Posts Tagged ‘Service’

How to check if your Linux WebServer is under a DoS attack

Friday, July 22nd, 2011

There are few commands I usually use to track if my server is possibly under a Denial of Service attack or under Distributed Denial of Service

Sys Admins who still have not experienced the terrible times of being under a DoS attack are happy people for sure …

1. How to Detect a TCP/IP Denial of Service Attack This are the commands I use to find out if a loaded Linux server is under a heavy DoS attack, one of the most essential one is of course netstat.
To check if a server is under a DoS attack with netstat, it’s common to use:

linux:~# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n|wc -l

If the output of below command returns a result like 2000 or 3000 connections!, then obviously it’s very likely the server is under a DoS attack.

To check all the IPS currently connected to the Apache Webserver and get a very brief statistics on the number of times each of the IPs connected to my server, I use the cmd:

linux:~# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
221 80.143.207.107 233 145.53.103.70 540 82.176.164.36

As you could see from the above command output the IP 80.143.207.107 is either connected 221 times to the server or is in state of connecting or disconnecting to the node.

Another possible way to check, if a Linux or BSD server is under a Distributed DoS is with the list open files command lsof
Here is how lsof can be used to list the approximate number of ESTABLISHED connections to port 80.

linux:~# lsof -i TCP:80
litespeed 241931 nobody 17u IPv4 18372655 TCP server.pc-freak.net:http (LISTEN)
litespeed 241931 nobody 25u IPv4 18372659 TCP 85.17.159.89:http (LISTEN)
litespeed 241931 nobody 30u IPv4 29149647 TCP server.pc-freak.net:http->83.101.6.41:54565 (ESTABLISHED)
litespeed 241931 nobody 33u IPv4 18372647 TCP 85.17.159.93:http (LISTEN)
litespeed 241931 nobody 34u IPv4 29137514 TCP server.pc-freak.net:http->83.101.6.41:50885 (ESTABLISHED)
litespeed 241931 nobody 35u IPv4 29137831 TCP server.pc-freak.net:http->83.101.6.41:52312 (ESTABLISHED)
litespeed 241931 nobody 37w IPv4 29132085 TCP server.pc-freak.net:http->83.101.6.41:50000 (ESTABLISHED)

Another way to get an approximate number of established connections to let’s say Apache or LiteSpeed webserver with lsof can be achieved like so:

linux:~# lsof -i TCP:80 |wc -l
2100

I find it handy to keep track of above lsof command output every few secs with gnu watch , like so:

linux:~# watch "lsof -i TCP:80"

2. How to Detect if a Linux server is under an ICMP SMURF attack

ICMP attack is still heavily used, even though it’s already old fashioned and there are plenty of other Denial of Service attack types, one of the quickest way to find out if a server is under an ICMP attack is through the command:

server:~# while :; do netstat -s| grep -i icmp | egrep 'received|sent' ; sleep 1; done
120026 ICMP messages received
1769507 ICMP messages sent
120026 ICMP messages received
1769507 ICMP messages sent

As you can see the above one liner in a loop would check for sent and recieved ICMP packets every few seconds, if there are big difference between in the output returned every few secs by above command, then obviously the server is under an ICMP attack and needs to hardened.

3. How to detect a SYN flood with netstat

linux:~# netstat -nap | grep SYN | wc -l
1032

1032 SYNs per second is quite a high number and except if the server is not serving let’s say 5000 user requests per second, therefore as the above output reveals it’s very likely the server is under attack, if however I get results like 100/200 SYNs, then obviously there is no SYN flood targetting the machine 😉

Another two netstat command application, which helps determining if a server is under a Denial of Service attacks are:

server:~# netstat -tuna |wc -l
10012

and

server:~# netstat -tun |wc -l
9606

Of course there also some other ways to check the count the IPs who sent SYN to the webserver, for example:

server:~# netstat -n | grep :80 | grep SYN |wc -l

In many cases of course the top or htop can be useful to find, if many processes of a certain type are hanging around.

4. Checking if UDP Denial of Service is targetting the server

server:~# netstat -nap | grep 'udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n

The above command will list information concerning possible UDP DoS.

The command can easily be accustomed also to check for both possible TCP and UDP denial of service, like so:

server:~# netstat -nap | grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n
104 109.161.198.86
115 112.197.147.216
129 212.10.160.148
227 201.13.27.137
3148 91.121.85.220

If after getting an IP that has too many connections to the server and is almost certainly a DoS host you would like to filter this IP.

You can use the /sbin/route command to filter it out, using route will probably be a better choice instead of iptables, as iptables would load up the CPU more than simply cutting the route to the server.

Here is how I remove hosts to not be able to route packets to my server:

route add 110.92.0.55 reject

The above command would null route the access of IP 110.92.0.55 to my server.

Later on to look up for a null routed IP to my host, I use:

route -n |grep -i 110.92.0.55

Well hopefully this should be enough to give a brief overview on how, one can dig in his server and find if he is under a Distributed Denial of Service, hope it’s helpful to somebody out there.
Cheers 😉

How to harden Linux Security and imprpove network efficiency on Kernel sysctl Level to Stop SYN flood

Friday, July 8th, 2011

Power up Linux and protect against DDoS with sysctl var optimization

Some long time ago I’ve written an article Optimizing Linux tcp/ip networking

In the article I’ve examined a number of Linux kernel sysctl variables, which significantly improve the way TCP/IP networking is handled by a non router Linux based servers.

As the time progresses I’ve been continuing to read materials on blogs and internet sites on various tips and anti Denial of Service rules which one could apply on newly installed hosting (Apache/MySql/Qmail/Proxy) server to improve webserver responce times and tighten the overall security level.

In my quest for sysctl 😉 I found a few more handy sysctl variables apart from the old ones I incorporate on every Linux server I adminstrate.
The sysctl variables improves the overall network handling efficiency and protects about common SYN/ACK Denial of service attacks.

Here are the extra sysctl variables I started incorporating just recently:

############ IPv4 Sysctl Settings ################
#Enable ExecShield protection (randomize virtual assigned space to protect against many exploits)
kernel.randomize_va_space = 1
#Increase the number of PIDs processes could assign this is very needed especially on more powerful servers
kernel.pid_max = 65536
# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies = 1
# Controls the use of TCP syncookies two is generally a better idea, though you might experiment
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
##################################################
#
############## IPv6 Sysctl Settings ################
# Number of Router Solicitations to send until assuming no routers are present.
net.ipv6.conf.default.router_solicitations = 0
# Accept Router Preference in RA? Again not necessery if the server is not a router
net.ipv6.conf.default.accept_ra_rtr_pref = 0
# Learn Prefix Information in Router Advertisement (Unnecessery) for non-routers
net.ipv6.conf.default.accept_ra_pinfo = 0
# disable accept of hop limit settings from other routers (could be used for DoS)
net.ipv6.conf.default.accept_ra_defrtr = 0
# disable ipv6 global unicasts server assignments
net.ipv6.conf.default.autoconf = 0
# neighbor solicitations to send out per address (better if disabled)
net.ipv6.conf.default.dad_transmits = 0
# disable assigning more than 1 address per network interface
net.ipv6.conf.default.max_addresses = 1
#####################################################

 

To use this settings paste the above sysctl variables in /etc/sysctl.conf and ask sysctl command to read and apply the newly added conf settings:

server:~# sysctl -p
...

Hopefully you should not get errors while applying the sysctl settings, if you get some errors, it’s possible some of the variable is differently named (depending on the Linux kernel version) or the Linux distribution on which sysctl’s are implemented.

For some convenience I’ve created unified sysctl variables /etc/sysct.conf containing the newly variables I started implementing to servers with the ones I already exlpained in my previous post Optimizing Linux TCP/IP Networking

Here is the optimized / hardened sysctl.conf file for download

I use this exact sysctl.conf these days on both Linux hosting / VPS / Mail servers etc. as well as on my personal notebook 😉

Here is also the the complete content of above’s sysctl.conf file, just in case if somebody wants to directly copy/paste it in his /etc/sysctl.conf

# Sysctl kernel variables to improve network performance and protect against common Denial of Service attacks
# It's possible that not all of the variables are working on all Linux distributions, test to make sure
# Some of the variables might need a slight modification to match server hardware, however in most cases it should be fine
# variables list compiled by hip0
### http://www.pc-freak.net
#### date 08.07.2011
############ IPv4 Sysctl Kernel Settings ################
net.ipv4.ip_forward = 0
# ( Turn off IP Forwarding )
net.ipv4.conf.default.rp_filter = 1
# ( Control Source route verification )
net.ipv4.conf.default.accept_redirects = 0
# ( Disable ICMP redirects )
net.ipv4.conf.all.accept_redirects = 0
# ( same as above )
net.ipv4.conf.default.accept_source_route = 0
# ( Disable IP source routing )
net.ipv4.conf.all.accept_source_route = 0
# ( - || - )net.ipv4.tcp_fin_timeout = 40
# ( Decrease FIN timeout ) - Useful on busy/high load server
net.ipv4.tcp_keepalive_time = 4000
# ( keepalive tcp timeout )
net.core.rmem_default = 786426
# Receive memory stack size ( a good idea to increase it if your server receives big files )
##net.ipv4.tcp_rmem = "4096 87380 4194304"
net.core.wmem_default = 8388608
#( Reserved Memory per connection )
net.core.wmem_max = 8388608
net.core.optmem_max = 40960
# ( maximum amount of option memory buffers )
# tcp reordering, increase max buckets, increase the amount of backlost
net.ipv4.tcp_max_tw_buckets = 360000
net.ipv4.tcp_reordering = 5
##net.core.hot_list_length = 256
net.core.netdev_max_backlog = 1024
#Enable ExecShield protection (randomize virtual assigned space to protect against many exploits)
kernel.randomize_va_space = 1
#Increase the number of PIDs processes could assign this is very needed especially on more powerful servers
kernel.pid_max = 65536
# Prevent against the common 'syn flood attack'net.ipv4.tcp_syncookies = 1
# Controls the use of TCP syncookies two is generally a better idea, though you might experiment
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
###################################################
############## IPv6 Sysctl Settings ################
# Number of Router Solicitations to send until assuming no routers are present.
net.ipv6.conf.default.router_solicitations = 0
# Accept Router Preference in RA? Again not necessery if the server is not a router
net.ipv6.conf.default.accept_ra_rtr_pref = 0
# Learn Prefix Information in Router Advertisement (Unnecessery) for non-routersnet.
ipv6.conf.default.accept_ra_pinfo = 0
# disable accept of hop limit settings from other routers (could be used for DoS)
net.ipv6.conf.default.accept_ra_defrtr = 0
# disable ipv6 global unicasts server assignmentsnet.
ipv6.conf.default.autoconf = 0
# neighbor solicitations to send out per address (better if disabled)
net.ipv6.conf.default.dad_transmits = 0
# disable assigning more than 1 address per network interfacenet.
ipv6.conf.default.max_addresses = 1
#####################################################
# Reboot if kernel panic
kernel.panic = 20

These sysctl settings will tweaken the Linux kernel default network settings performance and you will notice the improvements in website responsiveness immediately in some cases implementing this kernel level goodies will make the server perform better and the system load might decrease even 😉

This optimizations on a kernel level are not only handy for servers, their implementation on Linux Desktop should also have a positive influence on the way the network behaves and could improve significantly the responce times of opening pages in Firefox/Opera/Epiphany Torrent downloads etc.

Hope this kernel tweakenings are helpful to someone.
Cheers 😉

40 Days since our beloved brother in Christ (ipodeacon Georgi Nedev) has presented himself in God

Thursday, June 23rd, 2011

Holy Mount Athos st. Georgi the Glory Bringer - Zographus Monastic main Church
Holy Mount Athos st. Georgi the Glory Bringer – Zographus Monastic main Church

I start this post with the St. George Zographus Monastery’s main Church as the Zographus Monastery on Holy Mount Athos was our brother Georgi last eartly place he wanted to spend the remaining of his eartly life.

Today it’s the 40th day since our brother in Christ (ipodeacon) Georgi Nedev has presented his humble soul to our Saviour Jesus.

ipodeacon Georgi Nedev on a Bishop Church service holding the metropolitan sceptre

This is the only picture I have of our brother Georgi

His living was as humble as his departure from this life and his passing I believe in the eternal life with God.
Georgi had the severe desire to become a monk in Holy Mount Athos and has multiple friends in there which loved him and often prayed for him.
Now on this 40 day in our Bulgarian monastery in Holy Mount Athos, Saint George – The GloryBringer (Zographus) monks will be serving a requiem service (Panihida – as we say in Slavonic)

His departure was striking and sudden for of us in the Church community here in Dobrich’s Holy Trinity Church, as well as not less shocking for the Holy Mount Athos Zographus monks Christian community who loved our brother sincerely.

Some short biographic facts about our brother ipodeacon Georgi Nedev are here
Unfortunately the bio-facts I know about Georgi are very little, as I only knew him for a couple of years. Even though the short time I used to know him, I can say I was blessed through him and I’m exteremely grateful to him, it was through him I’ve learned a bit more about Holy Mount Athos and our Bulgarian monk community that is in Zographus, as well as some very minor details concerning the spiritual Church life that I’ve never thought about.
It was thanks to him I was being encouraged on numerous times in terrible times of desparation and loss of faith and track in life.

Thanks to him I was being explained for a first time, how one can go for a pilgrimage journey to Holy Mount Athos and how one can get the pilgrim’s permit documentation related to going there called in greek diamontirium
He also told me about numerous miracles about Holy Mount Athos, and explained me one needs to pray to the Holy Theotokos Virgin Mary and ask her that is being allowed to enter this holy place.

This last lent, even though his sickness Georgi was regularly visiting the evening services in the Church and was dilegent in his spiritual life.

I remember him expressing his enormous joy the last time I saw him on a Holy Liturgy for he took the Holy Communion.
After the Church service, I asked him how is he, his answer was; I’m not feeling well, but praise be to God! for I was able to take the Holy Communion

Many times when I asked him what are his future plans, he used to answer I don’t know anything, it’s all in the God’s will (hands) for me.

You can see yourself how great his dedicated for God was by his own words.

As our priest, who used to be his confessor said, “Georgi was a righteous man and God took him early on”.

Let eternal be your Memory beloved brother Georgi now and Forver and Ever! Amen!

How to fix “imapd-ssl: Maximum connection limit reached for ::ffff:xxx.xxx.xxx.xxx” imapd-ssl error

Saturday, May 28th, 2011

One of the mail server clients is running into issues with secured SSL IMAP connections ( he has to use a multiple email accounts on the same computer).
I was informed that part of the email addresses are working correctly, however the newly created ones were failing to authenticate even though all the Outlook Express email configuration was correct as well as the username and password typed in were a real existing credentials on the vpopmail server.

Initially I thought, something is wrong with his newly configured emails but it seems all the settings were perfectly correct!

After a lot of wondering what might be wrong I was dumb enough not to check my imap log files.

After checking in my /var/log/mail.log which is the default log file I’ve configured for vpopmail and some of my qmail server services, I found the following error repeating again and again:

imapd-ssl: Maximum connection limit reached for ::ffff:xxx.xxx.xxx.xxx" imapd-ssl error

where xxx.xxx.xxx.xxx was the email user computer IP address.

This issues was caused by one of my configuration settings in the imapd-ssl and imap config file:

/usr/lib/courier-imap/etc/imapd

In /usr/lib/courier-imap/etc/imapd there is a config segment called
Maximum number of connections to accept from the same IP address

Right below this commented text is the variable:

MAXPERIP=4

As you can see it seems I used some very low value for the maximum number of connections from one and the same IP address.
I suppose my logic to set such a low value was my desire to protect the IMAP server from Denial of Service attacks, however 4 is really too low and causes problem, thus to solve the mail connection issues for the user I raised the MAXPERIP value to 50:

MAXPERIP=50

Now to force the new imapd and imapd-ssl services to reload it’s config I did a restart of the courier-imap, like so:

debian:~# /etc/init.d/courier-imap restart

That’s all now the error is gone and the client could easily configure up to 50 mailbox accounts on his PC 🙂

How to change / reset lost or forgot TightVNC administrator password

Tuesday, May 24th, 2011

how-to-change-reset-lost-TightVNC-administrator-password

I have installed TightVNC to a Windows host just a few weeks ago in order to be able to manage remotely a Windows host and forgot to write down the administrator password 🙂 (stoopid!)

I had to explain to a friend remotely how to change the TightVNC admin password and it was a complete nightmare!

Shortly here is the exact menus one who wants to reset the password of a TigthVNC server after forgotten:

Start -> All Programs -> TightVNC
-> TightVNC Server (Service Mode) ->
TightVNC Service - Offline Configuration.

In the configuration dialog to popup there are the Server and Administration tabs through which a new password can be set.

After the password is change either a restart of the TightVNC server is necessery or a restart of the Windows PC.

Bulgarian Orthodox Monastery st. martyr George Zograph few monks songs from Holy mount Athos for download

Sunday, April 10th, 2011

Zograph Monastery Holy Mount Athos complex distant picture

A friend of mine who is a devoted Orthodox Christian (and ipodqkon Georgi), regularly visits Holy Mount Athos as a pilgrim.
On a few times he has been there serving to the workman who are currently restoring a number of monastery building which has been abandoned for quite some time.

Every Sunday morning he also goes to the Monastery Church St. George Zograph for the monks Holy Liturgy service.
He send me few recordings he made with his phone during the Holy Liturgy monks chanting. The recording’s quality is quite raw as however still it’s very invaluable piece of spiritual music, which I think every spiritual person will highly regard and enjoy.

Here are the 12 songs which he send me over skype I hope the songs, will be enjoyable and a spiritual blessing to some Christian brothers and sisters out there:

Zograph Monks Church Service Chanting – Song 1
Zograph Monks Church Service Chanting – Song 2
Zograph Monks Church Service Chanting – Song 3
Zograph Monks Church Service Chanting – Song 4
Zograph Monks Church Service Chanting – Song 5
Zograph Monks Church Service Chanting – Song 6
Zograph Monks Church Service Chanting – Song 7
Zograph Monks Church Service Chanting – Song 8
Zograph Monks Church Service Chanting – Song 9
Zograph Monks Church Service Chanting – Song 10
Zograph Monks Church Service Chanting – Song 11
Zograph Monks Church Service Chanting – Song 12

Speed up your DNS resolve if your Internet Service Provider DNS servers fail or resolve slowly / Privacy concerns of public DNS services use

Wednesday, March 30th, 2011

In my experience with many network Internet Service Providers by so far I’ve encountered a lot of DNS oddities and therefore surfing (web) and mail slowness.

It’s sometimes very irritating especially in cases, when I use my internet over Wireless public or university wireless networks.
In principle many of the Wireless routers which distribute the internet especially in organizations are badly configured and the slowness with DNS resolvings is an absolute classic.
If you haven’t encountered that slowness in opening web pages when connected from your University’s canteen, whether it’s fill with people for the lunch break, then I should say you’re really lucky!

My personal experience with this bad configured devices DNS services has been quite negative and every now and then I use to set and use public DNS servers like OpenDNS and Google DNS

Very often when I connect to a wireless network with my notebook running Debian Linux and the internet is too slow in opening pages I automatically set the Google or OpenDNS servers as a default DNS IP resolving servers.

1. DNS IP addresses of Google Public DNS are:

8.8.8.7
and
8.8.8.8

2. OpenDNS Public DNS servers has the IP addresses of:

208.67.222.222
208.67.222.220

I do set up and use the upper public DNS services addresses via the commands:

3. Set and use Google Public DNS services on my Linuxdebian:~# cp -rpf /etc/resolv.conf /etc/resolv.conf.orig
debian:~# echo "nameserver 8.8.8.7n nameserver 8.8.8.8 n" > /etc/resolv.conf;

I first create backu pof my resolv.conf under the name resolv.conf.orig just to make sure I can revert back to my old DNSes if I need them at some point.

If you prefer to use the OpenDNS services for some let’s say privacy reasons, you do it in the same manner as in the above commands, you only change the IP addresses. 4. Configure and use the OpenDNS public DNS services

debian:~# cp -rpf /etc/resolv.conf /etc/resolv.conf.orig
debian:~# echo "nameserver 208.67.222.222n nameserver 208.67.222.220 n" > /etc/resolv.conf;

Of course using Public DNS services has it’s disadvantages over the domain resolving speed up advantage.
One major issue is that Public DNS services are running on a top of a cloud and if you have red my previous article Cloud Computing a possible threat to users privacy and system administrator employment you might be agaist the idea of using a services which are powered by cloud.

The other primary concern is related to your SECURITY and a PRIVACY by using Public DNS networks, you risk that your Public DNS provider might use some DNS spoof techniques to mislead you and resolve you common domain names which usually resolve to let’s say 1.1.1.1 to let’s say 1.5.5.10

Even though this kind of practices on a side of a public DNS provider is not a likely scenario the possible implications of Public DNS providers using DNS forgery to fool you about domain names locations is a very serious issue.

As public DNS providers does contain again the good old philosophy of cloud computing embedded in themselves and they strive to become some kind of a standard which people might vote to adopt and use, the future implications of a wide adoption of Public DNS servers might be a terrible thing on internet users privacy!!!

Just think about a future scenario where we users of the Internet are forced to use a number of public DNS servers in order to use the Internet!
Usually a very huge companies are possessing the Public DNS services and do pay for the tech equipment required for building up the cluster clouds which provide the DNS services and therefore, if in the short future public DNS becomes a fashion and (God forbid!) a standard which shifts up the regular ISP DNS servers to resolve domains to IPs then it will be terrible.

The corporations which does own the Public DNS service/s might have a direct control over filtering and censoling information posted on any website on the internet.
Even worser if the world decides to adopt public DNS services somewhere in the future this means that large corporations owning the open dns cluster or clusters will be able to check each and every resolving made by any user on the net.
If you think closely such an information possessed by a company is not the best thing we want.

So let me close up this article, I’m not a fan and an evangelist who preaches the use of Public DNS services. Right on Contrary I do honestly hate the idea behind public DNS.
Nevertheless apart from my personal opinion I’m a practical person and using the public DNS servers every now and then when this will accelerate my access to the internet is still an option I do enjoy.

Maybe it’s time for a free software project (a tor like), which will provide users with an OpenDNS alternative which will run on hobbyist computers around the globe (just like with tor).

What’s rather funny is that the loud name OpenDNS is a big lie in reality OpenDNS is not opened it’s a company owned closed source service 😉

Merry Russian and Serbian Christmas – The Russian Church Service feast in Nijmegen!

Monday, January 10th, 2011

Orthodox Church Nijmegen Holy relics of Patriarch Tikhon of Russian and Moscow and relics from St. Seraphim Sarovski and 3 more other russian saints
It’s 9th and it’s the 3rd day of the Russian and Serbian Christmas as well as Christmas for all those Orthodox Churches and monasteries, who still observe the old orthodox calendar / (star stil)

I’m just coming back from the Orthodox Church service in Nijmegen .
The Church service was great, the Father there Father Sergius is a priest for almost 30 years and is a really gracious and gentle priest!

After the Church service it is common that the Church community gathers together in the kitchen room (a small room in the church), where we had a dinner, tea and coffee together.
I should say the Church community is really tight, mainly constituted of Russians and Ukrainians but there are also quite of Dutch people who by God’s grace found the true church of Christ and thus converted to Orthodox Christians.
It’s really amazing to see a western people with a profound interest and dedication in Orthodoxy and in Eastern Church life! This is definitely a miracle of God!

After the Church service, one of the choire members lady had organized a Russian like Children festival to celebrate Christmas and the Russian New Year.

There was some children games organized for the children. After some of the games in which children had to do some kid games. Snegurochka and Det Moroz had entered the Church as a great delight for the children.

It’s interesting to say that in Bulgaria we also have Snegurochka that we call Snezhanka and Det Moroz which in Bulgarian is Dqdo Mraz

This kind of children feast and a way to complete the 3 days Christmas festival in which we celebrate the unexplainable mystery of our Saviour Jesus’s Christ incarnation had added up to the great joy of the Church service as well as bring back some old memories of my youth where in the Kinder Garden when I was a kid we used to also await and receive the two dear guests, the old man Dqdo Mraz and his assistans Snehznka 🙂

After the children performed some singing dancing and children exercises as well as had some songs and dances together with Det Moroz and Snezhanka it was time for the end part of the feast which is the recital of children rhymes and christmas songs.
Since there were mostly Russian kids there, most of the children performances was in Russian, however there were few Dutch kids so there was some recitals and singing in Dutch and even in English! 🙂

As Det Moroz was very pleased with the great acting of the youngsters he brought in the two sacks packed up with kid presents and after each children performance, he gave a present to the kid.
The kids were completely shining as a result since they were rewarded for their parcipation in the feast and had some photos with Det Moroz and Snezhanka 🙂

After the whole celebrations were over, we the people who left in the Church went in the church kitchen and had a wonderful table full of delicious foods and drinks, some of which were traditional Christmas Russian meals including my favourite’s Russian Salad / Ruska Salata

I had some very nice chats with some of the church members in the mean time and after the great meal together we cleaned up the Church, asked Father Sergii for a blessing and each one of the church brothers and sisters headed back home.

As a matter of fact since I’ve started talking about the Russian Orthodox Church in Nijmegen, maybe it will be nice to mention that the Church Bulding is actually an Byzantine Chapel taken from Roman Catholics, so the Church didn’t really have a classical Orthodox Church architecture, however this is not a problem at all since everything within the Church icons, iconostasis, alter wall , icons etc. are Russian and serbian Orthodox icons.
The alter was also reconstructed in order to be suitable with the Church requirements for an Orthodox Church alter, it’s interesting fact that the man who sells candles and does a lot of the Russian Church minor maintenance is a Bulgarian just like me 🙂

Currently the Orthodox Russian Church in Nijmegen had church services every two weeks (9th January, 23 January, 6th February etc.)

Although I should say that in the Church building the Serbians had their Orthodox Church service every two weeks also, which means that the Serbs has their Orthodox Church services in the same Church in Nijmegen on (16,30 ,13 of January etc.)

Therefore there is an Orthodox Church service every week in Nijmegen by God’s mercy where services alternate with each other, one week is Russian Orthodox Church and one week is the Serbian Orthodox Church.

Hope this info is helpful to somebody!
Again Merry Russian and Serbian Christmas! Cheers!

How to defend against slowloris Webserver Denial of Service Attack

Tuesday, February 2nd, 2010

Like you can read in my previous post, there is a terrible DoS attack dating back,
from the previous year. It’s a real shit and it was really annoying for me to figure out
that my Apache running on top of FreeBSD is vulnerable as well.
Therefore I needed desperately a fix, I was not really keen at the idea of installing
mod_qos, because I really hate third party software to mess up my Apache official module list.
Therefore I needed another approach, after some walk through google I found the following
How to best defend against a “slowloris” attack against Apache web server There are a couple of pathways
to follow as you can read in the post above. However the one that fit me best was through:
Varnish state-of-the-art high-performance HTTP accelerator (proxy) , it’s truely a wonderful piece of soft.
Installing it on FreeBSD was a piece of cake:
All I had to do was:

# cd /usr/ports/www/varnish# make install clean# echo 'varnishd_enable="YES"' >> /etc/rc.confAnd last but not least, I had to alter my /usr/local/etc/apache2/httpd.conf
and change everywhere the Listen port to 8080 instead of the default 80, the same
procedure goes for VirtualHosts ports as well.

Last thing to do was:
Restart Apache# /usr/local/etc/rc.d/apache2 restartStart varnishd# /usr/local/etc/rc.d/varnishd startThat’s it now varnishd handles the incoming connections to my Port 80, and passes whatever thinks appropriateto the apache server. Hip, Hip Hooray no more slowloris worries!
Another possible approach to Apache Denial of Service issues is to limit the maximum
allowed connections per host to be no more than 20.

On GNU/Linux this could be done with the following iptables rule:
# iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP
On FreeBSD or OpenBSD with packet filter, you might bother to take a look at the following:
Howto: Basic Denial of Service Protection Using PF

But wait there is even more options to handle the slowloris DoS attack. It looks some enthusiast
has created even Apache module that handles the loris attack, sources of the non-official
mod_antiloris module release as well asprecompiled binaries in rpm can be obtained here.

Ping Utility (Service) for Nokia Communicator 9300i

Saturday, December 26th, 2009

I was looking for an app to diagnose my network problems for my Nokia 9300i.
Luckily the company aspicore has created a handy app enabling the Nokia user to
do that through acping. Here is a link to a blog post which explains more about
acping and provides a download link for acping .
Enjoy!