Blog
SecuringAIX

« Improve Your Password-Hashing Algorithms | Main | What Does It Take for Security to Get Management Attention? »

October 15, 2013

Comments

Being an AIX expert for years, I have to admit that I also can still learn a lot on the topic of networking and traffic flow.

Having a 10Mb ADSL line at home with a whole family all sucking the line dry 24/7 and render it shaped, leaves me unhappy when I occasionally want some bandwidth.

QOS comes to mind yes, but something tells me that there is a deeper and better level to dig into. It always start with 'knowledge/information' and I am clueless where to start my focus.

Now the ADSL router's QOS configuration is to laugh about. This makes me think that I should put a server down with 2 NICs and build my own QOS router, so that I can choose who gets what and when. This will empower me also to look at and manage the 'baddies', whether it be an attacker, a knocker, a sniffer, a spoofer or anything else.

Being a "servant" in the industry I will never be able to afford an AIX system at home, so will look at a Linux flavor to work on.

How would one take charge of such kind of control?
...and looking at "entstat -d entX" on the AIX systems in our data centre, the extremely high amount of "Receive Interrupts" tells me that a lot of "shouting" on the network with nobody owning this, since all the systems has got 0 Transmit Interrupts.

I hope I stayed 'on topic' enough with this post.

Lots to respond to! Thanks. And, I never really worry about "on/off" topic - that is what editors are for :).

First, never be able to own an AIX box. The first AIX box I bought was actually 4 of them - for 100 gulders (45 euros), and the stats I'll show are from the last one still running.

You mention entstat output. As you say, no transmit interrupts - which just means the drivers are (no longer) interrupt driven for xmit. Receive is by definition an interrupt because it is outside of any control/timing of the host/server. Something knocks on the port - system is diverted/interrupted.

Elapsed Time: 36 days 1 hours 13 minutes 35 seconds

Transmit Statistics: Receive Statistics:
-------------------- -------------------
Packets: 2719822 Packets: 4817307
Bytes: 1466455815 Bytes: 1357605158
Interrupts: 0 Interrupts: 4779122
Transmit Errors: 0 Receive Errors: 0
Packets Dropped: 0 Packets Dropped: 0
Bad Packets: 0

Hope that formats all right.

QOS and AIX - it is in there - somewhere, but I have never used it so I cannot really help you there.

re: your ADSL modem and weak QOS controls - weak is 'weak', but if it is enough to get done what you need/want - use it first. I have pretended my IP address is the "phone" or the "TV" that needs priority, and while it does not give me everything, it is noticeably more.

However, if you are looking for an excuse to build your own router - my experience of over 10 years ago - hard to beat the throughput/performance of an embedded system (aka ADSL router with NAT, IPv6 support, etc. etc.).

My secret is that I have two providers - one with a better ADSL router (that I 'own') and one that wants to 'own it' so I cannot really change anything. That second one has 'required' that I do more security at the host level because I cannot do it at the router.

Security should be like an onion - many layers.

Anyway, I hoped I responded (do not dare say answer) to most of your comments.

Again, thank you for yours!

Hey,

I deal with many internet facing AIX and ideall you need to run a iptrace which contains much better information, but also can easily be imported into wireshark (on any playform) for dissemination.

The traffic you show looks like the pattern of a DNS amplification attack, ie using you as a mule to DOS another services on the internet.

http://en.wikipedia.org/wiki/Denial-of-service_attack

Thanks Steve. Good link.

And - your observation about needing a more complete, rather inclusive, trace is correct.

My goal here is to show just one example of how AIX ipsec can be used to combat undesired "approaches".

The comments to this entry are closed.