richweb's blog

Recently we have setup several ftp sites for customers that come with secure, web-based download for the private ftp dropboxes as well as a web interface to manage it all.

More details:
http://www.richweb.com/ftp_manager

Multiple Cisco ASA firewalls, all running the same code have been exhibiting a loss of connectivity to the outside world problem:
Hardware:   ASA5505, 256 MB RAM, CPU Geode 500 MHz
Software:   asa724-k8.bin

The devices would randomly enter a state where external NIC is unable to process packets. Console
port access would work if out of band access is present; I could login and run commands. All show commands work, sometimes the device will come back w/o a reboot, sometimes a reboot is
needed to restore the proper functionality.

We have a generic procedure for cloning an open bsd firewall that allows us to easily upgrade or replace hardware. Simply swapping the disk or raid array the OS is on is not always practical or possible (SATA to SCSI or single disk to HW raid for example). As long as each system is loaded with the same base OS (4.4 currently) making a copy of /etc/ /var/ and /root/ (as well as /home/ if shell accounts exist) and transferring that copy into place on the new system is all that needs to be done. Of course making sure the relevant patches are installed is also important.

I found an IOS image that can be downloaded via anonymous ftp from ftp.cisco.com for the discontinued 3524 XL cisco switches that enables 8021q:

/pub/lan/catalyst/c3500xl-c3h2s-mz.120-5.WC10.bin

Hardware specs:

cisco WS-C3524-XL (PowerPC403) processor (revision 0x01) with 8192K/1024K bytes of memory.
Model number: WS-C3524-XL-EN

8021q VLAN support enables you to setup a linux or openbsd appliance with multiple vlan interfaces on a single network interface.

We have been running our new spam filter firewall protection system for about a year now with good success so far. It sits in front of our MailFoundry spam filter appliance and tarpits blacklisted ips, keeping those ips from hitting our MailFoundry and wasting smtp resources. It has a built in whitelist as well as an auto-learn blacklist mechanism based on parsing of the MailFoundry logs. if you have a MailFoundry appliance or similar device struggling to keep up with its workload (such as running out of smtp connections) then our solution may be just the ticket to cleaner, faster mail.

As of 9PM EST Wed March 11th Richweb has blocked all email incoming from 72.167.218.0/24 which is the godaddy.com / secureserver.net mail server range. Richweb was flooded with over 100,000 emails in a very short period of time due to misbehaving applications on that network. Calls to the godaddy support line went unanswered, and we were nt able to leave a message.