Port Knocking is a technique that consist in the protection of the access to a service. Initially the server presents no open ports to allow connections, with iptables configuring a default deny policy. The server passively monitor all the connection
Enabling Jumbo Frames
Jumbo frames is a frame larger than the standard ethernet frame (1518 bytes). When the layer 2 frame, encapsulates to a layer 3 packet it releases the Source and MAC address (12 bytes), the ethernet type (2 bytes) and CRC
Time synchronization with NTP
NTP is a network protocol used to synchronize the time in our systems. NTP was designed and currently maintained by Dave Mills. This protocol is organized of a hierarchical way, the main server is called stratum-0, this servers has the
Test network performance with iperf
iperf is a tool to measure the bandwidth and the quality of a network link (latency, packet loss…). With iperf we have a server by default listening by the port 5001/TCP and a client that will generate traffic. You can
Configuring routing protocols with Quagga
Quagga is a software suite that implement multiprotocol routing support (OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng and BGP-4). The zebra daemon is the core of quagga that manage the interaction of kernel routing table and the daemons for individual routing protocols.
Preventing brute force attacks with Fail2ban
Fail2ban help our servers to prevent the brute force attacks scanning the log files to find fail authentication attempts. Software like hydra http://www.thc.org/thc-hydra/ can attempt to login in service that require authentication like telnet, ssh, http, ftp, etc… trying with
Configuring PEAP authentication with FreeRADIUS
PEAP (Protected Extensible Authentication Protocol) is an authentication method based in two simple steps: The client establishes a TLS session with the server. The server authenticates the client over the same digital certified with a RADIUS server. This allows EAP
Load balancing with IPVS + Keepalived
IPVS implements load balancing for level transport inside Linux kernel. Running as frontend balancing the request from the clients to the backend servers using different methods of forwarding and load balance algorithms. Basically supports three methods of package forwarding: NAT
Configuring a failover cluster with heartbeat + pacemaker
Heartbeat is a daemon that provide services of clustering, this allows the exchange of messages between the machines running Heartbeat and check the health of them. On this post I’ll show the configuration of a simple cluster with failover and sharing
Install and configure cacti
Is very important have a good tool to monitor our devices in a networking. Cacti do this and very well. Cacti offers graphs using rrdtool to monitor the load average, ping latency, disk space and other relevant information over SNMP