Adaptive DDOS IDS firewall

We had a task to build a simple solution for DDOS protection on the learning phase of attack. Main goals were:

  1. To build it fast: We chose Ubuntu … as everything needed is compiled and build in.
  2. Minimum network intervention: We opted for L2/L3 bridge with iptables integration which we plugged between our autonomous system (AS) and internet.
  3. Auto learning offenders: Using honeypot service to distinguish non-legitimate connections. Log source IP address and drop packet with iptables. Using suricata ids to additionally analyze client requests.
  4. Auto block offenders: Using fail2ban to pars logs generated by iptables and suricata and temporary disable all connections from offending sources.
  5. Have some connection limit capabilities: Again we used iptables with connlimit and conntrack modules activated.

Continue reading “Adaptive DDOS IDS firewall”

Car diagnostic with ATmega328P Nano

I was in trouble reading my car’s live data. So I’ve wrote a little utility to read raw car sensors data i.e. i hook up before ECU and send it via serial port to PC using ATmega328P Nano and finally store it to file.

Where to get one:
http://www.banggood.com/ATmega328P-Nano-V3-Controller-Board-Compatible-Arduino-p-940937.html

How to install:
1. Flash AnalogReadSerial.hex  to ATMega.
2. Extract and run carauto. .Net 4 is needed.
3. Choose com port from dropdown menu.

How to use:
Connect analog/digital input to intended sensor via 1KOmh resistor. Please note that all inputs are 5V only!
Shorting digital Input 12 to ground will produce human readable data and will decrease sample rate.

Reading data:
Data are stored in Output.csv file with approximately 1000 samples/second.

carauto

Dell DRAC 5 config via ssh

Changing http, https, remote console ports

$ racadm config -g cfgRacTuning -o cfgRacTuneHttpsPort 4436
Object value modified successfully
$ racadm config -g cfgRacTuning -o cfgRacTuneHttpPort 8888
Object value modified successfully
$ racadm getconfig -g cfgRacTuning
cfgRacTuneRemoteRacadmEnable=1
cfgRacTuneWebserverEnable=1
cfgRacTuneHttpPort=8888
cfgRacTuneHttpsPort=4436
cfgRacTuneTelnetPort=23
cfgRacTuneSshPort=22
cfgRacTuneConRedirEnable=1
cfgRacTuneConRedirPort=5900
cfgRacTuneConRedirVideoPort=5901
cfgRacTuneConRedirEncryptEnable=0
cfgRacTuneLocalServerVideo=1
cfgRacTuneIpRangeEnable=0
cfgRacTuneIpRangeAddr=192.168.1.1
cfgRacTuneIpRangeMask=255.255.255.0
cfgRacTuneIpBlkEnable=0
cfgRacTuneIpBlkFailCount=5
cfgRacTuneIpBlkFailWindow=60
cfgRacTuneIpBlkPenaltyTime=300
cfgRacTuneTimezoneOffset=0
cfgRacTuneDaylightOffset=0
cfgRacTuneAsrEnable=0
cfgRacTuneVirtualConsoleAuthorizeMultipleSessions=0
cfgRacTuneCtrlEConfigDisable=0
cfgRacTuneLocalConfigDisable=0
cfgRacTunePluginType=0

clear some space

racadm clearasrscreen
racadm clrraclog
racadm clrsel
racadm coredumpdelete

reload

racadm racreset soft

Daewoo Tacuma ECU

KEMSCO                                                                                                                                                             DAEWOO
1AEK

I have a problem with my Tacuma ECU. Randomly MAP sensor stalls at 115KPa. Triple checking sensor and wires shows that it works and I suspected that ADC in ECU is problematic. The easiest way to repair is to get spare ECU, read flash (AM29F200BB – chip#1) of old one and program it to new ECU.

Tacuma1 Tacuma2 Tacuma3 Tacuma4 Tacuma5 Tacuma5