FastNetMon

Wednesday, 4 December 2097

DDoS attack detection solution - FastNetMon



Hello! :) As you know I'm an author of DDoS detection application called FastNetMon.

FastNetMon allows you to find out host which was a DDoS attack target and apply some actions to mitigate it. Mitigation can be implemented using BGP Blackhole (which blocks all traffic to/from host on ISP level) or you can use BGP Flow Spec to filter out only malicious traffic. As most flexible option you can use script call.


FastNetMon provides lots of information about your network and provides nice way to access it using Grafana:


FastNetMon supports all equipment available on market and implement following network telemetry protocols:
  • sFlow v5
  • Netflow v5, v9, v10
  • IPFIX
  • SPAN/Mirror

To learn more check official site of project: https://fastnetmon.com



Thursday, 24 November 2022

How to export datasources in Grafana in format compatible with provisioning?

You can use provisioning to add datasource for Grafana but provisioning data format is not well documented (or not documented at all).

I found nice trick to implement it. We will do all tasks on Ubuntu 20.04.

First install Golang:

sudo snap install go  --classic

Then clone and build repo:

git clone https://github.com/trivago/hamara.git

cd hamara

go build 

Then go to and create API key in Grafana: https://xx.xx.xx/org/apikeys and run following command:

./hamara export --host localhost:3000  --key "xxx"

In my case it provided such output: 

apiVersion: 1

datasources:

- orgId: 1

  version: 1

  name: Clickhouse

  type: vertamedia-clickhouse-datasource

  access: proxy

  url: http://127.0.0.1:8123

- orgId: 1

  version: 1

  name: InfluxDB

  type: influxdb

  access: proxy

  url: http://127.0.0.1:8086

  database: fastnetmon

  isDefault: true


Thursday, 25 August 2022

How to enable ssh on JunOS 19.4?

First of all, we need to set root password as default one is username root with no password.

Then run cli, then switch into configuration mode with: configure

And apply following command:

set system root-authentication plain-text-password

You will be asked to provide password and password confirmation.

Then you need to apply change using commit command. 

After that enable ssh:

set system services ssh

And enable root login over ssh (not recommended for production use):

set system service ssh root-login allow 

And finally apply all changes using commit command. 

Tuesday, 3 May 2022

How to create GitHub access token limited only for specific repository?

You cannot do it using standard approach with personal access tokens (PAT) but GitHub offers amazing workaround which allows you to accomplish it.

First of all, you need to create app using this guide which is little bit unclear about Installation ID.

There is a simple way to get it from page's URL. We need to open organisation where we've installed this app then open Settings and then open:


And then click Configure on right side from App's name and you will see URL: https://github.com/organizations/AAAA/settings/installations/XXX.

XXX - is our installation id in URL.

For me I used npx to retrieve auth token:
npx github-app-installation-token --appId AAA       --installationId XXX      --privateKeyLocation ~/key.pem

After getting key we can authenticate with this token using GitHub cli tool:

gh auth login

What account do you want to log into? GitHub.com

What is your preferred protocol for Git operations? HTTPS

Authenticate Git with your GitHub credentials? No

How would you like to authenticate GitHub CLI? Paste an authentication token

And after that you can do any required commands on specific repo like creation of new release:

gh api   --method POST   -H "Accept: application/vnd.github.v3+json"   /repos/<org_name>/<repo_name/releases   -f tag_name='v1.0.0'  -f target_commitish='main'  -f name='New Fancy Release' 

 



Tuesday, 5 April 2022

UK immigration for IT engineers

I wasn't born in the UK and I had no right to work here. I was ordinary engineer. I wasn't special in any way.

And I got Global Talent visa after successful endorsement by #TechNation UK as exceptional talent in digital field.

Want to live in the UK? Want to work for the World leading companies? Want to lead them? Want to start new company and change World?

Apply for Global Talent visa NOW because YOU deserve it.

Want to know more? Ask me on LinkedIN.

Thursday, 17 March 2022

How to unpack bzip2 faster using parallel approach?

There are multiple tools which claim option to decompress bzip2 in parallel:

  • pbzip2
  • lbzip2
Let's compare pbzip2 performance with reference singe thread bzip2:

$ time bzip2 -d /tmp/rib.bz2  --stdout > /dev/null

real 0m52.188s
user 0m52.019s
sys 0m0.160s
$ time pbzip2 -d /tmp/rib.bz2  --stdout > /dev/null

real 0m49.380s
user 0m49.473s
sys 0m0.241s
You may notice that we have no speed improvement at all which means that pbzip2 cannot do decompression in parallel for standard bz2 compressed files.

But lbzip2 actually can do it and it offers great performance improvement:
$ time bzip2 -d /tmp/rib.bz2  --stdout > /dev/null

real 0m52.790s
user 0m52.549s
sys 0m0.224s
$ time lbzip2 -d /tmp/rib.bz2   --stdout > /dev/null

real 0m8.604s
user 1m8.099s
sys 0m0.420s
It's 9 seconds vs 53 seconds. It's 6 times improvement on 8 CPU server. 

Conclusions: use lbzip2 for parallel decompression. 

Monday, 7 March 2022

How to disable systemd-resolved on Ubuntu 18.04 server with Netplan

NB! This guide is not applicable for Ubuntu 18.04 with Desktop environment, please use another one as you will need to change Network Manager configuration too.

In our case we decided to disable it because of non RFC compliant resolver in customer's network:

Jan 18 18:19:05 fastnetmon systemd-resolved[953]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying  

First of all, confirm current DNS server:

sudo systemd-resolve --status|grep 'DNS Servers' 

Currently default configuration is following:

ls -la /etc/resolv.conf 

lrwxrwxrwx 1 root root 39 Mar  2 17:23 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

You will need to stop and disable resolved:

sudo systemctl disable systemd-resolved.service

sudo systemctl stop systemd-resolved.service 

Then remove symlink:

sudo rm /etc/resolv.conf 

And add customer's configuration (replace x.x.x.x by IP address of DNS server in your network):

echo 'search companyname.com' | sudo tee -a /etc/resolv.conf

echo 'nameserver x.x.x.x' | sudo tee -a /etc/resolv.conf

echo 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf

echo 'nameserver 1.1.1.1' | sudo tee -a /etc/resolv.conf

After that, I can recommend rebooting and checking that DNS resolution works fine on this server. 

 

Sunday, 26 December 2021

The start job is running for Wait For Network to be configured with Ubuntu 20.04

I've got this issue on Digital Ocean VM with Ubuntu 20.04. Apparently, it started happening after minor upgrade via apt-get update / apt-get upgrade. 

Full text of error:


And network did not start at all. In console I was able to see that eth0 is active but had no IP. I think this issue is related with some cloud-init bugs triggered by upgrade.

I was able to fix it short term via KVM / recovery console by trying sudo ifdown eth0 and then sudo ifup eth0 but it failed again after reboot. 

As long term fix I've disabled cloud-init via special file:

touch /etc/cloud/cloud-init.disabled

Then it fixed network configuration but did not address 2 minute delay before ssh start.

Source of fix: https://www.digitalocean.com/community/questions/after-upgrading-to-20-04-lts-network-now-takes-2-minutes-to-start-because-of-cloud-init 




Saturday, 11 September 2021

When I started using Go?

Apparently I've started using Go for production projects in around November 13th of 2013. My first project was REST-like daemon to manage container based OpenVZ virtualisation. It was called VzAPI and was build using Go 1.1!

Wednesday, 1 September 2021

How to decode IPFIX on non standard port in tshark?

 You can do it easily:

mkdir /root/.config/wireshark

echo "cflow.ipfix.ports: 4739,4740" > /root/.config/wireshark/preferences

Friday, 27 August 2021

Easy way to control sound input and output in Ubuntu

 I have an external sound card Focusrite for my microphone and headphones but I use USB soundbar for output and all the time I need to switch between them.

And I'm happy to share this nice widget for Gnome shell. 



Saturday, 7 August 2021

asciinema cast to SVG

Yay! We've got tool for it: svg-term-cli

How to convert asciinema screen casts into video mp4?

We have got great tool to save us: asciicast2movie.

I'll use Ubuntu 20.04 for my tests.

Install dependencies: 

pip install moviepy pyte 

Install fonts:

sudo apt-get install -y fonts-symbola fonts-droid-fallback fonts-dejavu

Start conversion:

python3 asciicast2movie.py ~/Downloads/community_installation.cast  ~/Downloads/community_installation.mp4

Unfortunately, it produced quite low res video :( 

Wednesday, 4 August 2021

How to associate .exe files with wine on Ubuntu 20.04?

 To do it you will need to install:

sudo apt install -y wine-binfmt

And then you can add wine as option in "open with" dialog:

sudo cp /usr/share/doc/wine/examples/wine.desktop /usr/share/applications

In addition to that you can call exe apps normal way after setting executable bit:

~/Documents/winbox64.exe