Skip to content

ip

Do You Have a Reliable IP Scanner Installed? Advanced IP Scanner is Quick & Easy.

Every Network Administrator or Security Administrator should have a few basic tools installed and ready to go at a moments notice.  Advanced IP scanner is a reliable and free network scanner.  It offers complete analysis of your entire LAN, showing live IP addresses and giving you the ability to remotely control systems with RDP and Radmin.  It’s installable or fully portable, so you can keep it in your Dropbox or NextCloud folder for convenient access.

 

Key features of Advanced IP Scanner include:

  • Remote Shutdown (and Wake-on-Lan)
  • MAC address to IP resolution
  • Exportable scan results via CSV
  • Quick access to discovered network shares
  • Remote Control via Radmin & RDP
  • Built-in tools such as SSH, tracert, telnet and ping.

 

Click Here to Keep Reading!

How To Install & Configure Fail2Ban On Ubuntu 14.04 LTS To Block Brute Force Attacks Against SSH and Apache Web Server

As you’ve probably heard me say before, if you have a public facing Linux server, meaning one or more open or forwarded ports, Fail2Ban absolutely must be installed. Fail2Ban monitors log files for excessive login attempts, also called Brute Force attacks. They are extremely common place on the internet. I have never had a public facing server that has gone more than a few days without some hacker trying to brute force it. These attacks go like this. Someone writes a script, or uses a program, that reads a bunch of possible usernames from a text file that has nothing but millions of usernames. There is also a text file with millions of passwords. The script will attempt to go through all username and password combinations until it finds one that can login successfully. Obviously, if you get a hundred or more login attempts from one IP address, nothing good will ever come from that IP so it pretty safe to assume it should be blocked, at least for some period of time.

Fail2Ban does precisely this. It constantly watches any log file you tell it to watch, and when a certain number of login attempts are logged from an IP address, Fail2Ban will automatically create an iptables rule to block all traffic from that IP address for a given period of time. Because brute force attacks take a long, long time, blocking one early on pretty much eliminates the possibility of a successful attack. SSH is the most common service / port for brute force attacks, from my experience. With FTP and POP3 (email) coming in second and third. It’s a no-brainer to set up Fail2Ban to automatically block attacks. It gives you much needed protection and security for your servers. So, here we go.

How to Install Fail2Ban on Ubuntu 14.04 LTS (Trusty)

First and foremost, let’s make sure apt is updated.

#  sudo apt-get update

Now we can install Fail2Ban. Since there is an aptitude package already, we will use that to install.

#  sudo apt-get install fail2ban

Surprisingly, that’s all you need to do to install it. You do, however, need to edit the main configuration file for Fail2Ban, which is jail.conf. Lets go ahead and open it up with nano and take a look.

#  sudo nano /etc/fail2ban/jail.conf

Click Here To Read The Entire Tutorial

How to setup IP Passthrough / Bridge Mode on Motorola NVG510 AT&T UVerse DSL Modem

Recently, my parents upgraded from AT&T’s old ADSL, to the new “UVerse” ADSL2+. With it came a new Motorola NVG510 UVerse all-in-one router / wireless access point / ADSL2+ modem combo. In my opinion, it’s routing and wireless abilities are total crap. Long ago I installed a Linksys WRT54G router that has been flashed with DD-WRT. This allows bandwidth monitoring, proper port forwarding, and also gives me the ability to connect via VPN remotely to help them out with problems on rare occasion. After their new Motorola UVerse modem was installed, my first order of business was to strip it of all routing and wireless functions, and make it just a router. On the old Novatel modems, this was called IP Passthrough, and pretty easy to set up. Now it’s changed and can take a little finesse to set up.

How to enable IP Passthrough on the Motorola NVG510 UVerse Gateway

I assume you already have a router to connect you NVG510 to. Go ahead and connect the routers WAN port to one of the LAN ports on the UVerse modem. You will need the MAC address of the WAN port on your router. You can usually find this on a sticker on the bottom of the unit. I’m going to pretend mine is AB:CD:EF:GH:IJ:KM for the scope of this article.

The router you are adding needs to have a LAN address that is not on the 192.168.1.x subnet. If you absolutely must have your router on that subnet, you can change the IP/subnet of the NVG510. If you need help with that, post in the comments and I would be glad to lend a hand.

With you computer connect to one of the LAN ports on the NVG510, navigate to the configuration page. By default it is http://192.168.1.254. You will see this page:

Screen-Shot-2015-05-02-at-6.37.19-PM

Click here to read the entire tutorial!

How to install Fail2Ban on CentOS 7 – Step by Step Guide

This is a how to on installing Fail2Ban on CentOS 7.  Fail2Ban is an incredibly useful, and often necessary, package that will automatically block IP addresses attempting to brute-force attack your server(s). For instance, with Fail2Ban installed, if an IP address attempts to brute-force login user “root” on your server, one a certain number of attempted logins is reached within a designated time period, it will automatically insert an IPtables rule into your firewall to block all access from that IP address for a specified period of time. Of course, you set all of these variables in the configuration file, which I’ll go into later on. I have yet to have a public facing server be online more than a day before a brute force attack of some sort is encountered. The best practice is to use secure passwords, with upper case, lower case, numbers and a few symbols. Never use dictionary based passwords. With effective, secure passwords it would take a very, very long time to gain access to a server by means of brute force, but it is possible. Regardless, it’s best to block these attacks from the beginning. It is all automated with Fail2Ban.

This guide assumes you have a CentOS 7 installation and have ran yum update.  It requires you have root SSH access to the server.

First, you need to install the EPEL repository.  Fail2Ban is not available from CentOS, with the available repositories.

cd /tmp

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/epel-release-7-5.noarch.rpm

Click here to keep reading this post