Artica For Postfix

[Friend7]

Hello,

I really need an Anti-Hacks for port 80 and 53

Best Regards,

[Friend7]

"Tell that to the Chinese hackers getting into military databases."

[Friend7]

http://www.bloomberg.com/news/2011-06-07/google-sony-nintendo-hacker-anonymity-stymies-arrests-by-u-s-cyber-cops.html

[abolinhas]

For port 53 (dns):
@David
It is possible add DNSSEC to Artica?

DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server. While protecting IP addresses is the immediate concern for many users, DNSSEC can protect other information such as general-purpose cryptographic certificates stored in CERT records in the DNS. RFC 4398 describes how to distribute these certificates, including those for email, making it possible to use DNSSEC as a worldwide public key infrastructure for email.

DNSSEC does not provide confidentiality of data; in particular, all DNSSEC responses are authenticated but not encrypted. DNSSEC does not protect against DoS attacks directly, though it indirectly provides some benefit (because signature checking allows the use of potentially untrustworthy parties). Other standards (not DNSSEC) are used to secure bulk data (such as a DNS zone transfer) sent between DNS servers. As documented in IETF RFC 4367, some users and developers make false assumptions about DNS names, such as assuming that a company's common name plus ".com" is always its domain name. DNSSEC cannot protect against false assumptions; it can only authenticate that the data is truly from or not available from the domain owner.

http://en.wikipedia.org/wiki/Domain_Nam ... Extensions

[abolinhas]

also if you have bind9 installed take a look on this
http://www.cyberciti.biz/tips/bind9-dns ... oning.html

[abolinhas]

@David
What do you think about this ddos protection ?
http://www.topwebhosts.org/tools/apf-bf ... ootkit.php

[Friend7]

DoS Protection via APF, BFD, DDOS and RootKit
http://www.topwebhosts.org/tools/apf-bfd-ddos-rootkit.php

They are SO MUCH great tools! I like them




I do not use bind9, I have PowerDNS 2.9.

PowerDNS v3.0 has DNSSEC but v3.0 is only a RC1

Is possible to get a RC1 through Artica installer?

[admin]

Is possible to get a RC1 through Artica installer?

Artica follow the Linux distrbution version. if CentOS/debian support it Artica will support it...

[Friend7]

April 4,2011 05:00
PowerDNS Authoritative Server 3.0 'PowerDNSSEC' release cycle starting

In the upcoming version 3.0, The PowerDNS Authoritative Server 3.0 will add full support for DNSSEC.
This version is now almost ready for use, with 'Release Candidate 1' to be made available shortly.

In version 3.0, PowerDNS Authoritative Server 3.0 adds support for:
DNSSEC
Online signing
Signing slave/proxy
Serving pre-signed zones
TSIG transaction signatures for authorizing & requesting zone transfers
MyDNS compatibility backend
Master/Slave communications over IPv6
Lua zone editing

last Version PowerDNS Authoritative Server (2.9.22)

Seems to be that RC1 is available, I will find out

[Friend7]

The most recent release of the PowerDNS Authoritative Server Release
Candidate is 3.0-rc2 and is available as:

tar.gz source
i386/x86 (64 bit) RPM
i386/x86 (64 bit) DEB
i386/x86 (32 bit) RPM
i386/x86 (32 bit) DEB

http://www.powerdns.com/content/downloads.aspx

I have Centos 32 bits on Artica-Zarafa