How Sim Swap Scam works:

The scammer may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone they own.

If your mobile service provider believes the story and activates the new SIM card, the scammer will get a sim with your number on it and will get all your text messages, calls, and data on the new phone.

The scammer could open new cellular accounts in your name or buy new phones using your information.

They could also log in to your accounts that use text messages as a form of multi-factor authentication. How? Because they’ll get a text message with the verification code they need to log in.

Armed with your login credentials, the scammer could log in to your bank account and steal your money, or take over your email or social media accounts. And they could change the passwords and lock you out of your accounts.

How can you protect yourself from Sim Swap Scam

  • Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
  • Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and login to your accounts.
  • Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
  • Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use Multi-Factor Authentication, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.
  • Consider using Google Authenticator or similar Time-Based OTP app as multifactor authentication instead of SMS wherever possible

What to do if you are a target of a SIM swap scam

  • Contact your cellular service provider immediately to take back control of your phone number. After you regain access to your phone number, change your account passwords.
  • Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.

TCP Selective Acknowledgment (SACK) has to be disabled on the Linux kernel. TCP Selective Acknowledgment (SACK) is used to improve performance of data transfer on TCP stack.

When TCP SACK is enabled the TCP packet capture will have TCP options similar to below screenshot

TCP packet capture sample when TCP SACK is enabled

Disable TCP SACK

To disable SACK run the below command on Linux cli as root.

# sudo echo “net.ipv4.tcp_sack = 0” >> /etc/sysctl.conf
# sudo sysctl -p

After running the above commands the Linux server needs to be rebooted to apply the new configuration.

Once the server is rebooted the Linux server will not do TCP SACK any more.

Disabling TCP SACK will negatively effect the data transfer performance. The magnitude of performance hit depends on type of data transfer.

Let’s Encrypt has recently started supporting wildcard certificates using its new ACME2 protocol. This means that you can have a single wildcard certificate like *.asknetsec.com and use it on all the other sub-domains like blog.askenetsec.com, email.asknetsec.com.

This makes is very easy to manage certificates for different sub-domains. Until now each sub-domain needed its own certificate generated for the specific sub-domain.

Install Certbot

Certbot is not available in the default ubuntu repository. Run the below command to add ppa repository.

sudo add-apt-repository ppa:certbot/certbot

This will add the repository from where certbot can be installed

sudo add-apt-repository ppa:certbot/certbot
This is the PPA for packages prepared by Debian Let’s Encrypt Team and backported for Ubuntu(s).
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keyring `/tmp/tmp1hyvak__/secring.gpg’ created
gpg: keyring `/tmp/tmp1hyvak__/pubring.gpg’ created
gpg: requesting key 75BCA694 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmp1hyvak__/trustdb.gpg: trustdb created
gpg: key 75BCA694: public key “Launchpad PPA for certbot” imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK

Update packages

sudo apt update

Run below command to install certbot

sudo apt install certbot

Make sure that you are using Certbot version 0.22 or above. Certbot before the version 0.22 does not support wildcard certificate.

Steps to generate wildcard certificate

Run this below command on the linux cli.

$ sudo certbot certonly –manual -d *.asknetsec.com –agree-tos –no-bootstrap –manual-public-ip-logging-ok –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory

Replace *.asknetsec.com with your domain name for example *.yourdomainname.com. Once you run this command it will generate a text DNS value.

The command output will be similar to the one below

debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): admin@asknetsec.com
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

——————————————————————————-
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
——————————————————————————-
(Y)es/(N)o: N
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for asknetsec.com

——————————————————————————-
Please deploy a DNS TXT record under the name
_acme-challenge.asknetsec.com with the following value:

AVOwxVcSTfASueHcoOosBFF4sxEFZuso5ip6w63GrMs

Before continuing, verify the record is deployed.

——————————————————————————-
Press Enter to Continue

Create a text DNS record for the sub-domain  _acme-challenge.yourdomainname.com with the value generated by certbot when the above command is run. In my case the value was AVOwxVcSTfASueHcoOosBFF4sxEFZuso5ip6w63GrMs.

You will have to wait for some time for the new DNS record to propagate over the internet. I waited for 10 minutes and pressed enter.

Press Enter to Continue
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/asknetsec.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/asknetsec.com-0001/privkey.pem
Your cert will expire on 2018-06-21. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Congratulations!! The wildcard certificate is generated. You can use this wildcard certificate with any sub-domain you create for your domain name.

Spectre

Spectre is the latest vulnerability discovered in processors which allow amalicious application to trick another application into exposing its memory to read by the malicious application.

This vulnerability affects almost all the processor variants from Intel/AMD/ARM. Which means that all computers both Desktop/Laptop and SBC and all the smartphones are affected by this Vulnerability.

 

More information about this vulnerability can be found at https://spectreattack.com/

CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.

All OS manufacturers are releasing patches to fix these vulnerability, You can follow below steps to update the OS and patch the vulnerability.

Fix the Spectre on a CentOS/RHEL/Fedora/Oracle/Scientific Linux

Type the following yum command:

sudo yum update

You must reboot your Linux server using shutdown/reboot command:

sudo reboot

Run the following dnf command if you are using a Fedora Linux:

sudo dnf –refresh update kernel

OR

sudo dnf update

Reboot the Linux box:

sudo reboot
.

Fix the Spectre on a Debian/Ubuntu Linux.

Use the following apt-get command/apt command:

sudo apt-get update
sudo apt-get upgrade
sudo shutdown -r 0

Fix the Spectre on an Amazon Linux running on AWS

Just run yum command:

yum update kernel

 

The iptables rules regulate the traffic on a Linux system this also does the source and destination nat for any traffic as configured.

The IPTables Rules can listed by using the command

sudo iptables -L

IPTables rules are processed in a sequence from top to bottom so if a rule is matched for any traffic further rules below the matched rule will not be checked.

If you want to change the sequence of IPtables rules so that certain rules are checked before the other rules, you can use the following method.

1. Export the IPTables rules to a text file

sudo iptables-save > /tmp/iptables.txt

This command will create a text file iptables.txt in /tmp directory, this test file will have all the IPTables rules from all the chains

2. Edit the text file to change the sequence of rules

sudo nano /tmp/iptables.txt

This command will open the iptables.text in nano text editor, or you can use vi or any other text editor of your choice. Edit the iptables rules to change the sequence of rules as required

3. Restore the rules from text file to iptables

sudo iptables-restore < /tmp/iptables.txt

This command will import the rules from the text file to the IPTables.

The new IPtables rules sequence will be applied immediately and does not need a service reload or reboot of the system. You can check the sequence of the IPTables rules using the command

sudo iptables -L

To find the your public IP address from command line (CLI) you can use the below commands for Linux and Windows Operating systems.

Linux

curl icanhazip.com

curl canihazip.com/s

These 2 commands will generate web request and show the ip address as the response of the request.

 

dig myip.opendns.com. @resolver1.opendns.com +nocomments +noquestion +noauthority +noadditional +nostats | grep -oE “\b([0-9]{1,3}\.){3}[0-9]{1,3}\b”

This command runs DNS query and show the resolved ip address. The dns query to myip.opendns.com. using the resolver1.opendns.com DNS resolver outputs the public IP address from where the DNS query is generated.

Please note the period (.) at the end of the myip.opendns.com., this makes sure that the DNS suffix is not added to the query and query is absolute.

Windows

nslookup myip.opendns.com. resolver1.opendns.com | find “Address”

This outputs two IP addresses and the second IP address will be your public IP address