Browsed by
Category: infosec

pfsense logo
SSHGuard settings on pfSense

SSHGuard settings on pfSense

Comments 3 comments

Something that always annoyed me when performing a vulnerability scan on a pfSense system was the alerts it triggered. Basically, the vulnerability scanner would attempt to bruteforce SSH logins, which would trigger the sshguard protections, placing the IP address in the sshguard table (Diagnostics -> Tables), producing 100’s of firewall block messages, etc. Dec 3 16:22:37 – Int: em0 Type: block Prot: tcp Src: 192.168.1.8:38553 Dest: 192.168.1.1:22 Tracker: 1000000301 – block drop in log quick proto tcp from <sshguard:1> to…

Read More Read More

Microsoft Scam Alert
Scam alert: Microsoft license has expired

Scam alert: Microsoft license has expired

Comments 0 Comment

You receive a robocall stating your Microsoft license has expired. This is a absolutely, positively, 100% a scam. And it is making its rounds again. For what it is worth, I can recall exactly one phone call from Microsoft in my 20+ year career and that was because I put in a support call to them. Needless to say, Microsoft will never call you because you have a virus, for any level of tech support, or pretty much any other…

Read More Read More

Ransomware authors, a toast to you. Thank you!
An Open Letter To Ransomware Authors

An Open Letter To Ransomware Authors

Comments 1 comment

Dear ransomware authors, Thank you! No joking, no saltiness, no BS. You may think this is in jest, but I whole-heartedly want to say ‘thank you.’ I’ve been around security long enough to see *many* turn the corner from “we’ll get to security when we get to it” to genuinely being interested in improving. I cannot begin to describe how disheartening it is to do back-to-back yearly security assessments for a bank [or countless other businesses] and have the same…

Read More Read More

Hospital ER
Presentation – HL7 Insecurities

Presentation – HL7 Insecurities

Comments 0 Comment

HL7 Data Interfaces in Medical Environments – Attacking & Defending the Achilles’ Heel of Healthcare This security research served as a 2-part SANS gold paper examining the insecurities of the HL7 messaging standard. This presentation is a combination of those two papers. HL7 is arguably the most fundamental flaw in healthcare IT. It is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen…

Read More Read More

Morpheus - traffic was normal
Mysterious outbound UDP traffic on port 8888… Help!

Mysterious outbound UDP traffic on port 8888… Help!

Comments 10 comments

What is this traffic on port 8888? Or a device is infected and trying to communicate over port 8888 to IP addresses all over the world?!?! I’ve seen forum posts with similar titles a handful of times now and the final result is often someone discovering the Private Internet Access (PIA) client on a device or computer. I get a chuckle every time I see it because I was once in their shoes so I figured I would make a…

Read More Read More

Expired SSL Certificate
Monitor For Expiring SSL/TLS Certs with Nagios

Monitor For Expiring SSL/TLS Certs with Nagios

Comments 9 comments

We’ve all been there. Your SSL/TLS certificate on your webserver, mail server, or <insert service name here> has expired and your users are miffed!!! Expiring SSL/TLS certificates have been a problem as long as I can remember and that was at a point when SSL certs could last for several years. Now we have Let’s Encrypt (@letsencrypt) in the fray of SSL/TLS certs and their certs only last a maximum of 90 days. Do you really think expiring certs won’t…

Read More Read More

Malware Browser Popup - No Ad blocking
Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) – Old

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) – Old

Comments 50 comments

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense (pfBlockerNG)! If you’re interested in a write-up on installing/configuring the pi-hole on Ubuntu, I have one here. I love pfSense and if I could only install one package to enhance its capabilities, it would undoubtedly be pfBlockerNG. pfBlockerNG is a pfSense…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Comments 8 comments

Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This write-up will help you change that with a little NAT magic, aka…

Read More Read More

SSL Labs A Plus
Adding HSTS To Your Website

Adding HSTS To Your Website

Comments 4 comments

So you’ve moved your website to use SSL/TLS and that’s it? Not quite! Your next step should to test your site and enable HSTS (HTTP Strict Transport Security). Changelog 19Dec2017 – Originally posted 5Apr2018 – Added speed difference verbiage between server config and functions.php or .htaccess for high volume websites Testing via Qualys SSL Labs I *love* the SSL Labs server test from Qualys. It’s free and it does a fantastic job of testing (and subsequently grading) your website for…

Read More Read More

Nagios pfSense SSH Proxy Step 2 resized
Monitoring pfSense with Nagios Using SSH – part 3

Monitoring pfSense with Nagios Using SSH – part 3

Comments 28 comments

Configuring the checks on Nagios XI This is the third and final part to monitoring pfSense with Nagios XI using SSH. If you missed either of the previous parts, I’ve included them below. Note: If you’re configuring this on Nagios Core, scroll down to the bottom of this page for the example commands.cfg and services.cfg files. Part 1: Setting up password-less SSH Part 2: Downloading and testing the checks Changelog 15Dec2017 – Originally posted 9May2018 – Added uptime and CPU…

Read More Read More