rm-rf.ca

I have two systems on the open internet, firewalled and logging dropped packets. Every night for literally years I see something like this in my logwatch emails:

From 61.139.105.163 - 6 packets to tcp(2301,8085,8088,8089,9000,9415)

Each night this IP or one extremely similar to it hits both systems (which are not located together strangely enough). Geobytes.com tells me this originates in Beijing China.

Henceforth I am pleased to announce that I will not begin censoring search results to accommodate the Chinese in the first place.

Having some fun tinkering with firewall rules today. I've been lazy and using Firestarter for a few years but it has a couple annoyances I didn't know how to work around and got to writing out my own iptables rules once again. I ended up with the relatively simple script below which does the following:

• Enable NAT for the local network.
• Forward some port traffic straight to internal systems.
• Drop a few bizarre and most likely malicious spoofed source addresses and bad packet flags coming in on the external interface.
• Accept some services locally. (just ssh for now)
• Log and drop everything that isn't explicitly accepted. (traffic logged to /var/log/messages for convenient tail -f'ing)

Anyone know of a reason why a setup like this *wouldn't* work: three physical network interfaces, bridges created for all three but two reserved exclusively for a guest operating system, the host won't even use them. Run cable modem into one, connect the other to uplink on a wireless router, run a cable from there back into the third interface for the host operating system.

Seems to me is should be doable but before I go break the bank on a $15 USB ethernet adapter (only have room for one more NIC on the motherboard) I thought I'd check. :) I guess the big question is around the bridged interfaces, must they have an IP assigned on the host? Hrm.

I've been hearing rumblings of awesomeness about Amazon S3 as a backup service from a couple friends lately. My current system could stand some improvement and I'd love something incremental and easier to do regularly, and with S3 being so highly recommended at only 15c a gig it looks like an ideal storage mechanism.

The next step is locating a tool to encrypt the data and do the actual uploads, I hear great things about Jungledisk but I'm not thrilled about a non-open source solution. The search led me to duplicity, a tool quite similar to rsync that does encrypted incremental backups to many different backends including S3.

export AWS_ACCESS_KEY_ID=X
export AWS_SECRET_ACCESS_KEY=Y