misc




See what your users are doing - awk one-line scripts to parse Aladdin eSafe logs

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



RBLs - more hassle than benefit

as I wrote earlier Google mail servers got blacklisted , but it was only the beginning. Now I got complains from the client that hotmail.com users also get mail bounced because of this list . So, as running after each and every IP blocked by this list endlessly wasn't the best …



Darknet can't lie - most of the attacks, scans and other interesting things

indeed come from behind the Great Firewall of China. wordpress_id: 1230 category: Linux tags: awk weekly Working for ISP entitles me to various perks, one of them is unlimited connection to the Internet with wealth of unallocated yet IP addresses. So to use it somehow I set up a little …



Few questions you will most probably hear on your next job interview.

Lately, for whatever reason it may be, many of my friends/colleagues/acquaintances switched the jobs and mostly because they wanted to. And hearing their accounts of job search I catch myself that while offered positions and employers differ there are ever returning themes/questions that arise on the job …



Alert on change of SOA in domain

This comes from unpleasant experience of mine. One of my clients’ domain records (MX for the case involved) was mistakenly changed. While it was a human error and trying to fix humans is rolling the rock of Sisyphus,damage would be much lesser had I known about the change immediately …



Quick and dirty way to bypass eSafe inspection

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



IP Options are evil - drop them , drop them on Cisco Asa/IOS Microsoft ISA

Juniper or Checkpoint wordpress_id: 419 category: Linux tags: Checkpoint, Solaris, Linux, Cisco As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers …



Increase log size in eSafe

Session logs in eSafe are essential for debugging . By default ,nevertheless each Session log file is limited to 100 megabytes in size , after reaching this limit eSafe stops writing the Session logs until the next log rotation - that is midnight. To fix this , edit the file /opt/eSafe/eSafeCR/esafecfg …



eSafe has iptables too

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



Website/malware categorization in eSafe

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …