Username: Password:

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - BZCo

Pages: [1]
1
Beginners & Help / How to use port knocking to hide your sshd and mitigate bruteforce attempts.
« on: May 06, 2017, 06:53:47 PM »
Hello guys.Before few days my vps provider had my service temporarily suspended because of a strange peaks in my traffic usage.When i digged further it appears that my vps box is a target of a bruteforce attacks mainly from China and i had around 250k authentication attempts from ~500 ips sended to my sshd for around 2 days.So i decided to hide my ssh daemon with port knocking.
What is a port knocking?
In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s).

I assume you already have openssh installed.

1.Install knockd.Thats the daemon that controls port knocking.
Code: [Select]
sudo apt-get install knockd
2.Setting up iptables:
   Flush existing rules:
Code: [Select]
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
iptables --policy OUTPUT ACCEPT    Allow all established connections and on-going sessions through the firewall:
Code: [Select]
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT    Block incoming port 22:
Code: [Select]
iptables -A INPUT -p tcp --destination-port 22 -j DROP    Save iptables rules:
Code: [Select]
apt-get install iptables-persistent    If you already have iptables-persistent installed:
Code: [Select]
sudo netfilter-persistent saveNow, you will remain connected to your existing connection while blocking other connections on the SSH port.

3.Configure knockd:
    Edit the configuration file /etc/knockd.conf:
Code: [Select]
sudo nano /etc/knockd.conf    Change the port numbers in sequence because thats the default config and its equivalent of admin admin for user and pass :):
Code: [Select]
[options]
      logfile = /var/log/knockd.log

[SSH]
      sequence    = 7000,8000,9000
      seq_timeout = 20
      command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
      tcpflags    = syn
      cmd_timeout   = 10
      stop_command  = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT    Edit the file /etc/default/knockd  and change:
START_KNOCKD=0
to
START_KNOCKD=1

Code: [Select]
sudo nano /etc/default/knockd    Start knockd:
Code: [Select]
sudo /etc/init.d/knockd start
To knock from linux system:
Code: [Select]
knock yourserversip 7000 8000 9000Then just connect to ssh on 22.

To knock from windows system:
You could download microsoft's telnet client or use some other tool.
I tested this one and its working good and you can save different knocking profiles in it.
LINK



2
Technical Support & Development / [TUT] How to run your pairs on one screen with multiple tabs
« on: April 13, 2017, 09:55:46 AM »
Hello guys!Im gonna tell you how to run multiple pairs at one screen.
Step 1.Download ConEmu.Im using the portable version. https://www.fosshub.com/ConEmu.html/ConEmu_161206_English.paf.exe
Step 2.The portable version need to be installed(lol).
Step 3.Run ConEmu.
Step 4.Split your console with Ctrl+Shift+E and Ctrl+Shift+O to whatever combination you like.
Step 5.Right click on evey tab and rename it to your currency pair.
Step 6.Run the bot for every pair in different terminal.If you use supergun strategy the command is "supergun.exe BTC_XMR" or for 1000trades "node 1000trades BTC_XMR".BTC_XMR pair is just an example you must change it to the pair you want.
Step 7.Disable buffer height for every terminal to save some memory.
Step 8.Sit down relax and watch.

Here is mine:


P.S.I think it can be even automated to open certain pairs at startup but i dont have much time now to test it.

Pages: [1]