Bookmark this site!

2007-12-13

Block Microsoft messenger on Speedtouch router

Blocking tcp traffic from two ranges of IP addresses on ports 80 and 1863 prevents MSN messengerlogin and initialisation.

You can input the following via telnet login to your speedtouch (telnet -l <user> 10.0.0.138) for temporary use—to revert to saved configuration use system reboot, save or add it to the firewall section of user.ini for a permanent block. (View source to see lines split here.)

firewall chain create chain=nomsn

firewall rule create chain=nomsn prot=tcp srcport=1863 src=65.52.0.0/14 action=drop
firewall rule create chain=nomsn prot=tcp srcport=1863 src=207.46.0.0/16 action=drop

firewall rule create chain=nomsn prot=tcp srcport=80 src=65.52.0.0/14 action=drop
firewall rule create chain=nomsn prot=tcp srcport=80 src=207.46.0.0/16 action=drop

firewall assign hook=input chain=nomsn

exit

See CLI reference for your model.

* 
*                             ______ 
*                         ___/_____/\
*                        /         /\\ Alcatel, Speed Touch 510 ADSL modem
*                  _____/__       /  \\ 
*                _/       /\_____/___ \   Version R3.7.2.1 
*               //       /  \       /\ \ 
*       _______//_______/    \     / _\/______ Copyright (c) 1999-2001 Alcatel 
*      /      / \       \    /    / /        /\
*   __/      /   \       \  /    / /        / _\__ 
*  / /      /     \_______\/    / /        / /   /\
* /_/______/___________________/ /________/ /___/  \ 
* \ \      \    ___________    \ \        \ \   \  /
*  \_\      \  /          /\    \ \        \ \___\/
*     \      \/          /  \    \ \        \  /
*      \_____/          /    \    \ \________\/
*           /__________/      \    \  /
*           \   _____  \      /_____\/
*            \ /    /\  \    /___\/
*             /____/  \  \  /
*             \    \  /___\/
*              \____\/
*

2007-12-07

ClamAV an open-source anti-virus toolkit

Clam AntiVirus (ClamAV) is an open-source anti-virus toolkit for UNIX, released under GPL. It provides a number of utilities including a flexible and scalable multi- threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

ClamAV is included in both Fink and DarwinPorts, or can be downloaded directly from sourceforge

Configuration

You have to edit the configuration files. See the manual pages for details:

man freshclam.conf
man clamd.conf

You have to edit both files. On a Fink install, you'll find them in /sw/etc/. For other setups, locate clam.conf should find them.

Programs

clamconf -n tells you what non-defaults are set in your configuration.
clamscan -r directory recursively scans a directory.
freshclam updates your virus definitions.

man clamconf
man clamdscan
man clamscan
man freshclam

I added the following line to /sw/etc/anacrontab

   1       25        clamscan         nice /sw/bin/freshclam -quiet

When you check your imported software (for a Fink installation, do this by running the command sudo clamscan -r /sw) you should find a few ''infected'' files. For example:
/sw/src/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND
There are a few more examples in /sw/share/doc/clamav/test/. If you don't find these test cases, check your configuration.

The malware I have found is exclusively in spam mail and cached java applets.

clamdscan ˜/Library/Caches/Java\ Applets
clamdscan ˜/Library/mail\ Downloads
You can remove offending files by hand, or use the --remove option when calling clamdscan.

2007-12-02

X11 on Leopard

X11.app won't launch for me - a quick google tells me that others have the same problem.

The idea under Leopard is that X11 will launch automatically as required, so just typing xterm in a Terminal window will launch a xterm window.

But for me this didn't work, since I had set DISPLAY = 0:0

To check, type echo $DISPLAY if the response is 0:0 (as you might expect) you need to remove the entry for DISPLAY from environment.plist (double-click on the file and the property list editor should open). On the other hand something bizarre:

mfourman$ echo $DISPLAY
/tmp/launch-SKAysC/:0
seems to be fine!

Note that some applications may set the DISPLAY variable on startup. I had to retire sshLogin (a Mac port of sshAskPass) because it insists on doing this. So I'm back to using ssh-add from the terminal to set up my ssh identity before launching xterm.

Connecting via ssh from the xterm then sets up an X11 connection so that remote X applications can use your Mac screen. Use ssh -X to forward X11 connections, or set this up, for hosts you trust, in your ssh configuration.

Your ssh configuration depends on various files in ˜/.ssh:

authorized_keys config identity  identity.pub  known_hosts

You can set your ˜/.ssh/config on a per-host basis: for example

# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
Host trusted.local
     ForwardX11 yes 
     ForwardX11Trusted yes
Host ssh.foo.uni.ac.uk
     Compression yes
     Cipher blowfish
     ForwardX11 yes 
Host ssh.foreign.com
     User alias 
Host *
     ForwardX11 no
     ForwardX11Trusted no
Note X11 forwarding should be enabled with caution.

User Specifies the user to log in as, useful when you have a different user name on different machines.

The default configuration file (see /private/etc/ssh_config) includes a list of common settings. The configuration files contain sections separated by ``Host'' specifications, and that section is only applied for hosts that match one of the patterns given in the specification. (Lines starting with `#' are comments. Copy this template, remove `#' and edit values as desired. For details see man ssh_config)

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no