More
    Home Blog Page 3

    Developer Guide for Bluesky .NETCORE API Framework

    0

    This Content Is Only For Subscribers

    Please subscribe to unlock this content. Enter your email to get access.
    Your email address is 100% safe from spam!

    BlueSky .NETCORE API Framework is the common development platform which is developed by Sammy Cheng, from BlueSky Information Technology (Int’l) Co. Ltd. The platform will be mainly used on .NETCORE API server development for Mobile APPS, Website and Applications. This is a universal set of common services, controllers and implementation of infrastructure. The framework was based on Microsoft .NET Core 5 and Entity Framework 6, and will upgrade to .NET Core 6 in soon.

    BlueSky .NET Core API Framework Block Diagram

    The Framework designs with reference to MVC model to implement of controllers, services, factories, repositories and data provider. This framework help developers on minimizing the development time and more focus on the core of business logic development. It provides different useful helpers and services so that developers can implement and deploy the project rapidly and more standardized.

    For this guide, we will briefly describe the whole API framework with the following topics:

    Chapter 1 : Using of SVN and Visual Studio

    Chapter 2 : Definition of Domain (Entities) of Database Tables

    Chapter 3 : Using of framework baseClass inheritance and functional interface

    Chapter 4 : Updating DataContent, Creation of Initial Data and Generate Database Migration Script

    Chapter 5 : Using of IRepository, IGuidRepository, ICustomKeyRepository

    Chapter 6 : Creating and Registering of Service Classes

    Chapter 7 : Creating and Registering Factory, Using of AutoMapper Service

    Chapter 8 : Creating Controller Classes as API endpoint

    Chapter 9 : Example of API and Error/Exception Hanlding

    Chapter 10 : PostMan Documentation Guide

    (c) 2022, BlueSky Information Technology (Int’l) Co. Ltd, All Rights Reserved.

    Get request url in asp.net core api

    0

    This Content Is Only For Subscribers

    Please subscribe to unlock this content. Enter your email to get access.
    Your email address is 100% safe from spam!
    using Microsoft.AspNetCore.Http.Extensions; 
    
    
    var url = httpContext.Request.GetEncodedUrl();
    or
    
    var url = httpContext.Request.GetDisplayUrl();
    depending on the purposes.
    //get request url in asp.net core
    using Microsoft.AspNetCore.Http.Extensions; 
    
    
    var url = httpContext.Request.GetEncodedUrl();
    //or
    var url = httpContext.Request.GetDisplayUrl();
    //or
    var url = HttpContext.Current.Request.Url.AbsoluteUri;

    Bruteforce login prevention

    0

    To stop SSH/FTP attacks on your router, follow this advice.

    This configuration allows only 10 FTP login incorrect answers per minute

    /ip firewall filter
    
    add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
    comment="drop ftp brute forcers"
    
    add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
    
    add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
    address-list=ftp_blacklist address-list-timeout=3h

    This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary.

    /ip firewall filter
    
    add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
    comment="drop ssh brute forcers" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=10d comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
    action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
    address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

    If you want to block downstream access as well, you need to block the with the forward chain:

    add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
    comment="drop ssh brute downstream" disabled=no

    To view the contents of your Blacklist, go to “/ip firewall address-list” and type “print” to see the contents.

    Bruteforce login prevention – MikroTik Wiki

    RouterOS : SYN/DoS/DDoS Protection

    0

    Introduction

    A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. There are several types of DDoS attacks, for example, HTTP flood, SYN flood, DNS amplification, etc.

    Protection against DDoS

    Configuration lines

    These rules are only an improvement for firewall, do not forget to properly secure your device: Building Your First Firewall!

    /ip firewall address-list
    add list=ddos-attackersadd list=ddos-target
    
    /ip firewall filter
    add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
    add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=10m chain=detect-ddos
    add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos
    
    /ip firewall raw
    add action=drop chain=prerouting dst-address-list=ddos-target src-address-list=ddos-attackers

    Configuration explained

    First, we will send every new connection to the specific firewall chain where we will detect DDoS:

    /ip/firewall/filter/add chain=forward connection-state=new action=jump jump-target=detect-ddos
    /ip firewall filter add chain=forward connection-state=new action=jump jump-target=detect-ddos

    In the newly created chain, we will add the following rule with the “dst-limit” parameter. This parameter is written in the following format: dst-limit=count[/time],burst,mode[/expire]. We will match 32 packets with 32 packet burst based on destination and source address flow, which renews every 10 seconds. The rule will work until a given rate is exceeded.

    /ip firewall filter add chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s action=return

    So far all the legitimate traffic should go through the “action=return”, but in the case of DoS/DDoS “dst-limit” buffer will be fulfilled and a rule will not “catch” any new traffic. Here come the next rules, which will deal with the attack. Let`s start with creating a list for attackers and victims which we will drop:

    ip firewall address-list
    add list=ddos-attackers 
    
    ip firewall address-list add list=ddos-targets
    ip firewall raw add chain=prerouting action=drop src-address-list=ddos-attackers dst-address-list=dddos-targets

    With the firewall filter section, we will add attackers in the “DDoS-attackers” and victims in list “ddos-targets” list:

    /ip firewall filter
    add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=10m chain=detect-ddos
    add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos

    SYN Attack

    SYN Flood

    An SYN flood is a form of DoS attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. Fortunately, in RouterOS we have specific feature for such an attack:

    /ip settings set tcp-syncookies=yes

    The feature works with sending back ACK packets that contain a little cryptographic hash, which the responding client will echo back with as part of its SYN-ACK packet. If the kernel doesn’t see this “cookie” in the reply packet, it will assume the connection is bogus and drop it. 

    SYN-ACK Flood

    An SYN-ACK flood is an attack method that involves sending a target server spoofed SYN-ACK packet at a high rate. The server requires significant resources to process such packets out-of-order (not in accordance with the normal SYN, SYN-ACK, ACK TCP three-way handshake mechanism), it can become so busy handling the attack traffic, that it cannot handle legitimate traffic and hence the attackers achieve a DoS/DDoS condition. In RouterOS, we can configure similar rules from the previously mentioned example, but more specifically for SYN-ACK flood:

    /ip firewall filter 
    add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s protocol=tcp tcp-flags=syn,ack

    Source : SYN/DoS/DDoS Protection – RouterOS – MikroTik Documentation

    Wi-Fi 6 是什麼? 相對於 Wifi 5 有什麼分別?

    0

    最近 Wi-Fi 6 已成為主流的規格,到底 Wi-Fi 6 有什麼功能和新技術 ?

    Wi-Fi 是什麼?快速了解 Wi-Fi 6

    Wi-Fi 是一種無線網路技術,「無線網路」於1997年,由 IEEE (國際電氣電子工程師協會) 為無線網路訂定第一個版本標準,於是 IEEE 802.11 正式問世。但該協會只訂定標準,並不測試符合標準的設備,爾後非營利的 Wi-Fi 聯盟則開始著手建立及執行標準,制定全球通用的規範,並提供相關設備、產品的檢測,通過後進行 Wi-Fi 商業認證和商標授權。

    從2019年開始,WFA ( Wi-Fi Alliance )為了簡化名稱,改以數字來命名新的標準,於是Wi-Fi 6 這個名稱就出現了,舊命名則為 802.11ax,是不是 WiFi 6 看起來比較容易理解又好記一點呢?Wi-Fi 6便是WFA推出的最新無線區域網路標準。當Wi-Fi 6在繁重的頻寬使用情境下,可改善速度、增加效能並減少堵塞。之前的802.11b、802.11a、802.11g、802.11n、802.11ac 也重新取名為Wi-Fi 1、Wi-Fi 2、Wi-Fi 3、Wi-Fi 4、Wi-Fi 5。

    發布年份Wi-Fi無線網路標準頻段最高傳輸速率
    1997年第一代IEEE 802.11 (Wi-Fi 1)2.4GHz2 Mbit/s
    1999年第二代IEEE 802.11a
    IEEE 802.11b (Wi-Fi 2)
    5GHz
    2.4GHz
    54 Mbit/s
    11 Mbit/s
    2003年第三代IEEE 802.11g (Wi-Fi 3)2.4GHz54 Mbit/s
    2009年第四代IEEE 802.11n ( Wi-Fi 4 )2.4GHz 或 5GHz600 Mbit/s
    2013年第五代IEEE 802.11ac ( Wi-Fi 5 )5GHz6,933 Mbit/s
    2019年第六代IEEE 802.11ax ( Wi-Fi 6 )2.4GHz 或 5GHz9,607.8 Mbit/s

    Wi-Fi 6 無線網路的五大優勢

    同時上網時Wi-Fi 5會比Wi-Fi 6需要更多電力來處理多工需求,並因設備反應速度不一,而產生更多延遲。那麼 Wi-Fi 6 有甚麼特別呢?就技術面來說,我覺得解決不少舊標準的問題,喬安姐這邊整理了Wi-Fi 6 的五大特色給大家參考,尤其是對網路的重度使用者更應該要了解,wifi 6在速度提升、裝置降溫等,真的是有顯著的進展。

    一、低延遲性

    藉由 OFDMA、MU-MIMO 及 BSS Coloring 等技術的革命性結合,WiFi 6 技術最高可提供高出4倍的網路容量,以降低流量密集環境的延遲現象。同時上網時WiFi5將會比WiFi6需要更多電力來處理多工需求,並因設備反應速度不一產生更多延遲。藉由 OFDMA、MU-MIMO 及 BSS Coloring 等技術的革命性結合,WiFi 6 技術最高可提供高出4倍的網路容量,以降低流量密集環境的延遲現象。

    二、傳輸更快

    Wi-Fi 6 有創新的 1024-QAM 調變技術,突破現有的速度限制。可容納多出25%的資訊,大幅提升1.25倍的效能、提升後的速度最高可達9.6 Gbps

    三、可處理多人、多工需求

    Wi-Fi 5支援設備約不到30個,Wi-Fi 6支援設備可達200個。

    四、功耗低、更省電

    沒有訊號傳輸時Wi-Fi 功能處於休眠狀態,只需要少量資料傳輸便能維持軟體、智慧裝置保持連線狀態,讓 Wi-Fi 設備 (如物聯網 IoT設備)的電池壽命增加,更省下50%左右電量 (數據機本身+裝置本身)。目標喚醒時間 (TWT) 功能可讓裝置在無需與路由器通訊時休眠,最高可降低7倍的功耗,大幅提升電池續航力。因此您可以大幅延長手機或筆電的電池續航力。

    五、訊號涵蓋範圍更遠

    目前多數使用者手機、平板、電腦與數據機等等都是Wi-Fi 5,Wi-Fi 6與 Wi-Fi 5 同樣用了2.4G和5G的協議標準,有相同的穿透力,卻有更好的速度與支援性。透過OFDMA 技術改進了 5G 訊號距離較短的缺陷,可搭配AP路由器或MESH路由器 (等同加了分機) (需加購)擴展訊號,延伸寬頻涵蓋範圍 (水平+垂直),可將每個通道區分為較小的次通道,這些次通道有較小的頻寬,使其最高可提升80%的訊號範圍。其結果可提供較少的 Wi-Fi 死角,實現到處皆可上網的網路環境。Wi-Fi 6 就像是更大條的高速公路,而且同時有多條支線,讓你能更快、更順暢地到達目的地。

    Wi-Fi 6 與 Wi-Fi 5 比較

    對於Wi-Fi 6 與 Wi-Fi 5有什麼不同?還是一頭霧水嗎?免擔心!來把上面的文字變成列表詳解如下比一比,應該就會更清楚:

    原名802.11n802.11ac802.11ax
    Wi-Fi 新名Wi-Fi 4Wi-Fi 5Wi-Fi 6
    發布時間200920132019
    頻段2.4 GHz5 GHz2.4 GHz & 5GHz
    未來可支援1~7GHz
    最高調變64-QAM256-QAM1024-QAM
    最高理論速率54~600 Mbps
    (最多4串流)
    433 Mbps (80 MHz, 1串流)
    6933 Mbps (160 MHz, 8串流)
    600.4 Mbps (80 MHz, 1串流)
    9607.8 Mbps (160 MHz, 8串流)
    最大頻寬40 MHz80 MHz~160 MHz160 MHz
    MCS範圍0~70~90~11
    傳輸分類多工OFDMOFDMOFDMA

    Source : https://myfone.blog/what-is-wifi-6/#internet

    Office 2016 提示您的許可證不是正版彈框解決

    0

    This Content Is Only For Subscribers

    Please subscribe to unlock this content. Enter your email to get access.
    Your email address is 100% safe from spam!

    問題:kms已經啟動,但是一直有許可證不是正版的彈框煩擾。

    解決方法:需求修改註冊表中的鍵值對,來更換更新頻道。

    步驟:

    1、打開註冊表

    2、將修改註冊表中AudienceId和CDNBaseUrl的鍵值

    ID“55336B82-A18D-4DD6-B5F6-9E5095C314A6”,指的即為“每月企業頻道”。

    3、刪除一些鍵值對,若是沒有則不刪除。

    HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\UpdateUrl

    HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration\UpdateToVersion

    HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Updates\UpdateToVersion

    HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Common\OfficeUpdate

    4、打開word->帳戶->office更新->更新選項->立即更新,等待更新後,更新通道將由“當前頻道”變為“每月企業頻道”,至此解決完成,正常使用。

    5、原理釋義

    Office使用更新頻道概念來確定所安裝的 Office 版本要接收哪些更新。 更新頻道是在 configuration.xml 檔中指定的,該檔由 Office 部署工具使用。 應始終顯示指定更新頻道。

    Microsoft 定期為 Office 應用提供新增(和更新)功能,如 Excel 和 Word。 可通過指定更新頻道來控制組織中的用戶獲取這些新功能的頻率。 除新增功能外,每個月都會定期更新頻道以提供所需的安全和非安全更新。 非安全更新提供對已知問題的修復,併為 Office 提供穩定性或性能改進。 有三個主要的更新頻道:當前頻道、月度企業版頻道、半年度企業版頻道。 【參考:Microsoft 365 應用版的更新通道概述 – Deploy Office | Microsoft Docs】
    ————————————————
    版权声明:本文为CSDN博主「小烂云」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
    原文链接:https://blog.csdn.net/qq_36362654/article/details/118543041

    原文链接:https://blog.csdn.net/qq_36362654/article/details/118543041

    海鮮砂鍋粥

    0

    反制西方制裁 俄羅斯撥款 67 億盧布研發 X 射線光刻機

    0

    俄羅斯在 3 月 31 日宣布,向莫斯科電子技術學院 (MIET) 撥款 67 億盧布、約 6100 萬港幣,研發全新的 X 射線光刻機,技術比 ASML 公司的 EUV 光刻機更為先進,有望打破西方國家技術制裁,並終止 ASML 公司的壟斷地位。

    有別於傳統的 EVU 極紫外線光刻機,X 射線光刻機採用同步加速度配合等離子體源的無遮罩光刻技術,由於 X 射線的波長介乎 10nm 至 0.1nm,相較 EUV 更短,理論上提供更高的光刻分辨率,實現更先進的制程工藝。

    X 射線光刻機另一個特點,就是可以直寫光刻,無需要用光掩遮罩,因此成本上也可大大降低,俄媒更宣傳此將打破西方在晶片技術上的制裁,同時能打破 ASML 公司多年以來的壟斷。

    不過,其實美國、中國及歐洲多國均曾經研究 X 射線光刻技術的可行性,但最終也是放棄收場。