Thursday, October 20, 2016

Denial of Service on detection of Intrusion event

The following iptables rules should be adequate to lower the change an intruder to continuously try to login to our server.

#!/bin/bash

### BLOCKING INTRUDERS TO OUR SSH SERVICE ####

VERBOSE=1

execandprint() {
 cmd="${1}"
 [[ $VERBOSE -eq 1 ]] && echo "$cmd"
 ${cmd}
}

# create properREJECT chain that does different rejects for tcp/udp
rjchain="properREJECT"
echo "Creating chain $rjchain in filter table..."
iptables -N $rjchain
iptables -A $rjchain -m limit --limit 2/min -j LOG --log-prefix "REJECTED: " --log-level 4
iptables -A $rjchain -p tcp -j REJECT --reject-with tcp-reset
iptables -A $rjchain -j REJECT --reject-with icmp-port-unreachable

#
blchain="blacklistdrop"
echo "Creating chain $blchain in filter table..."
iptables -N $blchain
iptables -A $blchain -m limit --limit 2/second -j LOG --log-prefix "adding to BLACKLIST: " --log-level 6
iptables -A $blchain -m recent --name BLACKLIST --set -j DROP

# block this baukdeh in Shenzhen, China
iptables -A INPUT -s 221.229.172.71 -j $rjchain

#
# if the src address of packet is currently in the list BLACKLIST within the last 120 seconds, drop it
# see /proc/net/xt_recent/BLACKLIST
execandprint "iptables -A INPUT -m recent --name BLACKLIST --update --seconds 120 -j DROP"
#
# all *established* ssh connections simply continue
# see /proc/net/nf_conntrack and /proc/net/xt_recent/sshconn
execandprint "iptables -A INPUT  -p tcp --dport 22 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
#
# *new* ssh connections are all put into a list 'sshconn', and if there are 3 such packets in 30 seconds
# we send the package to chain 'blacklistdrop' which puts the IP in the blacklist
execandprint "iptables -A INPUT  -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --name sshconn --rcheck --seconds 30 --hitcount 3 -j $blchain"

#
# if we have seen less then 3 such packets in the last 30 seconds we accept
execandprint "iptables -A INPUT  -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --name sshconn --set -j ACCEPT"

#
# if the destination address is in the blacklist, we REJECT *any* packet
execandprint "iptables -A OUTPUT -m recent --name BLACKLIST --rdest --rcheck --seconds 30 -j $rjchain"

#
# outgoing we accept all ssh traffic, with connection tracking
execandprint "iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED,NEW,RELATED -j ACCEPT"




Friday, September 30, 2016

ZMODEM file transfer between Windows VM on VirtualBox and Linux

This is to show an alternative to transfer a file between host (Linux) and Windows XP running over VirtualBox on the same machine.


  1. On VirtualBox configuration, enable serial communication on port COM1, select "Host Pipe"  for Port Mode, and in "Path/Address" input box type "/tmp/WINCOM1".
  2. Start Windows VM
  3. From Windows VM, start Hyper Terminal, set speed to 115200 and no Flow control
  4. On Linux, open a terminal and type: sudo socat unix-connect /tmp/WINCOM1 TCP4-LISTEN:telnet
  5. To transfer file using ZMODEM, open another terminal and type: sz --tcp-client localhost:23 <file to transfer>


To connect to Windows' serial terminal, we simply telnet to localhost: telnet localhost, and amything we type on the telnet terminal will echo back on Windows' HyperTerminal and vice versa.

Thursday, September 22, 2016

Some VirtualBox Interesting internal features

As documented:

Usage: VBoxManage internalcommands <command> [command arguments]

Commands:

  loadmap <vmname|uuid> <symfile> <address> [module] [subtrahend] [segment]
      This will instruct DBGF to load the given map file
      during initialization.  (See also loadmap in the debugger.)

  loadsyms <vmname|uuid> <symfile> [delta] [module] [module address]
      This will instruct DBGF to load the given symbol file
      during initialization.

  sethduuid <filepath> [<uuid>]
       Assigns a new UUID to the given image file. This way, multiple copies
       of a container can be registered.

  sethdparentuuid <filepath> <uuid>
       Assigns a new parent UUID to the given image file.

  dumphdinfo <filepath>
       Prints information about the image at the given location.

  listpartitions -rawdisk <diskname>
       Lists all partitions on <diskname>.

  createrawvmdk -filename <filename> -rawdisk <diskname>
                [-partitions <list of partition numbers> [-mbr <filename>] ]
                [-relative]
       Creates a new VMDK image which gives access to an entire host disk (if
       the parameter -partitions is not specified) or some partitions of a
       host disk. If access to individual partitions is granted, then the
       parameter -mbr can be used to specify an alternative MBR to be used
       (the partitioning information in the MBR file is ignored).
       The diskname is on Linux e.g. /dev/sda, and on Windows e.g.
       \\.\PhysicalDrive0).
       On Linux or FreeBSD host the parameter -relative causes a VMDK file to
       be created which refers to individual partitions instead to the entire
       disk.
       The necessary partition numbers can be queried with
         VBoxManage internalcommands listpartitions

  renamevmdk -from <filename> -to <filename>
       Renames an existing VMDK image, including the base file and all its extents.

  converttoraw [-format <fileformat>] <filename> <outputfile>
       Convert image to raw, writing to file.

  converthd [-srcformat VDI|VMDK|VHD|RAW]
            [-dstformat VDI|VMDK|VHD|RAW]
            <inputfile> <outputfile>
       converts hard disk images between formats

  repairhd [-dry-run]
           [-format VDI|VMDK|VHD|...]
           <filename>
       Tries to repair corrupted disk images

  debuglog <vmname|uuid> [--enable|--disable] [--flags todo]
           [--groups todo] [--destinations todo]
       Controls debug logging.

  passwordhash <passsword>
       Generates a password hash.

  gueststats <vmname|uuid> [--interval <seconds>]
       Obtains and prints internal guest statistics.
       Sets the update interval if specified.

WARNING: This is a development tool and shall only be used to analyse
         problems. It is completely unsupported and will change in
         incompatible ways without warning.

I think some of the most useful ones are:
repairhd
converthd

So, if we want to convert Qemu's virtual-disk format (QCow) to VDI/VMDK/VHD, the steps are as follow (assume the qemu' image file is called home.qcow):

qemu-img convert -f qcow home.qcow -O raw home_raw.img
vboxmanage internalcommands converthd -srcformat RAW -dstformat VDI home_raw.img home.vdi

or
VBoxManage convertfromraw --format VDI home_raw.img home.vdi

Another interesting one, if we want to create and boot a virtual machine from a USB device.  Steps are:


  1. Verify which device the usb drive is attached to (e.g, /dev/sdd)
  2. Do:  VBoxManage internalcommands createrawvmdk -filename usb.vmdk  -rawdisk /dev/sdd
  3. Start VirtualBox and mount the file usb.vmdk in the storage (or, create a new Virtual Machine and attach the file usb.vmdk as the first storage)



Monday, September 19, 2016

Xamarin: The best way to develop Multi-platform Apps


Xamarin is a framework made by Microsoft to let developers to develop apps running natively on multiple platforms (Windows, iOS, Android).

The beauty about this framework SDK is enabling us to make apps running natively.  Our code is developed in C# (so for Windows we need to have Ms. Visual Stdio).  It uses native UI for its apps, so once we develop an app for Windows, for example, it's also compilable on Mac OS without code changes.  The same for Android.

The framework can be downloaded freely for Windows and MacOS:

https://www.xamarin.com/platform

Wednesday, September 14, 2016

Distributed Machine Learning - Opensource Deep Neural Network

It is product of Google Research, now is available as Python framework for neural network based processing.

https://github.com/tensorflow/tensorflow

The cool thing about it is that it is able to utilize GPU(s) for its processing.

TensorFlow was originally developed by researchers and engineers working on the Google Brain Team within Google's Machine Intelligence research organization for the purposes of conducting machine learning and deep neural networks research, but the system is general enough to be applicable in a wide variety of other domains as well.



Tensors Flowing

Little more about tensor: https://en.wikipedia.org/wiki/Tensor


Monday, September 12, 2016

Wednesday, September 7, 2016

ATMEGA32 Kit






UPS on Linux

Install nut

The following example is for Tripp Lite UPS
Verify the Tripplite UPS:

# lsusb
Bus 002 Device 026: ID 09ae:2010 Tripp Lite 


Edit /lib/udev/rules.d/52-nut-usbups.rules and make sure the line below exists:

ATTR{idVendor}=="09ae", ATTR{idProduct}=="2010", MODE="664", GROUP="nut"

Reload the udev files:

udevadm control --reload-rules
My UPS definition in /etc/nut/ups.conf:

[tripplite_ups]
    driver = usbhid-ups
    port = auto
    vendorid= 09ae
    productid = 2010
    desc = "Tripp-Lite UPS"

(The library file is located in /lib/nut)

My /etc/nut/upsd.conf:
LISTEN 127.0.0.1        3493
LISTEN 192.168.25.168   3493
LISTEN 192.168.1.1      3493
LISTEN ::1              3493

Restart the driver:

$ sudo upsdrvctl start
Network UPS Tools - UPS driver controller 2.7.2
Network UPS Tools - Generic HID driver 0.38 (2.7.2)
USB communication driver 0.32
Using subdriver: TrippLite HID 0.81

If no error, that means everything is working fine.

My /etc/nut/upsd.users contains:

[upsmon]
    password = pass
    upsmon  master

My /etc/nut/upsmon.conf contains:

MONITOR tripplite_ups@localhost 1 upsmon pass master
SHUTDOWNCMD "/sbin/shutdown -h +0"
NOTIFYCMD /usr/local/bin/upsnotifyme
#NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC
NOTIFYFLAG ONLINE SYSLOG+EXEC
NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC
NOTIFYFLAG LOWBATT SYSLOG+WALL+EXEC
NOTIFYFLAG FSD    SYSLOG+WALL+EXEC
NOTIFYFLAG COMMOK SYSLOG+EXEC
NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC
NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC
NOTIFYFLAG REPLBATT SYSLOG+WALL+EXEC
NOTIFYFLAG NOCOMM SYSLOG+EXEC
NOTIFYFLAG NOPARENT SYSLOG

Restart the nut-server and client:

sudo service nut-server restart
OptiPlex-9020:/lib/udev/rules.d$ sudo service nut-client restart
                          
                                                                     
If it works, your PC can now communicate with UPS.

Sunday, March 27, 2016

SBC IoT

Single Board Computer for Internet of Things now are getting more popular since Raspberry Pi.  Now we can see even 64-bit SBC with less than $40 price tag!

Following is the list of SBCs I can think of:


MakerModelCPUPriceWebsiteMisc.
Raspberry-PiRPI1 Model A+BCM2835$25https://www.raspberrypi.org
Raspberry-PiRPI1 B+$35https://www.raspberrypi.org
Raspberry-PiRPI2 Model BBCM2836$35https://www.raspberrypi.org
Raspberry-PiRPI 3 Model B$35https://www.raspberrypi.org
Raspberry-PiZero$5https://www.raspberrypi.org
CHIPAllWinner R8 (ARM)$9http://www.allwinnertech.com
Pine64Cortex-A53 AllWinner A64$15 - $29http://www.pine64.com
FriendlyARMNanoPi 2 (I/O ports compatible with RPi)Quadcore A9$24.99http://www.friendlyarm.com
Texas InstrumentsARM TIVA LaunchPADARM Cortex M4F$12.99Datasheet
STM MicroelectronicsNUCLEO-F103RBARM Cortex M3$10.33Product InfoDev. Board is compatible with Arduino


I personally like the FriendlyARM as it is more open system than Raspberry Pi. Broadcom is known for being paranoid to reveal the details of their products as we can see from their datasheets. FriendlyARM is more community-friendly and provides a lot of stuff already. With the damn-cheap price and the board is ready out of the box (unlike Rpi which still needs flash card), this kit is very exciting, even more interesting than Arduino.

Sunday, February 21, 2016

Arduino 828p Pro Mini

I bought this small board Arduino Mini (the right board, not the left board which is just a power regulator) from eBay from China for less than $2 plus S/H.  The bareboard has SMD version of Atmel AVR 828p, a RESET switch (left), and bunch of I/O ports.  The board seems a clone of what Sparkfun has (see https://www.sparkfun.com/products/11113)

Specifications:
  • 20 Digital input / output ports:TX, RX, D2..D13, A0 .. A5
  • 8 analog inputs ports:A0 ~ A7
  • 1 pairs of TTL level serial transceiver ports RX / TX
  • 6 PWM ports: D3, D5, D6, D9, D10, D11
  • Main Chip: Atmel Atmega328P-AU
  • Support Serial Download
  • Support external power supply 3.8-12V DC
  • Support 12V or less than 12V battery power supply
  • 16MHz clock frequency
  • Size: 33.8mm x 18mm
  • Supports auto-reset
  • Max 150mA output
  • Over current protected
  • Weighs less than 2 grams

When supplying unregulated power to the board, we should connect to the “RAW” pin and not VCC.
I/O pins are labeled "D0", "D1", ... "D13" for digital I/Os, and "A0" to "A7" for analog inputs.  There are two TRO and RXI pins.


Label on BoardFunction(s)
A0ADC0
A1ADC1
A2ADC2
A3ADC3
A4ADC4/SDA
A5ADC5/SCL
A6ADC6
A7ADC7
RXID0/RXD
TXOD1/TXD
D2D2/INT0
D3D3/INT1
D4D4/T0
D5D5
D6D6/OC0B
D7D7/IN1
D8D8/ICP1
D9D9/PCINT1
D10D10/PCINT2
D11D11/PCINT3
D12D12/MISO
D13D13/SCK/LED

Sunday, January 31, 2016

Raspberry Pi vs. Next-Big-Thing's CHIP SoC Computer


Feature
RPI 1 Model A
RPI 1 Model B
RPI 1 Model A+
RPI 1 Model B+
RPI 2ModelB
NBT CHIP

SoC
BRCM 2835
BRCM 2835
BRCM 2835
BRCM 2835

AllWinner's R8
Standard SoC Speed (MHz)
700
700
700
700
900
1000

RAM (MB)
256
512
256
512

512
Ethernet (Mbps)
N/A
100
100
100
1000
N/A

HDMI output
N/A
Yes
Yes
Yes
Yes
With extra module

Composite Video out
Yes
Yes
via 3.5 mm jack
via 3.5 mm jack
via 3.5 mm jackYes

Number of USB2.0
2
2
1
4
4
1

CPU Cores111141
StorageSD CardSD Cardmicro SDmicro SDMicroSDBuilt-in Flash
Internal Storage CapacityN/AN/AN/AN/AN/A4 MB
Camera Interface (CSI)
yesyesyesyesyes
Display Interface (DSI)
yesyesyesyesyes
Video/Graphic CoprocessorVideoCore IVVideoCore IVVideoCore IVVideoCore IVVideoCore IVPowerVR SGX544
ArchitectureARM11v6ARM11v6ARM11v6ARM11v6ARMv7ARMv7
GPIO Pins2640404040