time to disable coinhive – hysteria ensues

See my previous post here – https://sigtar.com/2017/10/13/coinhive-alternative

So the trial of coinhive and associated monero browser mining has come to an end. It seems most corporate firewalls and security appliances detect and block access to my domain just being associated with the coinhive java-script.

Even though i was being a polite net citizen and disclosing it on the site – firewalls with strict polices dont give it a chance. Several public DNS servers have also block listed the site – hopefully this will be undone soon.

There is a lot of fear around the word “crypto” due to the more malicious crypto-locker virus and it seems that coinhive has been associated to similar hysteria and panic.

Note : the amount of “wasted CPU” is trivial as i would only expect people visiting my site to be donating some cycles. i.e. in most cases i wouldn’t expect and entire company / business behind a firewall to browse my website and be under threat of  mass “CPU stealing”

 

Ubuntu – Disable Firewall

if your working with Ubuntu in lab or test env, you may want to disable firewall…. two simple commands;

sudo ufw disable 

sudo apt-get remove ufw 

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
ufw
0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded.
After this operation, 838 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 64052 files and directories currently installed.)
Removing ufw (0.35-0ubuntu2) ...
Skip stopping firewall: ufw (not enabled)
Processing triggers for man-db (2.7.5-1) ...

pc engine – pfsense as router / firewall

download (1)Just built a pfsense router on  a pc engine to replace my aging 7390 fritzbox…. Very very awesome and fast!

Perfect for UFB (ultra fast broadband) here in New Zealand – FTTH has arrived :)

I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD);

  • dhcpd – DHCP server
  • miniupnpd – UPnP server
  • ntpd – NTP server
  • squid – Transparent Proxy & Reverse Proxy
  • snort – IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
  • ssd – SSH server
  • unbound – DNS Server
  • ipsec – IPsec VPN (site to site VPN)
  • openvpn – Open VPN (client VPN)

Check these links for some great advise…

https://mateh.id.au/2014/09/build-awesome-apu-based-pfsense-router/

http://www.smallnetbuilder.com/other/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense

http://homeservershow.com/building-your-own-super-router-with-pfsense-and-untangle.html

Grab hardware here – http://www.pcengines.ch/apu.htm

IMG_5305

vyatta as a virtual router

Some very nice examples by Gene on how to setup vyatta as a router on this page;

http://www.sonoracomm.com/support/19-inet-support/233-vyatta-cable

Masquerade Natting;

set service nat rule 10 source address 192.168.77.0/24
set service nat rule 10 outbound-interface eth0
set service nat rule 10 type masquerade

set service nat rule 20 source address 10.200.88.0/24
set service nat rule 20 outbound-interface eth0
set service nat rule 20 type masquerade

Essentially every thing leaving from these two networks will be natted via the eth0 interface. i.e. they will be using the same IP as eth0 for their requests.

Static Nat Route (pinhole);

set service nat rule 2 inbound-interface eth0
set service nat rule 2 protocol tcp
set service nat rule 2 type destination
set service nat rule 2 description “Web Server1”
set service nat rule 2 destination address 192.168.109.254
set service nat rule 2 destination port 81
set service nat rule 2 inside-address address 10.200.88.45
set service nat rule 2 inside-address port 80

This rule takes everything that hits port 81 on 192.168.109.254 and sends it through to 10.200.88.45 (which is another routeable network) — in this case a directly attached network on eth1.

commit

Corporate Firewall – SSH and port 443 goodness

Things you’ll need; (basic instructions)
SSH – either Linux or Open SSH for windows (set this up first and ensure its working!). I have only used Linux, so i do not know the details of setting up a Open SSH box on windows (good luck).

Router with pinhole or port forwarding abilities. — forward your external 443 port to internal 22 on your SSH box

Putty.exe – use this to test your SSH connection locally (you should be able to connect on port 22 locally or 443 externally)

Your home IP – setup a dyndns account on one of the free services available on the web (either use your router if it has it or get a dyndns client that runs on your ssh box) — i use dyndns.org

Putty is the client side device that you will use when you are not local to your network. If you are connecting to your SSH box from external (i.e. at work) then you’ll need to configure a SSH connection profile to connect on port 443. If you have a proxy at work (which you will most probably have) you need to ensure you have filled out your proxy address and authentication details — select HTTP then enter your username / password. Then try to connect.

When you can successfully connect to your SSH box from work via 443 you can then create SSH tunnels. Under SSH on putty there is a tunnels option. This is where you can forward local ports to your remote ports… for example – 127.0.0.1:82 –> 192.168.0.10:3389. Then if you fire up RDC you can connect to your remote machine via 127.0.0.1:82

Simple? — if i haven’t made a specific part clear please ask any questions and i’ll try to make it easier to follow