My M0n0wall setup

My M0n0wall

My M0n0wall is running on a Dell Optiplex GX100. the PC is a medium-small form factor. It is only running one small fan on the powersupply. The P III processor is passively cooled.

One fun thing I did was wire the LAN NIC LED to make the hard drive indicator light flicker on the front of the box. I am using a CF card and no hard drive so now when there is traffic on the M0n0wall, the “HD led” blinks to indicate that there is traffic.

m0n0wall

Specs

  • Dell GX100
  • 500MHz Celeron (passively cooled)
  • 32MB Compact Flash Card
  • 196 MB ram
  • 135 watt PowerSupply
  • 1 onboard NIC
  • 1 Netgear FA311 (?)

Live Network Usage Graph from MRTG:

To see more stats, see my MRTG output page

OS X Snitch Script

I have SSH enabled on one of my OS X servers and have always been mindful of the logs. Monitoring attempts to brute force crack way into my machine. I have been careful and hopefuly have a fairly strong setup that should not be trivial to crack.

To help me watch the logs I created this very simple script that I run to notify me of any break-in attempts:

I call the script “Snitch”

#!/bin/bash
cat /private/var/log/system.log | grep 'Illegal' | awk '{print $12}' | sort | uniq -c
cat /private/var/log/system.log | grep 'Failed password' | awk '{print $13}' | sort | uniq -c | sort -nr

The script looks through the system log and finds and illegal or failed login attempts and counts the number of times that IP have attempted to gain enrty (since the log last rolled over). The output of the above script looks like this:
10 202.104.xxx.xxx
12 200.129.xxx.xxx
6  200.124.xxx.xxx

*note: I have not displayed the last two octets of the IP for privacy reasons.

Anywhoo, this page is more for me in case I ever need to refrence back to the code. However, if you stumbled onto it and found it helpful, great. 🙂

M0n0ban

This is a quick script I stuck together to help me quickly ban IP addresses using my M0n0wall. I run this script from my Mac, however I needed to install wget in order to get it to work. I used info and code from this page to put this together: http://wiki.m0n0.ch/wikka.php?wakka=PoorMansTimeBasedRules

To run the script: /usr/bin/m0n0ban.command 200.xxx.xxx.xxx

#!/bin/bash#/usr/bin/m0n0ban.command
badIP=$1
echo "~*~*~*~*~*"
echo " Are you sure you want to ban "$badIP"?";
echo " Press enter to continue os CTRL+C to quit";
echo "~*~*~*~*~*"
read
Echo "Banning "$badIP
wget -qO /dev/null http://10.0.0.1/exec_raw.php?cmd="ipfw add 5 deny all from $badIP to any"
echo "Complete..."
echo "Current ruleset:"
wget -nv -O ~/banned.txt http://10.0.0.1/exec_raw.php?cmd="ipfw show 5" -q
cat ~/banned.txt

The command line interaction looks like this:
pine$ ./m0n0ban.command 201.216.x.205
~*~*~*~*~*
 Are you sure you want to ban 201.216.xx.205?
 Press enter to continue os CTRL+C to quit
~*~*~*~*~*

Banning 201.216.xx.205
Complete...

Current ruleset:
00005       0         0 deny ip from 200.129.xx.107 to any
00005       0         0 deny ip from 218.108.xx.121 to any
00005       0         0 deny ip from 201.216.xx.205 to any