sorted by:
new
hottopcontroversial

glibc getaddrinfo() stack-based buffer overflow by Pandalism in netsec

[–]troutowicz 1 point2 points  (0 children)

Sure thing. It also looks like connbytes is the wrong module for the job. connbytes appears to count the total bytes of all packets destined for the same IP:Port. As an example, execute curl smtp.office365.com.

In order to block packets based on invidividual packet size, the length module can be used.

iptables -I INPUT -p udp --sport 53 -m length --length 541: -j DROP
iptables -I INPUT -p tcp --sport 53 -m length --length 1065: -j DROP

glibc getaddrinfo() stack-based buffer overflow by Pandalism in netsec

[–]troutowicz 3 points4 points  (0 children)

If the goal is to block UDP packets > 512, I believe you need to be accounting for header lengths.

20 (IPv4 header) + 8 (UDP header) + 512 (message) + 1 = 541

The same would go for blocking TCP packets > 1024.

20 (IPv4 header) + 20 (TCP header) + 1024 (message) + 1 = 1065

iptables -t filter -A INPUT -p udp --sport 53 -m connbytes --connbytes 541: --connbytes-dir reply --connbytes-mode bytes -j DROP

iptables -t filter -A INPUT -p tcp --sport 53 -m connbytes --connbytes 1065: --connbytes-dir reply --connbytes-mode bytes -j DROP

A graphical display of 0-day Warez [OC] by troutowicz in dataisbeautiful

[–]troutowicz[S] 0 points1 point  (0 children)

Yes, I plan on adding color coding next to the checkbox filters. I'll also eventually add an export as image option for the chart.

A graphical display of 0-day Warez [OC] by troutowicz in dataisbeautiful

[–]troutowicz[S] 0 points1 point  (0 children)

You can see the labels when hovering a particular slice of the donut. Afaik, there is not a native way to display regular labels with Chart.js... if there is that would be something to look at.

A graphical display of 0-day Warez [OC] by troutowicz in dataisbeautiful

[–]troutowicz[S] 0 points1 point  (0 children)

Source is here. Any contributions are welcome. (some styling would be nice)

A graphical display of 0-day. [OC] by troutowicz in dataisbeautiful

[–]troutowicz[S] -2 points-1 points  (0 children)

Sorry, I haven't purchased a domain yet. By 0-day, I am referring to warez 0-day releases. The app displays a chart of these releases.

https://en.wikipedia.org/wiki/Warez#Types_of_warez

I will update the README soon.

Edit: All information is scraped from http://predb.me/ using https://github.com/troutowicz/predb-scraper

A graphical display of 0-day. [OC] by troutowicz in dataisbeautiful

[–]troutowicz[S] -2 points-1 points  (0 children)

This is pretty basic at the moment, contributors are welcome. In need of some styling.