Category Archives: Internet

Block Internet per User/Service

If you like to block network access for certain users on a linux box it’s as simple as that: /sbin/iptables -I OUTPUT -m owner –uid-ower <USERNAME> -j DROP Username might also be the username of a running service.

Posted in CLI, Internet, Linux | Tagged | Leave a comment

My Contact was Shared with Facebook

Facebook gives a list of companies who run Facebook ads, and sent my contact information (tel, email) to Facebook. This list for my account lists some obvious companies, some companies I never heard of, and some companies who really should … Continue reading

Posted in Internet | Tagged , , , , | Leave a comment

Ubiquiti UniFi the Next Botnet ?

I tested a Ubiquiti access point today. UAP-AC-Lite seems to be a very good and cheap access-point. When you take it out of the box and connect it to the network it gets an IP address using DHCP and waits for … Continue reading

Posted in Internet, Routing, Security | Tagged , , , , | Leave a comment

Sophos UTM BGP Announces 0 Prefixes

Problem: A simple bgp upstream configuration. A small AS with one IP prefix wants to connect to its upstream using BGP. The BGP peerings are up. Sophos receives the expected routes from its upstream, but the upstream router does not receive the … Continue reading

Posted in Firewall, Internet | Tagged | Leave a comment

PaloAlto Packet Loss of 1% and More

Problem: PaloAlto firewall is dropping packets in small bursts of some seconds, and sometimes it drops TCP connections. It only happens on HA clusters on interfaces in active/passive (fail over) mode. Solution: disable the following check box in the Ethernet interface Advanced … Continue reading

Posted in Firewall, Internet, Routing | Tagged | Leave a comment

Generate CSR using openssl

Browsers started to warn users about certificates with Sha1 signature. Sha256 is needed now a days. So it’s time to renew certificates from Thawte, Godaddy, etc You can generate a new Certificate Signing Request with openssl with this command: openssl req -nodes … Continue reading

Posted in Internet, Linux | Tagged , , , | Leave a comment

F5 data flood

Problem: A F5 load balancer LTM sends lots of data to some clients. Sometimes this fills up all the available bandwidth with 1 Gbit or more. At the same time the input traffic does not raise. The traffic charts look like … Continue reading

Posted in Internet, Routing | Tagged , , , , | Leave a comment

Howto generate an SSL key and self signed cert with openssl

For SSH, HTTPS, TLS SMTP,POPS, IMAPS you need a RSA key pair. Most Linux package installers produce this pairs automatically, but if you like, you can generate them yourself. The quickest method I found is: openssl req -x509 -nodes -newkey … Continue reading

Posted in CLI, Internet, Linux | Tagged , , , | Leave a comment

AVM Fritz!box DHCP Problem

Problem: I wanted to provide a CWMP (TR-069) ACS URL to an AVM modem using DHCP on the WAN Interface, but the DHCP server ignores this vendor-option. Discussion: Following the TR-069 specs, the CWMP-ACS Server can be included in an … Continue reading

Posted in Internet, Routing | Tagged , , , , , , | Comments Off on AVM Fritz!box DHCP Problem

IPv6 Only Test

The IPv6 designers refused to define an IPv4/IPv6 gateway, because it’s a contradiction to the NO-NAT, End2End paradigm of IPv6. The result is that IPv6 doesn’t really lift off, because every IPv6 user has IPv4 too (Dual Stack), which gives … Continue reading

Posted in Internet | Tagged , | 2 Comments