Off the hook

It has been more than a month that I couldn’t write a single post. Previously I was able to find time to do some experiments when I come home. However after the recent silly attack to my poor server, it took me really time to bring it back on its feet. I have still a list of security measures to do/improve on the server and firewall configuration etc but hectic life is sometimes preventing you from being prolific. In the mean time, temporarily I have put server behind a Firefly Perimeter firewall and activated IDP service. It has been running around a week now and it has already blocked 15 BASH code injection attempts. I don’t really mind giving the list of my attack statistics actually. Here is the list;

I am not blocking all of them of course. Otherwise site wouldn’t even run properly. Real attacks are blocked though. Title of the post is off the hook but I am not there yet. I have a bunch of things that I would like to write about. As soon as possible, I would like to write again. Maybe in a couple of days. Time will tell me.

6 thoughts on “Off the hook

  1. Joe

    Glad to see you are back on your feet. I see you are getting hit with dns record attacks too. I have been fighting these back against China for the last few months using Cisco Asa’s. I found it easier too block 99% of APNIC and RIPE. I then go back and will add very specific filters to allow valid caching or cdn servers located around the world. I don’t know yet how anyone COULD get a shell shock attack to work against my servers from the WAN but I have confirmed my Linux servers are vulnerable internally. I am very surprised someone with your experience and skill had an attack tasks you down for any length of time. Keep fighting the good fight and keep us posted on what you learn. Cheers!

  2. rtoodtoo Post author

    Hi Joe,
    I am not blocking these apps actually. The list contains the identified applications as well and I am blocking a few of them. As I am also keeping DNS server of, the number of requests keep increasing slowly.

  3. Joseph Young

    I see. I also noticed your hosting location and realize it would not be ideal for you to block RIPE’s networks like it is for me in the USA.

    I’ve been following your site for awhile and would like the change to work with you. With your level of knowledge with Juniper equipment, are you available for any consulting opportunities at this time? If you don’t already know, Juniper is looking to hire for perm positions focusing on Junos Space. You have my email so if you are interested let me know through there.

  4. Joseph Young

    Oh I just did some more searching and now realize you are already with Juniper. That makes sense.

    1. rtoodtoo Post author

      As I was testing the policy config, I have used the default web server policy templates coming with the IDP installation. Nothing special.



You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.