Pad servisa aerodrom Split - Zracna luka Split

22 Jula / 23 Jula desio se pad servisa aerodroma Split.

Mediji su objavili da se radi o "kibernetickom napadu" na servise aerodroma Split medjutim radi se o najverovanije obicnom updejtu BGP ruta i linkova posto datum izmjene BGP rute se javlja bas na 22 Jul.

Praksa podesavanja linkova ide ovako: Ostavlja se stari link, dodaju se nova podesavanja - za sve servise gdje je gateway prema novom linku. Kada stari link/BGP ruta istekne i saobracaj dodje na 0 - Link se gasi i uklanjaju se oprema.

Medjutim ako se ne podese svi uredjaji prema novom linku, onog trenutka kada istekne stari BGP zapis/ruta automatski prestaje rad svih servisa (koji su dio mreze)

Tako da se vjerovatno radi o tome. Nijedna ransomware grupa ili DDOS grupe (KillNet, NoName057) - nisu objavile napad na aerodrom Split.

Slika preuzeta sa Bezbedni Balkan / Milos_RS

BGP Ruta

UPDATE: Prema izjavi radi se o Akira ransomware grupi ali je dosta cudno sto je ukljuceno mjenjanje linkova

UPDATE2: Sajt 193.242.141.100 je koristio Windows sa Apache i PHP 8.1.17 - Ranjiva verzija

https://www.cvedetails.com/cve/CVE-2024-4577/ << objasnjenje buga

https://github.com/11whoami99/CVE-2024-4577 << evo PoC

Evo informacija https://www.shodan.io/host/193.242.141.100

Tako su usli - pojavice se informacije uskoro 1-2 dana. Navodno su im enkriptovali su im VMware ESX VM

izvor: https://www.nezavisne.com/novosti/ex-yu/Aerodrom-Split-meta-hakerskog-napada-Necemo-pregovarati-s-hakerima/846696

Top linux (command line interface) CLI tools

Working in a Linux environment requires knowledge of Linux cli tools and troubleshooting. In this article, it would be presented CLI tools that are most important for troubleshooting. Short story Let say you are working with Linux and your work would be: 1% once-time setup and 99% troubleshooting. So as we can see from these homemade statistics you going to spend most of your time in CLI and finding “why does not work”. This is not a trivial task. It requires knowledge of how Linux works, how subsystems of Linux works, how complete “line” from typing command up to running, delivering some results works, logs. Yes, logs are the most important. So let me start with naming tools and then a short description of some of them. fs2chk du/dh strace/ltrace lsof ldd tcpdump netstat mailq/showq traceroute/tracepath ping/telnet/nc dig curl nmap top ps pkg manager(rpm, yum, apt, others) lsmod awk sed vim

fs2chk

Used for file system integrity check. Not all time you will have regular shutdown or reboot – sometimes it happens power goes off and your server gets back with a file system issue. Usually, in that case is best to use fs2chk

du/dh

Command du is used to show space usage per partition. Sometimes happen your partition are used with some dumb files/logs (crash files) and you need to see what is happening because application or service you try to run report free space issue. Command dh is used to check directory with sub- directories and discover what file occupied most of the space.

strace/ltrace

Running application it just stops at some point. You don’t have logs. Nothing. And there is no debug switch (for example ssh -vvv, where you can see all steps that are done) or any other way to see what is hell going on. So strace is for functions that is used and ltrace are library that are used at some point. We mostly need trace tool to see details of operation for some applications. Example: we run applications or services and we see an issue and we are not sure why.

lsof

You have an issue removing files/files because they are used by some unknown application. Or you want to see how much is open files so you can see if the maximum limit for open files is reached.

ldd

When the application does not run at all – the usual suspect is missing the library. This tool is handy to discover which library missing.

tcpdump

Connection to server sometimes has issues. So the best way to check what is going on and to troubleshooting is tcpdump. You can pick up the interface, type of protocol, from/to IP, or any low level for all TCP/IP layers.

netstat

Simple to see the status of open ports, connection state, and other information that we need to see if services running properly on a given port.

mailq/showq

The most vital service in each company is email. And sometimes you need to see what is happening with email (sending or recv). Best tool for this is mailq/showq (it is the same tool, showq is a new one that replace mailq on older Linux)

ethtool

On a low level could happen issue with our ethernet connection and we want to review our cable/port on Linux. So the tool is best for this job. Beside this, you can review other specific ethernet things (auto-negotiation etc)

traceroute/tracepath

Ideal to see between server and client if there is a network path issue as also a delay between them.

ping/telnet/nc

The very handy tool on the first step to see if is server up as also services.

dig

With this tool, you can perform all DNS troubleshooting. Review MX records, A, NS, etc.

curl

One of the best tools for troubleshooting different protocols: HTTP, RTMP, FTP, etc. It also has a benchmark integrated for a view of response (DNS, first byte, etc).

nmap

A very good tool for discovering services, open ports, and other useful information. Also, you can use on your servers to check if there is some unusual thing and secure them.

top

Active process list with memory, CPU, parent/child connection, and other information that helps to see where the issue starts.

ps

Process list, you can check and see what is currently running (very quick, the first step for troubleshooting) pkg manager(rpm, yum, apt, others) In troubleshooting we need to verify or to find some library or application – so this tool is best for that operation.

lsmod

People who never have issues with kernel modules would never use this tool or get this tool seriously. The tool provides information about loaded kernel modules as also usage, memory, etc.

awk/sed/grep

In a bunch of logs sometimes is a need to find proper information. All these tools are swiss knives for bash scripting and handy for parsing logs for specific information.

vim

The best editor in the world. Learn so you can answer on an interview how to quit vim.

Web page online test tools

Google page speed

In one moment of web page life - there is some bottleneck. It could be not using compression, a slow DNS response, a big size of jpg or larger picture format (example Jpeg optimization tools, wrong SSL/TLS settings, or missing and similar.

Pagespeed Insights

Very handy tool working really well.

PageSpeed Insights

Pingdom Website Speed Test

This tool is different than the previous one. It shows many things and recommends + it has different locations to run the test.

Pingdom Website Speed Test

Gtmetrix

It has different tools for checking speed, how content is loaded as also giving tips to improve speed.

GTMetrix

SSLabs

Swiss knife for SSL/TLS and gives recommendations on how and what to improve SSL/TLS settings.

SSLabs

How to speed up your site with JPEG 2000

JPEG 2000 logo

Most of my posts on the blog have pictures. At some point, pictures have an 800kb size. Some less other more than that. In short: I have a bunch of pictures 4.5MB. So loading my sites was heavy for some users in China, Japan, Australia. Using Google Analytics and sites for web testing - I notice this issue. So the first moment was how to resolve?

I start digging on the net and find that most of my png could be converted to the JPEG 2000 format.

After running command like:

gm convert -define 'jp2:rate=0.008' 20200509173353-twittercard.png 20200509173353-twittercard.jpg

gm command is part of GraphicsMagick package.

Second thing - resizing pictures. Most of my pictures have more then 800x600, so I resize to 640x480. And win drastically speed.

convert 20200509173353-twittercard.jpg -resize 600x400\> 20200509173353-twittercard.jpg

From 4.5MB I went to less than 1MB. Also, I make a faster site to run. Small success but I love it.