DEV Community: Enmanuel Reynoso

How I blocked ads and malware on my home network using a DNS Sinkhole

Enmanuel Reynoso — Mon, 24 Feb 2025 07:52:39 +0000

How ads work with DNS?

Before we block ads and malware, we need to understand how they work through DNS. When you visit a website, your device queries a DNS server to resolve domain names (like diariolibre.com) into IP addresses. However, websites also load third-party ads and trackers that require additional DNS lookups. The screenshots below illustrate this process: first, we see DNS queries sent from a client (10.0.0.162) to a local DNS resolver (10.0.0.1). The nslookup test confirms that diariolibre.com resolves to Amazon AWS IPs, but we also see multiple requests to advertising domains, like securepubads.g.doubleclick.net. By using a DNS sinkhole such as AdGuard Home, we can intercept and block these unwanted queries, preventing ads and trackers from loading across all devices on our network. In this guide, I’ll show you how I set up AdGuard Home on my home server to block ads and malware network-wide.

How AdGuard will block ads?

When you visit a website, your browser makes multiple DNS requests—not just for the main site, but also for third-party resources like advertisements, trackers, and analytics scripts. Normally, the DNS resolver returns the actual IP address of the requested domain, allowing your browser to load the content.

However, with AdGuard Home acting as a DNS sinkhole, things work differently. When our browser requests an ad, instead of the resolver returning the IP address of a known ad domain, it returns 0.0.0.0. Essentially, it doesn’t tell us where the ad was supposed to go—it just throws it into a black hole. :)

Installing AdGuard on home server

Usually, these types of projects are installed on a Raspberry Pi and use alternative DNS sinkholes like Pi-hole. However, in this case, I’ll be using a spare computer to act as my DNS sinkhole.

Step 1: Installing AdGuard Home on Ubuntu Server
I have Ubuntu Server installed on my home server, so I’ll be setting up AdGuard Home on Ubuntu Server 22.04.

If you need help installing Ubuntu Server, you can refer to my other blog section, where I cover the installation process in detail.

After having ubuntu server setup run the following commands
Firs update your list with

sudo apt update

Then copy and paste this command to install adguard home:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

On output, we can see we can access a GUI at port 3000:

Next Steps after Accessing AdGuard Home GUI

After you've successfully accessed your AdGuard Home web interface (usually at http://your-adguard-ip:3000), you should follow these recommended steps to complete the setup:

Step 1: Complete the Initial Setup Wizard
Once logged in, AdGuard Home guides you through an easy setup wizard.

Set your administrator username and strong password.
Choose the network interface AdGuard Home should listen to (typically leave it as default).

Step 2: Configure Your Network to Use AdGuard Home

Now that your AdGuard Home server is set up, direct your devices to use it as their DNS server:

Recommended: Configure at the Router Level

Access your router's settings.
Navigate to the DHCP/DNS settings section.
Enter your Ubuntu server IP address as the primary DNS server.

You need to use your Ubuntu Server's IP address (where AdGuard Home is actually installed and running) instead of the address you might be using to access the GUI, because your network devices rely directly on the server handling DNS queries, not on the GUI interface itself. The AdGuard GUI is simply a web-based administration panel that could be accessed through various network routes or IPs, especially in scenarios involving virtualization or NAT. However, the DNS functionality occurs directly at the server level, precisely at the Ubuntu server hosting AdGuard. Therefore, setting your router's primary DNS to the Ubuntu Server IP ensures all devices on your network forward their DNS requests to the correct location, allowing AdGuard Home to intercept and block ads properly at a network-wide level.

Alternative:

Set the DNS server manually on each individual device. (Not recommended, as it’s more tedious and less efficient.)

Step 3: Add DNS Blocklists (Recommended)
AdGuard Home comes preloaded with a default blocklist. But to maximize ad and malware blocking:

Click Filters → DNS Blocklists.
Click on Add blocklist and use recommended blocklists

Step 4: Add DNS Upstream (Recommended)

AdGuard Home acts as a local DNS server, but it still forwards DNS queries to external servers, known as "upstream DNS servers." By default, DNS queries are unencrypted, meaning your browsing activity could be viewed by ISPs or anyone else monitoring your network. To enhance privacy and security, it's strongly recommended to use encrypted DNS, specifically DNS-over-HTTPS (DoH), which encrypts DNS queries, keeping your browsing activity private and secure.

AdGuard provides a detailed list of recommended secure DNS providers that support DNS-over-HTTPS. Some of the most privacy-oriented and trusted providers on this list include AdGuard DNS, Cloudflare, and Quad9. I recommend using the following:

To configure your secure DNS, log in to your AdGuard Home GUI, navigate to Settings → DNS settings, and go to the "Upstream DNS servers" section. Here, remove any existing default servers and input your preferred DNS-over-HTTPS server endpoint from the recommended list on the image below or from the list URL.

Testing AdGuard adblock capabilities

Now that AdGuard is set as our DNS resolver, let's verify if it's successfully blocking ads and trackers. To confirm AdGuard's functionality, we'll conduct the following tests:

1. Visit a Website Known to Display Ads

We'll use CNET.com for this demonstration, as it's well-known for showing many ads.

Before enabling AdGuard Home (Ads visible):

After enabling AdGuard Home (Ads blocked):

As you can see, the ads on the page are no longer present, indicating that AdGuard Home is effectively blocking ad domains.

2. Running Dedicated Ad-block Tests

To further validate the effectiveness, let's run dedicated tests with specialized tool [superadblocktest]:

Results with AdGuard active:

AdGuard Query Log showing blocked domains:

Using Artem Sherbachuk’s Adblock Test

Conclusion

In this guide, we've successfully set up AdGuard Home as a DNS sinkhole on an Ubuntu server, providing effective ad-blocking and protection against tracking and malicious domains across your entire home network. Feel free to customize your blocklists and DNS rules to further enhance your privacy and security. Happy browsing! 🌐

Homomorphic Encryption: Unlocking Privacy Without Losing Utility

Enmanuel Reynoso — Mon, 24 Feb 2025 05:32:24 +0000

Current encryption technologies play a crucial role in today's digital world. They support the secure functioning of the Internet, form the foundation of Web3, and enable individuals to safeguard their personal information. Yet, traditional encryption methods have a significant drawback—data typically must be decrypted before it can be analyzed or processed. Unfortunately, decrypting sensitive data to perform computations exposes it to third parties, defeating the purpose of encryption.

Homomorphic encryption addresses this problem by allowing computations to occur on encrypted data itself. This means cloud providers and web-based services can process your data without ever having direct access to the underlying sensitive information. For organizations and individuals concerned about privacy, homomorphic encryption provides enhanced functionality while maintaining robust data security.

What Is Homomorphic Encryption?

Outsource the computation of a function f(x) on data x to a server, without revealing the data to the server.

Imagine being able to securely analyze sensitive data—such as your medical history, financial records, or personal details—without ever showing it directly to third parties.

Homomorphic encryption is an innovative cryptographic method that allows computations to be performed on encrypted data, eliminating the need to decrypt it first. This means your data stays protected and encrypted, even as external services analyze it.

Here's why that's exciting: Suppose you want insights from your genetic data. Currently, using genetic testing services typically involves sharing highly sensitive information. With homomorphic encryption, these services could analyze your encrypted DNA without ever directly accessing your genetic sequences—providing valuable insights while protecting your privacy.

Though first proposed in 1978 by Rivest, Adleman, and Dertouzos, homomorphic encryption became practical only in 2009, thanks to computer scientist Craig Gentry.

Gentry describes the idea vividly, comparing homomorphic encryption to having a "sealed glove box":

“Imagine you have a sealed glove box containing sensitive materials. Anyone can slide their hands into the gloves attached to the outside, manipulate and rearrange the objects inside the box—but they can never remove or directly access what’s inside. When the work is complete, only the owner with the key can unlock the box and retrieve the processed information.”

Homomorphic Encryption Use Cases

Computing AI algorithms on encrypted data is possible thanks to homomorphic encryption.

Diagram By Chainlink

Secure Artificial Intelligence/Machine Learning

Artificial Intelligence thrives on vast amounts of data. But often, the most valuable datasets—such as medical records or financial data—remain inaccessible due to privacy concerns. Homomorphic encryption solves this by enabling AI models to learn from encrypted data, never needing access to the raw information.

Example:

Imagine an AI startup wants to develop a powerful predictive model that can accurately forecast financial risks, fraud, and creditworthiness based on spending patterns and bank transaction histories. Naturally, banks have strict privacy regulations and cannot simply share sensitive customer transactions and financial details directly with an external AI company.

Traditionally, such collaboration would be impossible without exposing private data—something banks and customers alike would never accept. But with homomorphic encryption, banks can securely share encrypted financial transaction data with the AI startup. The AI company can then run its predictive algorithms on these encrypted records without ever actually seeing individual transaction details.

2. Secure Cloud Computing

Traditionally, cloud providers must have direct access to your data to perform computations, creating significant privacy risks. Homomorphic encryption changes the game entirely, allowing cloud providers to process encrypted data without ever decrypting it.

3. Regulatory Compliance

Businesses worldwide face increasing regulatory requirements like GDPR, emphasizing stringent privacy standards. Homomorphic encryption helps companies comply with these regulations while still offering innovative digital services.

4. Secure and Transparent Voting Systems

Homomorphic encryption provides an ideal solution for confidential, transparent, and verifiable voting systems. Votes remain encrypted and anonymous, while still being accurately checked and auditable by external entities.

5. Enhancing Supply Chain Security**

Supply chains involve sharing sensitive data across multiple partners, including vendors, logistics providers, and contractors. This shared data creates vulnerabilities and potential entry points for cyberattacks. Homomorphic encryption can eliminate these vulnerabilities by encrypting
sensitive information end-to-end.

Conclusion

Homomorphic encryption isn’t just a technical curiosity. It's a fundamental shift in how we balance the power of data analytics with the necessity of data privacy.

As more organizations and individuals prioritize privacy, homomorphic encryption offers an exciting path forward: harnessing the full value of data without compromising confidentiality. This isn't merely encryption as usual; it's the future of secure collaboration and trust.

Deploying a Cowrie SSH Honeypot on a home server. 🍯

Enmanuel Reynoso — Sun, 23 Feb 2025 03:27:02 +0000

Introduction

What is a Honeypot?

A honeypot is a deception security mechanism that mimics real systems to attract and analyze cyber threats. Threat actors interact with the honeypot, allowing security professionals to study their behavior.

This guide will show you how to deploy a Cowrie SSH honeypot for logging attacker activity. You can choose to:

Run it on a VPS from any cloud provider (AWS, DigitalOcean, Linode, etc.).
Set up a home server on any machine for centralized control.

In this case, i’ll be using a refurbished HP ProDesk running Ubuntu Server as our dedicated honeypot machine. However, the steps will also work on a VPS.

1️⃣ Hardware Requirements

Option 1: HP ProDesk (or Similar Home Server)

x86_64-based system with at least:

CPU: Dual-core or better
RAM: 4GB+ (8GB recommended)
Storage: 20GB+ SSD/HDD
Ethernet connection for stable logging

Option 2: VPS from Any Cloud Provider

Any VPS running Ubuntu Server 22.04+

Providers: AWS, Linode, DigitalOcean, Hetzner, etc

Minimum recommended specs:
1 vCPU
2GB RAM
20GB SSD

A public IP address to allow remote access

Configurations

Open port 2222 for honeypot SSH

2️⃣ Software Requirements

Ubuntu Server 22.04 LTS (or newer)
Download from: Ubuntu Server Download
Installed with SSH access enabled
Set up with a non-root user (sudo enabled)

Basic Linux & Networking Knowledge

Familiarity with SSH, systemctl, and firewalls

Installation

Before setting up Cowrie, you need to install Ubuntu Server on your machine. You can install it in two ways:

1️⃣ On a physical machine using a bootable USB (e.g., HP ProDesk).
2️⃣ Inside a virtual machine using VirtualBox (which we’ll use in this guide)

Option 1: Install Ubuntu Server with a Bootable USB

If you’re installing on a physical machine (like HP ProDesk), follow this guide

Steps:

Download Ubuntu Server LTS from Ubuntu Server Download.
Create a bootable USB using Rufus (Windows) or balenaEtcher (Mac/Linux).
Boot from the USB and follow the installation steps.

🎥 Watch this video tutorial for creating a bootable USB & installing Ubuntu Server

Option 2: Install Ubuntu Server on a Virtual Machine (VirtualBox)

In this guide, I’ll be installing Ubuntu Server on a Virtual Machine (VM) using VirtualBox.
**
Step 1: Download & Install VirtualBox

Download VirtualBox from: https://www.virtualbox.org/
Install VirtualBox for your OS.

Step 2: Create a New Virtual Machine

1️⃣ Open VirtualBox and click "New".
2️⃣ Set the name as Ubuntu_Honeypot.
3️⃣ Select Type: Linux, Version: Ubuntu.
4️⃣ Allocate at least 2048MB (2GB) RAM (4GB recommended).
5️⃣ Create a 20GB (or more) virtual hard disk
6️⃣ Click "Create" to finish setting up the VM.

Step 3: Configure VM Settings

Before starting the VM, tweak a few settings for better performance:

1️⃣ Go to "Settings" → "System" → "Processor" → Set at least 2 CPUs.
2️⃣ Enable Network Bridging:

Go to Settings → Network → Change "Attached to" Bridged Adapter (to make the VM accessible on your local network).

Deploying Cowrie Using Docker

Cowrie can be easily deployed using a Docker container, making setup and management much simpler. Below is how you can quickly get Cowrie running inside Docker.

1️⃣ Install Docker (If Not Installed)
First, install Docker on your system:

sudo apt update && sudo apt install -y docker.io

Enable and start the Docker service:

sudo systemctl enable --now docker

Check if Docker is running:

docker --version

2️⃣ Run Cowrie with Docker
To quickly start Cowrie using a pre-built Docker image, run:

sudo docker run -p 2222:2222 cowrie/cowrie:latest

-p 2222:2222 → Exposes port 2222 on the host, forwarding it to the container.

3️⃣ Connect to the Cowrie Honeypot
Once the container is running, you can test SSH access:

nmap -p 2222 -sV <server-ip>

ssh -p 2222 root@localhost

If using another machine on the same network, replace localhost with the server’s IP:

ssh -p 2222 root@<server-ip>

Exposing Cowrie Running in Docker to the Internet

In this section we will be doing the following:

✅ Expose Cowrie (running in Docker) to the internet so real attackers can interact with it.

1️⃣ Expose Cowrie to the Internet

By default, Docker containers run in an isolated network. To make Cowrie publicly accessible, we need to:

Ensure the correct port is mapped
Forward the port from your router
Allow traffic through the firewall (UFW)

Step 1: Run Cowrie with Port Mapping

If your container is already running, stop and remove it first:

docker stop cowrie && docker rm cowrie

Now, restart Cowrie with proper port forwarding:

docker run -d --name cowrie -p 2222:2222 cowrie/cowrie:latest

Now, test SSH access from another computer:

ssh root@your-server-ip -p 2222

If this works, move to the next step.

Step 2: Allow SSH Traffic in UFW (Firewall)
Make sure your firewall allows incoming SSH connections:

sudo ufw allow 2222/tcp
sudo ufw reload
sudo ufw status numbered

Now, your server should allow SSH traffic on port 2222.

Step 3: Set Up Port Forwarding on Your Router (For Public Access)

To make your honeypot publicly accessible, you need to forward port 2222 on your router.

Log into your router settings (usually at 192.168.1.1).
Find Port Forwarding / NAT Settings.
Add a rule:

External Port: 2222
Internal Port: 2222
Protocol: TCP
Destination IP: Your server’s local IP (e.g., 192.168.1.100).

Save the changes and restart your router.

Playing around with honeypot

After running the previous Docker command to start Cowrie, our server is now actively accepting SSH connections.

Interacting with the Fake SSH Server

Let’s test the honeypot by logging in from another machine:

Once connected, you’ll notice that Cowrie presents a fully interactive fake filesystem designed to mimic a real Linux server.

Cowrie tricks attackers by allowing them to execute commands, navigate directories, and even try to download malicious tools.