Firefox Stop Home Calls

During my last Network Monitoring found out that MANY of „free“ Software calls home permanent

Article:
https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

.. if you want to be safe, block all OUTGOING Traffic by a Firewall or local DNS Server and use a Proxy with Auth Mechanism!

Major Bug: UFW stopped thru logrotate

On Debian Sid i have seen that ufw service is stopped on logrotate!!

Its a bad known bug!

Workaround:

  • Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet
  • Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2)
  • Disable unneeded Services ! like Samba, FTP…
  • move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !!
  • edit /etc/ufw/ufw.conf set LOGLEVEL to „off“
  • restart the Server and check open Ports next Days from outside with:

$sudo nmap -PN my.server.com

Postfix: Automatic UFW Firewall Updates

If you use a Mail Server with Postfix you got daily Spam Attacks by Scripts:

How to fix?

  • Install ufw Firewall
  • Run a Scanner Script as  cronjob

On Debian/Ubuntu:

Install ufw:


sudo apt-get update && sudo apt-get install ufw && sudo ufw enable && sudo  ufw logging off

Scan Script:
sudo nano /home/user/firewall-update.sh:


#!/bin/bash
# scan rejected
cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt
# insert to Firewall
while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt
# scan "denied"
cat /var/log/mail.log | grep denied | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall2.txt
# insert to Firewall
while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall2.txt
service ufw restart
exit 0

Remark:

  • add to root’s crontab run hourly
  • add lines cat..+ while.. replace rejected by other failed commands login etc..!

Test:


sudo ufw status numbered

Should echo list of banned IP’s! Screenshot of one DAY!

Status: active

To Action From
— —— —-
Anywhere DENY 87.98.131.120
Anywhere DENY 187.178.174.1
Anywhere DENY 46.148.88.115
Anywhere DENY 31.28.86.59
Anywhere DENY 200.6.213.125
Anywhere DENY 200.35.185.180
Anywhere DENY 37.49.227.221
Anywhere DENY 203.60.1.21
Anywhere DENY 78.110.2.2
Anywhere DENY 192.140.8.21
Anywhere DENY 66.240.219.146
Anywhere DENY 171.49.178.169
Anywhere DENY 186.179.219.145
Anywhere DENY 119.235.53.122
Anywhere DENY 95.177.213.224
Anywhere DENY 14.161.43.66
Anywhere DENY 203.143.23.69
Anywhere DENY 104.215.8.206
Anywhere DENY 191.96.249.84
Anywhere DENY 190.190.167.206
Anywhere DENY 95.97.176.158
Anywhere DENY 200.77.219.250
Anywhere DENY 191.248.224.38
Anywhere DENY 91.237.124.222
Anywhere DENY 31.27.32.18
Anywhere DENY 122.174.172.246
Anywhere DENY 208.92.136.194
Anywhere DENY 39.52.234.157
Anywhere DENY 202.188.23.209
Anywhere DENY 154.72.169.179
Anywhere DENY 88.247.177.95
Anywhere DENY 98.116.114.130
Anywhere DENY 203.45.1.236
Anywhere DENY 115.74.190.217
Anywhere DENY 183.129.160.229
Anywhere DENY 203.143.23.66
Anywhere DENY 201.187.101.222
Anywhere DENY 46.13.150.215
Anywhere DENY 104.215.11.242
Anywhere DENY 77.119.247.86
Anywhere DENY 94.46.187.190
Anywhere DENY 78.89.186.118
Anywhere DENY 185.218.184.95
Anywhere DENY 103.10.44.223
Anywhere DENY 167.114.226.176
Anywhere DENY 185.38.154.18
Anywhere DENY 85.105.58.91
Anywhere DENY 149.135.117.174
Anywhere DENY 104.236.166.245
Anywhere DENY 27.115.124.2
Anywhere DENY 181.60.254.53
Anywhere DENY 196.22.248.246
Anywhere DENY 165.49.18.249
Anywhere DENY 159.147.100.63
Anywhere DENY 192.95.17.132
Anywhere DENY 137.74.89.35
Anywhere DENY 193.70.87.209
Anywhere DENY 216.36.187.97
Anywhere DENY 101.187.124.125
Anywhere DENY 2.42.219.63
Anywhere DENY 185.109.169.71
Anywhere DENY 201.26.128.167
Anywhere DENY 133.130.74.177
Anywhere DENY 2.139.229.39
Anywhere DENY 177.1.7.49
Anywhere DENY 103.227.88.130
Anywhere DENY 46.102.196.66
Anywhere DENY 109.230.219.194
Anywhere DENY 180.94.114.47
Anywhere DENY 212.170.109.162
Anywhere DENY 190.24.136.122
Anywhere DENY 82.152.228.49
Anywhere DENY 181.49.39.70
Anywhere DENY 103.240.181.210
Anywhere DENY 189.51.83.246
Anywhere DENY 61.19.16.144
Anywhere DENY 45.76.95.222
Anywhere DENY 178.90.55.176
Anywhere DENY 87.139.234.44
Anywhere DENY 200.116.164.5
Anywhere DENY 24.222.140.202
Anywhere DENY 103.100.209.234
Anywhere DENY 82.201.54.152
Anywhere DENY 84.241.1.21
Anywhere DENY 110.145.123.120
Anywhere DENY 185.32.183.141
Anywhere DENY 200.49.145.161
Anywhere DENY 213.156.120.22
Anywhere DENY 95.59.137.196
Anywhere DENY 185.229.227.5
Anywhere DENY 188.225.171.58
Anywhere DENY 211.24.107.177
Anywhere DENY 186.233.80.51
Anywhere DENY 187.178.242.154
Anywhere DENY 190.223.59.18
Anywhere DENY 202.181.207.212
Anywhere DENY 41.87.95.33
Anywhere DENY 52.175.252.79
Anywhere DENY 103.252.220.20
Anywhere DENY 212.230.98.37
Anywhere DENY 41.180.72.44
Anywhere DENY 196.191.131.50
Anywhere DENY 120.150.227.127
Anywhere DENY 181.211.10.202
Anywhere DENY 218.255.233.114
Anywhere DENY 181.143.94.74
Anywhere DENY 196.38.89.85
Anywhere DENY 190.187.134.246
Anywhere DENY 76.65.196.40
Anywhere DENY 222.102.154.172
Anywhere DENY 221.121.148.77
Anywhere DENY 203.191.174.55
Anywhere DENY 190.25.46.42
Anywhere DENY 169.55.213.44
Anywhere DENY 86.16.10.224
Anywhere DENY 89.96.222.27
Anywhere DENY 202.131.203.163
Anywhere DENY 200.85.52.74
Anywhere DENY 94.23.73.132
Anywhere DENY 41.193.16.218
Anywhere DENY 175.136.232.97
Anywhere DENY 118.219.45.141
Anywhere DENY 205.151.252.203
Anywhere DENY 82.113.59.26
Anywhere DENY 178.33.107.200
Anywhere DENY 82.185.149.169
Anywhere DENY 220.130.186.101
Anywhere DENY 201.33.193.166
Anywhere DENY 178.159.36.60
Anywhere DENY 74.125.82.65
Anywhere DENY 74.125.82.67
Anywhere DENY 209.85.128.193
Anywhere DENY 209.85.128.195
Anywhere DENY 178.32.217.0/24
Anywhere DENY 74.125.82.66
Anywhere DENY 209.85.128.194
Anywhere DENY 209.85.128.196
Anywhere DENY 74.125.82.68
Anywhere DENY 104.236.142.81
Anywhere DENY 60.191.38.77
Anywhere DENY 5.101.0.34
Anywhere DENY 209.126.136.5
Anywhere DENY 145.249.104.109
Anywhere DENY 37.49.226.113
Anywhere DENY 189.112.109.185
Anywhere DENY 172.104.155.22
Anywhere DENY 23.227.207.153
Anywhere DENY 142.4.196.32
Anywhere DENY 210.72.142.7
Anywhere DENY 46.21.174.130
Anywhere DENY 13.91.5.211
Anywhere DENY 212.53.206.58
Anywhere DENY 167.114.60.66
Anywhere DENY 144.217.126.187
Anywhere DENY 144.217.210.228
Anywhere DENY 104.236.163.154
Anywhere DENY 61.236.111.38

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the „WannaCry“ Crypto Ware

Howto protect yourself?

  • Enable the Firewall on Windows Systems!! Always!
  • Update daily the Virus Scanners and Windows Patches!
  • Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol!
  • Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense)
  • Check with nmap Portscanner Tool the taken Rules and check if the work!
  • For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa)
  • For fresh installed Systems do a Full Backup of the Disk.
  • To Save your work files use USB Drives or USB Sticks which can be unplugged, if you don’t need them.
  • Backup weekly the Windows Disk to a external USB Disk 1TB sold for less than 50$
  • ..last but not least use a Live CD of Linux like ubuntu to access the Internet..

Update:

  • The Linux Windows Share Service called Samba is also under attack CVE-2017-7494
  • to fix enter smb.conf with a Editor:

nt pipe support = no

  • restart the Service with:

$service samba stop && service samba start

  • Don’t use reload, to be secure that the config is really reloaded!! A „systemd“ Problem!
  • Check the Samba Share for write and read access!

Freifunk: Setup Router Software Bugfix

If you want to share Public Wifi at home for friends and you don’t want to share the Wifi Password, you can setup cheap a Public Openwrt Wifi Router as Access Point.

freifunk

Advantages:

  • Public Setup needs no Wifi Password
  • You are not responsible, cause the Internet is pulled thru a VPN of Freifunk Network
  • It’s anonymous!
  • It’s free of Charge!
  • Supported by a big Community
  • Can installed on very cheap old Routers like the TP-Link 841 (find the Singleband Router on Amaz or EbXX 12$ or Powerfull Dualband Router TP Link C7 at 50$)
  • Can by used at EVERY Freifunk MESH Wifi Access Network (Mobile Home Usage without Internet like LTE)
  • It’s save
  • Can be used with Solar Power or 9v Battery

Device:

freifunk router

Howto:

  • Go to the next Freifunk Community Downloads to get a Firmware , see on Sticker which Version the Router is,  select then Firmware Version, like TP 841 Vers. 8.1 needs v8 (remark there are 2 Version the .bin and the sysupgrade.bin use always the .bin=gluon-fffd-3-142-20151030150319-tp-link-tl-wr841n-nd-v8.bin)
  • Keep this Firmware on Backup !!! Its useful if the Router hangs on Changes! Or if the File is PURGED cause version Change! Older sometimes more STABLE!
  • Power up the Router, login on TP-Link Web as admin, go Firmware Update, select the gluon-file, reboot and wait.
  • Connect a PC with DHCP NET to the Router LAN (yellow Ports)
  • Set SSH-Admin Password on Advanced first, select other Tabs on Advanced to Change first things you need. Remark Enable “ MESH on WAN or LAN“ disabel MESH on WIFI which is default!!! This let 2 Routers stop meshing over Wifi if you like to use a Router at Office and a Router on the Garden without LAN Cables!!
  • Select now Back to BASIC Tab and set Changes, like Geodata and Bandwith is useful, cause Geodata allow find next Router on a Meshmap!
  • Save and Exit! Remark a „long HEX KEY“ MUST be shown (red framed)!! If NOT reflash the Firmware cause SETUP FAILED!!! for FACTORY RESET!
  • freifunk setup success screen
  • Test the Router after boot with Wifi Access, and Access on LAN 2-4!! LAN 1 offers only MESH Function.
  • Emergency Access is possible by power on Router wait 60seconds then press RESET for min. 10 seconds, connect a PC to LAN2 and set IP 192.168.1.2 to the PC, the Router listen on 192.168.1.1 via telnet!! To do a Software RESET enter firstboot and confirm by YES, BUT this doesn’t work clean at my Routers, i reflashed successful and this is more clean.

Administration:

  • Go to the Meshviewer Map, look for your Router Name and pick up the IPv6 address, this Map is useful to check your Setup from Internet!
  • Open a Linux Terminal ot Putty and enter ssh root@ip-v6 to reach the Router Console
  • By this Commands you can change remotely anything Freifunk-Commands-Howto

Remarks:

  • The MAJOR Advance is that EVERY Router with this OS can taken to a OTHER Area, and he can CONNECT to EVERY other Freifunk MESH NETWORKs!
  • The TP-841 Router use 9V and can be used at MOBILE HOMES at foreign Citys
  • At Home the Router offers a anonymous Office Internet Access, with Linux/TAILS on RAM very secure for researches

Bugfix:

  • If the HexKey after setup is NOT seen then the Setup is failed, i have seen this on some setups. This can be a result of Browser Javascript Errors like your Browsers uses Adblockers. To fix it take a fresh firefox default profile without any ADDONS enabled!
  • Take the gluon-fffd-3-142-20151030150319-tp-link-tl-wr841n-nd-v8.bin a NON-SYSUPGRADE .bin File which seems more clean. Its found on the Freifunk Firmware Fresh Setupon a other path.