Generate SSL Certificate

March 15, 2006

Need OpenSSL for this –

openssl genrsa 512/1024 http://www.mysite.com.key
openssl req -new -key http://www.mysite.com.keyhttp://www.mysite.com.csr

Enter country, state, locality, org name, org unit, comon name, and email when asked. Note: Common Name is http://www.mysite.com.

openssl -req -x509 -key http://www.mysite.com.key -in http://www.mysite.com.csr http://www.mysite.com.crt


nmap Get remote system o/s and more

March 15, 2006

To find out what type of machine a host is, type:

nmap -O host

Compare services on your server or subnet, run this at 2 different times and then diff the files –

nmap -sX 10.14.34.0/24 | egrep -v '^(Nmap|Starting)' > nmap.out.date


iptables tips & tricks

March 15, 2006

iptables is a firewall app that can filter packets.

#Detect DoS attack by limiting to 12 connections/sec
iptables -t nat -N syn-flood
iptables -t nat -A syn-flood -m limit --limit=12/s --limit-burst 24 -j RETURN
iptables -t nat -A syn-flood -j DROP
iptables -t nat -A PREROUTING -i $EXT_IFACE -d $DEST_IP -p tcp --syn -j syn-flood

Note that $DEST_IP is ultimate requested IP of packet, and $EXT_IFACE is public interface of the firewall.

#Drop Xmas and NULL packets
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP