Watching sunset from Braunsberg

Yesterday was good day for some chill at Braunsberg again with friends, some bottles of beer and with pipes full of tobacco.

cameraPentax K10D
lenses SMC Pentax f1.7/50mm

Sunset

Sunset

Friends chilling

author: niekto@niekde.sk (Jaroslav Petráš)

date: Sun, 23 Aug 2015 11:13:00 +0200

link: CyberAsylum.eu/photography-watching-sunset-from-braunsberg

Braunsberg in Austria is a nice place to rest

Not far away from capital city of Slovakia is located the Braunsberg hill (346 m.a.s.l.) which is actually limestone massif. It's dominant object in the landscape and I have been always fascinated with it. Decision was made and I made a trip to that interesting place.

First time I walked there by tourist path. It's also accessible by car which is an advantage but also disadvantage because of high traffic of loud people. Thus relatively quiet place is disrrupted by guys reving engines on their motorcycles, loud music from parking cars (wtf?!), crying babies and etc. So it's more urban place and watch tower within palisade is pretty busy. On the other side I never saw anyone sitting directly on the limestone rocks and this place is that one where I really love to chill with my camera.

I have one more remark. I noticed some felt pen writings by Slovaks (I am also one so that's why I am even more disgusted) inside watch tower. Something like "We were here at and blah blah blah...". WHAT THE HELL?! It's so shameful.

Now some photos from that place and arout it.

cameraPentax K10D
lenses Tamron f2.5/24mm 01BB
Hoya HMC Zoom f4/80-200mm

Path continues

Sunset scenery

Sunset scenery

Sunset scenery

Arbeitsgruppe Schlossberg

At night

author: niekto@niekde.sk (Jaroslav Petráš)

date: Thu, 20 Aug 2015 11:03:00 +0200

link: CyberAsylum.eu/photography-braunsberg-in-austria-is-a-nice-place-to-rest

Summer night walk

So I decided to grab a tripod and take a walk with my camera.
Old town district in Bratislava offers so many interesting places which worth a shot.
Too bad I had to go to work in the morning.

cameraPentax K10D
lenses SMC Pentax f1.7/50mm
Tamron f2.5/24mm 01BB

Apollo bridge

"New Old" bridge

Carlton

City life at night


author: niekto@niekde.sk (Jaroslav Petráš)

date: Thu, 13 Aug 2015 16:05:00 +0200

link: CyberAsylum.eu/photography-summer-night-walk

How to hide known public services without affecting internal applications

It's only a matter of time when one gets annoyed by dictionary attacks to your server exposed on public network. Of course I can use fail2ban or denyhosts (as I used for long time) but it will costs some performance. Also I was noticed with logcheck and logwatch about every unsuccessfull auth attempts and to turn it off isn't the best idea.

So I was really pissed-off with this and I started with default port change to custom one for SSH daemon. To achieve real peace there is also need to handle mail subsystem in this way. While to change that port for SSH was simple and without noticable impact, default ports for IMAPS and SMTPS are used in my scenario by some internal applications and clients connecting via VPN.

I decided to use iptables to protect public ports of these services by obscurity.
See the rules bellow.
 
 # custom imaps/smtps
 iptables -A INPUT -i eth0 -p tcp -m mark --mark 0xE --dport 993 -j ACCEPT
 iptables -A INPUT -i eth0 -p tcp -m mark --mark 0xE --dport 465 -j ACCEPT
 
 # nat table
 iptables -t nat -A PREROUTING -p tcp -d 78.46.80.136 --dport 9993 -j MARK --set-mark 0xE
 iptables -t nat -A PREROUTING -p tcp -d 78.46.80.136 --dport 9993 -j REDIRECT --to-ports 993
 iptables -t nat -A PREROUTING -p tcp -d 78.46.80.136 --dport 4465 -j MARK --set-mark 0xE
 iptables -t nat -A PREROUTING -p tcp -d 78.46.80.136 --dport 4465 -j REDIRECT --to-ports 465
 
With these rules applied I use custom ports 9993 and 4465 to connect to IMAPS and SMTPS services. Connections to these ports are marked and redirected to default ports. Unmarked or direct connections to default ports are dropped (later in rules chain). Marked connection with mark 0xE are accepted.

All internal applications left untouched and working because those service daemons run on all interfaces with unchanged port numbers.
And I'm finaly enjoying peace :)

Note: port numbers shown above are examples except default imaps/smtps ports (993, 465). Public IP address is owned by this blog web server.

author: niekto@niekde.sk (Jaroslav Petráš)

date: Tue, 29 Jul 2014 14:08:00 +0200

link: CyberAsylum.eu/how-to-hide-known-public-services-without-affecting-internal-applications

SINT - iptables usage notes (my edition)

My notes about iptables usage. This article will grow in time.


DROP incommig connections to TCP port 80 and insert it as rule 6 to INPUT table
 
iptables -I INPUT 6 -p tcp -m tcp --dport 80 -j DROP
 
DROP rule 6 from INPUT table
 
iptables -D 6
 
DROP outgoing TCP connections with given flags to destination port 1521 if there are more than 5 connections
 
iptables -A INPUT -p tcp -m tcp --dport 1521 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 5 --connlimit-mask 0 -j DROP
 

author: niekto@niekde.sk (Jaroslav Petráš)

date: Wed, 16 Jul 2014 20:03:00 +0200

link: CyberAsylum.eu/sint-iptables-usage-notes