instance if you were ion a VoIP call the the sniffer would not see the call in progress which is very useful in protecting yourself over a public network also if for instances someone did hijack the public wifi routers dns you would not be affected as the dns servers you would be using would be the ones on your network and not the public networks

How to use VPN

Ok so now we know public wifi is not safe and now we know how to protect ourselves let’s put it into practice

1.) subscribing to a vpn service

This way is the simplest of all however you lose on the benefits of accessing your home/business networks
Resources like your shared drives but you gain the aspect of speed and resilience of the company’s vpn servers

Some examples of paid for vpn services are

www.hidemyass.com
www.accessvpn.com
www.blacklogic.com

some of these services need their own client software to be installed I have personally used hide my ass and blacklogic with hide my ass you dont need software installed in order to use it and they have been very stable when i have the need to use it i have since moved on to hosting my own vpn

2.)

setup cisco ios router as vpn server
setup windows 7/vista as a von server
setup openvpn for windows/linux

the first way i feel if you have a cisco router using ios for your gear as i do is the best way
your router is serving 2 purposes for you in the same device and is fairly easy to setup follow these commands to setup a vpn server on your cisco ios router

conf t
vpdn enable << enables vpn service
vpdn-group 1 << creates a vpn group
accept-dialin << accept incoming vpn connections
protocol pptp << enables the pptp encryption type
virtual-template 1
end

ip local pool VPN ip pool 192.168.1.10 192.168.1.15 << allows 5 vpn connections at one time

conf t

interface virtual-template 1

encapsulation ppp
peer default ip address pool test
ip unnumbered FastEthernet0/0 <<< use your wan interface
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap

end

conf t

Username your username password your password << create a vpn username/password combo

end

Use windows 7 as a vpn server

you can follow this YouTube video which illustrates this

Use open vpn as a vpn server

http://www.youtube.com/watch?v=GT6pANoZ4Jg

 

Things to remember when hosting your own vpn server

while hosting your own vpn server is an awesome way to gain experience in managing vpn services and the accomplishment of setting up something yourself for free in most cases you also need to know that your connection speed can hinder your performance and in some cases it would be better to sign up for a paid for service if you have less that 1mbps upload your internet connection when using the vpn connection will be slow because the information would need to be sent from your network to your device and if your upload is slow your connection can be hindered this may not be noticeable if all your doing is surfing the net though so i would definitely give it a try first

Thats all for this post

if your have any questions/comments/suggestions

please let me know

till then stay secure !!!

Hey All

Hey all,

Just wanted to let you all know I am still active with my blog,
I Have not had alot of time on my hands lately I Have some topics I think might be interesting to talk about

I should be back to post regular content next week

Thanks all

Until Then stay secure !