valeriansaliou

// Globals
var _message_source = null;
var _message_origin = null;

// Methods
var __receive_message = function(event) {
  var _data = JSON.parse(event.data);

  if (_data.type && _data.payload) {
    // Store message parameters

valeriansaliou

#!/bin/bash

# 1. Setup base dependencies

apk update
apk del ufw
apk add htop busybox-extras

# 2. Disable Swap

valeriansaliou

port 1194
proto tcp6-server

dev tun

local ::

ca ca.crt
cert server.crt
key server.key

valeriansaliou

#!/bin/bash

BACKUP_DATE=$(date +"%Y-%m-%d_%H-%M-%S")

AWS_CONTAINER="s3://xxx-backup/xxx_backup"
AWS_DESTINATION="$AWS_CONTAINER/$BACKUP_DATE"

GPG_RECIPIENT=xxx@xxx.xxx
ADMIN_EMAIL=xxx@xxx.xxx

valeriansaliou

# jan/13/2020 08:34:56 by RouterOS 6.46.1
#
# notes: \
#   - wan to orange ont on ether1; \
#   - lan to ap/switch on ether2; \
#   - ipv4 + ipv6 w/ fw rules; \
#   - using routeros dns cache for lan, proxying to the dns servers advertised by orange's dhcpv4 server; \
#   - direct plug your computer w/ wireshark to your livebox 4 fiber ethernet port and reboot it, inspect the dhcpv4 packat in wireshark and extract the value of 'authsend'; \
#   - the cos tag needs to be set to 6 to be accepted by the ont dhcpv4/v6 server (from default 0), this may not be required depending on your ont, check for the cos flag sent by your livebox 4 when sniffing its traffic
#

valeriansaliou

** File Read Latency Histogram By Level [default] **
2019/03/31-08:53:54.017088 7fc4977f6700 [WARN] [db/db_impl.cc:669] ------- DUMPING STATS -------
2019/03/31-08:53:54.017165 7fc4977f6700 [WARN] [db/db_impl.cc:670]
** DB Stats **
Uptime(secs): 41400.5 total, 600.0 interval
Cumulative writes: 17M writes, 17M keys, 17M commit groups, 1.0 writes per commit group, ingest: 13.88 GB, 0.34 MB/s
Cumulative WAL: 17M writes, 0 syncs, 17597384.00 writes per sync, written: 13.88 GB, 0.34 MB/s
Cumulative stall: 00:00:0.000 H:M:S, 0.0 percent
Interval writes: 0 writes, 0 keys, 0 commit groups, 0.0 writes per commit group, ingest: 0.00 MB, 0.00 MB/s
Interval WAL: 0 writes, 0 syncs, 0.00 writes per sync, written: 0.00 MB, 0.00 MB/s

valeriansaliou

var mongoose = require("mongoose");
var SonicChannelSearch = require("sonic-channel").Search;

var MessageModel = mongoose.model("message", new mongoose.Schema({
  website_id : String,
  type       : String,
  content    : Object
}));

var query_count = 0;

valeriansaliou

var mongoose = require("mongoose");
var SonicChannelIngest = require("sonic-channel").Ingest;

var MessageModel = mongoose.model("message", new mongoose.Schema({
  session_id : String,
  website_id : String,
  type       : String,
  content    : Object
}));

valeriansaliou

{
  "dependencies": {
    "request-promise": "4.2.2",
    "request": "2.83.0",
    "promise-seq": "2.0.1"
  }
}

valeriansaliou

# Those rules protect HTTP/HTTPS services for both IPv4 and IPv6 sources as such:
# 1. Prevent a /32 IPv4 or /64 IPv6 to open more than 10 HTTPS?/TCP connections per second (the limit is high, but this still shield against some attacks) — DROP TCP packets in this case, to avoid generating egress traffic sending a RST
# 2. Limit ingress bandwidth to HTTPS? services to 32KB/sec (adjust to your needs, in my case it is used to shield a WebSocket backend against incoming WebSocket message floods)
# 3. Limit the number of simultaneous ongoing connections to HTTPS? to 40 (also, high limit, adjust to your needs)

# The protections those rules offer:
# 1. Prevent crypto-DOS (ie. a client that proceed too many key exchanges and thus exhaust server CPU)
# 2. Prevent WebSocket floodings (eg. I use this for Socket.IO, which has no efficient way to rate-limit received messages before they get parsed)
# 3. Prevent ephemeral TCP port exhaustion due to a client holding too many TCP connections
# 4. Prevent IPv6 rotation attac