The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

    • @mafchauffeur Prachtig! 10 minutes ago
    • @jhewitt_net I'd like to build something like this myself. Got Linux knowledge, basic hardware knowledge, eager to learn. Where do I start? 14 minutes ago
    • RT @YorickB: Reminder dat we nog steeds geen gegevens hebben over de vaccinatiestatus van de mensen die nu worden opgenomen in het ziekenhu… 36 minutes ago
    • RT @JuliusPatty: Volgens de gemeente Amsterdam kan je je belasting niet in termijnen én via automatische incasso betalen, ‘want de systemen… 49 minutes ago
    • RT @bencoates1: The same way I explain that the Prime Minister resigned in a big scandal then immediately got re-elected, but five months l… 1 hour ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,432 other followers

Archive for the ‘Infrastructure’ Category

Getting to the Amazon.de chat

Posted by jpluimers on 2021/07/26

  1. Visit https://smile.amazon.de/gp/help/customer/contact-us/ref=hp_abgt_cu_cu?nodeId=508510
  2. Click “Prime und Sonstiges”
  3. In the “Bitte wählen Sie ein Thema” selector, choose “Andere, nicht auf eine Bestellung bezogene Frage”
  4. In the “Bitte grenzen Sie Ihr Anliegen ein” selector, choose “Sonstige Fragen”
  5. Now a “Chat” button appears:

–jeroen

Posted in Amazon.com/.de/.fr/.uk/..., Cloud, Infrastructure, Power User | Leave a Comment »

Did not realise that a 2018 Mikrotik vulnerability made it to the top of the CBL (SMTP composite black list) warning page for quite some months as the first ever device

Posted by jpluimers on 2021/07/02

Having it accidentally made it to the CBL (Composite Blocking List – Wikipedia) a long time ago, I discovered the page started with (WayBack link mine):

IMPORTANT: Many CBL/XBL listings are caused by a vulnerability in Mikrotik routers. If you have a Mikrotik router, please check out the [WayBack] Mikrotik blog on this subject and follow the instructions before attempting to remove your CBL listing.

It wasn’t one of my Mikrotik devices, as first of all they had all being patched out of the box from a really empty internal network before being externally exposed to the internet or more busy internal networks, and second because the CBL entry was a one off on one specific day where someone used our guest network.

Some CBL entries in the range where it was displayed, quite a while after CVE-2018-14847 became public:

If you want to try for yourself or harden it: [WayBack] Exploiting Mikrotik for Good ? | Syed Jahanzaib Personal Blog to Share Knowledge !

So I did some more digging.

First of all, it seems that if you ever had an infected Mikrotik system, then you have to factory reset it, then upgrade and configure from scratch. Otherwise at least the SOCKS and Web proxy services can still send out spam: [Archive.is] spammer behind mikrotik or mikrotik is the spammer : sysadmin. There, the best advice was

aliterCogitare, Jr. Sysadmin: 

Your mikrotik has been compromised then, I would suggest either going on site and rebuilding the router from scratch, or looking at a few things:

  1. Check System -> Scheduler for any schedules running( that you haven’t configured yourself)

  2. Check Systems -> scripts for any installed scripts that are running and delete, also look for running jobs and terminate them.

  3. Finally check the file explorer for any suspicious files or scripts, and delete any you find. A default library should look like this: flash (the partition) -pub -skins anything else that you havent put there yourself, Delete.

Anything else that I have mentioned above should be empty. Also you need to re-evaluate the security of your network. If you happen to be on site, reset the router and remove the default configuration on the boot prompt. Create two rules:

  • Allow input chain source IP from your default local network, if i remember correctly its 192.168.88.0/24

  • create an explicit drop rule on input chain for all interfaces and addresses + ports

  • disable IP – services except winbox Finally work your way up on what your network needs step by step by creating rules to accept traffic. And be sure to put your explicit rule on the bottom of the list by drag-and-dropping. That is all I can say, I hope I could be of help.

This means the advice in these two links might not be enough:

Another helpful resource [WayBack] Router Sending Spam – MikroTik which discusses the firewall rules, socks and web proxy services.

Second, there are a truckload of these devices around: [WayBack] Thousands of Compromised MikroTik Routers Send Traffic to Attackers and [WayBack] Thousands of MikroTik routers are snooping on user traffic | ZDNet write that in September 2018, at least 7500 devices were known infected and about 370-thousand endpoints vulnerable.

Third, you should be able to use [WayBack] Manual:Tools/Netwatch – MikroTik Wiki to check if you are on the CBL: [WayBack] Probing CBL blacklist – MikroTik.

Read the rest of this entry »

Posted in Firewall, Internet, MikroTik, Power User, Routers, SPAM | Leave a Comment »

Maggs on Twitter: “Had to get a bucket to catch all the dropped packets.… “

Posted by jpluimers on 2021/07/01

[WayBack] Maggs on Twitter: “Had to get a bucket to catch all the dropped packets.… “

To me it seemed the bitbucket was the final destination of /dev/null, but others chimed in as well:

 

Apart from my [WayBack] Jeroen Pluimers on Twitter: “Is that where /dev/null ends?… “, it totally reminded me of the below Dilbert strip which I could not find at first. So I was glad with [WayBack] David Sheryn Twitter: dilbert.com/strip/1996-05-02.

Read the rest of this entry »

Posted in Development, Fun, Infrastructure, Software Development | Leave a Comment »

“Not having done docker, but having developed enough software to have the impression that as soon as things get hierarchical, things eventually end up in a mess. Somewhere down the road something won’t cope with depth/breadth/size and break badly.”

Posted by jpluimers on 2021/06/22

I originally posted this in a docker on docker thread, but I think it holds universally:

[WayBack] Jeroen Pluimers on Twitter: “Not having done docker, but having developed enough software to have the impression that as soon as things get hierarchical, things eventually end up in a mess. Somewhere down the road something won’t cope with depth/breadth/size and break badly.”

This despite the cool gif in the reply:

[WayBack] Duffie Cooley on Twitter: “… “

I found the below video files by searching for zzzz

Original thread start:

[WayBack] Duffie Cooley on Twitter: “When you hear Docker in Docker what do you think of? docker socket: Mounting in the underlying docker.sock and allowing a container to make new containers. kernel privs: Giving enough privs to a new container that it can make new containers cause it shares a kernel.”

–jeroen

Read the rest of this entry »

Posted in Algorithms, Cloud, Containers, Development, Docker, Infrastructure, Kubernetes (k8n), Software Development | Leave a Comment »

Running ArchiveTeam Warrior version 3.2 on ESXi

Posted by jpluimers on 2021/05/05

A while ago I wrote about Helping the WayBack ArchiveTeam team: running their Warrior virtual appliance on ESXi.

Since it was scheduled before my cancer treatment started and got posted when still recovering from it, I missed that version 3.2 of the [Wayback] ArchiveTeam Warrior appliance appeared in the [Wayback] Releases · ArchiveTeam/Ubuntu-Warrior at [Wayback] Release v3.2 · ArchiveTeam/Ubuntu-Warrior. You can download it form these places:

These two sites have not yet been updated, so they contain the older versions:

The source code now has been moved three times:

  1. [Wayback] ArchiveTeam/warrior-code
  2. [Wayback] ArchiveTeam/warrior-code2 · GitHub
  3. [Wayback] ArchiveTeam/Ubuntu-Warrior at master (this is version 3 and up)

The docker container

The new version of Archive Team Warrior now is basically a shell around [Wayback] Watchtower and the [Wayback] ArchiveTeam/warrior-dockerfile: A Dockerfile for the ArchiveTeam Warrior docker container. This makes updating the core way easier.

More on the docker container (in case you want to run it yourself) is at [Wayback] ArchiveTeam Warrior – Archiveteam – Installing and running with Docker:

You’ll need Docker (open source) and the Warrior Docker image.

  1. Download Docker from the link above and install it.
  2. Open your terminal. On Windows, you can use either Command Prompt (CMD) or PowerShell. On macOS and Linux you can use Terminal (Bash).
  3. Use the following command to start the Warrior as well as Watchtower, which will automatically keep your Warrior updated:
    docker run --detach --name watchtower --restart=on-failure --volume /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --label-enable --cleanup --interval 3600 && docker run --detach --name archiveteam-warrior --label=com.centurylinklabs.watchtower.enable=true --restart=on-failure --publish 8001:8001 atdr.meo.ws/archiveteam/warrior-dockerfile

    (For a full explanation of this command, see items 3 and 4 here.)

  4. Using your regular web browser, visit http://localhost:8001/.

The virtual appliance

The virtual appliance is released as virtual appliance aimed by default at VirtualBox and steps to run with VMware: [Wayback] ArchiveTeam Warrior – Archiveteam.

Totally agreeing with Kristian Kohntopp, I do not understand why people use Virtualbox at all: I just run in too much issues like [Archive.is] Kristian Köhntopp on Twitter: “Hint: Wenn die Installation einer Linux-Distro in Virtualbox mit wechselnden, unbekannten Fehlern scheitert, hilft es, stattdessen einmal VMware Workstation oder kvm zu probieren. In meinem Fall hat es dann jedes einzelne Mal mit demselben Iso geklappt.”.

Inspecting the .ova file, which is basically a tar compressed file consisting of an OVF directory as per Open Virtualization Format:Design – Wikipedia

The entire directory can be distributed as an Open Virtual Appliance (OVA) package, which is a tar archive file with the OVF directory inside.

Inspecting the disk image inside the directory learned me that pure one-file binary VMDK disk images start with a KMDV signature in big-endian and KDMV in little-endian (first four bytes are 4b 44 4d 56). More on the VMDK file format can be found in these links (all via [Wayback] vmdk file format specification – Google Search):

So here are some steps to get the .ova image to run on ESXi. I think it should work for ESXI 5.1 and up, but I have tested only on ESXi 6.7:

Read the rest of this entry »

Posted in *nix, *nix-tools, Cloud, Containers, diff, Docker, ESXi5, ESXi5.1, ESXi5.5, ESXi6, ESXi6.5, ESXi6.7, ESXi7, Infrastructure, Internet, InternetArchive, Kubernetes (k8n), patch, Power User, VirtualBox, Virtualization, VMware, VMware ESXi, VMware Workstation, WayBack machine | Leave a Comment »

 
%d bloggers like this: