Blog:Memory Leak
From juliano.info
A memory leak is unnecessary memory consumption by a computer program. The most common manifestion is the failure to release unused memory that has been allocated. A memory leak occurs when the program either loses the ability to free the memory or simply neglects to free memory it no longer needs. (source: Wikipedia, The Free Encyclopedia.)
Many ways to lose your data
Some of the many ways you may lose your data. Just a reminder on the importance of backups.
Another port knocking solution
Port knocking is a mechanism that allows sensitive services provided by a server to be kept hidden and protected by a firewall until a specific sequence of requests are made to some other selected ports. This sequence of requests is called knocking. Which ports and the order that they must be knocked are a secret shared only to those authorized to access that service externally. After a successful knocking, the firewall opens the sensitive service port to the knocking host for a short time, so that a connection can be established.
Although not infallible (it was never intended to be), port knocking is a good mechanism to conceal sensitive services running on a server, like, for example, secure shell (SSH). Many people conceal their SSH service by changing the port it listens for new connections to something other than the default (TCP/22). This provides very little additional security and it is not enough when used alone.
There are daemon/tool-based solutions for port knocking, like knockd and The Doorman, but they have some inherent problems:
- They are a single point of failure of the system: if the daemon dies or fails to load for whatever reason, you are locked out.
- Not all networks allow egress TCP or UDP packets to arbitrary ports: it is a good security practice to only allow outgoing packets to known service ports, which the SSH port is usually included, but the other ports used for port knocking aren't.
- Knocking a sequence of ports in a short time is not very easy: you either need a tool for that (usually provided with the port knocking solution), or you have to make it work with the available tools (usually netcat or telnet) and some scripting.
There is this iptables-only solution, which fixes the first problem. It uses only iptables and so is controlled directly from the firewall; you have no extra daemon running, which is a good thing. I decided to improve on that solution.
A summary about the DNS vulnerability
This is a summary of events around the recently discovered Domain Name System vulnerability. In short, one of the core Internet protocols have a serious design flaw. This flaw compromises the whole domain name system, the privacy and the security of all Internet users. There is no real solution ready to deploy today, but patches to mitigate the problem were released. It is important to check your system and take immediate action if you find that you are vulnerable.
Keep reading for more information.
