<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Updated images will use Shorewall to "frontend" iptables<br>
<br>
<div class="moz-cite-prefix">On 6/8/2017 9:27 AM, Bryan D. Boyle
wrote:<br>
</div>
<blockquote
cite="mid:C8DCF0DC-8DAF-4A1E-AD43-6B8B345963C1@bdboyle.com"
type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div>you beat me to it.<br>
<br>
thanks!<br>
--
<div>Bryan</div>
<div>Sent from my iPhone 6S.<span style="font-size: 13pt;">..No
electrons were harmed in the sending of this message.</span></div>
<div><br>
<div><br>
</div>
</div>
</div>
<div><br>
On Jun 8, 2017, at 08:26, Jeremy Utley <<a
moz-do-not-send="true" href="mailto:jerutley@gmail.com">jerutley@gmail.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">UFW is really just a front-end for
iptables. You give instructions to UFW, it does the
correct IPTables lines to make it happen. Firewalld on
CentOS 7 is the same way. Any network firewalling tool on
Linux is going to be IPTables under the hood.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jeremy, NQ0M<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>From:</b> App_rpt-users [<a
moz-do-not-send="true"
href="mailto:app_rpt-users-bounces@lists.allstarlink.org">mailto:app_rpt-users-bounces@lists.allstarlink.org</a>]
<b>On Behalf Of </b>Loren Tedford<br>
<b>Sent:</b> Thursday, June 8, 2017 3:13 AM<br>
<b>To:</b> Users of Asterisk app_rpt <<a
moz-do-not-send="true"
href="mailto:app_rpt-users@lists.allstarlink.org">app_rpt-users@lists.allstarlink.org</a>><br>
<b>Subject:</b> Re: [App_rpt-users] Security was Re: What
is the "debian" user in the DIAL distro?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Bryan What about the use of UFW?? I
have been using ufw in place of iptables started that
about 4 years ago.. Is their a known risk from ufw
rather iptables?? I thought they had similar
characteristics.. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif">Loren
Tedford (KC9ZHV) <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif">Phone:618-553-0806<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif">Fax: 1-618-551-2755</span><span
style="font-size:12.0pt"><br>
</span><span
style="font-size:12.0pt;font-family:"Arial",sans-serif">Email: </span><span
style="font-size:12.0pt"><a
moz-do-not-send="true"
href="mailto:lorentedford@gmail.com"
target="_blank"><span
style="font-family:"Arial",sans-serif;color:#1155CC">lorentedford@gmail.com</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt">Email: <a
moz-do-not-send="true"
href="mailto:KC9ZHV@KC9ZHV.com"
target="_blank"><span
style="color:#1155CC">KC9ZHV@KC9ZHV.com</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif"><a
moz-do-not-send="true"
href="http://www.lorentedford.com/"
target="_blank"><span
style="color:#1155CC">http://www.lorentedford.com</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif"><a
moz-do-not-send="true"
href="http://www.kc9zhv.com/"
target="_blank"><span
style="color:#1155CC">http://www.kc9zhv.com</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif"><a
moz-do-not-send="true"
href="http://forum.kc9zhv.com/"
target="_blank"><span
style="color:#1155CC">http://forum.kc9zhv.com</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Arial",sans-serif"><a
moz-do-not-send="true"
href="http://hub.kc9zhv.com/"
target="_blank"><span
style="color:#1155CC">http://hub.kc9zhv.com</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt"><a
moz-do-not-send="true"
href="http://ltcraft.net/"
target="_blank"><span
style="color:#1155CC">http://Ltcraft.net</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt"><a
moz-do-not-send="true"
href="http://voipham.com"
target="_blank">http://voipham.com</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Wed, Jun 7, 2017 at 8:55 PM,
Bryan D. Boyle <<a moz-do-not-send="true"
href="mailto:bdboyle@bdboyle.com" target="_blank">bdboyle@bdboyle.com</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal">Based on tests that the
security research arm of my company has run
(well-known IT company that's been around for
over a century...), the elapsed time that a
system exposed to the network is discovered,
probed, and if well-known vulnerable ports are
detailed (and the scum or nation states who do
this keep records), then attempted to be pwned
is somewhere between a minute to a half hour. <o:p></o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal">Just for giggles, i spun up a
pi with a sip server enabled connected to a
second port on my router and started a tail -f
on the messages file and grepped for the sip
daemon. routed the sip port on my external
router to the pi, a sat back. (there was no
route from the pi to my internal network)<o:p></o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal">3 minutes till the first
probe. 15 till the attempted pwning. SIP was
the only inbound port opened. I just
watched...and went on for an hour (no, they
didn't take over the system, only ate up
bandwidth, of which I am pretty ok with being on
FTTH). It's all automated. don't even need
human intervention for the probe, just to select
the attack vectors when the automated system
pops a live port selection.<o:p></o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal">Default SSH is NO guarantee.
Allowing root access from an interactive login
from the net port deserves to be punished.
Bogus user passwords that are guessable should
be cause for your isp to turn off your
connection. Moving to a different port is just
attempted security through obscurity. Open
ports from the outside inbound that allow anyone
on the network to connect will be probed and
attempts (DoS, null sled, buffer overruns, etc)
to subvert your system as a c&c node,
bitcoin miner, email spam relay, porn
repository, or whathaveyou is the goal.<o:p></o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal">After doing this since 1988
or so, it's only the frequency that it happens
that's changing, not that it's happening. <br>
<br>
fail2ban is a good stopgap measure for ports
that you positively HAVE to have exposed.
router firewall enabled and locked down? good.
iptables set up properly? passwords NOT based
on dictionary words or used for your other
online activities? yeah, it's a pain. the
alternative is your system being taken over and
used for other purposes while you sleep. <o:p></o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="m_8850129897607754467AppleMailSignature">
<p class="MsoNormal">Lots more you can do. the
basic mantra you should have is: "That which is
not expressly permitted is prohibited". <br>
--<o:p></o:p></p>
<div>
<p class="MsoNormal">Bryan CISSP/CEH/CISM<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Sent from my iPhone 6S.<span
style="font-size:13.0pt">..No electrons were
harmed in the sending of this message.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
App_rpt-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:App_rpt-users@lists.allstarlink.org">App_rpt-users@lists.allstarlink.org</a><br>
<a moz-do-not-send="true"
href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users"
target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a
moz-do-not-send="true"
href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users"
target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
and scroll down to the bottom of the page. Enter
your email address and press the "Unsubscribe or
edit options button"<br>
You do not need a password to unsubscribe, you can
do it via email confirmation. If you have trouble
unsubscribing, please send a message to the list
detailing the problem. <o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>App_rpt-users mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:App_rpt-users@lists.allstarlink.org">App_rpt-users@lists.allstarlink.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a></span><br>
<span></span><br>
<span>To unsubscribe from this list please visit <a
moz-do-not-send="true"
href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
and scroll down to the bottom of the page. Enter your email
address and press the "Unsubscribe or edit options button"</span><br>
<span>You do not need a password to unsubscribe, you can do it
via email confirmation. If you have trouble unsubscribing,
please send a message to the list detailing the problem. </span></div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
App_rpt-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@lists.allstarlink.org">App_rpt-users@lists.allstarlink.org</a>
<a class="moz-txt-link-freetext" href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
To unsubscribe from this list please visit <a class="moz-txt-link-freetext" href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </pre>
</blockquote>
<br>
</body>
</html>