APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed
Testing for Conficker with Nmap

The latest nmap release can test Windows machines for Conficker infection. If you are running Linux, nmap may already be installed. You can download the latest nmap for OS X from http://nmap.org/book/inst-macosx.htm

Title Last Comment
Kerio Control configuration changes reverted  
- A simple traffic rule was intended to allow ssh access to an internal machine but it refused to record, offering a strange reason -

Configuration changes reverted  
- Configuration changes reverted because rule would break your connection - a vague message, but a simple solution -

Is Apple finally taking security seriously?  
- Do the new security features slated for IOS 9 and OS X 10.11 mean Apple is finally turning its eye to security? -

MyKerio lets you control multiple Kerio Control appliances from a single console  
- MyKerio lets you control multiple Kerio Control appliances from a single console -

How can I open eml files with Outlook?  
- How can I open eml files with Outlook? Windows 7 and Windows 8 machines won't work when I double-click an eml file. -

How can I accept email if the domain doesn't exist?  
- How can I accept email if the domain doesn't exist? -

Is is safe to visit my bank if I'm using unsecured wifi?  
- Is is safe to visit my bank or other secure sites like Gmail if I'm using unsecured wifi? -

Take Control of Security for Mac Users  
- Most security books are too technical for the average reader. Take Control of Security is not - learn how to protect yourself with this new book by Joe Kissel. -

Another router security flaw - netUSB  
- This netUSB vulnerability is real, but I have to ask why anyone ever thought netUSB was a good idea? -

Canary is a good idea at a ridiculous price  
- While I do like the idea of the Canary Honeypot, the price is utter nonsense. There's nothing difficult about doing this and nothing worth that kind of money. -

Google helps you with privacy now and after you are gone  
- It's not just privacy, though: you can also tailor ads and search results to be more relative to your needs -

Debugging Host Connection Limit Reached on Kerio Control  
- The Packet Dump feature in Connect's Debug log gives you an easy way to debug excessive connections to a host. -

The Moose Linux Router Worm is more like Bullwinkle, honestly  
- Honestly, how can you look at me with a straight face and call this a Linux security issue? It isn't: it's an idiot's security issue. -

Why use a VPN instead of opening ports?  
- I need to access my security cameras from home. My camera guys says we need to forward ports on the firewall, but my firewall guy says I should use the VPN instead -

Looking for secret connections  
- Malware often has secret internet connections. Spotting them in your firewall isn't always easy but I can offer some hints. -

Google Password Alert - barn doors and horses  
- Although two factor authentication protects you more, users who will not or cannot use that might consider this. To me, this seems like a silly answer! -

Managing iptables drop lists  
- After blocking large numbers of sites accidentally, cleaning them out is easier with this script -

Mac OS X 'rootpipe' is not a backdoor  
- An exploit that requires a local login is not a back door. It's not even an open safe. Most of us have nothing to fear. -

Spotting Click Bombing with Google Analytics  
- Here are two simple Analytics report that could help you spot click bombing and identify the source -

Samepage - Redefining how people create and share information
Someone is click bombing me  
- If someone is trying to damage you, here's how to track them down and stop them -

Are A/V vendors really this clueless?   2015/04/15 TonyLawrence
- This botnet infected an additional 128,000 new computers each month over the past half year and the A/V folks couldn't stop it? -

Patch fixes sudo escalation flaw  
- Yosemite 10.10.3 patches a local exploit that elevates an ordinary user to root privileges. Upgrade now and do not run as an administrator account. -

Kerio Connect DSN breaks DMARC   2015/01/20 TonyLawrence
- Kerio Connect DSN breaks DMARC due to use of hostname as sending domain -

Renewing Kerio Control SSL Certificates  
- Renewing Kerio Control SSL Certificates does have some pitfalls. By default, Kerio Control ships with several predefined SSL certificates which are used for specific purposes. There's a "Default", one for Reverse Proxy, one for Local Authority and one for VPN. -

Upgrading from software Kerio Control to the hardware version  
- Upgrading from software Kerio Control to the hardware version is not difficult -

Help protect your mail domain with DMARC  
- Although not widely implemented, DMARC can help protect your domain -

Hassle free SSL/TLS?  
- Hassle free SSL/TLS? Let’s Encrypt: Delivering SSL/TLS Everywhere -

Is your password safe?   2014/12/01 TonyLawrence
- Is your password safe? Kasperksy may not think so even if other sites say it is. -

Hacked at my own site  
- Well, not really hacked but a password exposed and that's pretty bad! -

Monitoring Kerio Connect for suspicious activity  
- If you suspect that user's email has been compromised, here is a script that can help. -

Packet Dump in Kerio Control  
- Packet Dump used to be a hidden option in Kerio Control and you needed ssh to get the logs or even to remove them. That's no longer the case.` -

IPS in Kerio Control  
- You may never have even looked at IPS in Kerio Control or ever need to. It's there when you need it, though. -

DNS Forwarding in Kerio Control  
- DNS Forwarding in Kerio Control can be pretty powerful stuff. Learn its ins and out here. -

Who's been reading my email?   2013/07/02 DaveGillam
- The boss noticed that some emails he did not read were marked as read - who was responsible? -

Important changes coming in Kerio Control   2013/09/21 TonyLawrence
- The 8.1 release of Kerio Control contains a number of important new features. Some require a bit of explanation. -

Clicky Analytics for your website  
- Clicky Analytics offers some advantages over Google Analytics and can be used alongside too. -

More about Cloudflare  
- CloudFlare should now be fully active on this site. Visitors should only see speedups in page loads and no adverse affects. -

Expectations of privacy - time to shut it down?  
- Groklaw shuts down, the NSA spying gets worse. Is this Orwellian or just business as usual? -

Basic software firewall introduction for home users  
- You almost certainly have a software firewall on your Windows or Mac computer. You also probably have a hardware firewall. Understanding just a little bit about them can save you trouble. -

Using SCO Unix as a firewall  
- Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server? -

Websockets and Kerio Control  
- How to set your Kerio Control proxy to work with websockets -

Kerio Control Connection Limit Reached Alert  
- While this alert might indicate suspicious activity, it might just be something simple that you forgot about. -

Script to block DOS attacks   2013/06/03 TonyLawrence
- People steal content. If you run a website, you almost certainly know that; here is a simple script to block annoying abusers and possibly stop a little theft, too. -

Wireshark 101   2013/05/26 TonyLawrence
- Silly me. I really should have started using Wireshark long before this! -

Kerio Control with multiple Internet Interfaces   2014/01/24 basit
- If you have more than one Internet connection, Kerio Control can configure and use these in different ways. Learn how here. -

Simple debugging with Kerio Control  
- An easy way to use Control as a network sniffer by creating useless rules and adding Accounting logging. -

A Verizon FIOS STB and a Kerio Control router   2013/01/19 anonymous
- Verizon provides a router that is needed for their Video on Demand and other TV services to work. How can we use a Kerio Control box with that? -

Examining Kerio Control Traffic Rules   2012/11/08 TonyLawrence
- A simple Perl script helps display Kerio Control traffic rules. -

Should I buy the Kerio Control Appliance or run the software version?  
- Kerio offers its Control firewall in both software and hardware versions. Which should you choose? -

Troubleshooting Kerio Control installation  
- Setting up Kerio control is usually very easy. If you do experience problems, this guide can help. -

Kerio Connect Mailserver
Kerio Operator in a separate subnet behind Control Firewall   2013/06/14 TonyLawrence
- Installing Kerio Operator in a private subnet that is not the same as your office LAN network requires some special firewall rules. -

Kerio Control Require3WayHandshake dropping packets   2012/10/24 NickBarron
- A Kerio Control 3110 replaces an old SonicWall. Immediately we saw problems with dropped packets: packet dropped: 3-way handshake not completed -

How to find password hacks in your Kerio Mailserver log  
- If a hacker can guess a password for a mail user on your system, they can send email that will appear to be from a legitimate user. Here's how to find and prevent such use. -

Avast Free Antivirus for Mac   2012/05/30 NickBarron
- Will someone please make decent malware/antivirus protection for Macs? I'd hope that Apple would be smart enough to do that itself, but so far they seem uninterested and that leaves me feeling worried. -

Why you should let me sell you a new firewall   2012/05/20 TonyLawrence
- I know - your current firewall is working fine. Or so you think. You could be right about that, but let me go over a few reasons why you might want to consider changing that firewall now. -

Kerio Control Rip and Replace   2014/07/10 TonyLawrence
- I tore out a perfectly good Astaro Firewall and replaced it with a Kerio Control box. The Astaro was only two years old and was working fine, but tearing it out made both me and my customer very happy. Read on to learn why. -

Kerio Control Hardware Appliance firewall   2012/05/22 TonyLawrence
- I got to configure two new Kerio Control hardware appliances this week. Learn what's different about these boxes compared to the software versions. -

A Kerio Firewall transplant causes mail problems   2012/04/06 TonyLawrence
- Moving a Kerio Control firewall to new hardware shouldn't be any trouble at all. In fact, it was not, but some red herrings led me to think that something had gone mysteriously wrong. -

Understanding Kerio Control Firewall Licensing   2014/06/17 TonyLawrence
- How many user licenses will your Kerio Control firewall require? The answer isn't as simple as it was before, but the current licensing does offer more flexibility. -

More Security articles

Have you tried our Tests?