FastNetMon

Wednesday, 4 December 2097

DDoS attack detection solution - FastNetMon



Hello! :) As you know I'm an author of DDoS detection application called FastNetMon.

FastNetMon allows you to find out host which was a DDoS attack target and apply some actions to mitigate it. Mitigation can be implemented using BGP Blackhole (which blocks all traffic to/from host on ISP level) or you can use BGP Flow Spec to filter out only malicious traffic. As most flexible option you can use script call.


FastNetMon provides lots of information about your network and provides nice way to access it using Grafana:


FastNetMon supports all equipment available on market and implement following network telemetry protocols:
  • sFlow v5
  • Netflow v5, v9, v10
  • IPFIX
  • SPAN/Mirror

To learn more check official site of project: https://fastnetmon.com



Saturday, 11 September 2021

When I started using Go?

Apparently I've started using Go for production projects in around November 13th of 2013. My first project was REST-like daemon to manage container based OpenVZ virtualisation. It was called VzAPI and was build using Go 1.1!

Wednesday, 1 September 2021

How to decode IPFIX on non standard port in tshark?

 You can do it easily:

mkdir /root/.config/wireshark

echo "cflow.ipfix.ports: 4739,4740" > /root/.config/wireshark/preferences

Friday, 27 August 2021

Easy way to control sound input and output in Ubuntu

 I have an external sound card Focusrite for my microphone and headphones but I use USB soundbar for output and all the time I need to switch between them.

And I'm happy to share this nice widget for Gnome shell. 



Saturday, 7 August 2021

asciinema cast to SVG

Yay! We've got tool for it: svg-term-cli

How to convert asciinema screen casts into video mp4?

We have got great tool to save us: asciicast2movie.

I'll use Ubuntu 20.04 for my tests.

Install dependencies: 

pip install moviepy pyte 

Install fonts:

sudo apt-get install -y fonts-symbola fonts-droid-fallback fonts-dejavu

Start conversion:

python3 asciicast2movie.py ~/Downloads/community_installation.cast  ~/Downloads/community_installation.mp4

Unfortunately, it produced quite low res video :( 

Wednesday, 4 August 2021

How to associate .exe files with wine on Ubuntu 20.04?

 To do it you will need to install:

sudo apt install -y wine-binfmt

And then you can add wine as option in "open with" dialog:

sudo cp /usr/share/doc/wine/examples/wine.desktop /usr/share/applications

In addition to that you can call exe apps normal way after setting executable bit:

~/Documents/winbox64.exe  

Monday, 2 August 2021

How to improve wine applications appearance on hidpi / 4k displays

I've used this guide, it's very simple and you just need to run wine-cfg and select DPI value which works for you.



And then I've got following pretty look of Mikrotik's WinBox:


How to deploy Mikrotik in Google Cloud / GCE

You can use Mikrotik's official guide for start. To use all gsutil commands from VM in GCE you will need to set following permissions for it:


Also, you may experience issues during attempt to create bucket:
gsutil mb gs://cloud-hosted-router-images
Creating gs://cloud-hosted-router-images/...
ServiceException: 409 A Cloud Storage bucket named 'cloud-hosted-router-images' already exists. Try another name. Bucket names must be globally unique across all Google Cloud projects, including those outside of your organization.
It happens because all bucket names must be unique and you need to change default name of bucket from official guide.

In addition that I can recommend using bigger instance type:
gcloud compute instances create "chr-1" --zone "europe-north1-a" --machine-type "e2-medium" --image-family=cloud-hosted-router

To debug issues with image itself you can use serial output:

And example output output will look this way:

In addition to that I can recommend enabling "connecting to serial ports" to simplify debugging and keep access to serial console directly from Google Compute Console:
And you will be able to control Mikrotik CHR using local console (default login: admin, password: empty):




 



Thursday, 29 July 2021

createrepo on Ubuntu 20.04

Unfortunately, createrepo command which can create RPM repositories was removed in Ubuntu 20.04 LTS.

It's almost impossible to run package from Ubuntu 18.04 as plenty of dependencies were removed.

Let's try building C based version of createrepo from: https://github.com/rpm-software-management/createrepo_c 

First of all, install all dependencies:

sudo apt install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3.9-dev cmake

Then build it:

mkdir createrepo_folder; cd createrepo_folder

git clone https://github.com/rpm-software-management/createrepo_c

cd createrepo_c;

mkdir build

cd build

cmake .. -DWITH_ZCHUNK=NO -DWITH_LIBMODULEMD=NO

make -j 

cp src/createrepo_c  /opt/createrepo

Do test run:
/opt/createrepo /var/public_repositories/
Directory walk started
Directory walk done - 18 packages
Temporary output repo path: /var/public_repositories/.repodata/
Preparing sqlite DBs
Pool started (with 5 workers)
Pool finished
Please do not remove original folder "createrepo_folder" because it has dynamic library needed for app itself. 

Sunday, 21 February 2021

Firmware upgrade on Thinkpad X1 Extreme Gen 2 on Ubuntu 20.04

 It's actually pretty simple process, just run this in Terminal:

fwupdmgr update

Output may look the following way:

Upgrade available for Thunderbolt Controller from 42.00 to 59.00

Thunderbolt Controller and all connected devices may not be usable while updating. Continue with update? [Y|n]: Y

Downloading 59.00 for Thunderbolt Controller...

Fetching firmware https://fwupd.org/downloads/0ec44a6ae2c11843d80147271d99901d41a7489ff29444c820c918e46a8eac25-Lenovo-ThinkPad-X1E-Gen2-Thunderbolt-Firmware-N2OTG12W-Secured.cab

Downloading…             [***************************************] Less than one minute remaining…

Decompressing…           [***************************************]

Authenticating…          [***************************************]

Updating Thunderbolt Controller…                                 ]

Restarting device…       [***************************************]

Successfully installed firmware

Saturday, 20 February 2021

Ubuntu 14.04 LTS kernel with drop_monitor support

In this guide, I'll describe how you could build kernel for Ubuntu 14.04 with CONFIG_NET_DROP_MONITOR option. It's pretty standard reference copy-n-pasted from official manual of Ubuntu with very small changes.

If you got this error:

sudo ./dropwatch 
Unable to find NET_DM family, dropwatch can't work
Cleaning up on socket creation error

Then it means that your kernel does not have CONFIG_NET_DROP_MONITOR option compiled.

I use Ubuntu 14.04 and could provide guide how you could rebuild kernel with this option.

Rebuild kernel:

apt-get source linux-image-$(uname -r)

Install build deps:

sudo apt-get build-dep linux-image-$(uname -r) libncurses5-dev

Start process:

cd linux-lts-vivid-3.19.0 

Change options:

chmod a+x debian/rules
chmod a+x debian/scripts/*
chmod a+x debian/scripts/misc/*
fakeroot debian/rules clean 

fakeroot debian/rules editconfigs # you need to go through each (Y, Exit, Y, Exit..) or get a complaint about config later

Then specify it:

Do you want to edit config: amd64/config.flavour.generic? [Y/n] Y

Required option you could find here:

Networking support - Networking options - Network testing - Network packet drop alerting service - [M]

Build it:

fakeroot debian/rules binary-headers binary-generic binary-perarch 

Check it:

cat ./debian.vivid/config/amd64/config.flavour.generic
#
# Config options for config.flavour.generic automatically generated by splitconfig.pl
#
CONFIG_HZ=250
# CONFIG_HZ_1000 is not set
CONFIG_HZ_250=y
# CONFIG_IRQ_FORCED_THREADING_DEFAULT is not set
CONFIG_NET_DROP_MONITOR=m
# CONFIG_PREEMPT is not set 

CONFIG_PREEMPT_VOLUNTARY=y

And finally load it when you restart to new kernel:

modprobe drop_monitor 

 

 

 

 

 

Using Dropwatch to monitor UDP drops in Linux

What is Dropwatch?

This tool will show place where Linux kernel drops/discards UDP packets.

Example screen:

Install dependencies:

sudo apt-get install -y libnl-3-dev libnl-genl-3-dev binutils-dev libreadline6-dev

Then clone repo, cd to src folder and run make.

And finally run tool:

./dropwatch -l kas 

Friday, 22 January 2021

How to switch keyboard layout in Ubuntu 20.04 LTS via Caps Lock?

 It's pretty easy, you need to create this folder:

sudo mkdir /etc/X11/xorg.conf.d

And then you need to create following file /etc/X11/xorg.conf.d/00-keyboard.conf with this content:

Section "InputClass"

        Identifier "system-keyboard"

        MatchIsKeyboard "on"

        Option "XkbLayout" "us,ru"

        Option "XkbModel" "pc104"

        Option "XkbOptions" "grp:caps_toggle"

EndSection

To apply changes you need to reboot your PC or laptop.  Tools like Tweak Gnome will not help because for some reasons in 20.04 Gnome resets configuration of custom keyboard layout when it set to Caps Lock.