Matt Daubneys Blog

I have been told many many times that moving ssh to a different port (i.e. other than 22) makes your machine more secure. I do see some wisdom in this, however, I’ve decided to put it to the test. I have been using Denyhosts to stop brute force attacks on my ssh servers for some time now, and on my most recent server, the attacks per day are fairly regular, as seen in the graph.

Plot of Deny Hosts Blocks per Day

At the end of June I will stop using port 22 and start using another random port. I’ll then collect data for 3 months and at the end of september do another blog post showing the difference. I also have another server that I will repeat this experiment on, but that one will be 3 months behind.

Hopefully then I will have a nice sturdy scientific answer as to how much more protection moving ssh to a different port gives

The code I used to generate this graph is given below for reference.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

import os
import matplotlib
import datetime
import matplotlib.pyplot as plt
import matplotlib.dates as mdates
import matplotlib.mlab as mlab
matplotlib.use('Agg')
 
 
datelist = {}
rootdir = './'
 
def plot_all():
	#first convert dict to a set of x values and a set of y values
	keys = datelist.keys()
	keys.sort()
	values = []
	times = []
	for key in keys:
		values.append(datelist[key])
	#now convert the keys into time format
		times.append(datetime.datetime.strptime(key, "%Y-%m-%d"))
 
	#now we're ready to plot with matplotlib
	months   = mdates.MonthLocator()  # every month
	days	= mdates.DayLocator()
	yearsFmt = mdates.DateFormatter('%b')
	dayFmt = mdates.DateFormatter('%d')
 
	fig = plt.figure()
	ax = fig.add_subplot(111)
	dates = range(times[0].toordinal(), times[-1].toordinal()) 
	ax.bar(times,values,width=1)
 
	ax.set_xlabel('Date')
	ax.set_ylabel('Number of Hosts Denied')
 
	#ax.plot(times, values)
	#ax.xaxis.set_major_formatter(yearsFmt)
	#ax.xaxis.set_major_locator(months)
	#ax.xaxis.set_minor_formatter(dayFmt)
	#ax.xaxis.set_minor_locator(days)
	ax.format_xdata = mdates.DateFormatter('%Y-%m-%d')
	fig.autofmt_xdate()
        fig.savefig("plot.png")
 
def countup(file):
	f = open(file, 'r')
	for line in f.readlines():
		#split by spaces to get the date
		line = line.split(" ")
		#now see if this is already in the list
		newline = False	
		for part in line:
			if part == "new":
				newline = True
			else:
				continue
		if newline == True:
			n = 0
			if line[0] in datelist:
				datelist[line[0]] = datelist[line[0]] + 1
			else:
				datelist[line[0]] = 1
	f.close()
 
for subdir, dirs, files in os.walk(rootdir):
	for file in files:
		if not file[-2:] == "py" and file.split(".")[0] == "denyhosts":
			countup(rootdir + file)
 
keys = datelist.keys()
keys.sort()
 
for key in keys:
	print("%s, %s" % (key,datelist[key]))
plot_all()

Where do you find inspiration for designing a new website or redesigning an old one? How did you learn the simple graphic design skills to do this? I’m redesigning this place and am a bit stumped. Any help is much appreciated!

Thanks.

While installing some software with aptitude last night I noticed this “0% [Connecting to gb.archive.ubuntu.com (2a01:450:10:1::10)]“, gb.archive.ubuntu.com is on ipv6! Hooray for the future that should be now!

your workspace look like? Just because I’m interested really, heres the mess that is mine.

My Workspace

I generally use the laptop to show notes and slides I’m working from, and do my work on the desktop.

So what does yours look like?

Well, a new year and a few changes. Having just moved house, my broken laptop-server machine is at the end of it’s life.  With rent having gone down after the move I’ve decided to get the wallet out and ordered a shiny new VPS from those lovely people at bitfolk.com.

A couple of hours this morning got all the files transferred up, Apache 2, MySQL and PHP 5 installed and set up as well as Postfix, Dovecot, Fetchmail and Procmail. I’ve got Procmail to call SpamAssassin using bitfolks dedicated spam assassin server and it all seems to be working nicely now Shall just have to try and keep this place updated!

Last weekend myself and the missus took a drive around my village logging all the access points my laptop could see. I did this using Kismet (in the Ubuntu Repos) and a bluetooth GPS module through gpsd. I did this for two reason. Firstly, I was greatly interested in what percentage of people in the village did not have any encryption on their wireless internet. Secondly, Open Street Map was severley lacking any decent maps of the village.

Driving around took a few hours (largley because the first time I went around I’d misconfigured Kismet..), and it took me maybe an hour to put that information into Open Street Map, and maybe 2 hours to analyse the data sufficiently. Here are the results from the access point survery;

First, the encryption data:

Encryption types used on Access Points in Inkpen

As we can see, a large chunk (22.43%) of access points logged do not have any encryption on their wireless internet. This is very bad as anyone can easily see anything they send to or recieve from the internet. WEP is almost as useless as having no encryption as it can easily be broken.

Wifi Channels used in Inkpen (subtract 1 from legend)

This second graph shows us the distribution of channels used in wireless networks in Inkpen. The majority of people use channel 1, 6 or 11. This may be to do with manufacturers standard settings.

Manufacturers of Chipsets in Access Points logged around Inkpen

This last one was just an aside really. The data for this probably isn’t that accurate, but it doesn’t surprise me that most access points have a Cisco chipset.

Either way, I thought it was an interesting way to spend a morning. Especially for the improvements made to Open Street Map, almost as an afterthought!

A little test, http://swan.ac.uk/ doesn’t work for me but http://www.swan.ac.uk/ does. The same occurs with http://swansea.ac.uk/ and http://www.swansea.ac.uk/ . Me thinks someone’s not set them up fully……