In this course, we take a look at DNS Blackholing to prevent drive-by exploitation of computer systems and get back a bit of our bandwidth. Using the PiHole project and a droplet from Digital Ocean, we can quickly and effectively block up to 50% of unnecessary traffic on our networks!
- Open the Microsoft Store
- Search for
Windows Terminal - Click
Windows Terminal - Click
Install
- Launch the
Windows Terminalapp - Run the command
ssh-keygen.exe - Press enter to save in the
$env:userprofile/.sshdirectory - Enter a passhrase if desired
- Validate your key creation with the command
Get-ChildItem $env:userprofile/.ssh
- Navigate to DigitalOcean.com
- Click
Sign Up - Register with your prefered method
- Click your account Icon in the top right corner
- Click
My Account - Click the
Securitytab andAdd SSH Key - In your terminal, run the below command
Get-content ~/.ssh/id_rsa.pub - Copy the output of the above command into the
SSH key contentarea. - Give the key a unique and descriptive name.
- Select
Create>Droplets - Choose
Debian>10 x64 - Choose
Shared CPU>Basic - Choose
CPU Options>Regular Intel with SSD - Choose
$5/mooption - Choose a datacenter region, closer is better.
- In the
Authenticationfield, chooseSSH Keys - Choose a unique and memorable
hostname - Click
Create Droplet
- Copy the droplet's IP address
- In the winterm, type
ssh [email protected] - Accept the fingerprint of your new server
- Run
passwd - Use your password solution to generate a strong and unique password
- Using
nano, modify thePermitRootLoginsetting fromYestowithout-passwordorno. - Save the file using
Ctrl + OandCtrl + X
Note: If you choose no, your server will no longer be accessible via SSH, without generating new unprivileged users. In this case, all instructions would need to be completed through the DigitalOcean Console.
- Run the below commands
apt update && apt upgrade -y
apt install curl
- In the winterm, run
Invoke-WebRequest -UseBasicParsing ifconfig.me - Copy the ip address returned in the
Contentfield.
- In your ssh session, run
apt install ufw - Run the following commands paying special attention to insert the right commands.
ufw allow from YOUR.IP.ADDRESS to any port 22 proto tcp
ufw allow from YOUR.IP.ADDRESS to any port 53 proto udp
ufw allow from YOUR.IP.ADDRESS to any port 80 proto tcp
ufw enable
ufw deny from any to any
ufw status verbose numberedDigitalOcean has some of the best documentation that's ever been written. It is extremely thorough, direct, and devoid of pictures. You should strive to make your documentation like theirs.
As an example, check out their UFW Essentials
- Visit Pi-hole.net
- Click
Install - Copy the
One-Step Automated Install
curl -sSL https://install.pi-hole.net |bash Note: Downloading anything from the internet and piping it to bash is an inherently bad idea. If you wanted to check out the script before running it, simply drop the | bash and redirect the result to a file to review the script before executing.
i.e., curl -sSL https://install.pi-hole.net > script.sh
- Answer the prompts
- Choose an Interface >
eth0 - Select Upstream DNS Provider >
OpenDNS - BlockList >
Stephen's - Install Web Admin Interface >
On - Install Web Server Lighttpd >
On - Log Queries >
On - Privacy Mode >
Show Everything - Copy Password from PiHole Install Screen
- Navigate to Your.Server.IP/admin
- Click
Loginand enter the password from the Pihole Install Screen - Click
Settingsand selectTeleporter - Uncheck all the check boxes under
RestoreexceptAdlists - Choose the .GZ provided for this course
- Click
Restore
- Click
Tools>Update Gravity - Do Not Navigate Away
- Once Complete, go to your
Dashboard
This will be dependent on the device. However, a quick DuckDuckGo search of your router model along with terms like custom dns server will likely resolve this.
- Add a Domain to your Blocklist
- Attempt to visit that Domain, resolution should fail
- Remove it from your blocklist