TLS By Default

TLS has always been enabled, but with a self-signed certificate. I finally went out and got a proper certificate so now I feel better enabling HTTPS as the default. You may still find some HTTP content here or there as I finish the conversion.


Rdesktop Wrapper Using Zenity

I use Rdesktop to RDP into Windows machines, but I needed something to set all my default options and I wanted a GUI for it so I didn't have to remember all the server names. I tried out Remmina and TSclient, but nothing so far has been just right. So I made my own, which is attached below. The rdp-servers.conf file is just a simple, unordered list of server names or IP addresses.

Multithreaded DNS Scanner

Just the other day, Spamhaus was subject to a DDoS attack from an ISP who got upset at being blacklisted. That's par for the course, but what's interesting is that the ISP used a DNS amplification to boost their DDoS capabilities. Lately at work we've been working on shutting down our open DNS proxies. Once upon a time, on the naive Internet, they were fine. But as evidenced by this latest attack, such is not the case any longer.

Shutting down the DNS servers we knew about was easy, of course. But what about the ones we didn't know of? Well that's where a handy port scanner comes into play. There are a number of DNS scanners out there but I found them all lacking in some regard. So I whipped up my own.


DNSSEC Validation in Bind

I haven't done anything with DNSSEC for a while, not since I messed around with signing my domain in 2008. That was a success, by the way, but I changed around my nameservers and it's not signed any more.

Today's project was to see if I could enable DNSSEC validation on my server. The goal being to ignore any zones which are supposed to be signed, but don't contain correct data.


Subscribe to RSS Subscribe to - All comments