SSH Archives

Home » SSH

How to set up and optimize an Asus RT-AC66U

Dave Farquhar Servers and Networking December 5, 2016March 7, 2018AES, asus, malware, NVRAM, SSH, Universal Plug and Play, vulnerability, WAN, wi-fi

Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

Moving SSH off port 22 doesn’t do much for security

Dave Farquhar security May 12, 2016July 15, 2017SSH

A week or two ago, a stranger approached me with some advice about securing routers: move SSH off port 22.

Since arguing with strangers is what the Internet was apparently invented for, I’ll argue against the benefits of moving SSH off port 22.

Dave Farquhar

dfarq.homeip.net

Why MAC address filtering doesn’t help security

Dave Farquhar security January 7, 2016July 17, 2017AES, RADIUS, SSH, SSID, WEP

The other question that came out of my recommended DD-WRT settings was why not filter MAC addresses. I hate to be flip, but MAC address filtering doesn’t help, so why bother?

The reason is because your MAC addresses are broadcast as part of the network traffic, and it’s unencrypted. So your MAC addresses aren’t any secret at all. So it doesn’t do any good. One could argue it doesn’t do any harm. But it adds an extra step every time you put something on your wireless network. Why go to the inconvenience if you don’t gain anything from it?

Dave Farquhar

dfarq.homeip.net

Bash is worse than heartbleed! Oh noes!

Dave Farquhar security September 25, 2014September 24, 2014Blade, BSD, code execution, datacenter, debian, mac os x, os x, proprietary unix, SSH, unix, vulnerability

A really bad remote code execution bug surfaced yesterday, in Bash–the GNU replacement for the Unix shell. If you have a webserver running, or possibly just SSH, it can be used to execute arbitrary code. It affects anything Unixy–Linux, BSD, Mac OS X, and likely many proprietary Unix flavors, since many of them have adopted the GNU toolchain.

This could be really bad. Some people are calling it potentially worse than Heartbleed. Maybe. I’m thinking it’s more along the lines of MS08-067. But there’s an important lesson we must learn from this. Read more

Dave Farquhar

dfarq.homeip.net

The Logitech F310 on Retropie

Dave Farquhar Retro Computing July 17, 2014March 3, 2017atari, atari 2600, NES, nintendo, pi, raspberry, Raspberry Pi, SNES, sony, SSH

I went looking for a reliable, modern controller to use on my Retropie setup. I eventually settled on a Logitech F310, betting the Logitech F310 on Retropie would make a nice combination based on my experience with other Logitech peripherals in regards to their quality and value for the money.

The reviews I found suggested the F310 continued in this tradition, and I found enough people who said they got it working with Linux to feel confident I could get it working on the Raspberry Pi. And sure enough, I did.

I paid $18 for mine, and my first impressions of the quality were good. It’s precise, and button pushes register with a slight click. It’s no worse than a Sony, Microsoft or Nintendo controller, and if anything, I think I liked it a little better. A pair of Logitech F310s costs more than the Raspberry Pi board, but playing games is a lot more enjoyable when the controller does what you want it to do all the time, not just most of the time.

The F310 wasn’t a drop-in replacement for the controller I’d been using, though. I had to configure it for Retroarch, the software that provides most of Retropie’s console emulation.

Dave Farquhar

dfarq.homeip.net

Setting up Retropie on the Raspberry Pi

Dave Farquhar Retro Computing July 15, 2014November 21, 20181990s, lifehacker, NES, pentium ii, pi, playstation, raspberry, Raspberry Pi, SNES, spyware, SSH, unix

I bought a Raspberry Pi over the weekend intending to turn it into a retro gaming system. I’d rather not have a mess of systems and cartridges out for my kids to tear up and to constantly have to switch around at their whims; a deck-of-cards-sized console with everything loaded on a single SD card seems much more appealing.

I followed Lifehacker’s writeup, which mostly worked. My biggest problem was my controllers. NES and SNES games would freeze seemingly at random, which I later isolated to trying to move to the left. It turned out my Playstation-USB adapter didn’t get along with the Pi at all, and was registering the select and start buttons when I tried to move certain directions, pausing the game.

When I switched to a Retrolink SNES-style pad, the random pausing went away. The precision reminded me of the really cheap aftermarket controllers of yore for the NES and SNES. I concluded my controller, which I bought used, was worn out. Ultimately I ended up switching to a Logitech controller, which worked well. Read more

Dave Farquhar

dfarq.homeip.net

The ghost in the network

Dave Farquhar War Stories December 17, 2013December 10, 2013datacenter, IM, passwords, SSH

My logging system died rather abruptly one week. It started with the Active Directory account some of our servers use locking. I got the account unlocked–someone else has those rights–and the system came back to life for a while, but then we had to repeat, and each time we repeated, “a while” grew shorter and shorter, bottoming out at about 2 minutes, 40 seconds.

The way you troubleshoot problems like this is by looking at logs. The problem is, you can’t collect very many logs in 2 minutes and 40 seconds.

Dave Farquhar

dfarq.homeip.net

Here’s a nice Linux tool: checkrestart

Dave Farquhar security March 12, 2013March 24, 2023apache, debian, nessus, retina, SSH, ubuntu

Tom Gatermann told me about a nice tool for Debian (and presumably Ubuntu) called checkrestart. Sometimes, even though you did an apt-get update and apt-get upgrade to bring your system up to date, you can still be running the out-of-date version of something. That’s the problem checkrestart helps you solve.

Dave Farquhar

dfarq.homeip.net

Unix-to-Windows copies with PSCP

Dave Farquhar Linux, security, Windows March 12, 2012firewall, JPG, PNG, SQL, SSH, unix

I’ve been moving files between Linux servers, and to and from Windows boxes, as part of my server migration. I started to write about how I’ve been doing it, but it seemed oddly familiar.

Yep, I’ve written about SCP and its Windows port, PSCP, before. Do this long enough and you find yourself repeating yourself.

Dave Farquhar

dfarq.homeip.net

Upgrade update

Dave Farquhar Uncategorized February 14, 2012apache, debian, mysql, pentium ii, PHP, SSH

My new fire-breathing dragon of a server is sitting idle at the moment. I would have liked to have had it up and running today, but now I’m starting to realize why it took me so long to migrate off my Pentium II-450. Setting up Linux web servers is a lot more complicated than it was in 2001.

They can do a lot more than they could in 2001 too, but when I first built that server, the process literally went in about three steps: Install Debian, apt-get install apache mysql php, then download blogging software, create a MySQL database and account for it, edit a config file, then start blogging. You could get it done in an hour, and a lot of that time was waiting for stuff to load off a CD-ROM or download over a 256K DSL connection.

Dave Farquhar

dfarq.homeip.net

← Previous