New spam on the block

May be not new , but new to me - spam mails that instead of direct links to their websites list links cached in google. So , you get in the email not http://degayfisk.com/ but http://google.nr/search?q=cache:c2tHRUQ2mx4J:google.co.nz It is ,by the way, recognized …



Best open source Netflow/sFlow analyzing software

People ask me frequently what software I would recommend for Netflow analysis , especially with security implementations in mind. I made my choice a long ago and haven't been complaining so far - Nfsen graphical frontend that has Nfdump as its data processing backend . It provides most flexibility, configurability; its filter syntax …



Class A 2.0.0.0 is inaccessible from behind Edge devices bug

This is a not critical but rather annoying bug in the Checkpoint Edge devices firmware 8.1.x preventing any host behind it to reach class A network 2.0.0.0/8 . If you notice this problem then it is most probably because recently the pool 2.16.0 …



IP address pools of Facebook to block, if you need to

Once upon a time I mentioned that blocking Facebook is easy as they have a uniform IP addresses pool . Since then they added more , here is the new and old pools: NetRange: 69.63.176.0 - 69.63.191.255 CIDR: 69.63.176.0/20 OriginAS: AS32934 NetName: TFBNET2 …



Grab bag of IPF firewall commands for FreeBSD and Solaris 10

Nothing new here , just a round-up of the commands/configs I happen to need from time to time. Google probably has better references for that.I talk about Pf firewall used in FreeBSD, OpenBSD and Solaris systems. Enable and disable firewall: pfctl –e Enable packet filter real time pfctl –ef …



The D-day for CheckPoint UTM-1 Edge Appliances happened today - reboots are reported all over the world

Today we (ISP) have got reports from the clients that all their UTM Edge devices did a reboot early at night, at about 03:00 AM Israel time 31st of October. While no official press-release has been seen so far from the Checkpoint, looking at cpug.org posts where people …



The easiest way to disclose Cisco routers on the network and how to fix it

Cisco gear has a well-known behaviour pattern that when you telnet to some weird and closed port on Cisco you get the uniform response of “Connection refused” . To add more precision it happens when a terminal line management access is enabled on the Cisco but your IP is not in …



Too much of the Zeus on TV

At 19th of October the 1st Russia channel aired the TV show called "Пусть говорят, Однажды в Америке" , dedicated to Zeus trojan story. You all saw and heard about this FBI operation that brought some 38 people to the captivity. The talk show on the most available and popular Russian …



Convert mb4 to mp3 files in one run with ffmpeg

Folks at Defcon.org have been somewhat inconsistent in publishing their conference audio archives - once they do it in mb4 format, once in mp3 . As I listen to them on my mobile phone during my commuting to the work and it doesn't accept anything but mp3 I had to first …



See what your users are doing - awk one-line scripts to parse Aladdin eSafe logs

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …