Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - erasmot

Pages: [1]
1
Users / Re: My DCERouter is attacking other servers!
« on: July 07, 2011, 07:14:49 pm »
The only port you need to open up from the outside in to do remote management is your SSH port.  Once you set up your SSH tunnel you can set up a SOCKS5 proxy through it and browse on your remote machine as if you were on the local network.  This way all of your traffic will be AES256 encrypted end to end. You don't need VNC or RDP.  Outside access will be closed unless the tunnel is up.  https will always leave access to your box open and your logon screen open to the world.

In linux:

ssh username@host -P (port#) -D 1090
Open up proxy settings in browser set socks proxy for 127.0.0.1:1090
make 127.0.0.1 address is not exempt from proxy
put 127.0.0.1 in the address bar of your browser and you'll be in your DCE router in an encrypted tunnel

The same can be done with putty in Windows.
just expand connection
expand SSH
click on tunnels
put 1090 under source port
click the "dynamic" radio button
click add
and set up the proxy settings in your browser as previously described.

2
Users / Re: My DCERouter is attacking other servers!
« on: July 07, 2011, 05:40:31 pm »
1.  If you still want to do remote management definitely change your SSH server port from 22 to something random and not in use on your core, such as : 8327 in /etc/ssh/sshd_config.  
2.  Disable password authentication for SSH and use keys instead google ssh keys and make sure to encrypt the key.
3.  Run this on all of your windows machines: "microsoft system sweeper beta" it's an offline ISO CD that will actually detect root kits on your windows machines, just as a precaution, I know you say they were off.
4.  If you really want to get to the bottom of what machine is sending out the attacks install wireshark on windows and your dcerouter "sudo apt-get install wireshark" and sniff all the traffic outbound on those ports on all of the machines.

3
Installation issues / Re: Ubuntu 8.10 end of life breaks installer
« on: November 28, 2010, 10:31:34 am »
Quote from: kilo on November 28, 2010, 03:55:26 am
Ok
Im getting this error now after doing apt-get update.....

W: GPG error: http://packages.medibuntu.org intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2EBC26B60C5A2783
W: You may want to run apt-get update to correct these problems

Any ideas?

Thanks

Kilo
sudo apt-get install medibuntu-keyring

Pages: [1]