Blogs

Cisco ASA 5505 Limitation - no DMZ

If your ASA 5505 has the security bundle license it has the DMZ capabilities. You can define the interface in the command line: interface fa0/7 switchport access vlan 3 no shut interface vlan 3 ip address 192.168.110.1 255.255.255.0 nameif dmz security-level 50 no shut If you don't have the security bundle license you will get this error: ERROR: This license does not allow configuring more than 2 interfaces with nameif and without a "no forward" command on this interface or on 1 interface(s) with nameif already configured. This is an excerpt of the show ver output:

vServer memory and number of process checks

Recently we have seen some issues with apache2 and php memory usage in Debian Lenny (stable) vservers growing higher than expected. Restarting apache2 (something that is probably a good idea once a day anyway just to clear the apc cache) was one option. But we wanted a mechanism that would allow us to monitor the usage of resources inside the vserver context and allow a nagios alert to be generated if usage was greater than say, 85% of RSS (resident memory usage) or if the number of processes was above a certain limit.

The trouble with in-line content filtering devices

Content guard / filtering devices like Surf Control, Websense, and now the Barracuda filter are often placed inline with the network, between the firewall and the local LAN. In this mode they act like a transparent (but intelligent) bridge or switch. They can block packets such as icmp echo requests (pings) and tcp/http gets, and smtp connections if they find that the destination ipv4 address matches an entry in the block or drop list that the devices download from their parent database.

FTP Manager

Recently we have setup several ftp sites for customers that come with secure, web-based download for the private ftp dropboxes as well as a web interface to manage it all. More details: http://www.richweb.com/ftp_manager

Cisco ASA 5505 Firewall Bug - Resolved?

Multiple Cisco ASA firewalls, all running the same code have been exhibiting a loss of connectivity to the outside world problem:Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHzSoftware:   asa724-k8.bin The devices would randomly enter a state where external NIC is unable to process packets. Consoleport access would work if out of band access is present; I could login and run commands. All show commands work, sometimes the device will come back w/o a reboot, sometimes a reboot isneeded to restore the proper functionality.

OpenBSD Firewall Hardware swap

We have a generic procedure for cloning an open bsd firewall that allows us to easily upgrade or replace hardware. Simply swapping the disk or raid array the OS is on is not always practical or possible (SATA to SCSI or single disk to HW raid for example). As long as each system is loaded with the same base OS (4.4 currently) making a copy of /etc/ /var/ and /root/ (as well as /home/ if shell accounts exist) and transferring that copy into place on the new system is all that needs to be done. Of course making sure the relevant patches are installed is also important.

Cisco 3524XL Switch IOS

I found an IOS image that can be downloaded via anonymous ftp from ftp.cisco.com for the discontinued 3524 XL cisco switches that enables 8021q: /pub/lan/catalyst/c3500xl-c3h2s-mz.120-5.WC10.bin Hardware specs: cisco WS-C3524-XL (PowerPC403) processor (revision 0x01) with 8192K/1024K bytes of memory.Model number: WS-C3524-XL-EN 8021q VLAN support enables you to setup a linux or openbsd appliance with multiple vlan interfaces on a single network interface.

OpenBSD Based Mail Firewall

We have been running our new spam filter firewall protection system for about a year now with good success so far. It sits in front of our MailFoundry spam filter appliance and tarpits blacklisted ips, keeping those ips from hitting our MailFoundry and wasting smtp resources. It has a built in whitelist as well as an auto-learn blacklist mechanism based on parsing of the MailFoundry logs. if you have a MailFoundry appliance or similar device struggling to keep up with its workload (such as running out of smtp connections) then our solution may be just the ticket to cleaner, faster mail.

Godaddy Spam Flood

As of 9PM EST Wed March 11th Richweb has blocked all email incoming from 72.167.218.0/24 which is the godaddy.com / secureserver.net mail server range. Richweb was flooded with over 100,000 emails in a very short period of time due to misbehaving applications on that network. Calls to the godaddy support line went unanswered, and we were not able to leave a message.

Website Stats / Tracking: Setup Google Analytics

Many of our clients would like to track the number of visitors to their websites. When asked, we always recommend that they sign up for a free account with Google Analytics.
Syndicate content