A recent Ubuntu convert asked me how to block IPs in Linux. He wanted something that was compatible with the PeerGuardian format (description:xxx.xxx.xxx.xxx-yyy-yyy-yyy-yyy). I didn't know of one off the top of my head so Googled it and found linblock. This is a handy little script that parses those IP blocklists you can get at sites like Bluetack. These blocklists can keep you safe from various types of hosts on the net like ad agencies, IPs that are under investigation by the authorities, and lists created from firewall and IDS logs that indicate that they are known for portscanning or other activities.

All you have to do with this script is extract it, open a terminal and type
perl -u blocklist -c chainname
Where blocklist is the name of the text file and chainname is just a name for that chain. If you want to use more than one blocklist file, you'll have to use a different chain name for each one of them.

If you want to roll your own blacklist, you can block ip addresses or networks manually with

iptables -A INPUT -s <iprange> -j DROP

You can substitute <iprange> with a single ip, or a range of ips such as 192.168.0.1-192.168.3.254

THE go-to port scanner for most security professionals (and hackers alike), Nmap, has released a brand new version, 4.60. Tons of bugfixes and tweaks are added in this release, along with more service and OS fingerprints, the NSE HTTP library (which allows for advanced HTTP operations via scripts), and various improvements to Zenmap, the official GUI.

You can get the new version or read the changelog.

Metcalf's Law states that a network's value increases exponentially with every node attached to it. This is true, a single computer sitting in a room by itself has minimal value in the real world. This concept describes the power of the internet and it can't be disputed. However, there is an aspect that has gone overlooked. For every node connected to the network, there has to be an operator of each node. Those operators can be one of three things, neutral agents, benevolent agents or malicious agents. While the majority of users are neutral agents, there will always be malicious agents present as well. Its much like the human immune system. Red blood cells exist as the neutral agents, serving the purpose of providing necessary nutrients for the body. White blood cells are the benevolent agents, fighting off the malicious agents such as viruses and bacteria. In the context of the human body, the benevolent agents normally greatly outnumber the malicious agents present. However, in the context of the Internet and computing systems, it seems that malicious agents far outnumber the benevolent agents. Therefore, while Metcalf's law applies to the value of a network, it also applies to the overall security of the network. For every node that joins the network, the potential security of the network decreases exponentially.

How does one prevent this, or even counteract it enough to make the network a sane environment? The simplest answer would probably be that its impossible. With the ratio of malicious users to neutral users, who may have no concept of security whatsoever being so lopsided, the malicious users on the Internet have made the network a highly infected and contagious system. The desperate shortage of benevolent agents (white hat hackers, penetration testers, etc) allows the malicious agents (black hats, hacktivists, terrorists) to basically run free. Not only do they go mainly unchecked in the system, they mutate at a rapid pace by creating new methods of taking advantage of people, programs, and network systems, making treating them a very difficult task. The only hope the system has is for more people to become educated in ethical hacking and become inclined to act as the white blood cells of the Internet. Ideally, ALL non-malicious users should have at least some security training to help protect the system in some capacity. While it will probably never be that every user connected to the Internet is a security-conscious, careful individual, everyone that can do their part should. Keeping your own systems clean of virii and malware to help keep the spread minimal, being educated about scams and hoaxes, and helping educate others about the dangers of online scams and hoaxes are great places to start that don't require you to work in security or even be highly trained.

Network security can be simply described by the following equation:

Where S represents the potential security of the system, Bh represents the malicious Black Hats, Wh represents the benevolent White Hats, and N represents the neutral entities. As the ratio of White Hats to Neutral agents increases, the impact by the Black Hats is decreased and the security of the whole is increased. The problem with the nature of the equation and the Internet is that while that ratio is increasing, so is the value of Bh, making it even harder for an equilibrium to be achieved. The security of computing systems relies on the same principles as the health of a living body, the malicious agents must be outweighed by the benevolent agents. This can never happen without people like YOU voluntarily becoming the benevolent agents. Don your white hats.

OK, as I continue to tweak my blog, I'm noticing a few things that didn't work correctly. I just implemented search engine friendly URLs for the content posts and fixed some other things. If you find anything that's broken, please let me know astralsin (at) gmail (dot) com.

I know, some people think professional certifications are lame. The plain and simple truth is that if you want to be a security professional (or any type of IT professional) these days, you have to have certifications. One reason is, all your competition has certifications and it shows employers that the candidate that has certs has enough conviction to actually study for, spend the money on, and pass the tests. Other than that, PCI standards are very important to industry today and PCI requires that IT staff be certified. That being said, I found a great guide to CompTIA's Security+ certification, which has recently been recognized by the US Department of Defense (Directive 8570.1) so it does have some clout. Besides, no matter how leet you may be, you might actually learn something in the course of studying for the exam.

Given, this is the entry level security test, it really does give you a solid understanding of the ideas and principles behind the standard procedure for keeping systems as secure as they can be. While there is alot more to study to really be ready to do work like penetration testing or vulnerability assessments professionally, its a good gateway to more serious certifications like CISSP or ECCouncil's curriculum.

While you're at the Techtopia website checking out the Security+ guide, you might as well check out some of the other stuff they have. They have good guides on Ubuntu, openSuse, Ruby, MySQL, C#, PHP and a few other things.

These are like porn for hackers. Links galore to tools, news, tutorials, stuff you've never heard of, etc. These can be a great source of information.

• cybersniper Research Labs
• wiretapped

Now, we all know there are plenty of scams on the net. From the old standard Nigerian prince that needs to launder some money through you to the free 1000" TV you just won. Now, there are a couple new scams to be aware of. Both of which are fairly amusing for someone like me, who knows that there's nothing to be scared of.

The first is the African Yorkie puppy dog scam. These guys over in Africa are actually sending out emails threatening people that if they don't buy a Yorkie from them for $15k, they'll kill some Yorkies. For one, I'm a dog lover, I love animals, but Yorkies irritate me. Second, I can buy many, many Yorkies for $15k. Third, if you've been on the net as long as I have you can see this as a crap scam from a mile away. Think about it, Yorkies in Africa? What are they doing, roaming the savannah with the lions? Look people, don't fall for stupid crap like this.

The second scam is this one. It is a death threat stating that if you don't send some stupid amount of money to this person, they're gonna kill you. I'm a redneck. My response to this might be "bring it on, I'll be waiting with my shotgun". For some reason, I never get scam emails... damnit. I get left out of all the fun. Again, this is dumb. If someone wanted to kill you, they damn sure wouldn't email you about it. For one, that would give investigators WAY too much info to go on AND make it a first degree offense. No one's going to kill you if they email you about it. Calm down.

There's always someone wanting to make a buck without working for it. These lowlives that think they can push people around on the internet need to be ignored, don't play into their game.

But of course, I'm sure my readers know better. Tell your friends, though.

EDIT:: These scams have actually hit kinda close to home, I've heard of two people lately that have experienced these scams, one a peice. Read about it here. While you're at it, check out Steve Mallard's (who is mentioned in the article) technical blog, cool blog with lots of valuable information.

Check out LinuxConfig.org it is a very nice wiki with alot of information about configuring a Linux system. Great for both newbies and old schoolers like me. The subjects covered are a bit advanced, so don't go there thinking you're gonna learn the basics. But, its a wiki! The point of a wiki is that people contribute! So as soon as I figure out what I want to contribute, I'll do it. Until then, you should just go check it out.

Something you might see in the realm of security is one-time pads. These are used alot in military operations and high-security outfits. Its basically a pad with a series of alphanumerical text chunks on it, each of which you will use to authenticate once then mark out. Once a block has been used once, it is not valid again. Ever. This page features a customizable one-time pad so you can play around with it and learn about the concept. It also has some good information on the process as well.

Many people worry about being tracked on the web. Whether its by their own government, another government, or any other 3rd party entity. There are plenty of reasons to stay anonymous, other than the conspiracy theory mumbo jumbo, too, and there are plenty of ways to make yourself *more* anonymous (no one is truly anonymous anymore).

The first method and probably the most popular amongst the popular crowd these days is The Onion Router, more commonly known as Tor. Tor takes advantage of open sourced technology originally developed by the US Naval Research Laboratory. It uses a peer to peer routing scheme that routes your communications through other Tor nodes to help protect your anonymity. There are vulnerabilities, however, and you can read about them on the Wikipedia article.

Another method is a little more old school, using SOCKS proxies. Usually, SOCKS is used in a LAN environment to proxy network communications through a single host on that LAN, but it can also be used on the Internet. You can find open socks proxies (LEGAL WARNING: be careful) and you can make your web communications look like they're coming from some other host. The reason I say be careful is, you never know exactly you're proxying through if you just find some random proxy on Google.

The final method I'll detail is web anonymizers. These are basically just websites that allow you to enter a URL, then that website goes to that page and caches it for you, then forwards ou that page that it just cached. You are probably already familiar with one of these, its called Google. Go to Google Image Search and search for anything, then click on an image and check the URL string in your browser, you'll notice that the TLD is still Google, and you have that Google frame. You're basically proxying through Google at that point.

Here are some more websites you should check out to learn more about being more anonymous on the net.

Anonymity Complete Guide

TOR Links

• Wikipedia Article
• Vidalia Project

Anonymizer websites

• FreeProxy.ca
• HideMyAss.com
• DZZT.com

No, sorry, I'm not giving you any SOCKS proxies, you can find them on your own and NOT hold me responsible for what you do with them :)