Forward all email from a linux host to an SMTP server.
vi /etc/postfix/transport
* smtp:mail.mydomain.com
vi /etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport
postmap hash:/etc/postfix/transport
postfix reload
Category Archives: Daemons
NTP Spoof Attacks
Apparently 2 out of 3 of our GPS clocks were being used in a spoof/DDOS attack.
The basic premise is that time requests are sent to the service with a spoofed IP for the response. Add in 100/1000/10000 clocks send results to a server/service that did not request them results in a denial of service attack.
Both clocks have been removed from the pool, scheduled for February 6th. Hickory.kulish.com has port 123 UDP closed at this time. The maintainer of Dickory.kulish.com has been notified.
Email Server Attack
| Type: | Brute Force |
| Protocol: | POP3 |
| OS: | Linux 3.6.11+ armv6l |
| Platform: | Pi Rev. B |
| Memory: | 512M |
| Daemon: | Dovecot 2.1.7-7 |
| Backend Daemon: | MySQL 5.5 |
| Backend OS: | Linux 2.6.32-5-amd64 |
| Backend Platform: | Generic AMD A4-3400 APU Dual Core |
| Backend Memory: | 3.5G |
| Total Attempts: | 13356 |
| Avg. Attempt/s: | 2.71 |
Postmortem:
67.136.48.186 was *unable* to successfully authenticate to any valid user.
Attack was mitigated at the firewall (DROP).
abuse@integratelecom.com was contacted about this event.
Pi GPPS Clocks
Use Chris’ PPS kernel (until I have time or am compelled to compile my own).
Compile ntp 4.2.6p5 as follows (from aquarat):
But first: apt-get install libcap-dev
./configure --enable-ATOM --enable-NMEA --enable-linuxcaps; make; make install
Disable TTY on /dev/AMA0 in /boot/cmdline.txt
dwc_otg.lpm_enable=0 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
Set baud rate in /boot/config.txt
init_uart_baud=9600
and
Disable GPU sdram pause
# Disable GPU sdram mem pause
disable_pvt=1
Comment out getty in /etc/inittab:
#Spawn a getty on Raspberry Pi serial line
#T0:23:respawn:/sbin/getty -L ttyAMA0 115200 vt100
Add pps-gpio to /etc/modules
Useless SNMPD Logging Debian
I found a blurb about ridding my logs of those useless “Connection from UDP” messages in my log files.
Why this isn’t the default I can only imagine (some will claim security I’m sure).
http://raetsel.wordpress.com/2008/02/15/snmpd-filling-up-varlogmessages/
Here’s what I got out of it. That the below settings, added to /etc/default/snmpd will get rid of the useless messages but still log error messages.
SNMPDOPTS='-LS 0-4 d -Lf /dev/null -p /var/run/snmpd.pid'
I restarted snmpd and it seems to function as expected.