misc




NMAP UDP DNS scan unexpected packets sending

I got the other day an automated mail alert from some ID/IPS equipment that ‘ a NULL DNS scan was detected and blocked from your IP’. NULL DNS scan? I wasn’t sending any such packets, not to mention I have no idea what they mean by that. After some …



NMAP run stages flow diagram

NMAP scanner has become over the years so friendly that it is not apparent what is going on when it runs. Below is a typicsl NMAP workflow: Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.



Ever wondered how much does ip addresses allocation cost to your service provier ?

Ever wondered how much does IP addresses allocation really cost to your provider? Well, that is easy. If we talk about the RIPE IP address space (majority today) then they have published their fees for PI (Provider Independent) allocations for LIRs (Local Internet Registry) which is by coincidence your ISP …



Public DNS servers open to any on the Internet

Following the good will by Google many other providers made their DNS servers available to us without any limitations as recursive resolvers. As they do not announce it widely enough you may not have heard abouth them, here is the list of these DNS servers: OpenDNS/Cisco Umbrella: 208.67 …



RIPE database query for a route object, or why my network is not advertised

via BGP to the world wordpress_id: 2027 category: Cisco tags: Cisco, Linux Once it was a nice-to-have configuration that most ISPs in the world ignored anyway, but today it is a must if you are planning to advertise your networks via BGP through your uplink provider - your route object in …



Enable 2 factor authentication to protect your Gmail account if you have not

done so already wordpress_id: 1728 category: Linux tags: Linux Today i did an improvised poll at work who is using the 2 factor authentication with their Gmail mail account and got only one positive answer - me :) . The question was in turn inspired by the article in Atlantic Monthly where James …



RSA servers have been hacked

Anything connected to the Internet will be hacked in someday and RSA is no exception.The open letter is here RSA Open Letter, but more interesting are best practices published in response to the attack. Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish …



IP address pools of Facebook to block, if you need to

Once upon a time I mentioned that blocking Facebook is easy as they have a uniform IP addresses pool . Since then they added more , here is the new and old pools: NetRange: 69.63.176.0 - 69.63.191.255 CIDR: 69.63.176.0/20 OriginAS: AS32934 NetName: TFBNET2 …



Darknet can't lie - most of the attacks, scans and other interesting things

indeed come from behind the Great Firewall of China. wordpress_id: 1230 category: Linux tags: awk weekly Working for Telco company entitles me to various perks, one of them is unlimited connection to the Internet with wealth of unallocated yet IP addresses. So to use it somehow I set up a …



Alert on change of SOA in domain

This comes from unpleasant experience of mine. One of my clients’ domain records (MX for the case involved) was mistakenly changed. While it was a human error and trying to fix humans is rolling the rock of Sisyphus,damage would be much lesser had I known about the change immediately …