Author: smunir362
Subject: vsftpd server security
Posted: Thu Mar 04, 2010 11:35 pm (GMT 6)
Topic Replies: 0
I want that my ftp users be able to upload only (*.doc,*.xls,*.ppt) files only in their respected home directories.
How can I do it.
I am using RHEL 4.5...
Feeds
60057 items (60056 unread) in 81 feeds
FLOSSIndia
(29905 unread)
-
Anna University LUG Google Group (75 unread)
-
biharlinuxusergroup at Yahoo! Groups
(38 unread)
-
Bangalore Linux Users' Group - Focus, Fun, Decorum
(16 unread)
-
The Un-official ILUG-Delhi Wiki (90 unread)
-
dgplug - Sekho ebang Sekhao (213 unread)
-
FLOSSinIndia (25 unread)
-
Voice of FSUG-Kochi
(10 unread)
-
linuxgoahelp at Yahoo! Groups
(69 unread)
-
linuxinindia (29 unread)
-
goa-floss-developer at Yahoo! Groups
(180 unread)
-
ilug-cochin at Yahoo! Groups
(52 unread)
-
ilug-indore at Yahoo! Groups
(107 unread)
-
ilug-jodhpur at Yahoo! Groups
(2150 unread)
-
ilug-goa at Yahoo! Groups
(5909 unread)
-
ilug-goa-announce at Yahoo! Groups
(132 unread)
-
ilug-ktm at Yahoo! Groups
(447 unread)
-
ilug-ngp at Yahoo! Groups
(995 unread)
-
ilug-ponda at Yahoo! Groups
(198 unread)
-
ilughyd at Yahoo! Groups
(1904 unread)
-
ilug-tvm at Yahoo! Groups
(257 unread)
-
ilug-mangalore at Yahoo! Groups
(647 unread)
-
Indianlc at Yahoo! Groups
(176 unread)
-
kict_lug at Yahoo! Groups
(35 unread)
-
learn-linux at Yahoo! Groups
(36 unread)
-
KSIT - News And Stuff
(65 unread)
-
linux-bangalore at Yahoo! Groups
(117 unread)
-
linux-bangalore-non-tech at Yahoo! Groups
(536 unread)
-
linux-bangalore-lli at Yahoo! Groups
(30 unread)
-
linux-bangalore-programming at Yahoo! Groups
(423 unread)
-
linux-bangalore-technical at Yahoo! Groups
(901 unread)
-
linux_chandigarh at Yahoo! Groups
(471 unread)
-
linux_gurus at Yahoo! Groups
(284 unread)
-
linux-india-programmers at Yahoo! Groups
(5836 unread)
-
-
linux-Ahmedabad-users at Yahoo! Groups
(252 unread)
-
linux-manipur at Yahoo! Groups
(251 unread)
-
linuxers@mm.ilug-bom.org.in
(2476 unread)
-
linux_schools at Yahoo! Groups
(41 unread)
-
little_league at Yahoo! Groups
(128 unread)
-
-
mypapit gnu/linux blog
(403 unread)
-
nagpur-lug at Yahoo! Groups
(338 unread)
-
Entrepreneur Geek
(430 unread)
-
php_jobs_india at Yahoo! Groups
(49 unread)
-
p_lug at Yahoo! Groups
(643 unread)
-
Prakash Advani's Blog
(276 unread)
-
SunCityJodhpurLUG at Yahoo! Groups
(112 unread)
-
teach-yourself-linux at Yahoo! Groups
(207 unread)
-
twincling™ (57 unread)
-
uvpce_lug at Yahoo! Groups
(59 unread)
-
Gaurav Joshua Vaz (64 unread)
FLOSSSouthAsia
(9426 unread)
-
bdlug at Yahoo! Groups
(2857 unread)
-
linux-nepal at Yahoo! Groups
(139 unread)
-
linuxpakistan.net
(6381 unread)
-
LinuxPakistan Portal - {Linux|Pakistan} Rocks!
(39 unread)
-
sinhala.linux.lk (සිංහල) - Sinhala GNU/Linux
(10 unread)
FLOSSAsia
(13696 unread)
-
Arabeyes
(120 unread)
-
balinux at Yahoo! Groups
(1171 unread)
-
dubailug at Yahoo! Groups
(1476 unread)
-
The Egyptian GNU/Linux User Group - جنو لينكس مصر - حيث تأكل البطاريق الطعمية (118 unread)
-
FLOSS In Asia (28 unread)
-
ltsp-id at Yahoo! Groups
(72 unread)
-
-
indonesia-linux at Yahoo! Groups
(283 unread)
-
IOSN - Upcoming FOSS Events in Asia-Pacific Region
(1 unread)
-
linux_jeddah at Yahoo! Groups
(15 unread)
-
Linux-middleeast at Yahoo! Groups
(149 unread)
-
Linux_Egypt at Yahoo! Groups
(385 unread)
-
-
Planet MYOSS
(6797 unread)
-
A. Sajjad Zaidi's Blog (315 unread)
-
saudi_linux at Yahoo! Groups
(28 unread)
-
ThaiLUG at Yahoo! Groups
(87 unread)
-
tlwg at Yahoo! Groups
(2402 unread)
Miscellaneous
(7029 unread)
-
bytesforall_floss at Yahoo! Groups
(156 unread)
-
bytesforall_readers at Yahoo! Groups
(5407 unread)
-
doggone dong (24 unread)
-
foss4us blogs (28 unread)
-
gnubies-il at Yahoo! Groups
(300 unread)
-
-
simputer at Yahoo! Groups
(297 unread)
«
463 items tagged "Security"
Related tags: ubuntu [+], debian [+], Linux [+], release [+], patch [+], opensource [+], mysql [+], howto [+], ssh [+], mozilla [+], firefox [+], PHP [+], sql [+], iptables [+], htaccess [+], hacks [+], filters [+], bandwidth [+], apache [+], Conference [+], .htaccess [+], wordpress [+], vmspliceexploit [+], update [+], tomcatserver [+], tomcat [+], sudo [+], securityrelease [+], rescuecd [+], phishing [+], opensuse [+], networkmonitoring [+], mysqli [+], malaysia [+], livecd [+], knoppix [+], hsbc [+], hardening [+], gmail [+], exploit [+], connector [+], bugfix [+], bank [+], Vietnam [+], VNSecurity [+], Technology [+], Ports [+], Networks [+], Logs [+], Internet [+], IPcop [+], Honeynet [+], Hackinthebox [+], HackInTheBoxConference2007 [+], HITBSecConf [+], Firewall [+], Apple [+]
linuxpakistan.net
-
vsftpd server security
Fetched: March 4th, 2010, 12:35am GMT
Tags: Security [edit]
-
chrooting apache troubles mysql
Fetched: March 2nd, 2010, 8:35pm GMT
Tags: Security [edit]
Author: ghulam yaseen
Subject: chrooting apache troubles mysql
Posted: Tue Mar 02, 2010 5:39 pm (GMT 6)
Topic Replies: 2
Hello All,
I have successfully implemeted the chroot enviorment for the Apache, the webpages work fine without involving mysql. But when i run a mysql related webpage it gives me error
Not connected to MySql...Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Any fix for this issue?
-
samba security
Fetched: February 25th, 2010, 12:35am GMT
Tags: Security [edit]
Author: smunir362
Subject: samba security
Posted: Thu Feb 25, 2010 10:55 pm (GMT 6)
Topic Replies: 1
Hi,
I have configured samba 3 in Red Hat Linux EL 4.
I am using this shared folder for all users to access without password.
I set up guest ok. It runs well.
But I want that user should execute files only but should not be able to list or view the files/folders....
How can I do that...
Regards,
Munir
-
Telnet jail
Fetched: January 13th, 2010, 12:35am GMT
Tags: Security [edit]
Author: smunir362
Subject: Telnet jail
Posted: Wed Jan 13, 2010 11:23 pm (GMT 6)
Topic Replies: 2
I am using Red Hat Enterprise Linux 4. I want to restrict users in their home directories whan they telnet/ftp into the system.
I successfully implemented ftp in jail environment.
But I am looking for telnet/ssh jail configurations.
Pls tell me in detailed.
-
Free Seminar on RHCSS
Fetched: November 18th, 2009, 12:35am GMT
Tags: Security [edit]
Author: maazbhutta
Subject: Free Seminar on RHCSS
Posted: Thu Nov 19, 2009 12:42 am (GMT 6)
Topic Replies: 0
Corvit Systems is arranging a seminar on RHCSS (Red-Hat Certified Security Specialist) expert-level certification of Linux Operating System. This certification is being launched for the first time ever in Pakistan, and the focus of this rendezvous is to promote and project the highest-level of Linux based expertise worldwide.
You are requested to attend the seminar on 20th November 2009, 6:30 to 8:00 PM, at Corvit Systems, Islamabad, and have the most resourceful experience ever on securing the network servers through Linux.
Regards
-
PTCL Broadband router security issues. LESSON FOR ALL
Fetched: September 30th, 2009, 4:35am BST
Tags: Security [edit]
Author: qasali
Subject: PTCL Broadband router security issues. LESSON FOR ALL
Posted: Thu Oct 01, 2009 12:18 am (GMT 6)
Topic Replies: 4
Hi all,
Today i just sat at my computer. Its 12:00 am night and went to whatismyip.com. the site displayed the dynamic ip assigned to me by PTCL broadband.
I got curious about the ip range that PTCL has bought. I browsed www.ripe.net and clicked advance search. I selected APNIC as database. By the way APNIC stands for ASIA PACIFIC NIC. It contains the database of IPs assigned in Asia Pacific region. The result of the query returned was
inetnum: 119.152.0.0 - 119.159.255.255
netname: PTCLIPTVNET
descr: PTCL Triple Play Project
descr: Legacy Telco Service Provider
descr: Islamabad, Pakistan
country: PK
admin-c: IAB1-PK
tech-c: IAB1-PK
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-PK-PTCLBB
mnt-routes: MAINT-PK-PTCLBB
status: ALLOCATED PORTABLE
source: APNIC # Filtered
person: IMTIAZ AHMED BAIBERS
address: PTCL Headquarters, 5th Floor New Building
country: PK
phone: +92-332-513-5995
e-mail: ahmed.imtiaz@ptcl.net.pk
nic-hdl: IAB1-PK
mnt-by: MAINT-PK-PTCLBB
source: APNIC # Filtered
look at the 1st line. The range is 119.152.0.0 - 119.159.255.255 or 119.152.0.0/13.
This means that ptcl bought 8 x 255 x 254 = 518160 IPs.
Now i wanted to check how many hosts are online. Scanning 518160 ips is really time taking and i had to go to sleep for 6-7 hrs and then i may had gotten the result but i couldnt wait and pinged only 119.153.134.0/16. Thats also a large number (255 x 254 ips). After a scan of about 25000 ips i stopped the process. About 2125 users were online and some others may be (clever ones) if they have disable the ping access in the adsl router/modem.
Lol now i went ahead and tried 30 ips (thinking what have been hosted on these websites). But when i entered ips one by one in my internet browser it gave me the web page of routers of home users and u guys know each and everyone had default administrator username and password except one ip who has disabled the access to port 80 of external interface of the router.
Guys thats too much.
Knowledgable network guys must have understood what can be the consequences. One example when u use e-mule or a torrent software, u add port forwarding rules in a router. If a person adds a rule to map outside ips to local interface and any specfic port. Then with the help of a software, its dang ....
So please change the default admin-admin combination to admin-newpassword combination.
Also download the Cyber law crime act from www.fia.gov.pk for ur knowledge
Looking forward to comments
-
Data Backup
Fetched: September 1st, 2009, 9:29pm BST
Tags: Security [edit]
Author: adilkhan_86
Subject: Data Backup
Posted: Thu Aug 27, 2009 12:10 pm (GMT 6)
Topic Replies: 8
Dear All,
I would like to know to have some kind of Opensource Backup Solution for my Office, Which will automatically take backup of user data.
Thanks
_________________
Warm Regards
Mohammad Adil Zulqarnain
Cell# 0301 2200030
-
Data Backup
Fetched: September 1st, 2009, 9:29pm BST
Tags: Security [edit]
Author: adilkhan_86
Subject: Data Backup
Posted: Thu Aug 27, 2009 12:10 pm (GMT 6)
Topic Replies: 5
Dear All,
I would like to know to have some kind of Opensource Backup Solution for my Office, Which will automatically take backup of user data.
Thanks
_________________
Warm Regards
Mohammad Adil Zulqarnain
Cell# 0301 2200030
-
Securing USB Devices
Fetched: August 26th, 2009, 12:36pm BST
Tags: Security [edit]
Author: adilkhan_86
Subject: Securing USB Devices
Posted: Wed Aug 26, 2009 11:36 am (GMT 6)
Topic Replies: 5
Hi Every One,
Do any one knows how to secure USB and protect them with Password.
_________________
Warm Regards
Mohammad Adil Zulqarnain
Cell# 0301 2200030
-
can anyone send me some firewall(iptables or ipchain)
Fetched: July 2nd, 2009, 4:36am BST
Tags: Security [edit]
Author: fahadul
Subject: can anyone send me some firewall(iptables or ipchain)
Posted: Wed Jul 01, 2009 9:15 pm (GMT 6)
Topic Replies: 1
i have install in a same IBM SERVER DNS,WEB(Apache),MAIL(Sendmail)in redhat enterprise 3 es but my firewall is very weak can anyone send me some firewall(iptables or ipchain) for my dns,web & mail server?
_________________
Fahadul haque
-
how to block msn and yahoo messenger??
Fetched: July 2nd, 2009, 4:36am BST
Tags: Security [edit]
Author: fahadul
Subject: how to block msn and yahoo messenger??
Posted: Wed Jul 01, 2009 9:18 pm (GMT 6)
Topic Replies: 1
I am running my internet gateway with RedHat 9 and also running Transperent Proxy with squid.but i can't block msn and yahoo messenger...how do i block it....?????
_________________
Fahadul haque
-
How should I block Yahoo and msn messenger in IPCOP
Fetched: February 22nd, 2009, 8:36pm GMT
Tags: Security [edit]
Author: adilkhan_86
Subject: How should I block Yahoo and msn messenger in IPCOP
Posted: Sun Feb 22, 2009 6:50 pm (GMT 6)
Topic Replies: 1
Hi everyone,
Would someone suggest, How should I block/stop access to yahoo and msn messenger using IPCOP firewall.
Your support is highly appreciated.
Thanks
Adil
_________________
Warm Regards
Mohammad Adil Zulqarnain
Cell# 0301 2200030
-
CHASE - 2009 | Call For Papers
Fetched: February 8th, 2009, 5:43pm GMT
Tags: Security [edit]
Author: kakaaballi
Subject: CHASE - 2009 | Call For Papers
Posted: Sun Feb 08, 2009 5:23 pm (GMT 6)
Topic Replies: 0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
C H A S E - 2 0 0 9
Lahore
May 22-26 2009
[www.chase.org.pk]
CHASE is a unique information and network security
event of its kind being organized in Pakistan. It was
first organized in year 2006.
In addition to presentations and talks, CHASE-2009
will hold trainings on four different tracks. For
details, please visit the website at:
[www.chase.org.pk]
** TRAVEL FUNDING **
Partial or full travel funding is available for speakers from
outside of Pakistan. Completely FREE BOARDING AND LODGING is
available for ALL the international participants whether
they speak at the event or just attend the talks.
** CALL FOR PAPERS **
If you are a hacker or a computer and internet security
professional and have something to talk about, then you have
an opportunity to do so at CHASE 2009. Please download and
fill out submission form and send your presentation as early
as possible to:
cfp AT chase DOT org DOT pk
Last date for filing submissions is Friday March 27, 2009.
All those individuals who would like to present are urged to
at least send their abstracts as early as possible to the
mail above. To see guidelines for submission, please visit
the following page:
[www.chase.org.pk]
** TRAININGS **
This event would offer trainings in four tracks. To see
details of the training and to get registered, please visit
the link below:
[www.chase.org.pk]
** Call For Participation **
Those who just want to participate may please register as
early as possible. Just visit the website or send an email
to:
register AT chase DOT org DOT pk.
The event comprises of five days. First day is for talks and
the remaining four days are for trainings. You need to register
separately for talks and trainings. To see details and to see
how you can register, please visit the following page:
[chase.org.pk]
Hoping to see you all at CHASE-2009 Lahore.
- - --
CHASE Team
chase@...
Friday February 06, 2009.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFHC0ljaVLjC8ViUeIRAjkvAKCsfvWrSUH1WtLQS5f23c25C47PJQCgmfA3
CMPo/UWWYNl2onux8lxUfVY=
=xGvp
-----END PGP SIGNATURE-----
--- End forwarded message ---
-
Top 100 Network Security Tools
Fetched: January 22nd, 2009, 4:36am GMT
Tags: Security [edit]
Author: kashif
Subject: Top 100 Network Security Tools
Posted: Fri Jan 23, 2009 12:19 am (GMT 6)
Topic Replies: 1
assalam o alaikum,
Very informative site for security concerns.
[sectools.org]
_________________
**********************************************
As-Salaatu was-Salaamu Alaika Ya Sayyidi Ya Rasool ALLAH
**********************************************
-
spam words for filtering.
Fetched: November 30th, 2008, 8:37pm GMT
Tags: Security [edit]
Author: azfar
Subject: spam words for filtering.
Posted: Sun Nov 30, 2008 7:28 pm (GMT 6)
Topic Replies: 6
I am looking for a list of words thats are usualy used in spam. Is there any one who share his/her list with me?
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
Bayesian filtering question.
Fetched: November 29th, 2008, 4:36pm GMT
Tags: Security [edit]
Author: azfar
Subject: Bayesian filtering question.
Posted: Sat Nov 29, 2008 4:01 pm (GMT 6)
Topic Replies: 2
I am trying to find out how exactly bayesian filtering works but I am not clear on it.
My question is how bayesian filtering actualy works i-e it collects the words from whole message (header, body & subject) or just body & subject or just from body.
In my scenario users forward me those spam messages (ham) which are incorrectly marked as spam and those ham messages (spam) which are actualy spam.
My problem in this way is that orignal messages are now modified and extra headers and signatures are also added with them and I am curious that this will train the filter in wrong manner.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
Barracuda make their BBL available for free
Fetched: November 22nd, 2008, 12:36am GMT
Tags: Security [edit]
Author: azfar
Subject: Barracuda make their BBL available for free
Posted: Sat Nov 22, 2008 11:56 pm (GMT 6)
Topic Replies: 2
Barracuda Reputation Block List (BRBL)
Starting in September 2008, Barracuda Networks introduced the Barracuda Reputation Block List (BRBL pronounced "bahr-bel") as a free DNSBL of IP addresses known to send spam. Barracuda Networks fights spam and created the BRBL to help stop the spread of spam.
If you are interested in using or supporting the BRBL, please let us know: Request Access Feedback
The BRBL is open to public and can be used within reason. Barracuda Networks is currently making this service available free of charge and we hope to keep it that way. Barracuda Networks does require free registration to gain access to the DNSBL. If you would like to register, please click here
Registration is simple and immediate. Please note that this service is provided free of charge, therefore Barracuda Networks reserves the right to refuse service to spammers, competitors and other parties at the company's discretion. This service is provided as is with no warranty of any kind.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
this is why i don't use php.
Fetched: November 5th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: lambda
Subject: this is why i don't use php.
Posted: Wed Nov 05, 2008 10:16 am (GMT 6)
Topic Replies: 0
[dow.ngra.de]
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
iptables Default Policy of DROP
Fetched: September 13th, 2008, 11:13am BST
Tags: Security [edit]
Author: Javed4u
Subject: iptables Default Policy of DROP
Posted: Sat Sep 13, 2008 7:13 am (GMT 6)
Topic Replies: 1
AOA
I am using Fedora 6 as my gateway configured with nat and iptables.I have two questions.
First of all i want to secure my linux box as much as possible by impliment firewall script using iptables to change default policy of every chain to DROP and then allow only specific services that are required to run on my network, like http, ftp.
Secondly i have blocked some sites in squid. But user managed to open it by entering its ip address instead of url. Plz help me to resolve this issue using squid.
Regards,
Asif
-
IP Conflict Problem
Fetched: August 23rd, 2008, 8:35pm BST
Tags: Security [edit]
Author: imzee
Subject: IP Conflict Problem
Posted: Sat Aug 23, 2008 5:40 pm (GMT 6)
Topic Replies: 2
Assalam-o-alikom to all brothers/sisters
before few days, i am facing the problem of IP CONFLICT. How i can trace whict computer conflic IP with server? in windows we can trace MAC address of same computer who conflict with server. is it possible to see the MAC address of computer who conflicting with server IP?
Please help me.
_________________
Imtiaz Mustafa
System Support Supervisor
Regent Plaza Hotel Karachi
Cell : 0345-2828-799
e-mail : imtiazmustafa@hotmail.com
Planet MYOSS
-
Danesh Manoharan: Sudo enable Yast in openSUSE 11
Posted: August 6th, 2008, 7:54pm BST
Tags: howto Linux opensuse Security sudo [edit]
One of annoyance I found on openSUSE 11 is that Yast is no longer sudo enabled. The privilege elevation sudo line “[username] ALL=(ALL) NOPASSWD: ALL” works with everything else except for Yast.
In versions prior to openSUSE 11 sudo worked fine with Yast. Apparently in openSUSE 11 Yast sudo was switched to su.
Here’s how you’d get Yast to start working with sudo again.
Similar Posts:danny@pandora:~> kwriteconfig -file kdesurc -group super-user-command -key super-user-command sudo- How to run IE in openSUSE 10.3
- How to find a program’s process id (pid)
- Running previous commands in Linux
- -bash: /usr/bin/crontab: Permission denied
- Remove Zenworks Management Daemon
linuxpakistan.net
-
Solution For BIND 9 Vulnerability ( DNS Cache Poisioning)
Fetched: July 31st, 2008, 7:12pm BST
Tags: Security [edit]
Author: dev/null
Subject: Solution For BIND 9 Vulnerability ( DNS Cache Poisioning)
Posted: Thu Jul 31, 2008 4:27 pm (GMT 6)
Topic Replies: 4
AOA
and Hi to all friends.
I am back again with another cracking solution .
BIND 9 now have Vulnerability and it will effects all major distributions ,
BACKGROUND (Old Vulnerabilities):
-----------------------------------------
Though it already were Vulnerable and that was discovered in late 2006
according to ciac.org two vulnerabilities have been discovered that affects various versions of BIND 9.
PLATFORM: BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3b1, 9.3.3rc1, 9.4.0a1, 9.4.0a2, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
DAMAGE: If exploited, these vulnerabilities could potentially lead to a denial-of-service (DoS) condition.
For more information you can visit :
[www.ciac.org]
Current Vulnerability (DNS Cache Poising) :
--------------------------------------------------
Discovered by Dan Kaminsky earlier this month announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too.
Instead of writing details on the Vulnerability i decided to write on current solution for DNS Cache Poisioning,
Fedora/CentOS Solution :
-----------------------------
Prerequisites And Assumptions :
+ Your firewall (iptables NAT/PAT or PIX) must have port 53 open in such a way that it will allow random port selection.
+ You must be running BIND 9 on Centos 4 or 5 or any Fedora core system.
+ Bind must be running in chrooted mode though not a prerequisite but a best practice.
+ In your /etc/named/named.conf OR /etc/named.conf files....One must disable recursive querying and also add an acl to only allow their networks to do recursive requests. With this, the system administrator will have reduced chances of cache poisoning down to their own known networks.
acl "mynetworks" {
127/8; 172.16.0.0/12; 10.0.0.0/8;
--------------------------------------------------------
view "internal" {
match-clients { mynetwork; };
allow-query { mynetwork; };
allow-recursion { mynetwork; };
match-recursive-only yes;
--------------------------------------------------------
view "external" {
match-clients { any; };
allow-query { any; };
allow-recursion { none; };
match-recursive-only no;
-------------------------------------------------------
To Fix The BIND Vulnerability :
-----------------------------------
The first step is for one to check if their system is vulnerable...by running the commands below replacing ns1.linux.net.pk with your organization's TLD or ccTLD.
[root@pk~] # dig +short @ns1.linux.net.pk porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"192.168.1.3 is POOR: 26 queries in 20.0 seconds from 1 ports with std dev 0.00"
POOR-----> definitely indicates that the name-server or system in question is vulnerable and of course the BIND software running is also old and needs to be PATCHED ...
SOLUTION/FIX :
------------------
For those who run CentOS OR Fedora systems.....yum can be used to patch the systems. The CentOS 5 developers have already released a patch for BIND software and the current one is: bind-9.3.4-6.0.2.P1.el5_2. P1 indicates the package is a patched one.
On my systems after patching i got this result..
[root@pk~]# rpm -q bind
bind-9.3.4-6.0.2.P1.el5_2 ----> if your bind version is not patched..then patch it.
should do this to get the latest software and patch.
[root@pk~]# yum update bind bind-chroot -y
One should edit their named.conf file and add the following. Save and reload BIND.
[root@pk~]# vi /etc/named.conf
options {
directory "/var/named";
allow-transfer {192.168.1.4 ;};
query-source address * port 53; ##COMMENT or REMOVE THIS LINE.It will allow random port selection. Only do this if this parameter is enabled under options in your named.conf file.
dnssec-enable yes; ## ADD THIS OPTION TO ENABLE DNS-SEC.
[root@pk~]# :wq
-------------------------------------------------------------------------------------
* The above line when added to your named.conf file will enable DNS-SEC. Go ahead and set up DNS-SEC
LAST STEP :
--------------
[root@pk~]# /etc/init.d/named reload
TEST YOUR PATCH/FIX :
----------------------------
[root@pk~] # dig +short @ns1.linux.net.pk porttest.dns-oarc.net TXT
[root@pk~] # z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"192.168.1.3 is GOOD: 26 queries in 19.6 seconds from 26 ports with std dev 16515.27"
GOOD indicates that the name server in question at 192.168.1.3 appears to be safe, but one must make sure the ports listed aren't following an obvious pattern. i.e the ports with standard deviation..16515.27...But if your test clocks ( 10000.00 std dev ) then your DNS server is safer and your clients or users should not worry.
Zeeshan Saeed Paracha
ISO 9001 Lead Auditor / Consultant
Uncertified Senior System Administrator
Uncertified Chief Hardware Technision
[Itadmin.co.cc]
[Imdeveloper.net]
[Cache.page.tl]
CELL : 0300 - 2220083
0323 - 2483387
0333 - 3452237
_________________
Zeeshan Saeed Paracha ( !Can Google )
Network Administrator
Chief Hardware Technision
-
Blocking msn & yahoo messenger
Fetched: July 29th, 2008, 8:35pm BST
Tags: Security [edit]
Author: Burhan
Subject: Blocking msn & yahoo messenger
Posted: Tue Jul 29, 2008 7:48 pm (GMT 6)
Topic Replies: 2
AoA dears
I want to block msn , yahoo .i am using squid 2.6. Please tell me about it
-
Converting data in readable text from LAN through wireshark
Fetched: July 17th, 2008, 8:35pm BST
Tags: Security [edit]
Author: Burhan
Subject: Converting data in readable text from LAN through wireshark
Posted: Thu Jul 17, 2008 4:18 pm (GMT 6)
Topic Replies: 1
hi dears
i am working on wireshark which is new name of ethreal. how can i convert hexdecimal data in readable text.
PLus tell me about some simple web site or document about ethreal configuration.
Planet MYOSS
-
Danesh Manoharan: Firefox 3.0.1 released
Posted: July 17th, 2008, 11:13am BST
Tags: firefox mozilla patch release Security [edit]
Firefox 3.0.1 is out. This is the first update for Firefox 3 which was released not too long ago. It covers security, stability and bug fixes.
- Fixed several security issues.
- Fixed several stability issues.
- Fixed an issue where the phishing and malware database did not update on first launch.
- Under certain circumstances, Firefox 3.0 did not properly save the SSL certificate exceptions list.
- Updated the internal Public Suffix list.
- In certain cases, installing Firefox 2 in the same directory in which Firefox 3 has been installed resulted in Firefox 2 being unstable. This issue was fixed as part of Firefox 2.0.0.15.
- Fixed an issue where, when printing a selected region of content from the middle of a page, some of the output was missing (bug 433373).
- Fixed a Linux issues where, for users on a PPP connection (dialup or DSL) Firefox always started in “Offline” mode (bug 424626).
Download Firefox 3.0.1 now. Remember, Firefox 2 will only be available till December 2008.
Tags: Firefox, Mozilla, patch, release, Security, web browser
Related posts- Firefox 2.0.0.9 released
- Firefox 2.0.0.8 released
- Firefox 2.0.0.7 released
- Firefox 2.0.0.6 released
- Firefox 2.0.0.13 released
- Firefox 2.0.0.12 released
- Firefox 2.0.0.11 released
- Firefox 2.0.0.10 released
- Firefox 3 world record is official
- Firefox 3 released
linuxpakistan.net
-
how to allow ping to my clients....
Fetched: July 9th, 2008, 8:35pm BST
Tags: Security [edit]
Author: Mudassir Imam
Subject: how to allow ping to my clients....
Posted: Wed Jul 09, 2008 5:02 pm (GMT 6)
Topic Replies: 5
hello,
i am new to squid .. please tell me how to allow ping to my network clients...
i have fedora core 9 installed.
reply from 192.168.3.1 destination host unreachable i
s the result when i ping my server
what to do...
_________________
Linux Registered User #447971
Intel Core2Quad Q6600 2.40GHz Proc
XFX nVidia 680i LT SLi Mobo
XFX nVidia 8600GT 512mb PCIe Graphics
Corsair 4x512MB DDR2 Mem
250GBx1 500GBx1 Seagate Sata HDD
RedHat FC9
Ubuntu 8.04 LTS
Microsoft WindowsXP Pro [SP3]
-
need virus attach e-mails...
Fetched: July 8th, 2008, 8:36pm BST
Tags: Security [edit]
Author: shahg_shahg
Subject: need virus attach e-mails...
Posted: Tue Jul 08, 2008 6:58 pm (GMT 6)
Topic Replies: 1
Hi dears .i am doing some experiments about viruses those are speared by e-mails for securing networks. So that I need these types of emails those contain viruses kindly forward me these mails if u have.
note my e-mail id ==> shahg_shahg@yahoo.com, shahg_shahg@hotmail.com
I will be very thankful to you.
_________________
Aslam-o-Aliakum-Wa-Rahmatullah-Wa-Barakatuhu .. ALLAH Will Safe ISLAM
-
how to block bittorrent
Fetched: June 23rd, 2008, 4:35pm BST
Tags: Security [edit]
Author: majidnazeer
Subject: how to block bittorrent
Posted: Mon Jun 23, 2008 12:46 pm (GMT 5)
Topic Replies: 3
AoA!
i want to block bittorrent in our network. how can i block bittorrent?
Thanks
Majid
-
pppd log analyzer ???
Fetched: June 15th, 2008, 8:35pm BST
Tags: Security [edit]
Author: sevensins
Subject: pppd log analyzer ???
Posted: Sun Jun 15, 2008 12:35 pm (GMT 5)
Topic Replies: 4
AOA,
i am running rp-pppoe server. I am longing all connection attempts and debug data to /var/log/pppd.log
I have tried sawmill and a few others but failed to read it as I require. Need to analyze it in any way possible...
Any suggestions.. pointer are highly appreciated...
_________________
Regards,
Shehzad
-
MP3 Block
Fetched: June 2nd, 2008, 8:36pm BST
Tags: Security [edit]
Author: janali
Subject: MP3 Block
Posted: Mon Jun 02, 2008 12:20 pm (GMT 5)
Topic Replies: 5
I want to block the MP3 extension by squid is it possible and how? I block but only url block not extension.
Planet MYOSS
-
Danesh Manoharan: How to disable directory listing in Tomcat
Posted: May 30th, 2008, 1:57am BST
Tags: howto Security tomcat tomcatserver [edit]
This is how you turn off directory list for yr Tomcat server.
1. Edit the default servlet in the {$CATALINA_HOME}/conf/web.xml file.
2. Look for the <init-param> section within the <servlet section>
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>
org.apache.catalina.servlets.DefaultServlet
</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>3. Change the <param-value> to false for the <param-name>listing</param-name> section.
Tags: HowTo, Security, tomcat, tomcat server<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
Related posts- How to set default session timeout in Linux
- How to limit ssh access to specific users or groups
- How to configure SSL on Tomcat 5
- Your Gmail Exposed
- WordPress Trackback UTF-7 SQL Injection | WordPress
- WordPress 2.3.3 released
- Users, Shutdowns and Reboots
- Upgrading RubyGems 0.9.5 to 1.0.1
- Upgraded to WordPress 2.3.2
- Top Antivirus Applications
linuxpakistan.net
-
iSCSI Software Initiator
Fetched: May 30th, 2008, 8:36pm BST
Tags: Security [edit]
Author: janali
Subject: iSCSI Software Initiator
Posted: Fri May 30, 2008 3:01 pm (GMT 5)
Topic Replies: 1
how to install linux iSCSI Software Initiator? I am using CentOS4 with kernal 2.6.
-
Linux Logs
Fetched: May 17th, 2008, 4:35pm BST
Tags: Security [edit]
Author: asimo
Subject: Linux Logs
Posted: Sat May 17, 2008 11:53 am (GMT 5)
Topic Replies: 5
Assala-Elekum
Please Advice i am find for commands.
on my linux machine there is five people knows root passwd
who entered command and at what data and time.
OR some thing Good
Thanks
asimo
-
How to install and run metasploit
Fetched: May 12th, 2008, 4:35pm BST
Tags: Security [edit]
Author: janali
Subject: How to install and run metasploit
Posted: Mon May 12, 2008 1:10 pm (GMT 5)
Topic Replies: 1
AOA Dear All,
How to install and use "metasploit" on linux?
[metasploit.com]
-
Funny BUT very important!!!
Fetched: May 11th, 2008, 4:36pm BST
Tags: Security [edit]
Author: securitykid
Subject: Funny BUT very important!!!
Posted: Sun May 11, 2008 11:16 am (GMT 5)
Topic Replies: 10
Please visit [www.jang.net]
On page to bottom left you will find advertisement given by Satti
, they have announced the winners of some of their scheme for the privacy reason they haven't put names, BUT instead they put the NIC numbers.... looks very good strategy
I can give you names of all those peoples, I don't know when Pakistani Media authorities will learn / understand that NICs are much more important then NAMES 
Winner of Motorcycle:
(Multan) Nasir Ali Abdul Hamid
(MirPur Khas) Muhammad Ali Chand Muhammad
(Faisalabad) Muhammad Islam Muhamamd Aslam
etc.....
Winner of Mobile:
(Karachi) Muhammad Junaid Abdul Ghani
(Jhang) Muhammad Anwar Bashir Ahmed
etc
etc
Winner of Juicer:
(Larkana) Ali Danu Bahar
So now you can guess whom I hacked...... NAD?? Maybe
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
Howto Enforce Static ARP @ client end
Fetched: May 8th, 2008, 10:46pm BST
Tags: Security [edit]
Author: zaib
Subject: Howto Enforce Static ARP @ client end
Posted: Thu May 08, 2008 8:08 pm (GMT 5)
Topic Replies: 1
Salam,
Due to heavy arp poisoning attack, I have provided users a batch file which do static entry for server.
But how can I enforce server to accept request for those users only who have run that file or have done static entry at there end? (to prevent flooding)
_________________
Regards,
Syed Jahanzaib
aacable@hotmail.com
Planet MYOSS
-
Danesh Manoharan: How to limit ssh access to specific users or groups
Posted: May 6th, 2008, 8:30am BST
Tags: hardening howto Linux Security ssh [edit]
Its sometimes necessary to limit who has access to a server via SSH. Most Linux security hardening checklist today require this to be enforced.
Fortunately this can be easily done with openSSH. Just edit the /etc/ssh/sshd_config file and add the desired directives shown below. You don’t need them all, just use what suits you needs.
openSSH provides 4 directives, AllowUsers, AllowGroups, DenyUsers and DenyGroups
AllowUsers buddy john doe
Only users buddy, john and doe will be able to log in via ssh.AllowGroups sysadmin bkpadmin
Only users within groups sysadmin and bkpadmin will be able to log in via ssh.DenyUsers rambo tina
This is the opposite of AllowUsers. All users except for rambo and tina will be able to log in via ssh.
Tags: hardening, HowTo, Linux, Security, sshDenyGroups hr payroll
This is the opposite of AllowGroups. All groups except for hr and payroll will be able to log in via ssh.
Related posts- How to set default session timeout in Linux
- How to keep your Linux session alive
- Users, Shutdowns and Reboots
- Temporarily disable user logins in Linux
- support.microsoft.com not working behind Squid
- SSH Tunneling with Putty | Linux
- Setting the root password on MySQL
- Send mail through SMTP using Telnet
- Select all files but one on linux
- Running previous commands in Linux
linuxpakistan.net
-
Linux Antivirus
Fetched: April 18th, 2008, 12:35am BST
Tags: Security [edit]
Author: zaib
Subject: Linux Antivirus
Posted: Fri Apr 18, 2008 8:42 pm (GMT 5)
Topic Replies: 1
Salam,
I have 80 GB harddrive. Linux is installed on partition 1,
rest of 3 partitions are NTFS partition containing my old date. most of the files are infected from "funny ust scandal.avi" virus.
how can I remove virus from those paritions ?
_________________
Regards,
Syed Jahanzaib
aacable@hotmail.com
-
Howto Record MSN Messenger conversation ?
Fetched: March 31st, 2008, 4:35pm BST
Tags: Security [edit]
Author: zaib
Subject: Howto Record MSN Messenger conversation ?
Posted: Mon Mar 31, 2008 11:33 am (GMT 5)
Topic Replies: 3
Salam,
Is there any way we can record users MSN conversation (just for specific security need) which is going through our linux server for all hosts or some particular hosts?
_________________
Regards,
Syed Jahanzaib
aacable@hotmail.com
-
howto prvent MAC changing @ client side ?
Fetched: March 22nd, 2008, 4:35pm GMT
Tags: Security [edit]
Author: zaib
Subject: howto prvent MAC changing @ client side ?
Posted: Sat Mar 22, 2008 1:23 pm (GMT 5)
Topic Replies: 2
Salam,
I am running internet cable.net in my area. I am restricting users mac adderss with ip binding. But the problem is smart users are copying working user mac and thus, gain access to the server.
My question is there any utility or software that can be installed on every Users end, and if the user changes his mac, he cannot gain access to server ? the application must be installed at user end in order to communicate wth the server, if the application isnt installed access should be blocked. is this possible?
Planet MYOSS
-
Danesh Manoharan: Phishing Alert: HSBC scheduled maintenance
Posted: March 21st, 2008, 1:46pm GMT
Tags: bank hacks hsbc phishing Security [edit]
Beware, I received a phishing attempt today claiming that HSBC is carrying out it’s regular maintenance work and needs me to update my profile.
Always remember, banks never send us emails with action items.
Tags: bank, hacks, hsbc, phishing, Security
Related posts- Your Gmail Exposed (5)
- WordPress Trackback UTF-7 SQL Injection | WordPress (0)
- WordPress 2.3.3 released (2)
- Upgraded to WordPress 2.3.2 (3)
- Top Antivirus Applications (4)
linuxpakistan.net
-
configuring dns with internet scenario
Fetched: March 9th, 2008, 8:36pm GMT
Tags: Security [edit]
Author: pazha_malai
Subject: configuring dns with internet scenario
Posted: Sun Mar 09, 2008 7:56 pm (GMT 5)
Topic Replies: 3
hi
in our organization i configure a squid as transparent proxy server...
http_port 192.168.0.1:3128 transparent
my iptables configurations is below
# Generated by iptables-save v1.3.8 on Sun Mar 9 18:45:34 2008
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sun Mar 9 18:45:34 2008
# Generated by iptables-save v1.3.8 on Sun Mar 9 18:45:34 2008
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j DNAT --to-destination 172.16.31.100:3128
-A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Sun Mar 9 18:45:34 2008
# Generated by iptables-save v1.3.8 on Sun Mar 9 18:45:34 2008
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Sun Mar 9 18:45:34 2008
wt is the problem is the client accessing through is isp dns server ip
i want to configure local dns server so that our client access through local dns
server ..
guide me
-
configure a cache name server
Fetched: March 9th, 2008, 4:36pm GMT
Tags: Security [edit]
Author: pazha_malai
Subject: configure a cache name server
Posted: Sun Mar 09, 2008 2:14 pm (GMT 5)
Topic Replies: 1
hi
i want to configure a cache name in our organization to increase the speed up
a internet access....right now squid running .
plz guide me
-
splitting internet traffic
Fetched: March 8th, 2008, 12:37am GMT
Tags: Security [edit]
Author: pazha_malai
Subject: splitting internet traffic
Posted: Sat Mar 08, 2008 7:05 pm (GMT 5)
Topic Replies: 10
i our organization we using squid proxy server...
right now we have 2 isp internet lines...
eth0 --- is connected one isp lines
eth1---is connected second isp lines
eth2--is connected local area network
wt is scenario is i want the split in internet traffic between isp lines from the lan
example my lan is 192.168.0.0/24 i want tell 192.168.0.2 address go to eth0 isp line
and 192.168.0.3 address go to eth1 isp line... otherwise we split a internet traffic
network wise(192.168.0.0/24 go to eth0 and 192.168.1.0/24 go to eth1)
plz guide how to configure this scenario
-
TRANSPARENT PROXY CONFIGURATION IN LINUX
Fetched: March 7th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: pazha_malai
Subject: TRANSPARENT PROXY CONFIGURATION IN LINUX
Posted: Fri Mar 07, 2008 11:01 am (GMT 5)
Topic Replies: 2
i want to confgure a transparent proxy configuration
plz guide do this
thank u
Planet MYOSS
-
Danesh Manoharan: How to set default session timeout in Linux
Posted: March 5th, 2008, 10:14am GMT
Tags: howto Linux Security [edit]
My DC operation guys access Linux servers on a daily basis but somehow they never remember to log out. This is a security risk as anyone could gain access to the open console and create caos.
Today, yet again I’m forced to play the bad guy by dummy proofing my Linux servers by implementing default timeout for user sessions.
Bash and Korn both support the TMOUT variable which I will use to set the default timeout.
The etc/.bashrc file will apply the timeout system wide but if you need it to be user specific then modify the ~/.bashrc file instead.
Here’s how it’s done.
echo "TMOUT=300 >> /etc/bashrcecho "readonly TMOUT" >> /etc/bashrcecho "export TMOUT" >> /etc/bashrcLog off, start a new session and wait for 5 minutes. Your session should terminate
Tags: HowTo, Linux, Security
Related posts- Users, Shutdowns and Reboots (3)
- Temporarily disable user logins in Linux (2)
- SSH Tunneling with Putty | Linux (1)
- Setting the root password on MySQL (1)
- Select all files but one on linux (0)
linuxpakistan.net
-
printk: Received packets with own address as source address
Fetched: March 4th, 2008, 12:36am GMT
Tags: Security [edit]
Author: zaib
Subject: printk: Received packets with own address as source address
Posted: Tue Mar 04, 2008 9:53 pm (GMT 5)
Topic Replies: 0
Salam,
I have a setup a bridge between users end and proxy server.
Users ====> BRIDGE ====> PROXY SERVER
Bridge have two lan cards, eth0 and eth1.
I have assigned an ip to bridge interface (br0) to remotely administrate it. This bridge is also acting as a DHCP server for local users.
I received this error message frequently on screen.
printk: 1 messages suppressed
eth1: received packets with own address as source address.
and the messages goes on , printk number increases like 1 msg suppresse, 2 3 4 and so on.
What actually it is and How to solve this problem?
-
Hwoto VPN/ PPTP/PPEO Server
Fetched: February 21st, 2008, 8:35pm GMT
Tags: Security [edit]
Author: zaib
Subject: Hwoto VPN/ PPTP/PPEO Server
Posted: Thu Feb 21, 2008 5:59 pm (GMT 5)
Topic Replies: 1
Salam to all LP members,
I am running internet cable setup.
Currently My setup is as follows.
Users ===> Linux Bridge (with dhcp)===> ISA SERVER 2004
I am filtering users via there MAC Addressess, DHCP is running on bridge, and only allowed macs gets the valid fix ip (with mac to ip check script).
if valid mac is in allowed list, he gets the valid fix ip and pass on to ISA Server, But this security have a hole that if any cheater copies the mac of valid user, he can get access to the server.
Now to prevent this I want to setup VPN Server on LINUX. but i am a bit confused to setup what ? VPN PPTP ? PPOE ? whats the difference between them ? and wht is best for my setup ? is there any simple step by step guide is available for this ?
Planet MYOSS
-
Khairul Aizat Kamarudzzaman (fenris): Temp Patch for vmsplice exploit in Ubuntu b4 update release
Posted: February 11th, 2008, 10:32am GMT
Tags: vmspliceexploit Security [edit]
to test either your system affected with the exploit:
$ wget http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
$ cc -o exploits 27704.c
$ ./exploits
the result should be like this:
———————————–
Linux vmsplice Local Root Exploit
By qaaz
———————————–
[+] mmap: 0×0 .. 0×1000
[+] page: 0×0
[+] page: 0×20
[+] mmap: 0×4000 .. 0×5000
[+] page: 0×4000
[+] page: 0×4020
[+] mmap: 0×1000 .. 0×2000
[+] page: 0×1000
[+] mmap: 0xb7dac000 .. 0xb7dde000
[+] root
root@thinkbuntu:~/tools/xploit# id
uid=0(root) gid=0(root) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),110(admin),1000(fenris)to patch it:
$ wget http://blog.myfenris.net/files/patch/disable-vmsplice-if-exploitable.c
$ cc -o patch disable-vmsplice-if-exploitable.c
$ ./patch
———————————–
Linux vmsplice Local Root Exploit
By qaaz
———————————–
[+] mmap: 0×0 .. 0×1000
[+] page: 0×0
[+] page: 0×20
[+] mmap: 0×4000 .. 0×5000
[+] page: 0×4000
[+] page: 0×4020
[+] mmap: 0×1000 .. 0×2000
[+] page: 0×1000
[+] mmap: 0xb7d9a000 .. 0xb7dcc000
[+] root
Exploit gone!U all should retry the exploit to make sure the xploit got patches properly …
P/s: for those who use Linux kernel 2.6.17 - 2.6.24.1 are advice to patch your system … or otherwise u will got 0wn3d by s0m30n3!!!!
Technorati Tags: vmsplice exploit, Security
linuxpakistan.net
-
BRIDGE + DHCP + Filtering
Fetched: February 9th, 2008, 9:20pm GMT
Tags: Security [edit]
Author: zaib
Subject: BRIDGE + DHCP + Filtering
Posted: Sat Feb 09, 2008 6:52 pm (GMT 5)
Topic Replies: 0
Dear LP members,
Salam,
I have the following setup.
CLIENTS <=== > LINUX BRIDGE (FC7) < ==== > ISA SERVER
BRIDGE IP = 10.0.8.1 [LINUX BIRDGE]
ISA SERVER = 10.0.0.1 [ISA SERVER+ DNS Server]
CLIENTS IPs = 10.10.0.x
This Bridge is also acting as a DHCP server. giviing every user a fix ip, and then mac to ip bind script checks the users ip against mac addressess.
Everything is working fine except for one thing, Users cannot browse or use internet on autodetect settings, user have to setup proxy settings in internet explorere or alternate they have to install MSPCLIENT in order to use internet.
Users have default gateway and DNS pointing to ISA Server. When I clear iptables rules by iptables -F , everything works smoothly with autodetect settings.
My Security Script is as follows . . .
=================================================================
> cat /firewall/secure.sh
#!/bin/sh
#set -x
## Script provided by cool_mudasir@hotmail.com, thanks for his
## contribution
IPT="/sbin/iptables"
DHCP_SERVER="10.0.8.1"
FILE=`cat path | awk '/FINAL_FILE/' | cut -d"=" -f2`
LOOPBACK="lo"
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
cat $FILE | while read MACS
do
IP=`echo $MACS | awk '{print $2}'`
MAC=`echo $MACS | awk '{print $1}'`
$IPT -t mangle -A PREROUTING -s $IP -m mac --mac-source $MAC -j MARK --set-mark 1
done
echo 1 > /proc/sys/net/ipv4/ip_forward
# Accepting DHCP Request
$IPT -A INPUT -p udp -s $DHCP_SERVER --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPT -A OUTPUT -p udp -s 255.255.255.255 --sport 68 -d $DHCP_SERVER --dport 67 -j ACCEPT
$IPT -A INPUT -i $LOOPBACK -j ACCEPT
$IPT -A OUTPUT -o $LOOPBACK -j ACCEPT
# Allow Marked Packets to be allowed
$IPT -A INPUT -m mark --mark 1 -j ACCEPT
$IPT -A FORWARD -m mark --mark 1 -j ACCEPT
$IPT -A INPUT -m mark ! --mark 1 -j DROP
$IPT -A FORWARD -m mark ! --mark 1 -j DROP
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
What is missing? what is needed to be added in order to enable clients to use internet in SECURENAT mode or transparently ?
Planet MYOSS
-
Danesh Manoharan: WordPress 2.3.3 released
Posted: February 5th, 2008, 6:44pm GMT
Tags: bugfix release Security wordpress [edit]
A new security release for WordPress is out. This will be an urgent fix as it attentions a flaw found in the XML-RPC implementation. An attacker could easily exploit this vulnerability and gain the ability to edit user posts.Besides the fix this release also includes a few bug fixes.
I’ve done my upgrade, have you?
Download the WordPress 2.3.3 here.
Source: WordPress Dev
Tags: bug fix, release, Security, WordPress
Related posts- Upgraded to WordPress 2.3.2 (3)
- Firefox 2.0.0.12 released (0)
- Defensio Anti Spam 1.2 released (1)
- Firefox 2.0.0.9 released (0)
- Firefox 2.0.0.8 released (4)
linuxpakistan.net
-
squid as transparent in RHEL 4
Fetched: January 29th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: majidnazeer
Subject: squid as transparent in RHEL 4
Posted: Tue Jan 29, 2008 2:06 pm (GMT 5)
Topic Replies: 15
I installed squid 2.6 stable 17 on RHEL 4. But squid not run as transparent proxy whenever i installed same squid on fedor2 that worked fine as transparent proxy or proxy.
Is it problem of RHEL4? Anybody can help me.
I use below configuration own squid and rc.local.
http_port 192.168.0.1:8080 transparent
iptables -t NAT -A POSTROUTING -s 192.168.0.1 -o eth1 -j MASQUERADE
iptables -t NAT -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
eth1=ISP ip
eth0=local ip
Thanks
Thanks
Majid
-
RE: Kernel Compilation
Fetched: January 22nd, 2008, 11:00am GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Tue Jan 22, 2008 8:44 am (GMT 5)
Topic Replies: 9
Dear nomankhn,
Salam,
Okay, This thread is dedicated to you
Best Regards.
_________________
Farrukh Ahmed
-
RE: Kernel Compilation
Fetched: January 21st, 2008, 11:05pm GMT
Tags: Security [edit]
Author: nomankhn
Posted: Mon Jan 21, 2008 8:09 pm (GMT 5)
Topic Replies: 9
Hi Kamranalilakhnavi,
Could you pls tell me about your RedHat Relase and kernel version.
Regards,
Noman Liaquat
-
RE: Kernel Compilation
Fetched: January 20th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: nomankhn
Posted: Sun Jan 20, 2008 12:24 pm (GMT 5)
Topic Replies: 8
Year Mr.Farrukh,
I know that what he asked for and I observe this thing number of times on RHEL thats why i am asking w.r.t to that headers, it will not start if some files are not there in.
/usr/include/
its impossible then.
Regards,
Noman Liaquat
-
RE: Kernel Compilation
Fetched: January 20th, 2008, 12:14pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Posted: Sun Jan 20, 2008 11:19 am (GMT 5)
Topic Replies: 8
Dear nomankhn,
Salam,
nomankhn wrote: Pls check do you have all headers and their code is avaialble with that distribution and by the way what update you are using and what specific version you are using for security software.
If you are still getting that error, contact your vendor or its better to install following software but still you need source-code to compile it from source code. lets try it from www.kernel.org
following softwares are required for kernel that comes with RedHat Advance server update #2.
kernel-devel-2.6.9-22.EL
kernel-smp-devel-2.6.9-22.EL
kernel-doc-2.6.9-22.EL
kernel-2.6.9-22.EL
kernel-hugemem-devel-2.6.9-22.EL
kernel-utils-2.4-13.1.69
you pls check your side.
cd /usr/src/kernel/*EL-i686
My suggestion is that you should recompile your security software with that kernel version sourc-code that it prefers.
I believe he is trying to re-compile kernel so it does not need any kernel headers. As he is compiling from source.
Best Regards.
_________________
Farrukh Ahmed
-
RE: Kernel Compilation
Fetched: January 19th, 2008, 4:35am GMT
Tags: Security [edit]
Author: nomankhn
Posted: Sun Jan 20, 2008 1:44 am (GMT 5)
Topic Replies: 7
Hi Sir,
Pls check do you have all headers and their code is avaialble with that distribution and by the way what update you are using and what specific version you are using for security software.
If you are still getting that error, contact your vendor or its better to install following software but still you need source-code to compile it from source code. lets try it from www.kernel.org
following softwares are required for kernel that comes with RedHat Advance server update #2.
kernel-devel-2.6.9-22.EL
kernel-smp-devel-2.6.9-22.EL
kernel-doc-2.6.9-22.EL
kernel-2.6.9-22.EL
kernel-hugemem-devel-2.6.9-22.EL
kernel-utils-2.4-13.1.69
you pls check your side.
cd /usr/src/kernel/*EL-i686
My suggestion is that you should recompile your security software with that kernel version sourc-code that it prefers.
Regards,
Noman Liaquat
-
RE: Kernel Compilation
Fetched: January 19th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Sat Jan 19, 2008 9:34 am (GMT 5)
Topic Replies: 6
Dear Kamranalilakhnavi,
Salam,
Please post output of following command.
# cd /usr/src/linux
# grep "CONFIG_UNIX98_PTYS" config
Best Regards.
_________________
Farrukh Ahmed
-
RE: Kernel Compilation
Fetched: January 19th, 2008, 8:35am GMT
Tags: Security [edit]
Author: Kamranalilakhnavi
Posted: Sat Jan 19, 2008 6:49 am (GMT 5)
Topic Replies: 4
I didn't choose any new option.
_________________
Regards,
Pasha
-
RE: Kernel Compilation
Fetched: January 18th, 2008, 4:35am GMT
Tags: Security [edit]
Author: Kamranalilakhnavi
Posted: Sat Jan 19, 2008 2:54 am (GMT 5)
Topic Replies: 4
Hello,
I am compiling it from old kernel config.
_________________
Regards,
Pasha
-
RE: ARP Poisoning
Fetched: January 15th, 2008, 3:13am GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Jan 16, 2008 2:05 am (GMT 5)
Topic Replies: 22
AOA,
Dear Asif Bakali,
I know about what ARP Spoofing / Poisoning is and how it works, i have read more than 50 papers regarding this topic, but i am unable to fine any good Solution that can be implemented on just 1 PC on a network that can solve or atleast minimize the problem.
Thanks for the information.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 15th, 2008, 3:13am GMT
Tags: Security [edit]
Author: abakali
Posted: Wed Jan 16, 2008 12:25 am (GMT 5)
Topic Replies: 22
Dear All
usefull information about Arp
[www.virus.org]
[blogs.technet.com]
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Sat Jan 12, 2008 2:04 pm (GMT 5)
Topic Replies: 20
AOA,
Any time....
I have found few things regarding ARP Poisoning, that have to be installed on Server.
As soon as i test those Apps i will let every one know wheather they work or not.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: azfar
Posted: Sat Jan 12, 2008 2:02 pm (GMT 5)
Topic Replies: 23
AcidEYE wrote: As Salam U Alikum,
clients are already scanned, formated their hards, partion are recreated. but after 1 week this problem start again.
This will be the result of lack of maintenance.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: azfar
Posted: Sat Jan 12, 2008 2:00 pm (GMT 5)
Topic Replies: 23
thanks for tip, I already tried it as it is the very first option to do for this problem.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Sat Jan 12, 2008 1:10 pm (GMT 5)
Topic Replies: 23
AOA,
Dear Azfar do onething, create a EXE or a CMD file that will perform the following functions
arp -d <SERVER_IP_ADDRESS>
arp -s <SERVER_IP_ADDRESS> <SERVER_MAC_ADDRESS>
And copy this t the startup folders of users. This can help you out, even if the Virus strikes again.
How ever this is also not a permanent Solution.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: azfar
Posted: Sat Jan 12, 2008 1:08 pm (GMT 5)
Topic Replies: 23
do you have a key or crack.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: AcidEYE
Posted: Sat Jan 12, 2008 1:08 pm (GMT 5)
Topic Replies: 23
As Salam U Alikum,
clients are already scanned, formated their hards, partion are recreated. but after 1 week this problem start again.
_________________
Linux Addicted
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Sat Jan 12, 2008 1:06 pm (GMT 5)
Topic Replies: 23
AOA,
Dear Azfar,
I have installed this AntiARP on almost all of my users PC's. So for now i am a bit tension free, but i still want to find a permanent solution for this problem.
About Anti-Virus, for me Symantec Corporate Server and Client Combination is working perfectly.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: azfar
Posted: Sat Jan 12, 2008 1:01 pm (GMT 5)
Topic Replies: 23
First of all if some one is not attacking on you then you can scan your clients computers for virus. good choicees are kaspersky, avg.
Other wise I found a very good tool which block all kinds of such attacks.
It is not registered but if any one finnd a crack then please PM me.
[www.antiarp.com]
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Sat Jan 12, 2008 11:30 am (GMT 5)
Topic Replies: 23
AOA,
It is basically a Virus, for now i have not been able to find any solution that can be implemented on Server.
Still searching for such solution.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 12th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: AcidEYE
Posted: Sat Jan 12, 2008 11:24 am (GMT 5)
Topic Replies: 23
As Salam U Alikum,
i'm facing this problem from last 2 months and still couldnt resolve that problem, i've bought 3com 3300 switch 12 ports. this switch is also can't stop ARP Poisoning, mac address cloning is still there, and reply from server is breaking, in the end result is internet not working, this is some kind of virus, malware, torjan which is spoiling lan traffic.
please someone tell me a best solution hardware wise or software wise.
waiting for reply.
thanks & regards.
_________________
Linux Addicted
-
RE: ARP Poisoning
Fetched: January 11th, 2008, 4:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Fri Jan 11, 2008 9:46 pm (GMT 5)
Topic Replies: 15
AOA,
Dear Azfar,
I have not found any Server side Solution, i will Implement this SmartARP and will let you know, wheather this works out or not.
If you find any do let me know.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 11th, 2008, 4:35am GMT
Tags: Security [edit]
Author: azfar
Posted: Fri Jan 11, 2008 9:38 pm (GMT 5)
Topic Replies: 15
this problem exist in almost all cabble network these days, do you find any server side solution for both windows/unix.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: ARP Poisoning
Fetched: January 11th, 2008, 4:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Fri Jan 11, 2008 12:12 pm (GMT 5)
Topic Replies: 13
AOA,
I found something on INTERNET, and as i read about it i thought it might be the solution for the problem that i am facing. I thought it might be good to share this with LP Forum Members.
[www.ltn.lv]
It is basically SmartARP.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 8:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Thu Jan 10, 2008 6:54 pm (GMT 5)
Topic Replies: 11
AOA,
I really appreciate that you all have provided your ideas.
Basically i have implemented almost all the things, except for the L2 switches, because that is very expensive...
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ipfire - the free firewall for your home or SOHO
Fetched: January 10th, 2008, 8:35pm GMT
Tags: Security [edit]
Author: mahin
Posted: Thu Jan 10, 2008 6:45 pm (GMT 5)
Topic Replies: 7
nomankhn wrote:
What is the status of ipfire? is there any update.
Quote: Hello everybody,
today we will release Core Update Number 4 which contains some new feature
added ability to log all dropped packets when using outgoing firewall mode 1
added ability to change the iptables logging behaviour of the firewall, maybee this
page will get extra options in the future (esp. don´t log MS Ports on red ) ->
[64.233.179.104]
fixed pakfire cgi -> will now reload after upgrade
removed firewall logs from kernel logview -> needed to change the log prefix for
iptables
fixed the detailed firewall log graph pages, sometimes the local interface was missing
The update is available via pakfire, some other packages have been updated during
this week
You can find open bugs via [bugtracker.ipfire.org]
You need to reboot your fire, or restart the firewall skript, after this the new log
prefixes will be active, when you change the firewall log options or disable some,
there will also be an advice to reboot, maybee we will change this in a later core
release.
Maniac for the IPFire Team
Dated 6 Jan 2008.
Hope this helps.
-
RE: How to allow FTP in hosts.allow
Fetched: January 10th, 2008, 8:35pm GMT
Tags: Security [edit]
Author: lambda
Posted: Thu Jan 10, 2008 4:09 pm (GMT 5)
Topic Replies: 5
you need just the second entry, not both.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Kernel Compilation
Fetched: January 10th, 2008, 3:12pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re: Kernel Compilation
Posted: Thu Jan 10, 2008 1:55 pm (GMT 5)
Topic Replies: 1
Dear Kamranalilakhnavi,
Salam,
Kamranalilakhnavi wrote: I am compiling kernel with grsecurity pacth on RedHat4 Enterprise. Every thing went fine but I am not able to boot my system with new kernel , getting the following error.
Warning: unable to open an initial console.
System hanged after this warning.
Any help would be highly appreciated.."
Have you selected support for Unix pty support and under file system have you selected devpts ?
Best Regards.
_________________
Farrukh Ahmed
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 3:12pm GMT
Tags: Security [edit]
Author: ranatanveer
Posted: Thu Jan 10, 2008 1:40 pm (GMT 5)
Topic Replies: 10
Event Viewer can tell that which machine is culprit, i face this problem three times at my different networks, i think it is a spyware in any host, i found that machine through event viewer and unpluge it and re-install it and problem resolved.
_________________
Regards
Rana Tanveer
+923224194457
Linux Student
[sysadminsline.com]
-
RE: ipfire - the free firewall for your home or SOHO
Fetched: January 10th, 2008, 3:12pm GMT
Tags: Security [edit]
Author: nomankhn
Posted: Thu Jan 10, 2008 1:06 pm (GMT 5)
Topic Replies: 7
Hello folks
What is the status of ipfire? is there any update.
Regards,
Noman Liaquat
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 3:12pm GMT
Tags: Security [edit]
Author: abakali
Posted: Thu Jan 10, 2008 12:34 pm (GMT 5)
Topic Replies: 10
Dear mudasir
this is a part of Layer 2 attacks to prevents this issue to manage via L2 manage switches i have tested on Cisco they are build in feature arp inspection they block this types of attack. but their is a scenario are different you are deploy this on your cable net and this solution is to expensive
i suggest you to implement any pppoe or vpn in your network
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 3:12pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Thu Jan 10, 2008 12:16 pm (GMT 5)
Topic Replies: 10
AOA,
Dear ashariqbal,
I have even tried doing this. Basically i have divided my users in Segments, and problem is coming from almost every segment. So i dont think that some user is intentionally doing this, must be some sort of adware, malware or might be a virus.
I also googled about viruses which ACT as i have stated in my post, found few, but they are detected by almost all anti-viruses.
I have also installed AntiARP which tells me which IP is trying to spoof, so by this i know that it is not just one user, many users IP's are trying to spoof, and are from all segments.
So, that is also not helping me out.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: ashariqbal
Posted: Thu Jan 10, 2008 10:36 am (GMT 5)
Topic Replies: 10
To find out who is messing with the arp, you need to do basic network trouble shooting. Start unplugging wires and when your problem stops you know who it is.
The person is probably using something like ettercap to sniff your network traffic.
_________________
------------------------------------------------------------------
Xnet Solutions - manufacturer of Network Appliances - Firewalls, Mailservers, IP PBX, Routers
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Thu Jan 10, 2008 10:22 am (GMT 5)
Topic Replies: 10
AOA,
Dear Asif Bakali,
I have already made a script that Statically Enters Users IP and MAC in Server's ARP Cache Table.
The script is at
[linuxpakistan.net]
And have also created a EXE file that does the static IP and MAC Entry on user side. But this is something that i am not looking for.
Can you please tell me some other solutions that i can go on with.
Looking forward for your reply.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: ARP Poisoning
Fetched: January 10th, 2008, 12:35pm GMT
Tags: Security [edit]
Author: abakali
Posted: Thu Jan 10, 2008 10:15 am (GMT 5)
Topic Replies: 9
here is a simple solution for this
make a script from your mac.addresses list collect your clients mac and ip and use static arp on your server machine e.g
10.10.10.1 xx.xx.xx.xx.xx.xx -i ethx
10.10.10.2 xx.xx.xx.xx.xx.xx -i ethx
10.10.10.3 xx.xx.xx.xx.xx.xx -i ethx
10.10.10.4 xx.xx.xx.xx.xx.xx -i ethx
10.10.10.5 xx.xx.xx.xx.xx.xx -i ethx
keep in mind when ever you restart your interface this rules are flush . then go to your client side and make a batch file and put your static entry for server ip and mac
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: How to allow FTP in hosts.allow
Fetched: January 9th, 2008, 12:35am GMT
Tags: Security [edit]
Author: Learner
Posted: Wed Jan 09, 2008 9:18 pm (GMT 5)
Topic Replies: 4
AOA
Dear Lambda !
Thanks for the reply. I have tried it, I want to make FTP available for all. The option I used is
vsftpd : localhost : allow
vsftpd : ALL : allow
Now its working, thanks once again for the guidance.
_________________
Thanks & Regards
Muhammad Ali
-
RE: ARP Poisoning
Fetched: January 9th, 2008, 4:36pm GMT
Tags: Security [edit]
Author: sameer666
Posted: Wed Jan 09, 2008 1:46 pm (GMT 5)
Topic Replies: 6
use static mac, if ur server mac keeps changing
regards
_________________
Novice at heart
-
Kernel Compilation
Fetched: January 8th, 2008, 4:36am GMT
Tags: Security [edit]
Author: Kamranalilakhnavi
Subject: Kernel Compilation
Posted: Wed Jan 09, 2008 2:22 am (GMT 5)
Topic Replies: 0
Hello Everyone,
I am compiling kernel with grsecurity pacth on RedHat4 Enterprise. Every thing went fine but I am not able to boot my system with new kernel , getting the following error.
Warning: unable to open an initial console.
System hanged after this warning.
Any help would be highly appreciated..
"
_________________
Regards,
Pasha
-
RE: How to allow FTP in hosts.allow
Fetched: January 8th, 2008, 4:36am GMT
Tags: Security [edit]
Author: lambda
Posted: Wed Jan 09, 2008 1:57 am (GMT 5)
Topic Replies: 4
add something like
to allow access from that network. by commenting out the "ALL" entry, you've pretty much disabled all services by default.Code: vsftpd : 192.168.0.1/24 : allow
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: How to allow FTP in hosts.allow
Fetched: January 8th, 2008, 12:36pm GMT
Tags: Security [edit]
Author: Learner
Posted: Tue Jan 08, 2008 11:14 am (GMT 5)
Topic Replies: 3
Dear Lambda !
Thanks for the reply.
What I have done is a little change in "hosts.allow". That is
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
##ALL : ALL : allow (Changed)
# Wrapping sshd(
is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
sshd : 192.168.1.6,192.168.1.7 : allow ##(Changed)
sshd : ALL : deny ##(Changed)
Just uncommected two lines ...
_________________
Thanks & Regards
Muhammad Ali
-
RE: How to allow FTP in hosts.allow
Fetched: January 8th, 2008, 12:36pm GMT
Tags: Security [edit]
Author: lambda
Posted: Tue Jan 08, 2008 10:03 am (GMT 5)
Topic Replies: 3
what have you tried to do?
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
How to allow FTP in hosts.allow
Fetched: January 8th, 2008, 12:36pm GMT
Tags: Security [edit]
Author: Learner
Subject: How to allow FTP in hosts.allow
Posted: Tue Jan 08, 2008 9:35 am (GMT 5)
Topic Replies: 3
AOA
Dear All !
I am using FreeBSD 6.2. I am facing a problem that my machine is reports me a number of invalid user attempts from outside. I want to secure it by using "hosts.allow", but when i do this my FTP services also stop working. The FTP server package is "vsftpd".
Please guide ...
_________________
Thanks & Regards
Muhammad Ali
-
RE: ARP Poisoning
Fetched: January 7th, 2008, 4:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Tue Jan 08, 2008 1:38 am (GMT 5)
Topic Replies: 2
Hi,
Still looking for some solutions
DHCP Server is giving IP's. Only allowed MAC Addresses are given Class A IP Address, and MAC's which are not allowed are given a Class C IP Address.
Each MAC has its own Fixed IP Address....
Squid is being used Proxy Server, IPTABLES are being used as Firewall...TC being used to shape bandwidht on Per IP Address...
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
Planet MYOSS
-
Danesh Manoharan: Upgraded to WordPress 2.3.2
Posted: January 7th, 2008, 7:40am GMT
Tags: patch release Security securityrelease update [edit]
I finally upgraded to WordPress version 2.3.2.
Been really tired and busy since coming back from Langkawi last week. Found some time last night so this was the first thing I did.
WordPress 2.3.2 is a security release which fixes a hole that allows attackers to access your drafts and also attain your database structure information through error messages.
Better patch up quick!!
Source: WordPress Dev
Tags: patch, release, Security, security release, update, WordPress
Related posts- Firefox 2.0.0.9 released (0)
- Firefox 2.0.0.8 released (4)
- Firefox 2.0.0.7 released (3)
- Firefox 2.0.0.6 released (0)
- Firefox 2.0.0.11 released (2)
linuxpakistan.net
-
RE: ARP Poisoning
Fetched: January 4th, 2008, 8:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Fri Jan 04, 2008 5:47 am (GMT 5)
Topic Replies: 1
Can anyone tell me some solutions to my problem.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: problem in linux
Fetched: January 3rd, 2008, 4:35pm GMT
Tags: Security [edit]
Author: nayyares
Posted: Thu Jan 03, 2008 1:42 pm (GMT 5)
Topic Replies: 1
Hi,
Post $tcpdump of your internet server as well as linux client.
PS: grep only one linux client tcpdump at server :p
cheers
_________________
Nayyar Ahmad
RHCE, CCNA, OCP DBA
nayyares aT fedoraproject DoT org
blogs: nayyares.blogspot.com
-
problem in linux
Fetched: January 3rd, 2008, 4:35pm GMT
Tags: Security [edit]
Author: venky145
Subject: problem in linux
Posted: Thu Jan 03, 2008 12:51 pm (GMT 5)
Topic Replies: 1
hi
i am using this script in my linux box, the problem is my clients systems we are using windows xp and linux (FC4) my pronlem is in XP internet is working fine probl is in linux internet not working sometimes its works maximum 2 to 3 min only .
this is my firewall script
PATH=$PATH:/sbin:/bin:/usr/bin:/usr/sbin
export PATH
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
iptables -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
echo "1024" > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo "2048" > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo "4096" > /proc/sys/net/ipv4/neigh/default/gc_thresh3
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
#BLOCKING MOVIE SERVER MAC ADDRESS
iptables -A INPUT -m mac --mac-source 00:11:25:b8:58:76 -j DROP
iptables -A FORWARD -m mac --mac-source 00:11:25:b8:58:76 -j DROP
#PING BLOCK EXCEPT ONE IP
iptables -A INPUT -s 10.21.0.145 -p icmp -j ACCEPT
iptables -A INPUT -p icmp -j DROP
#PING BLOCK EXCEPT ONE IP
iptables -A OUTPUT -d ! 10.21.0.145 -p icmp -j DROP
# Disable response to broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Don't accept source routed packets. Attackers can use source routing to generate
# traffic pretending to be from inside your network, but which is routed back along the path from which it came, namely outside
echo "99999999999999999999999999999" > /proc/sys/net/ipv4/ip_conntrack_max
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
# Disable ICMP redirect acceptance. ICMP redirects can be used to alter your routing tables possibly to a bad end.par^M
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
# Enable bad error message protection.
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
/sbin/iptables -t nat -A POSTROUTING -s 10.21.0.1/24 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 10.21.0.1/24 -d 0/0 --dport 3128 -j ACCEPT
-
ARP Poisoning
Fetched: January 3rd, 2008, 8:35am GMT
Tags: Security [edit]
Author: mudasir
Subject: ARP Poisoning
Posted: Thu Jan 03, 2008 5:39 am (GMT 5)
Topic Replies: 0
I have been facing a problem from almost 15 days. Let me explain you what i have been facing.
My server has IP Address 10.10.10.1 (Server acting as Squid Proxy).
Now from any client when i execute this command (arp -a 10.10.10.1)
I am not getting Server's MAC Address, whenever i execute this command i get different MAC Address. I am not getting SAME Address everytime, getting differect MAC Address eveytime.
Now due to this ARP Poisoning Cleint is Breaking PING to Server and Internet stops Working.
Can you please tell me some Solutions.
I also made a script to get all the MAC Address Againt my Server's IP. I got more than 350 MAC Addresses.
How can i solve this Problem.
I searched Google regarding ARP Poisoning i found following link.
[packetstormsecurity.org]
on the above stated link i found this script
[packetstormsecurity.org]
I dont know what i does but the description say
Quote:
OpenAAPD (0.1-beta) is an Anti Arp Poisoning Daemon for OpenBSD operating system which works with or without DHCP protocol support on the LAN networks without compromising the ARP protocol performances.
Please help me out in this problem.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Firewall Script....
Fetched: December 27th, 2007, 8:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Thu Dec 27, 2007 5:12 am (GMT 5)
Topic Replies: 5
keep it up mudassir!
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
Planet MYOSS
-
Danesh Manoharan: Your Gmail Exposed
Posted: December 27th, 2007, 7:30am GMT
Tags: exploit gmail hacks Security [edit]
Image taken from DavidAireyWhat would you do if someone hacked into your Gmail account and stole valueble information like your user name and passwords?
This happened to David Airey a logo designer from http://www.davidairey.com which is now forced back to it’s secondary URL http://www.davidairey.co.uk. His site was getting about 2000 hits a day. His business cards need to be updated and clients need to be informed.
The attacker managed to leverage a security exploit in Gmail which allowed him to inject a mail filter into Gmail which forwards all mails with attachments to the attacker. The attacker managed to obtain David’s domain account credentials.
During David’s recent holiday to India with his girlfriend, the attacker transfered “www.davidairey.com” to himself and is now holding it ransom till David decides to pay up the ransom fee of USD250 which initially was USD600.
My Advice: Google has since fixed this issue but still, make sure to check your Gmail filters. It could just save you your business and loads of time.
What would you do if this happened to you? How can we prevent this?
Tags: exploit, gmail, hacks, Security
Related posts- WordPress Trackback UTF-7 SQL Injection | WordPress (0)
- Top Antivirus Applications (4)
- PayPal phishing (1)
- HongKiat.com defaced (3)
- Hacks: Windows Genuine Advantage removal (0)
linuxpakistan.net
-
RE: Firewall Script....
Fetched: December 26th, 2007, 12:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Dec 26, 2007 10:45 pm (GMT 5)
Topic Replies: 5
AOA,
Dear nayyares,
This is a Firewall Script, doing MAC to IP Binding. Install script creates a .conf file /etc/firewall.conf and reads it and works on it.
This script is just a try from me
for those people who always ask to please tell us IPTABLES rules for GATEWAY....
Hope this scripts helps....
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Firewall Script....
Fetched: December 26th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: nayyares
Posted: Wed Dec 26, 2007 7:23 pm (GMT 5)
Topic Replies: 5
Hi,
Could you please mention the purpose of this script? this would rather help to use it.
Cheers
_________________
Nayyar Ahmad
RHCE, CCNA, OCP DBA
nayyares aT fedoraproject DoT org
blogs: nayyares.blogspot.com
-
RE: Firewall Script....
Fetched: December 26th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Dec 26, 2007 5:57 pm (GMT 5)
Topic Replies: 5
AOA,
Dear lambda,
Thanks alot for telling me about googlepages. I have uploaded the file at
[coolmudasir.googlepages.com]
To Install the script just Follow these steps
Quote:
1. wget [coolmudasir.googlepages.com]
2. tar -xvzf firewall.tar.gz
2. cd firewall
Before starting the INSTALL Process Read the ReadMe file.
3. ./install (To Start the Installation Process)
4. Enter All the Things Asked by the Install Script.
To Start the Firewall just after the installation execute the following command
>firewall.start
To update the Firewall execute the following command
>firewall.update
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Firewall Script....
Fetched: December 26th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: lambda
Posted: Wed Dec 26, 2007 1:12 pm (GMT 5)
Topic Replies: 5
please don't use random websites for your scripts/code. use something that will last a long time, like google pages. if you have a google account, just go to [pages.google.com] create a "site", and you're done.
google is unlikely to die in a couple of years, or rearrange their pages, or do something silly like that. google also lets you upload all sorts of files -- text files, tar/zip files, etc. plus, the urls make sense, like [mudasir.googlepages.com] instead of what you have up there.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
Firewall Script....
Fetched: December 26th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: mudasir
Subject: Firewall Script....
Posted: Wed Dec 26, 2007 11:21 am (GMT 5)
Topic Replies: 5
AOA,
Dear LP Members,
I have made a Firewall Script. Download the Firewall Script from
[www.mediafire.com]
Then follow these Steps.
Quote:
Before doing any thing Read the ReadMe file.
1. After Downloading untar the file by "tar -xvzf firewall.tar.gz"
2. Then goto the Firewall Directory "cd firewall"
3. Then run the install script "./install"
4. Enter All the Things Asked by the Install Script.
Please Dont run the Install Script again and again, If you miss something, Please Read the ReadMe file.
This script is Still a Beta Version, under testing..
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 21st, 2007, 12:35pm GMT
Tags: Security [edit]
Author: shakeel_jee7
Posted: Fri Dec 21, 2007 4:45 am (GMT 5)
Topic Replies: 13
Thankyou Mudassar bhai, very much for your Help. You have given me much precious time.
But Still my problem didn't solve. When I use the Commands, that you recently told me to put in rc.local file, and restarted the system, the Internet suddenly did stop in the main PC as well as, in the Second PC, it also didn't work!
(I've checked the rc.local, it is working, But chkconfig command is not working)
Code: root@engineer-pc:/home/engineer# chkconfig --list | grep iptables
bash: chkconfig: command not found
Code: root@engineer-pc:/home/engineer# ps aux | grep iptables
root 14827 0.0 0.0 5120 824 pts/0 S+ 04:50 0:00 grep iptables
So, plz if you have any other solution, besides MAC address spoofing, I have two softwares for MAC address spoofing for Windows, but I use Linux or Machintosh for Internet, But MAC address is not a good solution to my problem. OK, If you have information about How to Spoof MAC address in Linux/MAC OS X, then Please tell me.
Also if you have any other solution like IP Forwarding and Masquerading, then please tell me.
Thanx in Advance!
Shakeel
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 20th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Thu Dec 20, 2007 4:06 pm (GMT 5)
Topic Replies: 12
AOA,
Dear Shakeel_jee7,
Follow the steps which i stated above and just replace the code that i wanted you to enter in rc.local file with the code gived below.
Code:
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth2 -p tcp -j MASQUERADE
And Please check wheather the IPTABLES service is started or not, if the service is not started then please start the service then implement the following code.
To check wheather the service is started ir not use the following command
ps aux | grep iptables
And to check at which runlevel it is being started use the following command.
chkconfig --list | grep iptables.
And if the service is not started at any runlevel use the following command to start the service automatically at runlevel 3,4 and 5.
chkconfig --level 345 iptables on
Hope this will help you out.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 20th, 2007, 8:35am GMT
Tags: Security [edit]
Author: shakeel_jee7
Posted: Thu Dec 20, 2007 5:55 am (GMT 5)
Topic Replies: 12
mudasir wrote: AOA,
Dear shakeel_jee7,
Is this eth2 your interface on the PC on which internet is working fine, and is this the interface through which internet is working.
Yes, Dear, eth2 is the Interface, through which my main PC/Server is connected to Internet and the Interface by which I connect to other PC is "eth0"!
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 20th, 2007, 8:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Thu Dec 20, 2007 5:26 am (GMT 5)
Topic Replies: 11
AOA,
Dear shakeel_jee7,
Is this eth2 your interface on the PC on which internet is working fine, and is this the interface through which internet is working.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 19th, 2007, 4:01am GMT
Tags: Security [edit]
Author: shakeel_jee7
Posted: Thu Dec 20, 2007 3:27 am (GMT 5)
Topic Replies: 11
mudasir wrote:
Code:
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -p all -s 0.0.0.0/0 -j MASQUERADE
Assalm-o-Alikum;
Thanks Dear Mudassar for your kindness. I have applied these rules in rc.local file but still Internet is not working on the other PC.
I am sending you the shadow of my "rc.local", so that you please see it, May I did any mistake in it.
Now; for reference, "eth2" is the interface on which Internet works and "eth0" is the Interface, by which I connect my Other PC to this system which has IP address "192.168.0.1".
Now According to your given scheme, I edited my "rc.local" file like this:
Code:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth2 -p all -s 192.168.0.1/24 -j MASQUERADE
exit 0
"/etc/rc.local" 22 lines, 529 characters
Please Help me out this problem.
Once again thanks for your Help!
Shakeel
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 19th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Wed Dec 19, 2007 2:06 pm (GMT 5)
Topic Replies: 9
Shakeel can you do anything on ur own???
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: December 19th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Wed Dec 19, 2007 2:02 pm (GMT 5)
Topic Replies: 50
hahahaha What a Crap!!
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 19th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Dec 19, 2007 1:58 pm (GMT 5)
Topic Replies: 9
AOA,
Dear shakeel_jee7,
Follow the steps below. (Commands will only work on Linux, so Linux should be there on the Main INTERNET PC).
1. On the Main PC where internet is working you should have two LAN cards.
2. First LAN Card having your internet configuration connected to your INTERNET Network, and Second LAN Card should have any other Private IP Range (other than your Internet One).
3. Now boot your INTERNET PC in Linux and open rc.local (vi /etc/rc.local) and enter following commands at the end of the file.(considering eth0 to be the INTERFACE on main INTERNET PC connected to INTERNET)
Code:
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -p all -s 0.0.0.0/0 -j MASQUERADE
4. Now SAVE rc.local and exit ( :wq ).
5. Now Reboot your PC and try internet on the other PC Connected to your main INTERNET PC.
Hope this should help you out.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Information Security Help!!!
Fetched: December 19th, 2007, 10:34am GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Wed Dec 19, 2007 8:07 am (GMT 5)
Topic Replies: 50
Dear x2oxen,
Salam,
x2oxen wrote: hay security kid where have u gone??? why this thread gone asleep??
He has been hacked by some one
Best Regards.
_________________
Farrukh Ahmed
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 4:35am GMT
Tags: Security [edit]
Author: shakeel_jee7
Posted: Wed Dec 19, 2007 3:13 am (GMT 5)
Topic Replies: 8
ashariqbal wrote: MAC address spoofing is possible on most OS. Of course this is a major problem from the point of view of cable operators (there was a recent thread on this).
Dear Ashir Iqbal;
Can you please provide me the exact link???
Thanx
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 4:35am GMT
Tags: Security [edit]
Author: shakeel_jee7
Posted: Wed Dec 19, 2007 3:10 am (GMT 5)
Topic Replies: 8
mudasir wrote: AOA,
Dear Shakeel_jee7,
On the PC on which internet is working, simply enable IP_FORWARDING and Masquerade the outgoing interface.
AA
Dear Mudassar bhai!
Can you please tell me closely the commands which i follow, to do that, or give me some links, where this problem is solved.
(I am telling you another problem; When I Connect my main PC where internet works, to the other PC with other LAN card or any Networking Interface (Wireless LAN, Ethernet LAN, or Firewire) then Browsing Immediately stops working, while Network Shares, just work fine!!!)
Thanks for your Cooperation.....
Shakeel
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 4:35am GMT
Tags: Security [edit]
Author: shakeel_jee7
Posted: Wed Dec 19, 2007 3:04 am (GMT 5)
Topic Replies: 8
x2oxen wrote: there are two possible ways for doing so.. Just make a miniserver of your own and connect your 2nd pc with that or else switch your second pc mac address to the same one on which they have bind you.
Thank you dear Brother for the Solution: I know this before, Now;
1. I think it is better option for me as I have at least 5-6 computers in my room (PCs, MACs, Laptops) (By the way, My Room is not Internet Cafe or Public place, though, I have very much Interest in Different hardwares....)
But please provide me Closer solution to my problem, and provide me some links where this type of problem is already solved, in any Plateform (Windows, Linux, Mac OS X).
2. If I choose second option, then PLease tell me the softwares (Cracked, Registered or Free) for Windows, Linux and Mac OS X, which can change the MAC address of the LAN card.
Thankyou very very much for your cooperation.....
Allah Hafiz
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: Information Security Help!!!
Fetched: December 18th, 2007, 4:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Wed Dec 19, 2007 2:05 am (GMT 5)
Topic Replies: 50
hay security kid where have u gone??? why this thread gone asleep??
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Tue Dec 18, 2007 2:58 pm (GMT 5)
Topic Replies: 6
there are two possible ways for doing so.. Just make a miniserver of your own and connect your 2nd pc with that or else switch your second pc mac address to the same one on which they have bind you.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: ashariqbal
Posted: Tue Dec 18, 2007 10:37 am (GMT 5)
Topic Replies: 6
MAC address spoofing is possible on most OS. Of course this is a major problem from the point of view of cable operators (there was a recent thread on this).
_________________
------------------------------------------------------------------
Xnet Solutions - manufacturer of Network Appliances - Firewalls, Mailservers, IP PBX, Routers
-
RE: Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Tue Dec 18, 2007 9:53 am (GMT 5)
Topic Replies: 3
AOA,
Dear Shakeel_jee7,
On the PC on which internet is working, simply enable IP_FORWARDING and Masquerade the outgoing interface.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
Breaking MAC Addressing Binding Security...
Fetched: December 18th, 2007, 8:35am GMT
Tags: Security [edit]
Author: shakeel_jee7
Subject: Breaking MAC Addressing Binding Security...
Posted: Tue Dec 18, 2007 4:35 am (GMT 5)
Topic Replies: 3
Assalam-o-Alaikum
Dear Fellows!
Please I need your help in a problem.
I have cable Net connection in my home. The problem is that, they've done "MAC-Address binding" with the Interface card provided, now When I want to put cable in my second PC, I wont able to use the Internet. I just Browse the Network Shares fine, but Internet doesn't work then.
Please send me a solution to overcome this problem, I means, How to overcome MAC address binding or Forward the Packets received by that Interface to my other PC using another Lan card in the same PC.
I have the Following Scheme: Uderstand it for reference:
1. The PC in which I use internet has two LAN cards. In one card, the Cable Net is connected which is Binded, (MAC address and the IP), I want to do NATing or some other way to forward those packages to the Second LAN card in the same PC, so that card is connected to my Second PC, and hence, I can use the Internet on my second PC.
2. Note that I Different OS/Hardware in my Room, like Linux Box (Ubuntu 7.10 Gutsy Gibbon, RHEL 4.0) Windows (XP and Vista) and Apple Machintosh PowerMac G4 (Mac OS X and Mac OS 9.2 Classic), so tell me any Possible combination or configuration by which I use Internet on different PCs (Or Atleast 2 PCs)
3. Can NATing with iptables help me in this regard?
Please solve my this problem, I will be very thankful to you people!
Thanking you in Anticipation.
Allah ap ko Jaza-e-Khair de ga (InshaAllah)
_________________
* * *
Shakeel Ahmed
Registered Linux User # 423792
"The Shortest Distance b/w a Problem & its solution, is distance between ur Knees & the Floor. The one who kneels to Allah can stand upto anything!!"
-
RE: can not access vsftp remotel
Fetched: December 18th, 2007, 8:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Tue Dec 18, 2007 3:33 am (GMT 5)
Topic Replies: 4
then r you sure you have a live ip on that machine as well???
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: can not access vsftp remotel
Fetched: December 17th, 2007, 4:13pm GMT
Tags: Security [edit]
Author: shahzor
Posted: Mon Dec 17, 2007 2:17 pm (GMT 5)
Topic Replies: 4
well by localy means LAN, I am using Red Hat Linux Enterprise 4. I have already checked the secure logs. which I have sumbitted on my first post. the error.
_________________
LinuxBoy
-
RE: can not access vsftp remotel
Fetched: December 17th, 2007, 9:57am GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Mon Dec 17, 2007 8:40 am (GMT 5)
Topic Replies: 3
Dear shahzor,
Salam,
Are you using Fedora Core ?
Check your /var/log/secure for more information.
Best Regards.
_________________
Farrukh Ahmed
-
RE: can not access vsftp remotel
Fetched: December 16th, 2007, 12:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sun Dec 16, 2007 11:39 pm (GMT 5)
Topic Replies: 3
what do you mean by locally?? you mean on your lan or on same computer! paste your vsftpd.conf as well.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
can not access vsftp remotel
Fetched: December 15th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: shahzor
Subject: can not access vsftp remotel
Posted: Sat Dec 15, 2007 1:26 pm (GMT 5)
Topic Replies: 1
Hi, Dear
I am having a prblem with my vsftp, I can access my ftp locally but when I try to access it remotely I get the following error any ideas will be appretiated thanks in advance.
the error I get is
KERBEROS_V4 rejected as an authentication type
_________________
LinuxBoy
Planet MYOSS
-
Khairul Aizat Kamarudzzaman (fenris): Installing firewalllogs_ipcop_1.4.11.tar.gz in IPcop 1.4.18
Posted: December 7th, 2007, 4:39am GMT
Tags: IPcop Security Firewall Logs Ports [edit]
After more than 1 years using IPcop, sudden i realize that i miss see something really good n nice to have as a addon on IPcop that is firewal logs viewer. After seeing the version that compatible with the IPcop might be absolute for IPcop 1.4.18.
What eva it is .. i don’t afraid to try install it in existing firewall, but i do test it 1st @ branch office than proceed to HQ (-.-).
- Lets start download it from here
- Then upload it into ipcop using scp @ winscp
- Login to ipcop via ssh
- tar zxvf firewalllogs_ipcop_1.4.11.tar.gz
- cd firewalllogs
- then run the installation file : ./install
- U might see something like this –> Wrong Ipcop-Version, exiting………….
- Dont Panic !!! this error occurs because of the IPcop version is the latest which is 1.4.18
- What u should do next is editing the install file
- vi install
- search for -a $IPCOPVERSION” != “1.4.12″ then add a few codes after it like this –> -a $IPCOPVERSION” != “1.4.18″
the scripts should be edit like this:
IPCOPVERSION=`grep version /var/ipcop/general-functions.pl | cut -d= -f2 | grep -v Data | tr -d [:blank:];’`
if [ “$IPCOPVERSION” != “1.4.8″ -a “$IPCOPVERSION” != “1.4.9″ -a “$IPCOPVERSION” != “1.4.10″ -a “$IPCOPVERSION” != “1.4.11″ -a “$IPCOPVERSION” != “1.4.12″ -a “$IPCOPVERSION” != “1.4.18″ ]the rest of the script maintain as it it, then u save it, :wq!
Try run the installation script again, ./install
U will see something like this:
This is fwlogs installing.
installing files
creating webinterface entries
creating language entries
Enable automatic versioncheck for this mod ? [y/n] y
cleaning up
Installation finished.to uninstall fwlogs just run ‘/usr/local/bin/uninstall_fwlogs’
Wallah … its ready to user
!Next, open ya favorite browser then view the IPcop GUI under tabs logs –> FW-Log Graphs by Ip & FW-Log Graphs by Port
Here are some screen shot:-
You may click the buttons for details on the IP’s and the Ports, i luv the graph becoz i don’t have to see the original firewall logs will look like this :
So u have the choice either to use looking at the log by words & numbers @ by the graph
, enjoy it!!
linuxpakistan.net
-
RE: A Firewall I Made
Fetched: December 6th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Thu Dec 06, 2007 12:01 pm (GMT 5)
Topic Replies: 20
AOA,
Dear Farrukh Bhai,
Got it working,
Working Script is at
[www.geocities.com]
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: December 6th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Thu Dec 06, 2007 10:09 am (GMT 5)
Topic Replies: 20
Dear mudasir,
Salam,
Use this rule before any other rule.
Code: $IPT -A INPUT -i $NETWORK -s 0.0.0.0 -d $LOC_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
Best Regards.
_________________
Farrukh Ahmed
-
RE: A Firewall I Made
Fetched: December 5th, 2007, 12:36am GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Dec 05, 2007 11:38 pm (GMT 5)
Topic Replies: 18
AOA,
Dear Farrukh bhai,
I tried the rule that you told me to try still no progress.
My Final Script that i am using is as follows
Code:
#!/bin/sh
###############################################
#### Firewall Script Created By ####
#### Mudasir Mirza ####
#### cool_mudasir@hotmail.com ####
#### 0092-321-2395320 ####
###############################################
#set -x
########################
## Defining Variables ##
########################
# Path to IPTABLES executable
IPT="/sbin/iptables"
# Interface Card Connected to Local Network
NETWORK="eth1"
# Interface Card Connected to Internet
INTERNET="eth0"
# Loopback Interface
LOOPBACK="lo"
# IP Addreses of Server
SERVER_IP="10.0.0.3"
# Local Network IP Range / Subnet
LOC_IP="10.0.0.0/24"
# INTERNAL Broadcast
LOC_BCAST=10.0.0.255
# IP On The Internet Interface
NET_IP="192.168.1.3/24"
# DHCP Server IP
DHCP_SERVER="10.0.0.3"
# SSH Port
SSH_PORT="22"
# FTP on the Network
FTP_IP="10.0.0.6"
# FTP Port
FTP_PORT="21"
# Primiry DNS Server
P_DNS="203.99.163.240"
# Alternate DNS Server
A_DNS="203.99.163.243"
# Path To Directory Containing MAC Addresses
MACDIR="/macs"
# Path To File Containing MAC Addresses
MACFILE="/macs/allowed.macs"
# Path To File Containging IP Addresses
IPFILE="/macs/allowed.ips"
# Location of modprobe
MOD="/sbin/modprobe"
#########################
### Flushing IPTABLES ###
#########################
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
#################################################
### Calling Required IPTABLES Modules For FTP ###
#################################################
$MOD ip_conntrack
$MOD ip_conntrack_ftp
$MOD ip_nat_ftp
########################################
### Setting Default Policies to Drop ###
########################################
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
echo Default Policies Set To Drop
####################################
### Setting Needed PROC Settings ###
####################################
echo 1 > /proc/sys/net/ipv4/ip_forward
##############################
### Setting IPTABLES Rules ###
##############################
###############################
### MAC Addresses Filtering ###
###############################
rm -f $MACDIR/mac.addresses
cat $MACFILE | awk '{ print $1 }' >> $MACDIR/mac1
cat $MACDIR/mac1 | sed "s/#.*//" > $MACDIR/mac2
cat $MACDIR/mac2 | sed "/^ /d;/^$/d;" > $MACDIR/mac.addresses
rm -f $MACDIR/mac1
rm -f $MACDIR/mac2
rm -f $MACDIR/ip.adresses
cat $IPFILE | awk '{ print $1 }' >> $MACDIR/ip1
cat $MACDIR/ip1 | sed "s/#.*//" > $MACDIR/ip2
cat $MACDIR/ip2 | sed "/^ /d;/^$/d;" > $MACDIR/ip.addresses
rm -f $MACDIR/ip1
rm -f $MACDIR/ip2
echo -----------------------------------------------
echo Marking Packets from Known MAC and IP Addresses
echo -----------------------------------------------
cat $MACDIR/mac.addresses | while read MACS
do
$IPT -t mangle -A PREROUTING -i $NETWORK -m mac --mac-source $MACS -j MARK --set-mark 1
done
$IPT -t mangle -A PREROUTING -i $NETWORK -s 10.0.0.10 -j MARK --set-mark 1
cat $MACDIR/ip.addresses | while read IPS
do
$IPT -t mangle -A PREROUTING -i $NETWORK -s $IPS -j MARK --set-mark 1
done
echo -----------------------------------------------
echo ---- MAC and IP Address Filtering Complete ----
echo -----------------------------------------------
$IPT -A INPUT -i $NETWORK -d $SERVER_IP -m mark --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark ! --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-net-unreachable
#########################################
### MAC Addresses Filtering Completed ###
#########################################
#####################
### Rules for FTP ###
#####################
$IPT -A INPUT -i $NETWORK -s 0.0.0.0 -d 0.0.0.0 -p tcp --dport 20:21 -j ACCEPT
$IPT -A INPUT -i $NETWORK -s 0.0.0.0 -d 0.0.0.0 -p tcp --dport 1024:65535 -j ACCEPT
$IPT -A INPUT -i $NETWORK -p tcp -s 0/0 -d $LOC_IP --dport 20:21 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i $NETWORK -p tcp -s 0/0 -d $LOC_IP --dport 20:21 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i $NETWORK -p tcp -s 0/0 -d $LOC_IP --dport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i $NETWORK -p tcp -s 0/0 -d $LOC_IP --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i $NETWORK -s 0.0.0.0 -d $LOC_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A POSTROUTING -o $INTERNET -p tcp --dport 21 -m mark --mark 1 -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $INTERNET -p tcp --dport 20 -m mark --mark 1 -j MASQUERADE
#########################
### SSH From Internet ###
#########################
$IPT -A INPUT -i $INTERNET -p tcp --dport $SSH_PORT -j ACCEPT
$IPT -A INPUT -i $INTERNET -p udp --dport $SSH_PORT -j ACCEPT
#################################################################
### Redirecting FTP Traffic Coming From Internet To LOCAL FTP ###
#################################################################
$IPT -t nat -A PREROUTING -i $INTERNET -p udp --dport 21 -j DNAT --to $FTP_IP:$FTP_PORT
$IPT -t nat -A PREROUTING -i $INTERNET -p tcp --dport 21 -j DNAT --to $FTP_IP:$FTP_PORT
################################
### Accepting Marked Packets ###
################################
$IPT -A INPUT -i $NETWORK -m mark --mark 1 -j ACCEPT
$IPT -A FORWARD -i $NETWORK -m mark --mark 1 -j ACCEPT
$IPT -A OUTPUT -o $INTERNET -m mark --mark 1 -j ACCEPT
####################################
### Droping All Unmarked Packets ###
####################################
$IPT -A FORWARD -i $NETWORK -m mark ! --mark 1 -j DROP
$IPT -A INPUT -i $NETWORK -m mark ! --mark 1 -j DROP
########################################################
### Accepting Voice/CAM Request for Marked Packets. ###
########################################################
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p udp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5100 -j ACCEPT
#######################################################
### Droping Voice/CAM Traffic which is not Marked. ###
#######################################################
$IPT -t nat -A PREROUTING -i $NETWORK -m mark ! --mark 1 -p tcp --dport 5000:5010 -j DROP
$IPT -t nat -A PREROUTING -m mark ! --mark 1 -i NETWORK -p tcp --dport 5100 -j DROP
################################
### Accepting DHCP Request. ###
################################
$IPT -A INPUT -i $NETWORK -p udp -s $DHCP_SERVER --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p udp -s 255.255.255.255 --sport 68 -d $DHCP_SERVER --dport 67 -j ACCEPT
################################################################
### Redirecting HTTP and FTP Traffic to Squid Proxy Server. ###
################################################################
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 80 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 80 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 21 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 21 -j REDIRECT --to-port 8080
#################################################
### MASQUERADE All packets that are Marked. ###
#################################################
$IPT -t nat -A POSTROUTING -p all -s $LOC_IP -m mark --mark 1 -o $INTERNET -j MASQUERADE
###############################
### Rules for ICMP Protocol ###
###############################
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $P_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $A_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d ! $LOC_IP -p icmp --icmp-type echo-request -j DROP
#$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
$IPT -A INPUT -i $NETWORK -d $SERVER_IP -m mark --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark ! --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-net-unreachable
$IPT -A INPUT -p icmp -s $LOC_IP -d $LOC_BCAST -j DROP
###############################################
### No Restriction for Loopback Interface ###
###############################################
$IPT -A INPUT -i $LOOPBACK -j ACCEPT
$IPT -A OUTPUT -o $LOOPBACK -j ACCEPT
########################################################################
### Droping Packets coming from internet claming to be from Network ###
########################################################################
$IPT -A INPUT -i $INTERNET -s $LOC_IP -j DROP
$IPT -A INPUT -i $INTERNET -d 127.0.0.0/8 -j DROP
$IPT -A INPUT -i $NETWORK -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -j ACCEPT
#######################################################
### Accepting Extablished and Related Connections ###
#######################################################
$IPT -I INPUT -i $NETWORK -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i $INTERNET -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -o $INTERNET -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
############################################
### Droping Invalid and Unknown Packets ###
############################################
$IPT -A FORWARD -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,FIN FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,URG URG -j DROP
#$IPT -t nat -A PREROUTING -i $NETWORK -p tcp --syn -s $LOC_IP --dport 80 -m mark ! --mark 1 -j DROP
Still No FTP site is opening behind it...FTP Site is opening on SERVER not on CLIENT. By FTP Site i do not mean LOCAL FTP.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: December 5th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Dec 05, 2007 10:48 am (GMT 5)
Topic Replies: 18
AOA,
Dear Farrukh bhai,
Thanks for your reply.
I will try these today, and will let you know.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: December 5th, 2007, 10:28am GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Wed Dec 05, 2007 8:23 am (GMT 5)
Topic Replies: 18
Dear mudasir,
Salam,
Using following rule will help you.
# iptables -I INPUT -i eth0 -s 0.0.0.0 -d 192.168.0.1 -m state --state ESTABLISHED,RELATED -j ACCEPT
Best Regards.
_________________
Farrukh Ahmed
-
RE: A Firewall I Made
Fetched: December 4th, 2007, 4:25pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Tue Dec 04, 2007 12:40 pm (GMT 5)
Topic Replies: 17
AOA,
Dear Farrukh bhai and Kashif Bhai,
I have also tried the following rules
Quote:
iptables -A INPUT -i $NETWORK -p tcp --dport 20:21 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $NETWORK -p tcp --dport 20:21 -m state --state NEW,RELATED -j ACCEPT
iptables -A INPUT -i $NETWORK -p tcp --dport 1024:65535 -m state --state NEW,RELATED -j ACCEPT
iptables -A INPUT -i $NETWORK -p tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $NETWORK -p tcp --dport 1024:65535 -m state --state NEW,RELATED -j ACCEPT
iptables -A FORWARD -i $NETWORK -p tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
Still no progress....
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: December 4th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: kbukhari
Posted: Tue Dec 04, 2007 10:06 am (GMT 5)
Topic Replies: 17
mudasir wrote: AOA,
Please tell me what should i do in order for FTP sites to work behind this script
Try allowing related packets...
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: A Firewall I Made
Fetched: December 4th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Tue Dec 04, 2007 8:33 am (GMT 5)
Topic Replies: 16
Dear mudasir,
Salam,
mudasir wrote: Please tell me what should i do in order for FTP sites to work behind this script
Allow passive ports in your Firewall Rules.
Best Regards.
_________________
Farrukh Ahmed
-
RE: A Firewall I Made
Fetched: December 3rd, 2007, 4:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Tue Dec 04, 2007 12:44 am (GMT 5)
Topic Replies: 16
AOA,
Please tell me what should i do in order for FTP sites to work behind this script
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
Planet MYOSS
-
Danesh Manoharan: Firefox 2.0.0.11 released
Posted: December 3rd, 2007, 9:00pm GMT
Tags: firefox mozilla patch release Security [edit]
A new update for Firefox was released just 4 days after the 2.0.0.10 update was made available to the public. The latest update 2.0.0.11 fixes a few compatibulity issues that showed up after upgrading to 20.0.0.10. Nothing serious, just minor extension issues and website compatibility issues.
Make sure you have the latest version. This will happen automatically but if it does not then get the latest version here.Source: Mozilla
Tags: Firefox, Mozilla, patch, release, Security, web browser
Related posts- Firefox 2.0.0.9 released (0)
- Firefox 2.0.0.8 released (4)
- Firefox 2.0.0.7 released (3)
- Firefox 2.0.0.6 released (0)
- Firefox 2.0.0.10 released (1)
linuxpakistan.net
-
RE: A Firewall I Made
Fetched: December 1st, 2007, 4:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Sun Dec 02, 2007 3:43 am (GMT 5)
Topic Replies: 12
AOA,
I am facing a problem regarding this script, although i made it but still have one problem. I implemented this script and as i implemented it, my clients faced only one problem, they are unable to open any FTP site or can not even connect using their FTP Softwares. So i made few changes in this script
I added These Lines in this Script
Code:
MOD="/sbin/modprobe"
$MOD ip_conntrack
$MOD ip_conntract_ftp
$MOD ip_nat_ftp
iptables -A INPUT -i $NETWORK -p tcp --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 20:21 -j ACCEPT
iptables -A OUTPUT -o $INTERNET -p tcp --dport 20:21 -j ACCEPT
Still no progress with the FTP thing. Please help me out, FTP connections are not being made.
As i enter FTP address in the IE, it gives me an error
PAGE CAN NOT BE DISPLAYED.
Looking forward for reply.[/code]
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Information Security Help!!!
Fetched: November 28th, 2007, 12:36am GMT
Tags: Security [edit]
Author: sameer666
Posted: Wed Nov 28, 2007 8:13 pm (GMT 5)
Topic Replies: 47
mudasir wrote: AOA,
Dear sameer666,
I am not a hacker, i dont even know how to write exploits, not even a professional in tis field. However i like to contribute what ever i can to LP that i find informative.
by hacker i ment in classical sense, but that is fine, it was just a friendly suggestion nothing more.
_________________
Novice at heart
-
RE: Information Security Help!!!
Fetched: November 28th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Nov 28, 2007 5:02 pm (GMT 5)
Topic Replies: 47
AOA,
Dear sameer666,
I am not a hacker, i dont even know how to write exploits, not even a professional in tis field. However i like to contribute what ever i can to LP that i find informative.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
Planet MYOSS
-
Danesh Manoharan: Firefox 2.0.0.10 released
Posted: November 28th, 2007, 1:25pm GMT
Tags: firefox mozilla patch release Security [edit]
Firefox 2.0.0.10 has been released. This is a security update which fixes the issues listed below.
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazardFirefox will automatically update itself to the latest version but if it does not you can download the latest version from the Firefox homepage. My Firefox is up2date, is yours?
Source: Mozilla Developer News
Tags: Firefox, Mozilla, patch, release, Security, web browser
Related posts- Firefox 2.0.0.9 released (0)
- Firefox 2.0.0.8 released (4)
- Firefox 2.0.0.7 released (3)
- Firefox 2.0.0.6 released (0)
- Firefox 2.0.0.11 released (0)
linuxpakistan.net
-
RE: Information Security Help!!!
Fetched: November 28th, 2007, 12:36pm GMT
Tags: Security [edit]
Author: sameer666
Posted: Wed Nov 28, 2007 11:48 am (GMT 5)
Topic Replies: 47
be a true hacker, and write your own exploits or atleast know how to write one.
_________________
Novice at heart
-
RE: A Firewall I Made
Fetched: November 27th, 2007, 4:36am GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Nov 28, 2007 4:04 am (GMT 5)
Topic Replies: 10
AOA,
I have made few changes in the ORIGINAL Script, the new script is as follows
In this i have addess SSH, SQUID_SERVER, SQUID_PORT variables so that the script can become more easy for a beginner.
Code:
#!/bin/sh
###############################################
#### Firewall Script Created By ####
#### Mudasir Mirza ####
#### cool_mudasir@hotmail.com ####
#### 0092-321-2395320 ####
###############################################
#set -x
########################
## Defining Variables ##
########################
# Path to IPTABLES executable
IPT="/sbin/iptables"
# Interface Card Connected to Local Network
NETWORK="eth0"
# Interface Card Connected to Internet
INTERNET="eth1"
# Loopback Interface
LOOPBACK="lo"
# IP Addreses of Server
SERVER_IP="192.168.1.1"
# Local Network IP Range / Subnet
LOC_IP="192.168.1.0/24"
# INTERNAL Broadcast
LOC_BCAST=192.168.1.255
# IP On The Internet Interface
NET_IP="172.16.0.1/24"
# DHCP Server IP
DHCP_SERVER="192.168.1.1"
# IP on whch SQUID Proxy is Running
SQUID_SERVER="192.168.1.1"
# Squid PORT
SQUID_PORT="8080"
# SSH Port
SSH_PORT="22"
# Primiry DNS Server
P_DNS="203.135.1.117"
# Alternate DNS Server
A_DNS="203.135.0.70"
# Path To Directory Containing MAC Addresses
MACDIR="/files/macs"
# Path To File Containing MAC Addresses
MACFILE="/files/macs/allowed.macs"
#########################
### Flushing IPTABLES ###
#########################
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
########################################
### Setting Default Policies to Drop ###
########################################
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
echo Default Policies Set To Drop
####################################
### Setting Needed PROC Settings ###
####################################
echo 1 > /proc/sys/net/ipv4/ip_forward
##############################
### Setting IPTABLES Rules ###
##############################
###############################
### MAC Addresses Filtering ###
###############################
rm -f $MACDIR/mac.addresses
cat $MACFILE | awk '{ print $1 }' >> $MACDIR/mac1
cat $MACDIR/mac1 | sed "s/#.*//" > $MACDIR/mac2
cat $MACDIR/mac2 | sed "/^ /d;/^$/d;" > $MACDIR/mac.addresses
rm -f $MACDIR/mac1
rm -f $MACDIR/mac2
echo ----------------------------------------
echo Marking Packets from Known MAC Addresses
echo ----------------------------------------
cat $MACDIR/mac.addresses | while read MACS
do
$IPT -t mangle -A PREROUTING -i $NETWORK -m mac --mac-source $MACS -j MARK --set-mark 1
done
echo -----------------------------------------------
echo ---- MAC Address Filtering Complete ----
echo -----------------------------------------------
#########################################
### MAC Addresses Filtering Completed ###
#########################################
############################################
### Accepting SSH Requests From Internet ###
############################################
$IPT -A INPUT -i $INTERNET -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i $INTERNET -p udp --dport 22 -j ACCEPT
################################
### Accepting Marked Packets ###
################################
$IPT -A INPUT -i $NETWORK -m mark --mark 1 -j ACCEPT
$IPT -A FORWARD -i $NETWORK -m mark --mark 1 -j ACCEPT
####################################
### Droping All Unmarked Packets ###
####################################
$IPT -A FORWARD -i $NETWORK -m mark ! --mark 1 -j DROP
$IPT -A INPUT -i $NETWORK -m mark ! --mark 1 -j DROP
########################################################
### Accepting Voice/CAM Request for Marked Packets. ###
########################################################
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p udp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5100 -j ACCEPT
#######################################################
### Droping Voice/CAM Traffic which is not Marked. ###
#######################################################
$IPT -t nat -A PREROUTING -i $NETWORK -m mark ! --mark 1 -p tcp --dport 5000:5010 -j DROP
$IPT -t nat -A PREROUTING -m mark ! --mark 1 -i NETWORK -p tcp --dport 5100 -j DROP
################################
### Accepting DHCP Request. ###
################################
$IPT -A INPUT -i $NETWORK -p udp -s $DHCP_SERVER --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p udp -s 255.255.255.255 --sport 68 -d $DHCP_SERVER --dport 67 -j ACCEPT
################################################################
### Redirecting HTTP and FTP Traffic to Squid Proxy Server. ###
################################################################
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
#################################################
### MASQUERADE All packets that are Marked. ###
#################################################
$IPT -t nat -A POSTROUTING -p all -s $LOC_IP -m mark --mark 1 -o $INTERNET -j MASQUERADE
###############################
### Rules for ICMP Protocol ###
###############################
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $P_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $A_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d ! $LOC_IP -p icmp --icmp-type echo-request -j DROP
$IPT -A INPUT -i $NETWORK -d $SERVER_IP -m mark --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark ! --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-net-unreachable
$IPT -A INPUT -p icmp -s $LOC_IP -d $LOC_BCAST -j DROP
###############################################
### No Restriction for Loopback Interface ###
###############################################
$IPT -A INPUT -i $LOOPBACK -j ACCEPT
$IPT -A OUTPUT -o $LOOPBACK -j ACCEPT
########################################################################
### Droping Packets coming from internet claming to be from Network ###
########################################################################
$IPT -A INPUT -i $INTERNET -s $LOC_IP -j DROP
$IPT -A INPUT -i $INTERNET -d 127.0.0.0/8 -j DROP
$IPT -A INPUT -i $NETWORK -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -j ACCEPT
#######################################################
### Accepting Extablished and Related Connections ###
#######################################################
$IPT -I INPUT -i $NETWORK -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i $INTERNET -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -o $INTERNET -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
############################################
### Droping Invalid and Unknown Packets ###
############################################
$IPT -A FORWARD -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,FIN FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,URG URG -j DROP
$IPT -t nat -A PREROUTING -i $NETWORK -p tcp --syn -s $LOC_IP --dport 80 -m mark ! --mark 1 -j DROP
Still working to make this script better, more secure.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Information Security Help!!!
Fetched: November 27th, 2007, 4:36am GMT
Tags: Security [edit]
Author: mudasir
Posted: Wed Nov 28, 2007 3:52 am (GMT 5)
Topic Replies: 46
AOA,
Dear All my Very Experienced Big Brothers
While i was surfing google for a way to hack WEBMIN, or to find exploits regarding WEBMIN, i came across a web that has many exploits regarding many APPs on different PLATFORM's Like
Linux
Windows
BSD
SOLARIS
So thought that this might be very usefull for all SENIOR guyz here at LP, as i am not in to this exploit thing.
[www.blacksheepnetworks.com]
This link has many hacks and exploints.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: November 27th, 2007, 2:58pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Tue Nov 27, 2007 11:18 am (GMT 5)
Topic Replies: 10
AOA,
Dear x2oxen and Kbukhari,
Thanks alot, I really appreciate it
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: November 26th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Mon Nov 26, 2007 7:49 pm (GMT 5)
Topic Replies: 9
yup hes good at it.. Atleast on shell scripting..
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: A Firewall I Made
Fetched: November 26th, 2007, 12:36pm GMT
Tags: Security [edit]
Author: kbukhari
Posted: Mon Nov 26, 2007 10:33 am (GMT 5)
Topic Replies: 8
mudasir wrote: AOA,
Dear x2oxen,
As said earlier, i am also not a professional regarding firewalling. However i tried to make this for my own CABLE NET, it worked great how ever, as not being a professional i dont know the key points regarding SECURITY. That is the main reason for asking HELP to make this FIREWALL a bit more SECURE.
But your scripting style is v.Good and looks professional.
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: A Firewall I Made
Fetched: November 24th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sat Nov 24, 2007 2:53 pm (GMT 5)
Topic Replies: 6
you said you have made changes in your script. Why don't you post your new script as well.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: A Firewall I Made
Fetched: November 23rd, 2007, 8:35pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Fri Nov 23, 2007 7:03 pm (GMT 5)
Topic Replies: 5
AOA,
Dear x2oxen,
As said earlier, i am also not a professional regarding firewalling. However i tried to make this for my own CABLE NET, it worked great how ever, as not being a professional i dont know the key points regarding SECURITY. That is the main reason for asking HELP to make this FIREWALL a bit more SECURE.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: November 23rd, 2007, 8:35pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Fri Nov 23, 2007 6:24 pm (GMT 5)
Topic Replies: 5
tho am not a expert in fire walling yet but working on it and whenever get anything good on that will let you know for sure and testing your script as well.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: A Firewall I Made
Fetched: November 23rd, 2007, 8:35am GMT
Tags: Security [edit]
Author: mudasir
Posted: Fri Nov 23, 2007 7:58 am (GMT 5)
Topic Replies: 3
AOA,
Dear kbukhari,
Thanks alot for telling me this thing, I have made changes in the script.
Dear x2oxen,
You are absolutely correct, its just a firewall script to make my Linux box a bit more secure.
Can you please point out where this script is lacking and what more ammendments i can make in this script to make it more secure.
I know there will be many mistakes in this script as i am nota professional in this field.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: A Firewall I Made
Fetched: November 22nd, 2007, 4:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Fri Nov 23, 2007 3:44 am (GMT 5)
Topic Replies: 3
mudassir this is not a firewall you can say you have made a firewall script to making a system secure using iptables.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 4:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Fri Nov 23, 2007 3:38 am (GMT 5)
Topic Replies: 43
Quote: lamda said:
"in over fourteen years of using pgp
Quote: Lamba said:
1. I don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Then said:
Quote: Ciao! for bro lamda
&
Chao! for the community
heyyyy come on guyssss its lambda not lamba or lamda is it too hard to to spell it?? look
L
A
M
B
D
A
see so simple! So dont mispell him he deserve more respect than this ain't he?? He must be minding that ain't you lamba?
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 12:35am GMT
Tags: Security [edit]
Author: blackdaemon
Posted: Thu Nov 22, 2007 11:55 pm (GMT 5)
Topic Replies: 43
There you go, thats what i wanted the community to think about
lamda said:
"in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?"
You and me might be knowing & using pgp since years infact i admit ure experience of 14 yrz is waaayyyy more than my 2-3 yrs of it but i got aware and started using it. Setup aint that big a deal these days, especially with smart mail clients having nifty plugins that do wonders. Its all about making the masses aware, convincing is a whole different story. for now lets just do the GEO/ARY strategy of making folks aware of what the more experience have experienced
At times like these i always remember one of my teachers saying that "One person's common sense is the other persons non sense". & thats exactly what i saw i developed a common sense about something and posted it here and realized many didnt know, but some were not at all impressed. but im sure the later are in very few numbers maybe only one
Cheerz!
_________________
I think, therefore i am!
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 12:35am GMT
Tags: Security [edit]
Author: lambda
Posted: Thu Nov 22, 2007 10:58 pm (GMT 5)
Topic Replies: 43
i'm not concerned about whether their behavior is better or different. i'm simply pointing out that it's normal for them -- not something shocking or surprising in any way.blackdaemon wrote: Im curious does this make gmail any better or diff from rest?
marketing people? why do you care about marketing people? they're the least of your concerns, if you're interested in private email conversations.Quote: Yes totally agree with the sniffer thing thats why they say no sys is 100% secure. but implementing a sniffer on a gigabit node to sniff a laymans traffic like mine is ridiculous & folks implementing sniffers will be implementing them for a whole different reason other than giving to marketing people.
you underestimate contemporary computer hardware. people can buy off-the-shelf packet sniffers or packet sniffer sdks (some even optimized for email traffic) that will handle 10 gigabit links (you can even find free ones for linux). the commercial ones for windows cost less than $500. still think it's ridiculous?
besides, no one needs to implement it on a gigabit node. you have a very small pipe to the internet (your link to your isp -- dialup, dsl, cable, or wireless). if you use wireless, dsl or a proper cable network (like worldcall), then they have multiple internal networks that can be separately tapped into. and lastly, your isp likely has a relatively small pipe to the internet -- 8, 20, 45 mbit, something like that. the ethernet hardware on your desktop can happily sniff more than twice that much traffic -- 100mbit, or even 1 gigabit.
in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?Quote: Why not encrypt and sign email messages with keys and then send over the internet, easy, cost-effective, whole pub/priv key concept can be understood in 100-300 words
as i understand the problem, the only way you'll get your privacy is by making all the security transparent. if the user has to as much as click on a button or link before activating encryption or whatever, they won't do it.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 12:35am GMT
Tags: Security [edit]
Author: blackdaemon
Posted: Thu Nov 22, 2007 6:23 pm (GMT 5)
Topic Replies: 43
ah, lambda always with rigid beliefs and correcting folks like a nice auto-corrector in any word editor.
Lamba said:
1. I don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Then said:
2. it shouldn't be shocking. google even tells us what they do to get the ads on your pages: they have software to scan your email for ads. it's no different from the software they use to put ads on your pages if you use google adsense.
Im curious does this make gmail any better or diff from rest?
I achieved my objectives of pointing out what i experienced, with the community.
Seniors should always be respected so hats off to lamda, & im glad that to some point you have agreed for need of privacy in mail. though methods might be lil unorthodox. Yes totally agree with the sniffer thing thats why they say no sys is 100% secure. but implementing a sniffer on a gigabit node to sniff a laymans traffic like mine is ridiculous & folks implementing sniffers will be implementing them for a whole different reason other than giving to marketing people.
Point is:
Why not encrypt and sign email messages with keys and then send over the internet, easy, cost-effective, whole pub/priv key concept can be understood in 100-300 words
maybe less
So, a productive debate. kool oh i mean cool
Thanks for the correction once again but i like writting ciao as chao. live with it
Ciao! for bro lamda
&
Chao! for the community
_________________
I think, therefore i am!
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 12:35am GMT
Tags: Security [edit]
Author: lambda
Subject: Re: GMAIL PRIVACY ISSUES
Posted: Thu Nov 22, 2007 5:43 pm (GMT 5)
Topic Replies: 42
i don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.blackdaemon wrote: These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost dont you think so?
it shouldn't be shocking. google even tells us what they do to get the ads on your pages: they have software to scan your email for ads. it's no different from the software they use to put ads on your pages if you use google adsense.Quote: Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants" 
what you want can't exist as a service. the main reason for that is governments all over the world have laws regarding the wiretapping of communication links (phone, fax, email, whatever). even if you were to provide a secure service, the minute someone using your system breaks the law, some police/government agency will come by and demand access to the email messages. in some cases, they'll just take your server(s) away -- and then they'll be able to read everyone's email.Quote: Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
you could be clever and set up something that automatically encrypts email and everything else on the server (see this book) -- but that won't help you when you actually send or receive email: a lot of mail servers out there do not use tls over smtp, or ssl'd pop3/imap. the authorities can just put a traffic sniffer between your servers and the internet; there goes your security!
so, what do i think is the solution here? don't use email. use some sort of peer-to-peer system for communication that encrypts all links. it will need a storage network to queue up your "messages" if the remote user/host you're trying to communicate with is down (it won't be a p2p file sharing system, it'll be a p2p file storage system). the stored messages will, of course, be encrypted. for ease of use, it can either have a web frontend (sort of like webmail) or smtp and pop/imap front-ends for easy integration with existing email applications.
there is such a system out there -- epostmail -- but last i tried, it didn't work properly. anyway, even if you could get something like that to work, most people in pakistan don't have dsl, or computers on 24x7, so they can't really use such a system efficiently. you'll need a set of servers somewhere to queue up messages for people who are offline, and that leads us back to the problem of them being shut down by the authorities: they may not be able to read your email, but they'll be able to disable communication on the network.
for now, we'll ignore the fact that simply using encryption is illegal in some countries, maybe even in pakistan (see this and this).
it's "ciao".Quote: Chao!
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 4:35pm GMT
Tags: Security [edit]
Author: kbukhari
Posted: Thu Nov 22, 2007 1:59 pm (GMT 5)
Topic Replies: 42
Hmm very Good and informative pin point i never think of that ever befor :S:S:S
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Information Security Help!!!
Fetched: November 22nd, 2007, 4:35pm GMT
Tags: Security [edit]
Author: blackdaemon
Subject: GMAIL PRIVACY ISSUES
Posted: Thu Nov 22, 2007 1:48 pm (GMT 5)
Topic Replies: 38
Hello folks,
Its been a while i posted on LP but this thread got me motivated in posting something i have been silently observing & i believe this is a good platform to discuss and get to know how many others have observed or are victim to it.
Almost all of us have free email accounts hotmail, yahoo gmail yep we know em all very well. These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost dont you think so?
Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants"
Next in another mail a friend sent me his pub key and just as i opened it I see on top "www.cryptostudio openPGP solutions" I return to my inbox and another PGP add
Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
Chao!
_________________
I think, therefore i am!
-
RE: A Firewall I Made
Fetched: November 22nd, 2007, 4:35pm GMT
Tags: Security [edit]
Author: kbukhari
Posted: Thu Nov 22, 2007 12:20 pm (GMT 5)
Topic Replies: 1
Why these lines
Quote: $IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 80 -j REDIRECT --to-port $SQUID_PORT
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 21 -j REDIRECT --to-port $SQUID_PORT
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 21 -j REDIRECT --to-port $SQUID_PORT
Squid is http proxy and cant run as transparently for ftp if u want transparent ftp proxy then go for frox
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
A Firewall I Made
Fetched: November 22nd, 2007, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Subject: A Firewall I Made
Posted: Thu Nov 22, 2007 11:12 am (GMT 5)
Topic Replies: 1
AOA,
Salam to all, i have made a firewall, just wanted to get advice from all you professional and experienced guyz. Can you please tell me how can i make this firewall more secure and strong.
As i am not a professional in this field, i know their will be many vulnerabilities in this Firewall, please help me out in making this firewall more secure and strong.
Code:
#!/bin/sh
###############################################
#### Firewall Script Created By ####
#### Mudasir Mirza ####
#### cool_mudasir@hotmail.com ####
#### 0092-321-2395320 ####
###############################################
#set -x
########################
## Defining Variables ##
########################
# Path to IPTABLES executable
IPT="/sbin/iptables"
# Interface Card Connected to Local Network
NETWORK="eth0"
# Interface Card Connected to Internet
INTERNET="eth1"
# Loopback Interface
LOOPBACK="lo"
# IP Addreses of Server
SERVER_IP="192.168.1.1"
# Local Network IP Range / Subnet
LOC_IP="192.168.1.0/24"
# INTERNAL Broadcast
LOC_BCAST=192.168.1.255
# IP On The Internet Interface
NET_IP="172.16.0.1/24"
# DHCP Server IP
DHCP_SERVER="192.168.1.1"
# Squid Server IP
SQUID_IP="192.168.1.1"
# Squid PORT
SQUID_PORT="8080"
# Primiry DNS Server
P_DNS="203.135.1.117"
# Alternate DNS Server
A_DNS="203.135.0.70"
# Path To Directory Containing MAC Addresses
MACDIR="/files/macs"
# Path To File Containing MAC Addresses
MACFILE="/files/macs/allowed.macs"
#########################
### Flushing IPTABLES ###
#########################
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
########################################
### Setting Default Policies to Drop ###
########################################
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
echo Default Policies Set To Drop
####################################
### Setting Needed PROC Settings ###
####################################
echo 1 > /proc/sys/net/ipv4/ip_forward
##############################
### Setting IPTABLES Rules ###
##############################
###############################
### MAC Addresses Filtering ###
###############################
rm -f $MACDIR/mac.addresses
cat $MACFILE | awk '{ print $1 }' >> $MACDIR/mac1
cat $MACDIR/mac1 | sed "s/#.*//" > $MACDIR/mac2
cat $MACDIR/mac2 | sed "/^ /d;/^$/d;" > $MACDIR/mac.addresses
rm -f $MACDIR/mac1
rm -f $MACDIR/mac2
echo ----------------------------------------
echo Marking Packets from Known MAC Addresses
echo ----------------------------------------
cat $MACDIR/mac.addresses | while read MACS
do
$IPT -t mangle -A PREROUTING -i $NETWORK -m mac --mac-source $MACS -j MARK --set-mark 1
done
echo -----------------------------------------------
echo ---- MAC Address Filtering Complete ----
echo -----------------------------------------------
#########################################
### MAC Addresses Filtering Completed ###
#########################################
################################
### Accepting Marked Packets ###
################################
$IPT -A INPUT -i $NETWORK -m mark --mark 1 -j ACCEPT
$IPT -A FORWARD -i $NETWORK -m mark --mark 1 -j ACCEPT
####################################
### Droping All Unmarked Packets ###
####################################
$IPT -A FORWARD -i $NETWORK -m mark ! --mark 1 -j DROP
$IPT -A INPUT -i $NETWORK -m mark ! --mark 1 -j DROP
########################################################
### Accepting Voice/CAM Request for Marked Packets. ###
########################################################
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p udp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5100 -j ACCEPT
#######################################################
### Droping Voice/CAM Traffic which is not Marked. ###
#######################################################
$IPT -t nat -A PREROUTING -i $NETWORK -m mark ! --mark 1 -p tcp --dport 5000:5010 -j DROP
$IPT -t nat -A PREROUTING -m mark ! --mark 1 -i NETWORK -p tcp --dport 5100 -j DROP
################################
### Accepting DHCP Request. ###
################################
$IPT -A INPUT -i $NETWORK -p udp -s $DHCP_SERVER --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p udp -s 255.255.255.255 --sport 68 -d $DHCP_SERVER --dport 67 -j ACCEPT
################################################################
### Redirecting HTTP and FTP Traffic to Squid Proxy Server. ###
################################################################
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 80 -j REDIRECT --to-port $SQUID_PORT
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 21 -j REDIRECT --to-port $SQUID_PORT
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 21 -j REDIRECT --to-port $SQUID_PORT
#################################################
### MASQUERADE All packets that are Marked. ###
#################################################
$IPT -t nat -A POSTROUTING -p all -s $LOC_IP -m mark --mark 1 -o $INTERNET -j MASQUERADE
###############################
### Rules for ICMP Protocol ###
###############################
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $P_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $A_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d ! $LOC_IP -p icmp --icmp-type echo-request -j DROP
$IPT -A INPUT -i $NETWORK -d $SERVER_IP -m mark --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark ! --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-net-unreachable
$IPT -A INPUT -p icmp -s $LOC_IP -d $LOC_BCAST -j DROP
###############################################
### No Restriction for Loopback Interface ###
###############################################
$IPT -A INPUT -i $LOOPBACK -j ACCEPT
$IPT -A OUTPUT -o $LOOPBACK -j ACCEPT
########################################################################
### Droping Packets coming from internet claming to be from Network ###
########################################################################
$IPT -A INPUT -i $INTERNET -s $LOC_IP -j DROP
$IPT -A INPUT -i $INTERNET -d 127.0.0.0/8 -j DROP
$IPT -A INPUT -i $NETWORK -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -j ACCEPT
#######################################################
### Accepting Extablished and Related Connections ###
#######################################################
$IPT -I INPUT -i $NETWORK -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i $INTERNET -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -o $INTERNET -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
############################################
### Droping Invalid and Unknown Packets ###
############################################
$IPT -A FORWARD -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,FIN FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,URG URG -j DROP
$IPT -t nat -A PREROUTING -i $NETWORK -p tcp --syn -s $LOC_IP --dport 80 -m mark ! --mark 1 -j DROP
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Information Security Help!!!
Fetched: November 21st, 2007, 12:36am GMT
Tags: Security [edit]
Author: sameer666
Posted: Thu Nov 22, 2007 12:01 am (GMT 5)
Topic Replies: 36
x2oxen wrote: sameer666 wrote: keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.
in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
Agree with you! like we say a good hacker can be a good defender of attacks!
yea that is true.
_________________
Novice at heart
-
RE: Information Security Help!!!
Fetched: November 19th, 2007, 12:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Mon Nov 19, 2007 10:24 pm (GMT 5)
Topic Replies: 35
sameer666 wrote: keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.
in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
Agree with you! like we say a good hacker can be a good defender of attacks!
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 19th, 2007, 12:36pm GMT
Tags: Security [edit]
Author: sameer666
Posted: Mon Nov 19, 2007 11:30 am (GMT 5)
Topic Replies: 35
keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.
in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
_________________
Novice at heart
-
RE: Information Security Help!!!
Fetched: November 18th, 2007, 12:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sun Nov 18, 2007 8:14 pm (GMT 5)
Topic Replies: 35
Quote: Take a look to this: see how much our security on stake
[review.zdnet.com]
Knowing this since last year when my friend from CIA USA let me know this fact about keylogger and even anti viruses will detect it. This is simply.....
..
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 18th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: securitykid
Posted: Sun Nov 18, 2007 2:04 pm (GMT 5)
Topic Replies: 35
Unfortunately,
They are not, but Hauri is developing one, should be released soon
Thannks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 18th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: lambda
Posted: Sun Nov 18, 2007 1:51 pm (GMT 5)
Topic Replies: 35
does it...work on linux?securitykid wrote: Now comes to the solution:
[www.qfxsoftware.com]
I would recommend everyone to use key scrambler personal at least
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 18th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: securitykid
Posted: Sun Nov 18, 2007 1:49 pm (GMT 5)
Topic Replies: 35
Hi Guys,
Take a look to this: see how much our security on stake
[review.zdnet.com]
Now comes to the solution:
[www.qfxsoftware.com]
I would recommend everyone to use key scrambler personal at least
and My favorite is Korean Product name Hauri Live Call (not free)
[www.globalhauri.com]
Companies are developing a keyboard and a monitor to prevent against keylogger and screen capture unknown Trojans. lets hope for the best
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 18th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: lambda
Posted: Sun Nov 18, 2007 1:39 pm (GMT 5)
Topic Replies: 35
i wish i could be certain about what this means. it's as confusing as most of your advice, if not as flawed.x2oxen wrote: Your any further post ain't gonna make any different to me cause don't pay attention to edicts word's and you are high at your knowledge for sure!
that's okay with me, you know? you can keep ignoring my comments about how dumb your suggestions are.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 18th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: lambda
Posted: Sun Nov 18, 2007 1:36 pm (GMT 5)
Topic Replies: 34
ignore him. really. there's no reason to set up and use pgp for ssh authentication. just use the ssh-keygen generated keys, like everyone else. the tools and processes for using pgp keys with ssh are not as mature as ssh-keygen's.Saad Khan wrote: who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit.
if you want more details, read the post i made several months ago in the howto subforum.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:35am GMT
Tags: Security [edit]
Author: kbukhari
Posted: Sun Nov 18, 2007 2:45 am (GMT 5)
Topic Replies: 34
x2oxen wrote:
Have you ever heard about key logger saad??
In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
your answer is Not to much useful. i never use pgp keys authentication for security or escape from key loggers. well reasone behind usage of ssh keys for me is .....
I dont want to change servers password every time when a person leaves my orgnization.
I dont want to remember all unique and strong type of password.
I dont want to keep them in a file or open that file while some one reading it from my shoulder.
and it requires no time to log me in on server
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:35am GMT
Tags: Security [edit]
Author: masud
Posted: Sun Nov 18, 2007 2:36 am (GMT 5)
Topic Replies: 34
x2oxen wrote:
Have you ever heard about key logger saad??
In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
If any one can install a key logger on your system, he can easily copy/use your keys as well. Using keys are just an option and wont help you in securing anything.
_________________
pray 4 me!!!
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sun Nov 18, 2007 2:33 am (GMT 5)
Topic Replies: 34
is it necessary to discuss this in private messeges?
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:35am GMT
Tags: Security [edit]
Author: securitykid
Posted: Sun Nov 18, 2007 12:21 am (GMT 5)
Topic Replies: 34
Guys,
Send me the private message I will reply the solution
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sun Nov 18, 2007 12:05 am (GMT 5)
Topic Replies: 33
Quote: BUT what if a stealth key logger is tracking your keys?,
there is a way to even protect it, Any one interested? let me know I will describe how to combat with key loggers which cannot be fixed/clean/detected by traditional AVs.
Definitely I will be interested for sure to know bout it.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 12:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sun Nov 18, 2007 12:03 am (GMT 5)
Topic Replies: 33
Muhammad Islam decleared as Master of IT and this is incredible that a pakistani has made his mark in Internation Ranking! Thats simply austum
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 12:36am GMT
Tags: Security [edit]
Author: securitykid
Posted: Sat Nov 17, 2007 7:42 pm (GMT 5)
Topic Replies: 27
Hey Guys,
Any one look at the URL that I post in my earlier post?
[url]http://www.masterofit.net/index.php?filter=deck&cid=1 [/url]
Any comments?
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 12:36am GMT
Tags: Security [edit]
Author: securitykid
Posted: Sat Nov 17, 2007 7:40 pm (GMT 5)
Topic Replies: 27
Guys,
Its ok,
I understand what you were saying, actually SSH works with somewhat same mechanism that you were referring to. Correct!, Public Key cryptography and SSL, etc will protect the data theft/temper on wire/transmission. (Man-in-Middle), (Monkey-in-Middle).
Read this to know more about how ssh works:
[www.eng.cam.ac.uk]
BUT what if a stealth key logger is tracking your keys?,
there is a way to even protect it, Any one interested? let me know I will describe how to combat with key loggers which cannot be fixed/clean/detected by traditional AVs.
I hope this helps you...
I strongly discourage " Behas brai Behas " if this argues are constructive they are welcome to post.
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 12:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sat Nov 17, 2007 7:25 pm (GMT 5)
Topic Replies: 27
Saad Khan wrote: x2oxen wrote: Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.
we should not use passwords for ssh?? that means, ssh is not secured?
this post really instigating me to know about that person? who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit.
correct me, if i am wrong, i would like to increase my skills with your precious replies and suggestions.
Have you ever heard about key logger saad??
In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 12:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sat Nov 17, 2007 6:51 pm (GMT 5)
Topic Replies: 27
lambda wrote: use pgp instead of ssh passwords? ha ha! there's no end to the depths of your ignorance. i pity the people who have to rely on you at work.
Your any further post ain't gonna make any different to me cause don't pay attention to edicts word's and you are high at your knowledge for sure!
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 12:36am GMT
Tags: Security [edit]
Author: Saad Khan
Posted: Sat Nov 17, 2007 6:51 pm (GMT 5)
Topic Replies: 27
x2oxen wrote: Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.
we should not use passwords for ssh?? that means, ssh is not secured?
this post really instigating me to know about that person? who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit.
correct me, if i am wrong, i would like to increase my skills with your precious replies and suggestions.
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:36pm GMT
Tags: Security [edit]
Author: lambda
Posted: Sat Nov 17, 2007 12:45 pm (GMT 5)
Topic Replies: 22
the linked article is worth reading.securitykid wrote: I like your signature
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 17th, 2007, 4:36pm GMT
Tags: Security [edit]
Author: lambda
Posted: Sat Nov 17, 2007 12:37 pm (GMT 5)
Topic Replies: 22
use pgp instead of ssh passwords? ha ha! there's no end to the depths of your ignorance. i pity the people who have to rely on you at work.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 4:36am GMT
Tags: Security [edit]
Author: kbukhari
Posted: Sat Nov 17, 2007 2:35 am (GMT 5)
Topic Replies: 16
See this
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 4:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sat Nov 17, 2007 1:15 am (GMT 5)
Topic Replies: 16
Here is a HOW-TO to make a network more secure
[www.windowsecurity.com]
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 4:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Sat Nov 17, 2007 1:13 am (GMT 5)
Topic Replies: 16
Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.
Anymore suggessions on that??
Am already lovin this thread
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 12:35am GMT
Tags: Security [edit]
Author: securitykid
Posted: Fri Nov 16, 2007 11:22 pm (GMT 5)
Topic Replies: 16
Back to your next question:
You should learn about attacks I agree with my friend's suggestion
Question is are you really sure that you are using all those services?
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 12:35am GMT
Tags: Security [edit]
Author: securitykid
Posted: Fri Nov 16, 2007 11:20 pm (GMT 5)
Topic Replies: 14
Agree with Farrukh,
Agree with Sameer,
BUT question is how many of those google's are written by Pakistanis?, despite enormous talent & knowledge. Are we afraid to share? or we just don't wanted to? BUT still there are some making Pakistan proud.
You will find one here: If you know Juniper Networks one of the leading Security Appliances Company, Please take a look on URL:
[www.masterofit.net]
PS: Leave comments for him after listening to his interview
Back to the question ask by Usman for SSH:
Install a FIREWALL kidding its a pinch of a finger job to fool most of the firewalls
1) First as Sameer said keep your box update mean keep it patched I am sure you know how.
2) Keep the following in mind when you Install / Configure SSH Server:
=> Disable direct root access
Explanation: Disable root(user) access to SSH by this you will safe the server with the vulnerabilities which allows HACKERS to brute force the root password using SSH. You can login with any normal user and then switch to root.
=> Change SSH Port to higher then 7999 example 9000
Explanation: This will help against the Trojans which scans for vulnerable SSH boxes, they usually try with default ports. Also may protect against novice hackers like me
=> Limit access from only specific IPs
Explanation: This will only allow access from specific source IPs that you configured
=> Use strong Password
You may use the software which will create a safe password for you but it will be surely hard to remember, so YOUR CHOICE.
I am sure with above you can achieve maybe 90% still away from 100% (which no one can achieve I agree) but we can close the gap with followings:
Deep Inspection Firewalls
IDS / IPS
Vulnerability Scanners
All above can be achieved using great silly Linux
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 8:36pm GMT
Tags: Security [edit]
Author: sameer666
Posted: Fri Nov 16, 2007 6:33 pm (GMT 5)
Topic Replies: 14
you should get yourself familiar with different type of attacks, that can be lanuched. try to build up your basic security concepts first, if you already know about them then just keep reading. as a general thumb rule:
1) shutdown all the services you don't use.
2) apply all the patches.
3) google for securing apache/dns/mail, there are many docs online.
and by the way there is no such thing as 100% secure, if some one is patient enough and have the drive he/she will find a way. and if everything all the safety measures are taken, the weakest links are still humans.
[news.bbc.co.uk]
p.s.
try to ask a directed question which will be more easy to answer than a broad general question
_________________
Novice at heart
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 8:36pm GMT
Tags: Security [edit]
Author: x2oxen
Posted: Fri Nov 16, 2007 6:04 pm (GMT 5)
Topic Replies: 11
To Security kid & Freak!
What steps should be taken to secure a server(web, cache, mail, dns etc) or any linux machine newly installed with no configuration of firewall.
Suppose i have installed a apache web server on linux with no firewall enabled. So what are the major steps i should be taking to secure that server from any kind of threats atlest more than 90% or you can say 100%
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 16th, 2007, 4:36pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Fri Nov 16, 2007 8:06 am (GMT 5)
Topic Replies: 7
Dear securitykid,
Salam,
FYI, [www.securitydocs.com]
Best Regards.
_________________
Farrukh Ahmed
-
RE: Information Security Help!!!
Fetched: November 15th, 2007, 4:35am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Fri Nov 16, 2007 3:39 am (GMT 5)
Topic Replies: 7
okzz kid! but now a days am very security consciouse due to having alot of attacks on my server! Whenever i look at my server logs i get to see so many unsuccessful ssh tries with so many different names and attacks as well.. Don't have much exposure bout security yet so hope will get alot through this thread! After your reply am gonna ask you real interesting question!
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: Information Security Help!!!
Fetched: November 15th, 2007, 7:16pm GMT
Tags: Security [edit]
Author: securitykid
Posted: Thu Nov 15, 2007 4:20 pm (GMT 5)
Topic Replies: 5
Hmm good idea,
But seems like security is not that favorite, so lets stick with one topic then we will have more
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: how to block MSN Sniffer
Fetched: November 15th, 2007, 7:16pm GMT
Tags: Security [edit]
Author: securitykid
Posted: Thu Nov 15, 2007 4:19 pm (GMT 5)
Topic Replies: 21
If its related to MSN Sniffing, wait in this topic...
other issues you can discuss in my other Topic
Thanks[/list]
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: how to block MSN Sniffer
Fetched: November 15th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: securitykid
Posted: Thu Nov 15, 2007 11:03 am (GMT 5)
Topic Replies: 19
Guys,
I am researching on build a Linux Security box which will prevent / Limit ARP spoofing, MAC spoofing and other layer 2 limitation attacks.
Lets hope for you good news real soon
I'll keep you updated
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: ipfire - the free firewall for your home or SOHO
Fetched: November 15th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: securitykid
Posted: Thu Nov 15, 2007 11:01 am (GMT 5)
Topic Replies: 5
I hope,
By the way I have created a new topic
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
Information Security Help!!!
Fetched: November 15th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: securitykid
Subject: Information Security Help!!!
Posted: Thu Nov 15, 2007 10:58 am (GMT 5)
Topic Replies: 0
Hi Guys,
I created a new Topic called "Information Security Help!!"
Everyone is invited to post their questions related to Information / Network Security.
Maybe:
As Career
As Profession
As Challenge
As Geek
As Help!
As Learner
Etc........
Thanks
_________________
SecurityKID-ITdotCOM
Security Every Where! BUT where?
-
RE: ipfire - the free firewall for your home or SOHO
Fetched: November 14th, 2007, 4:36am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Thu Nov 15, 2007 2:38 am (GMT 5)
Topic Replies: 5
Well i consider admin will not be having any problem with that as this forum is to help each other in any expect related to administration security programming etc..
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: ipfire - the free firewall for your home or SOHO
Fetched: November 11th, 2007, 2:18am GMT
Tags: Security [edit]
Author: x2oxen
Posted: Mon Nov 12, 2007 1:45 am (GMT 5)
Topic Replies: 2
downloading it
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
[usman.blue.net.pk]
-
RE: ipfire - the free firewall for your home or SOHO
Fetched: November 11th, 2007, 10:29pm GMT
Tags: Security [edit]
Author: mudasir
Posted: Sun Nov 11, 2007 8:29 pm (GMT 5)
Topic Replies: 2
AOA,
I have downloaded IPFIRE final reslease, and will be testing it very soon....
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
ipfire - the free firewall for your home or SOHO
Fetched: November 11th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: phoenix
Subject: ipfire - the free firewall for your home or SOHO
Posted: Sun Nov 11, 2007 2:17 pm (GMT 5)
Topic Replies: 2
IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.
They are working on an English wiki at the moment. Their IRC channel is #ipfire
on FreeNode. People on the channel are very friendly and helpful.
Mr. Tariq: when can we expect to have its CD available on LP?
_________________
__/__/__/__/__/__/__/__/__/__/__/__/
Pakistan - Kashmir
__/__/__/__/__/__/__/__/__/__/__/__/
-
RE: Vulnerabilities & Penetrations Results!
Fetched: November 7th, 2007, 8:28pm GMT
Tags: Security [edit]
Author: x2oxen
Subject: Nice Idea
Posted: Wed Nov 07, 2007 5:16 pm (GMT 5)
Topic Replies: 2
This will be a real good idea to improve security issues.
_________________
Muhammad Usman
+92-321-6640501
T&N Technologies.
Blue Net Broadband.
T-Solutions Pvt. Ltd.
http;//usman.blue.net.pk
-
RE: Restrict Download Bandwidth
Fetched: October 30th, 2007, 4:36pm GMT
Tags: Security [edit]
Author: x2oxen
Subject: Delay Pools
Posted: Tue Oct 30, 2007 1:48 pm (GMT 5)
Topic Replies: 8
If you want to say within squid then delay pools are a good option but not best.. I will suggest MikroTik for bandwidth shaping..
_________________
Muhammad Usman
+92-321-6640501
Blue Net BroadBand
T-Solutions Pvt. Ltd.
-
RE: MAC to IP matching security in IP Tables
Fetched: October 29th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Mon Oct 29, 2007 2:01 pm (GMT 5)
Topic Replies: 26
Dear A_Karim,
Salam,
I prefer you to read netfilter documentation.
FYI, [www.netfilter.org]
Best Regards.
_________________
Farrukh Ahmed
-
RE: MAC to IP matching security in IP Tables
Fetched: October 29th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Mon Oct 29, 2007 2:01 pm (GMT 5)
Topic Replies: 26
Dear A_Karim,
Salam,
I prefer you to read netfilter documentation.
FYI, [www.netfilter.org]
Best Regards.
_________________
Farrukh Ahmed
-
RE: MAC to IP matching security in IP Tables
Fetched: October 29th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Mon Oct 29, 2007 2:01 pm (GMT 5)
Topic Replies: 26
Dear A_Karim,
Salam,
I prefer you to read netfilter documentation.
FYI, [www.netfilter.org]
Best Regards.
_________________
Farrukh Ahmed
-
RE: Security Issue
Fetched: October 28th, 2007, 12:35am GMT
Tags: Security [edit]
Author: x2oxen
Subject: PPP0E
Posted: Sun Oct 28, 2007 8:54 pm (GMT 5)
Topic Replies: 31
Why dont you go for ppp0e server for this purpose??? safe and secure..
_________________
Muhammad Usman
+92-321-6640501
Blue Net BroadBand
T-Solutions Pvt. Ltd.
-
RE: Vulnerabilities & Penetrations Results!
Fetched: October 24th, 2007, 12:36am BST
Tags: Security [edit]
Author: wacky
Posted: Wed Oct 24, 2007 8:05 pm (GMT 5)
Topic Replies: 1
We recently had an outside Security company run penetration tests against our internet banking site and these are some of the points raised by them along with the recommended remedial actions:
1. Vulnerable version of Apache web server
The remote host is running a version of Apache which is susceptible to several known vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or perform a denial of service attack.
Remedial Action: Upgrade to the latest version of Apache and ensure that most up-to-date security patches have been applied
2. Remote service encrypts traffic using a protocol with known weaknesses
The remote service accepts connections encrypted using SSL 2.0 which repotedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between service and clients
Remedial Action: Disable SSL 2.0 and use SSL 3.0 or TLS 1.0
There's lot more but this'll do for a start
-
RE: MAC to IP matching security in IP Tables
Fetched: October 24th, 2007, 8:34pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Wed Oct 24, 2007 3:48 pm (GMT 5)
Topic Replies: 23
Assalam-o-Aliakum to all
No solution ??? ??? ???
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: how to block MSN Sniffer
Fetched: October 24th, 2007, 4:36pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Wed Oct 24, 2007 12:08 pm (GMT 5)
Topic Replies: 18
Security is not cheap thats what I said in begning.. ne how gud to know from u as well ..
_________________
raheel ahmad
@WhiteHat
-
RE: how to block MSN Sniffer
Fetched: October 24th, 2007, 1:36pm BST
Tags: Security [edit]
Author: securitykid
Subject: Seems like no one interested :)
Posted: Wed Oct 24, 2007 11:06 am (GMT 5)
Topic Replies: 18
I got an approval from admin,
BUT seems like no one interested
I didn't get any comments
Thanks
Muhammad Islam
SecurityKID-ITdotCOM
_________________
Security Every Where! BUT where?
-
Vulnerabilities & Penetrations Results!
Fetched: October 24th, 2007, 12:22pm BST
Tags: Security [edit]
Author: securitykid
Subject: Vulnerabilities & Penetrations Results!
Posted: Wed Oct 24, 2007 9:22 am (GMT 5)
Topic Replies: 1
Hi Guys,
I know this a Linux Forum, BUT as I know the security is the buzz word now a days, everyone looking for something / anything that help them to fix there issues or give some understanding... I recommend if we can post vulnerabilities or Pen Test identified by ourself to this post, it will be very interesting and knowledgeable.
Any Comments!!!
Thanks
SecurityKID-ITdotCOM
_________________
Security Every Where! BUT where?
-
RE: how to block MSN Sniffer
Fetched: October 23rd, 2007, 4:35pm BST
Tags: Security [edit]
Author: securitykid
Subject: Case of Arp spoofing & MAC Spoofing!
Posted: Tue Oct 23, 2007 11:33 am (GMT 5)
Topic Replies: 17
Hi Guys,
Sorry for jumping in!, a case is ARP Spoofing (ARP Poisoning) & MAC Spoofing, Solutions are there BUT depends on size of network & budget.
Just for an original requester information "Not just only the MSN & Yahoo conversations, if an attacker is extra smart(which I am doubt he is) can even launch DNS poisoning and redirect users to login to to forged MSN or YAHOO websites and steal a use full informations, He/she can get the passwords roving over the network in clear text (Which I know do in most LANs) & lot others... not good to define in such posts. (I use to do lot when I was curious geek )
-------Solutions / Workaround-----
Small & Low budget Networks:
There is no common defense against ARP spoofing when it comes to low budgets networks. Although there some workaround to limit the damage.
Try encouraging/force users to install desktop firewalls, there are some good firewalls which can detect the possible ARP Poisoning and MAC Spoofing when it occurs, and sometimes lock an attackers machine itself, IF he is not doing it intentionally, MAYBE a Trojan(who knows)
or If he is doing it intentionally doing it, hmmm let me remember there is an other way around to encounter.... by the way how do you detected an attacker? wait for my next post I might come up with some solutions also I will give you the links & downloads for such softwares if forum ADMIN allow me to do that (Dear ADMIN Asking your permission? I am new in linuxpakistan)
For Large or HIGH Budget networks
Managed switches are good solution proposed by one of my brother earlier.
There are lot others, if anyone interested, I will love to share
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=---=-=-=-=
So if admin allows me to post links I may give you workaround to limit the damage, by the way I remember in last that I use to kill other ARP Poisoning attacks so that I can remain wholly solly! and control over the network, (when I use to play with such hacking Techniques), I would say not a hacking actually its is exploiting the limitations of Network and devices.
For me if you want to protect your network from such bullies users you have to become one of them by this at least you will protect your user privacy
Thanks
Muhammad Islam
SecurityKID
_________________
Security Every Where! BUT where?
-
RE: Security Issue
Fetched: October 23rd, 2007, 12:36pm BST
Tags: Security [edit]
Author: securitykid
Subject: Great Discussion!
Posted: Tue Oct 23, 2007 10:08 am (GMT 5)
Topic Replies: 30
Hi Guys,
Sorry! for jumping in... seems like the proposed solution for PPPOE will allow the original requester an Authentication truss with particular IP and allow matching user to access an internet(resource). (Somehow, what he wanted to achieve).
By the way for me NoCATAuth is the solution that is exactly what he requested:
Quote:
AOA,
I want to ask that if two guyz using same MAC Address and only one should be allowed to use the internet from the Server, how can i do this.
Like one guy on my network has somehow managed to change the MAC Address of his LAN card. Now is there any way to stop him from using internet.
IP's are given by DHCP Server. Using a MAC Address base firewall posted here . And using Squid Proxy Server
Looking forward for some help.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
Using NoCatAuth, he can get same as PPPOE, Authentication truss with particular IP BUT on top of it he can truss MAC Address (although a little complicated configuration then PPPOE)
By the way through this post my intension is to share knowledge and proposed the solution, NOT to comment! I hope you understand
Thanks
Muhammad Islam
_________________
Security Every Where! BUT where?
-
RE: MAC to IP matching security in IP Tables
Fetched: October 22nd, 2007, 4:35pm BST
Tags: Security [edit]
Author: A_Karim
Subject: Re:
Posted: Mon Oct 22, 2007 12:44 pm (GMT 5)
Topic Replies: 22
LinuxFreaK wrote: Dear A_Karimm
Just add a rule in your INPUT chain which allows port 80 to every one.
# /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Best Regards.
Here is my firewall
Code:
#!/bin/bash
#
####################################################
#-> Flush all the rules in the filter and nat tables.
####################################################
#
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -X
/sbin/iptables -N MAC
/sbin/iptables -F MAC
#
#####################################
#-> INPUT, FORWARD and OUTPUT chains.
#####################################
#
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
#------------------------------
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
#
#####################
#-> Accept Loopback #
#####################
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#
###############################################################
#-> Enable IP Forwarding and Network Address Translation.
###############################################################
#
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8088
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#
#################
#-> SSH Connection
#################
#
/sbin/iptables -A MAC -i eth0 -p tcp --dport 22 -j ACCEPT
#
##############
#-> DNS Queries.
##############
#
/sbin/iptables -A MAC -s 192.168.0.50/24 -p tcp --dport 53 -j ACCEPT
/sbin/iptables -A MAC -s 192.168.0.50/24 -p udp --dport 53 -j ACCEPT
#
#####################
##---> Allowed Services <---##
#####################
#
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#
#####################
##---> Bind MAC with IP <---##
#####################
#
for allowuser in `cat /etc/allow.user`
do
mac=`echo $allowuser |cut -d"|" -f1`
echo Allowed $mac
/sbin/iptables -A MAC -i eth0 -p all -m mac --mac-source $mac -j ACCEPT
/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT
done
#
#######################################
#-> Jump INPUT & FORWARD rules to MAC.
#######################################
#
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
#
##########################
#-> DROP everything else.
##########################
#
/sbin/iptables -A MAC -i eth0 -p all -j DROP
I have added allowed services , ICMP rule works fine but port 80 does not work for non-MAC allowed users.
# iptables -nvL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 192.168.0.0 0.0.0.0/0 tcp dpt:80
32 2958 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5 300 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 MAC all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MAC all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 52 packets, 3162 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
Chain MAC (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 192.168.0.0/24 0.0.0.0/0 udp dpt:53
0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
iptables shows it allowed but dont know why users unable to access http (www) service on this server. Any solution or hint please.
Regards,
AK
_________________
Eyes Never Says Lies
mypapit gnu/linux blog
-
Using htaccess to stop Bad Bots from stealing bandwidth and crashing your server
Posted: October 22nd, 2007, 3:45pm BST by mypapit
Tags: apache .htaccess htaccess Security bandwidth [edit]
Few days ago my site was hit by a bunch of really bad bots which crawl my site continuously until it overloads my web server. Now I'm publishing a way to block these so-called bad robots from ruining your website by their crazy crawling method.
Assuming you are using Apache Http server, create .httaccess file and append this line to the newly created file.
Planet MYOSS
-
Mohammad Hafiz bin Ismail: Using htaccess to stop Bad Bots from stealing bandwidth and crashing your server
Posted: October 22nd, 2007, 3:43pm BST
Tags: apache .htaccess htaccess Security bandwidth [edit]
Few days ago my site was hit by a bunch of really bad bots which crawl my site continuously until it overloads my web server. Now I'm publishing a way to block these so-called bad robots from ruining your website by their crazy crawling method.
Assuming you are using Apache Http server, create .httaccess file and append this line to the newly created file.
(more...)
linuxpakistan.net
-
RE: MAC to IP matching security in IP Tables
Fetched: October 22nd, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Mon Oct 22, 2007 8:40 am (GMT 5)
Topic Replies: 22
Dear A_Karimm
Just add a rule in your INPUT chain which allows port 80 to every one.
# /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Best Regards.
_________________
Farrukh Ahmed
-
RE: MAC to IP matching security in IP Tables
Fetched: October 20th, 2007, 8:35pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Sat Oct 20, 2007 2:49 pm (GMT 5)
Topic Replies: 20
Code: #!/bin/bash
#
####################################################
#-> Flush all the rules in the filter and nat tables.
####################################################
#
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -X
/sbin/iptables -N MAC
/sbin/iptables -F MAC
#
#####################################
#-> INPUT, FORWARD and OUTPUT chains.
#####################################
#
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
#------------------------------
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
#
#####################
#-> Accept Loopback #
#####################
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#
###############################################################
#-> Enable IP Forwarding and Network Address Translation.
###############################################################
#
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8088
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#
#################
#-> SSH Connection
#################
#
/sbin/iptables -A MAC -i eth0 -p tcp --dport 22 -j ACCEPT
#
#
#####################
##---> Bind MAC with IP <---##
#####################
#
for allowuser in `cat /etc/allow.user`
do
mac=`echo $allowuser |cut -d"|" -f1`
echo Allowed $ip $mac
/sbin/iptables -A MAC -i eth0 -p all -m mac --mac-source $mac -j ACCEPT
/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT
done
#
#######################################
#-> Jump INPUT & FORWARD rules to MAC.
#######################################
#
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
#
##########################
#-> DROP everything else.
##########################
#
/sbin/iptables -A MAC -i eth0 -p all -j DROP
Assalam-o-Aliakum to All
Im using above code to restrict users using internet but the problem is on the same server httpd also running some www. I want all 10.0.0.0/8 users either whos MAC allows or not can access other services on Server only Internet facility will be allow to MAC allowed users only.
How can all 10.0.0.0/8 users access www which host at Proxy Server and able to ping this server.
Thanks in Advance
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: October 6th, 2007, 11:57am BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Sat Oct 06, 2007 7:13 am (GMT 5)
Topic Replies: 17
Dear A_Karim,
Salam,
How can firewall does not allow process to start. This error is more related to squid, make sure squid shutdown properly.
Best Regards.
_________________
Farrukh Ahmed
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 29th, 2007, 4:35am BST
Tags: Security [edit]
Author: A_Karim
Posted: Sat Sep 29, 2007 11:08 pm (GMT 5)
Topic Replies: 14
Dear Farrukh Bahi
First thanks to ur reply im waiting updates from ur side.
But my problem with squid still there with ur script i have test it on two machines both have problem with this rule
/sbin/iptables -A INPUT -p all -j DROP
when i restart system or restart squid every thing goes down and squid unable to start.
I have added my servers's MACs in mac.allow file.
What is wrong ?
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 29th, 2007, 12:36pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Sat Sep 29, 2007 7:32 am (GMT 5)
Topic Replies: 14
Dear A_Karim,
Salam,
A_Karim wrote: 1. When going to take backup for mac.deny it take backup of mac.allow then how taking backup of mac.deny ??
It should take backup of both mac.allow and mac.deny. If it is not working let me know i will check it.
A_Karim wrote: 2. Whats the difference between deny and block options ?? if there no diff. why 2 options ?
I will have to check its been a time i did not used it. I will update you accordingly.
A_Karim wrote: 3. If i deny a MAC it store in mac.deny and after then i allow it copy into mac.allow file but still reside in mac.deny file. So which rule is applied on that MAC either ALLOW or DENY.
Its depends upon rule priority. I will fix this issue so that this problem never come back.
Best Regards.
_________________
Farrukh Ahmed
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 27th, 2007, 4:36pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Thu Sep 27, 2007 1:00 pm (GMT 5)
Topic Replies: 12
Dear Farrukh Bahi
WSalam
Server MAC addresses already allowed in mac.allow but after restarting squid everything goes down and one thing more u did not answer my questions which i have asked in my previous post about backup etc.
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 27th, 2007, 4:36pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Thu Sep 27, 2007 12:10 pm (GMT 5)
Topic Replies: 12
Dear A_Karim,
Salam,
Allow your server MAC Addresses.
For Yahoo messenger i have to look why its still working.
Best Regards.
_________________
Farrukh Ahmed
mypapit gnu/linux blog
-
How to create a limited (Guest) User Account in Ubuntu Linux
Posted: September 27th, 2007, 10:39am BST by mypapit
Tags: ubuntu debian Security Linux opensource [edit]
It is always a good idea to create a limited guest user account when you are sharing the computer with multiple users. This is to prevent accidental (or intentional) tampering of system configuration which can prevent your Ubuntu Linux operating system from running properly.
Here’s how to setup a limited guest account for your Ubuntu Linux operating system. This guide assumes you are adding a guest account user for your children to play with.
How to Add a Limited User Account
1. From Desktop, go to System, Administration and select “Users and Groups”.
2. You will be shown with user settings dialog. Click “Add User” button
3. Fill in the new user details
Planet MYOSS
-
Mohammad Hafiz bin Ismail: How to create a limited (Guest) User Account in Ubuntu Linux
Posted: September 27th, 2007, 10:39am BST
Tags: ubuntu debian Security Linux opensource [edit]
It is always a good idea to create a limited guest user account when you are sharing the computer with multiple users. This is to prevent accidental (or intentional) tampering of system configuration which can prevent your Ubuntu Linux operating system from running properly.
Here’s how to setup a limited guest account for your Ubuntu Linux operating system. This guide assumes you are adding a guest account user for your children to play with.
How to Add a Limited User Account
1. From Desktop, go to System, Administration and select “Users and Groups”.
2. You will be shown with user settings dialog. Click “Add User” button
3. Fill in the new user details
4. You can grant the appropriate privilege on in the “User Privilege” tab.
Note by assigning privileges, you can fine-tune user account rights to use certain application in your operating system. For example you may prevent users from messing up with internet connection by preventing him/her to access modem, and so on.
Conclusion
Ubuntu provides the facility to create limited (and unprivileged) user account for conveniences in day-to-day Desktop experience. By creating users with limited privilege, you can prevent other users from messing up with your operating system configuration while giving them the freedom of using their own Desktop and workspace.Tags: ubuntu, debian, security, linux, opensource, open source, gnome, guide, howto
linuxpakistan.net
-
RE: Yahoo Problem
Fetched: September 26th, 2007, 12:35am BST
Tags: Security [edit]
Author: A_Karim
Posted: Wed Sep 26, 2007 10:29 pm (GMT 5)
Topic Replies: 11
Assalam-o-Aliakum to All
My yahoo messenger problem has been solved by setting gateway but thanks to all for ur guidance and solutions.
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 26th, 2007, 8:36pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Wed Sep 26, 2007 3:22 pm (GMT 5)
Topic Replies: 12
Dear Farrukh Bahi
Assalam-o-Aliakum
Code:
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -j DROP
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
I have applied ur giving maccheck script , fter applying these firewall rules everything works fine browsing stop at client side but they can use yahoo messenger how can i stop messengers as well ?? and the 2nd problem is after implement maccheck with /sbin/iptables -A INPUT -p all -j DROP rule whenever i restart my squid browsing totally stoped and squid did not response to any one even server also unable to use internet. How overcome this problem ?? is there any solution for it ??
Right now im doing these steps for running network with macchek
1. Comment this rule and restart squid #/sbin/iptables -A INPUT -p all -j DROP
2. Then after running everything fine comment out /sbin/iptables -A INPUT -p all -j DROP and then run maccheck script for MAC address filtering
What should i do to overcome this problem ? Is there anything wrong with rules sequence ?? or i miss any rule or step ??
Please provide proper solution
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 25th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Tue Sep 25, 2007 7:26 am (GMT 5)
Topic Replies: 9
Dear A_Karim,
Salam,
FYI, [www.linuxpakistan.net]
Best Regards.
_________________
Farrukh Ahmed
-
RE: Security Issue
Fetched: September 24th, 2007, 12:36am BST
Tags: Security [edit]
Author: raheelahmad
Posted: Mon Sep 24, 2007 8:55 pm (GMT 5)
Topic Replies: 29
nice chat wid you guyz .. i wish the problem of the questionair is nearly solved.... !
there are many solutions to the question asked, depends on how the administrartor deal with it depending upon budget and managment approval .... I hope you guyz agreed with me ...
_________________
raheel ahmad
@WhiteHat
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: September 24th, 2007, 4:35pm BST
Tags: Security [edit]
Author: A_Karim
Subject: Re:
Posted: Mon Sep 24, 2007 12:06 pm (GMT 5)
Topic Replies: 8
LinuxFreaK wrote: Dear mudasir,
Salam,
I will update checkmac script by this week.
Best Regards.
Assalam-o-Aliakum
Farrukh bahi where is checkmac updated script ??
I have tried ur checkmac script it works fine but i found some problems in it.
1. When going to take backup for mac.deny it take backup of mac.allow then how taking backup of mac.deny ??
2. Whats the difference between deny and block options ?? if there no diff. why 2 options ?
3. If i deny a MAC it store in mac.deny and after then i allow it copy into mac.allow file but still reside in mac.deny file. So which rule is applied on that MAC either ALLOW or DENY.
Hope u give answer and upload updated script.
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Yahoo Problem
Fetched: September 24th, 2007, 12:35pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Mon Sep 24, 2007 10:01 am (GMT 5)
Topic Replies: 10
Assalam-o-Aliakum to all
sry for late reply
Gateway for client computers = 10.255.255.251
All the settings on client side comes from transparent proxy ( Cable Wala) through DHCP and my own squid also using same gateway.
any hint ? or idea ??
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Security Issue
Fetched: September 22nd, 2007, 6:31pm BST
Tags: Security [edit]
Author: lambda
Subject: Re: kbukhari
Posted: Sat Sep 22, 2007 4:05 pm (GMT 5)
Topic Replies: 29
just set up a pppoe server, and configure it to hand out ip addresses in a fixed range (like with dhcp). give each user a username/password, use the builtin tools on their system (windows, linux, whatever) to authenticate with the username/password. once you have their assigned ip address, you can let them access the internet (add an iptables rule to the nat table, for example).raheelahmad wrote: I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.
there are many guides for this sort of stuff -- just search for "pppoe server".
there's no way to sniff the actual username/password if you use chap authentication. that's your security. also, again, active directory or any other directory service is a heavy-weight solution. it requires you to do a lot of configuration on the user's system -- something you'll need to repeat if they reinstall or get a new computer or whatever. but pppoe? no problem.Quote: In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Security Issue
Fetched: September 22nd, 2007, 4:35pm BST
Tags: Security [edit]
Author: raheelahmad
Subject: kbukhari
Posted: Sat Sep 22, 2007 2:57 pm (GMT 5)
Topic Replies: 29
I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.
In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
I hope you guys are getting my point ......
Regards,
RA.
_________________
raheel ahmad
@WhiteHat
-
RE: Yahoo Problem
Fetched: September 21st, 2007, 2:56am BST
Tags: Security [edit]
Author: kbukhari
Posted: Fri Sep 21, 2007 11:50 pm (GMT 5)
Topic Replies: 10
evry thing is fine then why only one packet 1 198 MASQUERADE all -- * eth1 10.0.0.0/8 0.0.0.0/0
what the gateway of your client computer ?
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Yahoo Problem
Fetched: September 21st, 2007, 12:35am BST
Tags: Security [edit]
Author: A_Karim
Posted: Fri Sep 21, 2007 10:06 pm (GMT 5)
Topic Replies: 9
kbukhari wrote:
check iptables -nvL -t nat
and see are you getting matches ?
here is output
# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 4411 packets, 567K bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT 1162 packets, 105K bytes)
pkts bytes target prot opt in out source destination
1 198 MASQUERADE all -- * eth1 10.0.0.0/8 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1162 packets, 105K bytes)
pkts bytes target prot opt in out source destination
Any clue or solution please ?
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Yahoo Problem
Fetched: September 21st, 2007, 12:35pm BST
Tags: Security [edit]
Author: kbukhari
Posted: Fri Sep 21, 2007 9:09 am (GMT 5)
Topic Replies: 9
A_Karim wrote: No solution ? any idea ???
Regards,
AK
check iptables -nvL -t nat
and see are you getting matches ?
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Yahoo Problem
Fetched: September 21st, 2007, 12:35pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Fri Sep 21, 2007 7:57 am (GMT 5)
Topic Replies: 9
No solution ? any idea ???
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Security Issue
Fetched: September 20th, 2007, 4:12am BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Sep 21, 2007 12:27 am (GMT 5)
Topic Replies: 28
AOA,
Thanks for telling me other options, whenever i will get time i will certainly start work on all the options.
Again Thanks to everyone.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 20th, 2007, 8:35pm BST
Tags: Security [edit]
Author: nomankhn
Posted: Thu Sep 20, 2007 5:47 pm (GMT 5)
Topic Replies: 28
Kashif Bahi,
Logon ko sahi tarhan bataya karo. Guide them properly.
Regards,
Noman Liaquat
-
RE: Security Issue
Fetched: September 20th, 2007, 8:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Thu Sep 20, 2007 4:54 pm (GMT 5)
Topic Replies: 26
is there something wrong with your keyboard...................? once again, raheel, don't quote yourself.raheelahmad wrote: What are you talking about ...................
active directory or fedora directory server are extremely heavyweight solutions to this minor problem. pppoe is much simpler to implement, and has easy to use client support in linux, windows, and other operating systems.
_________________
Argue with idiots, and you become an idiot. -- [www.paulgraham.com]
-
RE: Security Issue
Fetched: September 20th, 2007, 8:35pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Thu Sep 20, 2007 3:47 pm (GMT 5)
Topic Replies: 26
kbukhari wrote: raheelahmad wrote: Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..
I hope this will help you ... much ...
please let us know your response ... I can write the script for you but on weekend sorry for delay ...
regards.
Dear raheel
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
Quote: What are you talking about ...................
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 20th, 2007, 12:35pm BST
Tags: Security [edit]
Author: kbukhari
Posted: Thu Sep 20, 2007 9:41 am (GMT 5)
Topic Replies: 26
raheelahmad wrote: Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..
I hope this will help you ... much ...
please let us know your response ... I can write the script for you but on weekend sorry for delay ...
regards.
Dear raheel
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Security Issue
Fetched: September 19th, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Wed Sep 19, 2007 11:32 pm (GMT 5)
Topic Replies: 26
AOA,
Still i am unable to do any work on FDS, my Semester Exams are starting up. So after that i will INSHALLAH start work on FDS
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Yahoo Problem
Fetched: September 19th, 2007, 12:35am BST
Tags: Security [edit]
Author: A_Karim
Posted: Wed Sep 19, 2007 10:39 pm (GMT 5)
Topic Replies: 5
Quote:
Dear,
You can use following setting.
#/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
#/sbin/iptables -A POSTROUTING -t nat -s 10.0.0.0/8 -o eth1 -j MASQUERADE
#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80
-j REDIRECT --to-port 8080
Above are three commands running these three commands and check and let me know.
Regards,
Noman Liaquat
First of all thanks to all for replying.
By applying above three commands mentioned by Noman Bahi Yahoo still unable to connect with No Proxies.By the way im using Red Hat Enterprise Linux AS release 4 (Nahant Update 3).
[iptables]
# Generated by iptables-save v1.2.11 on Mon Sep 3 12:58:13 2007
*filter
:INPUT ACCEPT [207610:112847013]
:FORWARD ACCEPT [481:35652]
:OUTPUT ACCEPT [176564:135397686]
COMMIT
*nat
:PREROUTING ACCEPT [24813:5313083]
:POSTROUTING ACCEPT [2681:245515]
:OUTPUT ACCEPT [2518:234656]
COMMIT
After running above three commands
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
tcp -- 192.168.0.0/24 anywhere tcp dpt:http
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 8080
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
MASQUERADE all -- 10.0.0.0/8 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[access.log]
1190241283.868 768 10.255.247.94 TCP_MISS/200 358 POST [207.46.111.76] - DIRECT/207.46.111.76 application/x-msn-messenger
Can anybody tell me whats wrong with squid or any othere settings.
Regards,
AK
_________________
Eyes Never Says Lies
-
RE: Yahoo Problem
Fetched: September 19th, 2007, 8:35pm BST
Tags: Security [edit]
Author: nomankhn
Posted: Wed Sep 19, 2007 3:12 pm (GMT 5)
Topic Replies: 5
Dear,
You can use following setting.
#/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
#/sbin/iptables -A POSTROUTING -t nat -s 10.0.0.0/8 -o eth1 -j MASQUERADE
#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80
-j REDIRECT --to-port 8080
Above are three commands running these three commands and check and let me know.
Regards,
Noman Liaquat
-
RE: Yahoo Problem
Fetched: September 19th, 2007, 4:35pm BST
Tags: Security [edit]
Author: kbukhari
Subject: Re: Yahoo Problem
Posted: Wed Sep 19, 2007 12:47 pm (GMT 5)
Topic Replies: 5
A_Karim wrote: Assalam-o-Alikum
I have problem connecting Yahoo Messenger with No Proxies using Squid as Proxy Server . MSN working fine.I am using Cable Net.
Scen
SNIP------
Any Idea ???
Thanks in Advance
Regards,
AK
Squid is an HTTP proxy and has nothing to do with yahoo
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: Security Issue
Fetched: September 19th, 2007, 2:00pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Wed Sep 19, 2007 11:13 am (GMT 5)
Topic Replies: 22
mudasir wrote: AOA,
Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
Quote: what about FDS dude .........
_________________
raheel ahmad
@WhiteHat
-
RE: Yahoo Problem
Fetched: September 19th, 2007, 12:35pm BST
Tags: Security [edit]
Author: A_Karim
Posted: Wed Sep 19, 2007 10:30 am (GMT 5)
Topic Replies: 5
Dear LinuxFreaK,
wsalam
i mention that there is no firewall rule on my squid proxy.
_________________
Eyes Never Says Lies
-
RE: Yahoo Problem
Fetched: September 19th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re: Yahoo Problem
Posted: Wed Sep 19, 2007 9:43 am (GMT 5)
Topic Replies: 4
Dear A_Karim,
Salam,
A_Karim wrote: I have problem connecting Yahoo Messenger with No Proxies using Squid as Proxy Server . MSN working fine.I am using Cable Net.
Scenario
Transparent Proxy - 192.168.1.1
My Squid Proxy -
eth1 = 192.168.1.2
eth0 = 10.0.0.1
My Cable wala running transparent proxy with MAC address filtering and by using his setting me and my users running applications fine.
But i want my users using my squid server as proxy by setting 10.0.0.1 as proxy and it works fine for rest of application only yahoo messenger does not working with No Proxies. There is no IPTABLES rules
[Squid.Conf]
http_port 8080
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5050 # yahoo messenger TCP
acl Safe_ports port 5100 # yahoo messenger webcam TCP
acl Safe_ports port 5000 # yahoo messenger voice TCP/UDP
acl Safe_ports port 5001 # yahoo messenger voice TCP
acl Safe_ports port 5010 # yahoo messenger voice UDP
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
acl mynet src 10.0.0.0/8
http_access allow mynet
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Can you please let us know your firewall rules ?
Best Regards.
_________________
Farrukh Ahmed
-
Yahoo Problem
Fetched: September 19th, 2007, 12:35pm BST
Tags: Security [edit]
Author: A_Karim
Subject: Yahoo Problem
Posted: Wed Sep 19, 2007 8:59 am (GMT 5)
Topic Replies: 3
Assalam-o-Alikum
I have problem connecting Yahoo Messenger with No Proxies using Squid as Proxy Server . MSN working fine.I am using Cable Net.
Scenario
Transparent Proxy - 192.168.1.1
My Squid Proxy -
eth1 = 192.168.1.2
eth0 = 10.0.0.1
My Cable wala running transparent proxy with MAC address filtering and by using his setting me and my users running applications fine.
But i want my users using my squid server as proxy by setting 10.0.0.1 as proxy and it works fine for rest of application only yahoo messenger does not working with No Proxies. There is no IPTABLES rules
[Squid.Conf]
http_port 8080
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5050 # yahoo messenger TCP
acl Safe_ports port 5100 # yahoo messenger webcam TCP
acl Safe_ports port 5000 # yahoo messenger voice TCP/UDP
acl Safe_ports port 5001 # yahoo messenger voice TCP
acl Safe_ports port 5010 # yahoo messenger voice UDP
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
acl mynet src 10.0.0.0/8
http_access allow mynet
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Any Idea ???
Thanks in Advance
Regards,
AK
_________________
Eyes Never Says Lies
Planet MYOSS
-
Takizo Technology: Hack Me!
Posted: September 11th, 2007, 7:21pm BST
Tags: HackInTheBoxConference2007 Apple Security Honeynet [edit]
HITBSecConf2007 is over; A lot of cool stuff happening this year which can find out at HITBSecConf2007’s website. Capture The Flag write up by spoonfork can read it at security.org.my. Buy a copy of The Star today and it’s Sao Vang team from vnsecurity.net on the cover page.
Met a lot people this year and looking forward for next year HITBSecConf08. Last but not least… Here is the newest sticker on my laptop;
Tags: Hack In The Box Conference 2007, Apple, Security, Honeynet
linuxpakistan.net
-
RE: Security Issue
Fetched: September 8th, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Sun Sep 09, 2007 12:34 am (GMT 5)
Topic Replies: 19
AOA,
Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 8th, 2007, 8:36pm BST
Tags: Security [edit]
Author: nomankhn
Posted: Sat Sep 08, 2007 3:49 pm (GMT 5)
Topic Replies: 19
Dear Mudasir,
Then i am waiting for FDS.
Regards,
Noman Liaquat
-
RE: Security Issue
Fetched: September 7th, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Sep 07, 2007 11:11 pm (GMT 5)
Topic Replies: 18
AOA,
Thanks for sharing such informations with me. I will try to configure Fedora Directory Server ASAP, and wil let all you Guyz know wheather it works for me ot not
Again Thanks alot for heloing me.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security AND VOIP Distro ..Any one Here..!
Fetched: September 7th, 2007, 12:36am BST
Tags: Security [edit]
Author: raheelahmad
Posted: Fri Sep 07, 2007 7:31 pm (GMT 5)
Topic Replies: 13
How you build your distro barlas , Can you help me , I have started to work again on this project ..
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 7th, 2007, 12:36am BST
Tags: Security [edit]
Author: raheelahmad
Posted: Fri Sep 07, 2007 7:24 pm (GMT 5)
Topic Replies: 17
you can Use SAMBA as a domain control plus you can also use Fedora Directory Server which is like MS AD .
AD can not be configured on linux , but one way to confgure AD on linux is WINE Server if you use wine , you will be in much trouble ... friend.there are other security issues with wine itself ....
Fedora Directory server is a better option ...
Regards.
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 7th, 2007, 8:35pm BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Sep 07, 2007 6:39 pm (GMT 5)
Topic Replies: 17
AOA,
Quote:
Why AD,
If he is using linux?
Then what other solution i should go with...[/quote]
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 7th, 2007, 6:22pm BST
Tags: Security [edit]
Author: nomankhn
Posted: Fri Sep 07, 2007 4:35 pm (GMT 5)
Topic Replies: 17
Why AD,
If he is using linux?
Regards,
Noman Liaquat
-
RE: Security Issue
Fetched: September 7th, 2007, 6:22pm BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Sep 07, 2007 4:35 pm (GMT 5)
Topic Replies: 17
AOA,
Can anyone provide me some links to undrstand AD on Linux and how to setup AD on Linux.
Looking forward for some help.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 7th, 2007, 4:35pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Fri Sep 07, 2007 2:18 pm (GMT 5)
Topic Replies: 16
Dear mudasir I have already said ... please use dual factor authentication Noman is right , you can do authentication with squid but that will affect squid performance in real squid is not a authetication server it serves as proxy , you have to bear a server cost , If you authenticate by USing AD it can solve the problem ..........AD can run on a low speed server as well ...
Remember security sasti nahi hai bhai .............................................
Regards.
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 7th, 2007, 8:35am BST
Tags: Security [edit]
Author: nomankhn
Posted: Fri Sep 07, 2007 5:25 am (GMT 5)
Topic Replies: 14
Hi Mudasir,
I think you should allow those users which are the part of your network and block rest of them or its better run authentication of users through squid through every user have separate username and password and then they can use when they do browsing.
Regards,
Noman Liaquat
-
RE: Security Issue
Fetched: September 6th, 2007, 12:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Sep 06, 2007 10:44 pm (GMT 5)
Topic Replies: 14
AOA,
Thanks Dear Noman bhai.
Now what i have done is that i have Fixed IP Address on that MAC Address, and have Binded it through IPTABLES
IPTABLES -t nat -A PREROUTING -i eth0 -m mac --mac-source XX:XX:XX:XX:XX -s 192.168.1.244 -j ACCEPT
IPTABLES -t nat -A PREROUTING -i eth0 -m mac --mac-source XX:XX:XX:XX:XX -s ! 192.168.1.244 -j DROP
Please tell me wheather this method is good or not, or wheather this will work or not.
Looking forward For Help
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 6th, 2007, 12:35am BST
Tags: Security [edit]
Author: nomankhn
Posted: Thu Sep 06, 2007 8:29 pm (GMT 5)
Topic Replies: 12
Dear Brother Mudsair,
In above post you wrote mac do authentication through your script, its impossible, authentication is something different, but your script is really good, its show you are working good on linux.
Keep it up, my prayers are always with you.
Regards,
Noman Liaquat
-
RE: Security Issue
Fetched: September 6th, 2007, 8:35pm BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Sep 06, 2007 3:29 pm (GMT 5)
Topic Replies: 11
I dont have that much experience in writing Scripts and Creating Firewall, I tried to create a firewall script and it worked, so i am using this firewall. Although it might not be a very strong Firewall.
This is the Firewall Script which i am using...
Quote:
#!/bin/sh
# Firewall Script
#set -x
#################
## Defining Variables ##
#################
# Path to IPTABLES executable
IPT="/sbin/iptables"
# Interface Card Connected to Local Network
NETWORK="eth0"
# Interface Card Connected to Internet
INTERNET="eth1"
# Loopback Interface
LOOPBACK="lo"
# IP Addreses of Server
SERVER_IP="192.168.1.1"
# Local Network IP Range / Subnet
LOC_IP="192.168.1.1/24"
# INTERNAL Broadcast
LOC_BCAST=192.168.1.255
# IP On The Internet Interface
NET_IP="172.16.0.1/24"
# DHCP Server IP
DHCP_SERVER="192.168.1.1"
# Primiry DNS Server
P_DNS="203.135.1.117"
# Alternate DNS Server
A_DNS="203.135.0.70"
# Path To Directory Containing MAC Addresses
MACDIR="/files/macs"
# Path To File Containing MAC Addresses
MACFILE="/files/macs/allowed.macs"
###################
### Flushing IPTABLES ###
###################
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
###########################
### Setting Default Policies to Drop ###
###########################
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
echo Default Policies Set To Drop
##########################
### Setting Needed PROC Settings ###
##########################
echo 1 > /proc/sys/net/ipv4/ip_forward
######################
### Setting IPTABLES Rules ###
######################
######################
### MAC Addresses Filtering ###
######################
rm -f $MACDIR/mac.addresses
cat $MACFILE | awk '{ print $1 }' >> $MACDIR/mac1
cat $MACDIR/mac1 | sed "s/#.*//" > $MACDIR/mac2
cat $MACDIR/mac2 | sed "/^ /d;/^$/d;" > $MACDIR/mac.addresses
rm -f $MACDIR/mac1
rm -f $MACDIR/mac2
echo ----------------------------------------
echo Marking Packets from Known MAC Addresses
echo ----------------------------------------
cat $MACDIR/mac.addresses | while read MACS
do
$IPT -t mangle -A PREROUTING -i $NETWORK -m mac --mac-source $MACS -j MARK --set-mark 1
done
#sleep 5
echo ----------------------------------------
echo
echo ---- MAC Address Filtering Complete ----
echo
echo ----------------------------------------
##############################
### MAC Addresses Filtering Completed ###
##############################
#############################
### Redirecting All Un-Marked Packets ###
#############################
$IPT -t nat -A PREROUTING -i $NETWORK -p tcp --dport 80 -m mark ! --mark 1 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -p udp --dport 80 -m mark ! --mark 1 -j REDIRECT --to-port 8080
########################
### Accepting Marked Packets ###
########################
$IPT -A INPUT -i $NETWORK -m mark --mark 1 -j ACCEPT
$IPT -A FORWARD -i $NETWORK -m mark --mark 1 -j ACCEPT
##########################
### Droping All Unmarked Packets ###
##########################
#$IPT -A FORWARD -i $NETWORK -m mark ! --mark 1 -j DROP
#$IPT -A INPUT -i $NETWORK -m mark ! --mark 1 -j DROP
#######################################
### Accepting Voice/CAM Request for Marked Packets. ###
#######################################
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p udp --dport 5000:5010 -j ACCEPT
$IPT -t nat -A PREROUTING -m mark --mark 1 -i $NETWORK -p tcp --dport 5100 -j ACCEPT
######################################
### Droping Voice/CAM Traffic which is not Marked. ###
######################################
$IPT -t nat -A PREROUTING -i $NETWORK -m mark ! --mark 1 -p tcp --dport 5000:5010 -j DROP
$IPT -t nat -A PREROUTING -m mark ! --mark 1 -i NETWORK -p tcp --dport 5100 -j DROP
########################
### Accepting DHCP Request. ###
########################
$IPT -A INPUT -i $NETWORK -p udp -s $DHCP_SERVER --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p udp -s 255.255.255.255 --sport 68 -d $DHCP_SERVER --dport 67 -j ACCEPT
###########################################
### Redirecting HTTP and FTP Traffic to Squid Proxy Server. ###
###########################################
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 80 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 80 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p tcp --dport 21 -j REDIRECT --to-port 8080
$IPT -t nat -A PREROUTING -i $NETWORK -s $LOC_IP -m mark --mark 1 -p udp --dport 21 -j REDIRECT --to-port 8080
###################################
### MASQUERADE All packets that are Marked. ###
###################################
$IPT -t nat -A POSTROUTING -p all -s $LOC_IP -m mark --mark 1 -o $INTERNET -j MASQUERADE
######################
### Rules for ICMP Protocol ###
######################
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $P_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $A_DNS -p icmp -j ACCEPT
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d ! $LOC_IP -p icmp --icmp-type echo-request -j DROP
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-unreachable
$IPT -A INPUT -i $NETWORK -s $LOC_IP -d $SERVER_IP -m mark ! --mark 1 -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-net-unreachable
$IPT -A INPUT -p icmp -s $LOC_IP -d $LOC_BCAST -j DROP
###############################
### No Restriction for Loopback Interface ###
###############################
$IPT -A INPUT -i $LOOPBACK -j ACCEPT
$IPT -A OUTPUT -o $LOOPBACK -j ACCEPT
##############################################
### Droping Packets coming from internet claming to be from Network
###############################################
$IPT -A INPUT -i $INTERNET -s $LOC_IP -j DROP
$IPT -A INPUT -i $INTERNET -d 127.0.0.0/8 -j DROP
$IPT -A INPUT -i $NETWORK -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -j ACCEPT
#####################################
### Accepting Extablished and Related Connections ###
#####################################
$IPT -I INPUT -i $NETWORK -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o $NETWORK -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i $INTERNET -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -o $INTERNET -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
###############################
### Droping Invalid and Unknown Packets ###
###############################
$IPT -A FORWARD -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -m state --state INVALID -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,FIN FIN -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPT -A INPUT -i $INTERNET -p tcp --tcp-flags ACK,URG URG -j DROP
#$IPT -t nat -A PREROUTING -i $NETWORK -p tcp --syn -s $LOC_IP --dport 80 -m mark ! --mark 1 -j DROP
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 6th, 2007, 4:36pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Thu Sep 06, 2007 2:03 pm (GMT 5)
Topic Replies: 11
Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..
I hope this will help you ... much ...
please let us know your response ... I can write the script for you but on weekend sorry for delay ...
regards.
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 6th, 2007, 4:36pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Thu Sep 06, 2007 1:55 pm (GMT 5)
Topic Replies: 11
agreed wid farrukh
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 5th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Wed Sep 05, 2007 9:21 am (GMT 5)
Topic Replies: 7
Dear mudasir,
Salam,
Please post your firewall rules and we will let you know.
There was script which has been developed by me can be found at below link.
FYI, [www.linuxpakistan.net]
Best Regards.
_________________
Farrukh Ahmed
-
RE: YAHOO, MSN, PALTALK, MIRC Not Working
Fetched: September 5th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Wed Sep 05, 2007 9:18 am (GMT 5)
Topic Replies: 20
Dear mudasir,
Salam,
I believe you need to issue following iptables commands which will resolve your problem.
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
OR
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.0.1
Note: make sure you replace eth0 with your outgoing ethernet card and 192.168.0.1 with your External IP Address which were assigned you by ISP.
Best Regards.
_________________
Farrukh Ahmed
-
RE: Security Issue
Fetched: September 4th, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Tue Sep 04, 2007 11:50 pm (GMT 5)
Topic Replies: 5
AOA,
Deer Raheelahmed,
My network consists of approximately 100 users, i am running my custom made Firewall which does MAC Address Authenticaion.
Now i have come to know that one my users that i have blocked who should not use internet, is using it.
Now i dont know how, but this is for sure that he is using internet.
That is why i was asking a solution that can help me out in stopping him to use internet.
Can this be stopped if i bing that MAC Address with one single IP by using the dhcprestrict script posted by LAMBDA in other post.
Looking forward for reply....
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: YAHOO, MSN, PALTALK, MIRC Not Working
Fetched: September 4th, 2007, 4:35am BST
Tags: Security [edit]
Author: raheelahmad
Posted: Tue Sep 04, 2007 11:33 pm (GMT 5)
Topic Replies: 20
please post your error logs which you are getting at time ....
_________________
raheel ahmad
@WhiteHat
-
RE: YAHOO, MSN, PALTALK, MIRC Not Working
Fetched: September 4th, 2007, 12:36am BST
Tags: Security [edit]
Author: cpointpak
Subject: CBQ
Posted: Tue Sep 04, 2007 10:30 pm (GMT 5)
Topic Replies: 20
hi every one
plz help me
i am installing centos 4.1 and using cbq.init 7.3 when i am configure it and using this command # (./cbq.init compile ) it can no take compile action
and do not start cbq
plz help us.
I am realy Thanks full to u all LInux friends
_________________
i like hot work
-
RE: Security Issue
Fetched: September 4th, 2007, 12:36am BST
Tags: Security [edit]
Author: raheelahmad
Posted: Tue Sep 04, 2007 9:41 pm (GMT 5)
Topic Replies: 5
How many users you have on your network ...
_________________
raheel ahmad
@WhiteHat
-
RE: Security Issue
Fetched: September 4th, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Tue Sep 04, 2007 9:01 pm (GMT 5)
Topic Replies: 5
AOA,
Thanks for the advice however i dont know how to configure AD on linux.....
If you can guide me or provide some links for configuring AD server on Linux and MAC to Hostname Binding stuff it will be great...
Looking Forward for Reply...
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: Security Issue
Fetched: September 4th, 2007, 7:39pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Tue Sep 04, 2007 4:25 pm (GMT 5)
Topic Replies: 5
friend you are talking about MAC Spoofing .. if this happens your switch will start flooding ... frames i guess ... in this case use MAC to HOSTNAME binding ....this can help you securing the network little bit .. and If you need high security solutions ...
Use AD to authenticate and squid for cache bind hostname to mac addresses and use two-factor authentication .. little cmplex scenario but security is not cheap as well a not simple.
_________________
raheel ahmad
@WhiteHat
-
Security Issue
Fetched: September 4th, 2007, 4:35pm BST
Tags: Security [edit]
Author: mudasir
Subject: Security Issue
Posted: Tue Sep 04, 2007 12:40 am (GMT 5)
Topic Replies: 5
AOA,
I want to ask that if two guyz using same MAC Address and only one should be allowed to use the internet from the Server, how can i do this.
Like one guy on my network has somehow managed to change the MAC Address of his LAN card. Now is there any way to stop him from using internet.
IP's are given by DHCP Server. Using a MAC Address base firewall posted here . And using Squid Proxy Server
Looking forward for some help.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: 80 GB SATA HDD on FC2
Fetched: September 2nd, 2007, 12:35am BST
Tags: Security [edit]
Author: syedbilalmasaud
Posted: Sun Sep 02, 2007 7:33 pm (GMT 5)
Topic Replies: 3
Check the module name of sata that is detected by new version , download that module and include it in to floppy and start setupusing dd method , if you will follow this method sata is also work with RH9
_________________
Regards,
Syed Bilal Masaud
-
RE: Restrict Download Bandwidth
Fetched: September 2nd, 2007, 12:35am BST
Tags: Security [edit]
Author: syedbilalmasaud
Posted: Sun Sep 02, 2007 7:29 pm (GMT 5)
Topic Replies: 7
use cbqinit scripts and tcp traffic varriables it is a little hard to do but its works very good
_________________
Regards,
Syed Bilal Masaud
-
RE: how to block MSN Sniffer
Fetched: September 1st, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Sun Sep 02, 2007 1:00 am (GMT 5)
Topic Replies: 15
AOA,
I know how to block it by using ISA server, have done it a long time ago..
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: September 1st, 2007, 4:36pm BST
Tags: Security [edit]
Author: raheelahmad
Posted: Sat Sep 01, 2007 2:42 pm (GMT 5)
Topic Replies: 15
By using ISA server software signatures can be easily blocked , although i am not also a MS lover but like ISA block MSN n Yahoo it can also block any application on client side ...
have a look into thi s .. you can try this solutioin on VM LAb ................
But if you are using the gr8 linux solutions will be different ...............................
_________________
raheel ahmad
@WhiteHat
-
First Pakistani Linux Distribution
Fetched: August 27th, 2007, 1:38pm BST
Tags: Security [edit]
Author: xlike
Subject: First Pakistani Linux Distribution
Posted: Mon Aug 27, 2007 11:51 am (GMT 5)
Topic Replies: 0
black | route is security and forensics analysis linux distribution for x86 compatible architectures. The goal of the project is to create a GNU/Linux distribution for advance users, texttools lovers, network, security specialist and system administrators.
I'm not focusing on desktop or Urdu language because I'm the only one who maintains it. future releases focuses on virtualizations technologies.
black | route is first complete Linux Distribution from Pakistan. Bangladesh, India and Sri Lanka already had there localization distributions. I still not seen any releases from Ubuntu Pakistan Project.
If anyone wan't make distribution that focus on desktop or Urdu support, contact me, lets do it together.
Being an Open Source project without corporate background and without funding, the Black Route project is always looking for new contributors to help with development, web design, translations, support, spreading the word, and more - if you're interested send email to:
named.conf@gmail.com
Project Website:
URL: [blackroute.org]
Changelog: [blackroute.org]
Download: [blackroute.org]
-
RE: how to block MSN Sniffer
Fetched: August 26th, 2007, 10:04pm BST
Tags: Security [edit]
Author: mudasir
Posted: Sun Aug 26, 2007 7:38 pm (GMT 5)
Topic Replies: 13
AOA,
Dear Lambda,
I have not rejected any of the solutions that were posted in answer to my problem, how ever those solutions provided by more experience people then me were not what i was looking for....
So please dont take this personal or anything like that...
And i know what the problem as, as i have clearly stated it in my first post.
So please dont mind...
Take Care
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: August 26th, 2007, 4:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Sun Aug 26, 2007 2:56 pm (GMT 5)
Topic Replies: 13
you have a problem. you're given several solutions. you reject them because you don't understand the problem.
not understanding the problem is a "little thing" for you. for the people trying to help you, it's a major frustration.
i promise not to point out the little things in your future posts.
-
RE: how to block MSN Sniffer
Fetched: August 26th, 2007, 8:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Sun Aug 26, 2007 4:21 am (GMT 5)
Topic Replies: 13
AOA,
Dear Compucated thanx for answer..
Dear Lambda, may i know why you always point out little things in others post...
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: August 26th, 2007, 8:35am BST
Tags: Security [edit]
Author: lambda
Posted: Sun Aug 26, 2007 3:09 am (GMT 5)
Topic Replies: 13
why not? it almost guaranteed to work.mudasir wrote: Not looking for this sort of solution ..
says who? if it's a networking-related hack, switch to managed switches, and lock switch ports to mac addresses. if it works with spyware, clean the infected systems and install the latest security updates.Quote: Anyways...i was just curious to know wheather this thing can be blocked or not...
Now i know that this SNIFFER thing can not be blocked....
and you're rejecting all the provided solutions. no wonder you think there is no way to "block" the sniffer.Quote: As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....
-
RE: how to block MSN Sniffer
Fetched: August 25th, 2007, 4:36am BST
Tags: Security [edit]
Author: compucated
Posted: Sun Aug 26, 2007 12:58 am (GMT 5)
Topic Replies: 13
well, first take a look at Sniffers: Basics and Detection
[cns.tstc.edu] for better understanding.
The packets of MSN Messenger are sent over the network in cleartext form which make it highly insecure, its better to use some encrypting application to secure chat packets i.e. [www.secway.fr]
Its extremely difficult to detect sniffers, however see some useful links for Sniffer Detection.
[sniffdet.sourceforge.net]
[packetstorm.linuxsecurity.com]
-
RE: how to block MSN Sniffer
Fetched: August 25th, 2007, 4:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Sat Aug 25, 2007 11:10 pm (GMT 5)
Topic Replies: 13
AOA,
Not looking for this sort of solution ..
Anyways...i was just curious to know wheather this thing can be blocked or not...
Now i know that this SNIFFER thing can not be blocked....
As i told earlier i am not the one facing this problem....many of my users complained me about this...So its not my job to do this....still i was looking for a solution....
And Thanks to all of you for sharing your IDEAS with me...
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: August 25th, 2007, 4:35pm BST
Tags: Security [edit]
-
RE: how to block MSN Sniffer
Fetched: August 24th, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Sat Aug 25, 2007 12:19 am (GMT 5)
Topic Replies: 11
AOA,
I am not sure wheather that guy is using a SNIFFER or a SPYWARE, but i am sure that he is using something to monitor conversations.
So how can i stop this... ???
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: August 24th, 2007, 4:35pm BST
Tags: Security [edit]
Author: kbukhari
Posted: Fri Aug 24, 2007 12:36 pm (GMT 5)
Topic Replies: 7
mudasir wrote: AOA,
Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.
Looking forward for some help in this regards.
well are u sure he is using such sniffer ?
or may be he is using spy ware to get chatting ?
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: how to block MSN Sniffer
Fetched: August 23rd, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Aug 23, 2007 9:47 pm (GMT 5)
Topic Replies: 6
AOA,
Dear Lambda, i know that network works without 'SERVER', but i am looking forward for a solution, i am not facing any problem on PC's, however many of my users are complaining regarding this issue.
Looking forward for some help in this regards.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: August 23rd, 2007, 12:36am BST
Tags: Security [edit]
Author: lambda
Posted: Thu Aug 23, 2007 8:41 pm (GMT 5)
Topic Replies: 5
i don't see how the person can sniff other switch ports' packets, unless he's doing some sort of mac address spoofing. in which case, use managed switches -- something i'm pretty certain i pointed out several months ago.
please don't use ambiguous and useless terms like "server". there is no "server" for the network; the network works without a "server".
-
RE: how to block MSN Sniffer
Fetched: August 23rd, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Aug 23, 2007 7:45 pm (GMT 5)
Topic Replies: 5
AOA
can i have a better solution.
because as LAMBDA stated
Quote:
use more switches on your network.
The person who is using the "SNIFFIER" is almost 15 to 18 switches away from Server. So how many more switches should i use to avoid it.
And one more thing, how to block particular applications from server as done in ISA Firewall.
Looking forward to get more appropriate SOLUTION.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: how to block MSN Sniffer
Fetched: August 23rd, 2007, 4:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Thu Aug 23, 2007 11:47 am (GMT 5)
Topic Replies: 4
use more switches on your network.
-
how to block MSN Sniffer
Fetched: August 23rd, 2007, 12:35pm BST
Tags: Security [edit]
Author: mudasir
Subject: how to block MSN Sniffer
Posted: Thu Aug 23, 2007 7:14 am (GMT 5)
Topic Replies: 1
AOA,
I have a question, in my network one of my users is using MSN Sniffer, monitoring all the MSN conversations, i know the IP Address of the person doing this.
I want to know is there any way to stop that guy from doing that wothout him knowing anything or do anything that will stop any sniffing applications.
I am using simple MAC Address Based Authentication through IPTABLES and using Squid as a Proxy and caching server.
Looking Forward for some help.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: IPTABLES - Redirection -
Fetched: August 16th, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Aug 17, 2007 2:56 am (GMT 5)
Topic Replies: 6
Salam to All,
Thanks for all your help, i have done it.
The way i have done it is as follows.
Redirected all Unmarked Packets to SQUID PROXY
IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -m mark ! --mark 1 -j REDIRECT --to-port 8080
SQUID Configuration
acl mac-address arp "/files/macs/mac.address"
acl all src 0.0.0.0/0.0.0.0
http_access allow mac-address
http_access deny all
deny_info [192.168.1.2:81] all
This only redirects WEB-TRAFFIC, not any other sort of traffic....
This Works Fine....Hope it might help others.....
Still want to know, how can i do it purely through IPTABLES.
Looking Forward For Response
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: IPTABLES - Redirection -
Fetched: August 16th, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Aug 16, 2007 6:49 pm (GMT 5)
Topic Replies: 6
Salam
I have changed my senario a bit, now i want all the unmarked web-traffic to redirect to port 80 on the SAME MACHINE (i.e. 192.168.1.1:80)
eth0=Network interface connected to Local Network
eth1=Network interface connected to DSL Modem
IP_RANGE=192.168.1.1/24
SERVER_IP=192.168.1.1
Rule I am using to MARK Packets
IPTABLES -t mangle -A PREROUTING -i eth0 -m mac --mac-source (LIST_OF_MAC_ADDRESSES) -j MARK --set-mark 1
Rule I am using to redirect all unmarked web-traffic to 192.168.1.1:80
IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d ! 192.168.1.1/24 --dport 80 -m mark ! --mark 1 -j DNAT --to-destination 192.168.1.1:80
One more thing, when i type this addresses "192.168.1.1:80" without "http://", it does not opens up, and when i open it up with [192.168.1.1:80] or simple [192.168.1.1] it opens up fine.
Looking Forward For Some Help.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: IPTABLES - Redirection -
Fetched: August 16th, 2007, 12:36pm BST
Tags: Security [edit]
Author: kbukhari
Posted: Thu Aug 16, 2007 9:29 am (GMT 5)
Topic Replies: 6
wht is your In interface i mean where your clients are connected.
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: IPTABLES - Redirection -
Fetched: August 15th, 2007, 4:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Aug 16, 2007 1:08 am (GMT 5)
Topic Replies: 6
Dear Kbukhari,
i have tried that rule also, it is also not working.
list of rules i have tried
Quote:
IPT=/sbin/iptables
Rule #1
$IPT -t nat -A PREROUTING -i eth0 -p tcp -d 0.0.0.0/0 --dport 80 -m mark ! --mark 1 -j DNAT --to-destination 192.168.1.2:81
Rule #2
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -m mark ! --mark 1 -j DNAT --to-destination 192.168.1.2:81
Hope you understand the PROBLEM.
Looking Forward for some help
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: IPTABLES - Redirection -
Fetched: August 15th, 2007, 4:35pm BST
Tags: Security [edit]
Author: kbukhari
Subject: Re:
Posted: Wed Aug 15, 2007 12:00 pm (GMT 5)
Topic Replies: 4
LinuxFreaK wrote:
I think you need to use Source NAT instead of Destination NAT.
Wrong!
mudasir wrote:
I tried it by DNAT like this
IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m mark ! --mark 1 -j DNAT --to-destination 192.168.1.2:81
You need to define destination port as well i.e you want to redirect web browsing.
iptables -t nat -A PREROUTING -i eth0 -p tcp -m mark ! --mark 1 --dport 80 -j DNAT --to-destination 192.168.1.2:81
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: IPTABLES - Redirection -
Fetched: August 15th, 2007, 4:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Wed Aug 15, 2007 11:09 am (GMT 5)
Topic Replies: 2
Dear mudasir,
I think you need to use Source NAT instead of Destination NAT.
P.S: Correct me if am wrong.
Best Regards.
_________________
Farrukh Ahmed
-
IPTABLES - Redirection -
Fetched: August 13th, 2007, 8:36am BST
Tags: Security [edit]
Author: mudasir
Subject: IPTABLES - Redirection -
Posted: Mon Aug 13, 2007 3:52 am (GMT 5)
Topic Replies: 0
Hi,
I have a made a firewall which is basically MAC Address based, now all the known MAC Addresses are marked with 1 and are wokring fine.
Now what i want to do is to redirect all the unmarked MAC's or all unknown MAC's to this Addresses "192.168.1.2:81"
I tried it by DNAT like this
IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m mark ! --mark 1 -j DNAT --to-destination 192.168.1.2:81
same with UDP.
But it is not working. Please help me out.
_________________
Kind Regards
Mudasir Mirza
Crystal Net Communications
0321-2395320
-
RE: DKIM and MS DNS
Fetched: July 30th, 2007, 7:53pm BST
Tags: Security [edit]
Author: azfar
Posted: Mon Jul 30, 2007 4:56 pm (GMT 5)
Topic Replies: 1
OK I got everything working DKIM, Domainkeys, SID and SPF
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: Multiple IP's with same MAC Address
Fetched: July 30th, 2007, 12:35pm BST
Tags: Security [edit]
Author: sevensins
Posted: Mon Jul 30, 2007 10:29 am (GMT 5)
Topic Replies: 2
thanx a lot, I will try it...
_________________
Regards,
Shehzad
-
RE: how to stop yahoo booting
Fetched: July 28th, 2007, 4:35am BST
Tags: Security [edit]
Author: abakali
Subject: Re: how to stop yahoo booting
Posted: Sun Jul 29, 2007 12:43 am (GMT 5)
Topic Replies: 4
whyrus wrote: Dear friends.
I,m running a cable network i have a static ip. my problem is when ever
any clients of my network booting on yahoo or use any kind of locking
yahoo softwares. yahoo stops working on my whole network then i have to change my real ip . After changing my ip it starts again.
i would like to know is there any possibilities to stop these kind of stuffs on lan or any way to stop banning my IP. i have IP pools on my connection.
thanks u all in advance
take care
Allah Hafiz
Salam
yahoo booting works on UDP packets and mostly cable operator sets bandwidth restriction on download and ignore to set upload set your normal user upload between 24k to 32k .
This is not solution to prevent booting at yahoo but i experience to deploy many cases its works because of user upload limit packets drops when exceed limits
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
DKIM and MS DNS
Fetched: July 25th, 2007, 4:35am BST
Tags: Security [edit]
Author: azfar
Subject: DKIM and MS DNS
Posted: Wed Jul 25, 2007 8:10 pm (GMT 5)
Topic Replies: 0
how do i configure ms dns for DKIM?
i have managed to work domainkeys but not DKIM.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: how to stop yahoo booting
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
Author: kbukhari
Posted: Wed Jul 25, 2007 4:30 pm (GMT 5)
Topic Replies: 3
lambda wrote: tell your users that if they run any such app, you'll tell all the other users who did it.
funny!
_________________
--
Syed Kashif Ali Bukhari
+92-345-8444420
[sysadminsline.com]
http;//kashifbukhari.com
-
RE: DHCP security
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
-
RE: how to stop yahoo booting
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
Author: syedbilalmasaud
Posted: Wed Jul 25, 2007 3:04 pm (GMT 5)
Topic Replies: 3
warn the specific user one or two time if still he do some thing nasty like that simply block his yahoo messenger using iptables or some other way that you are using
_________________
Best Regards!
Syed Bilal Masaud
-
RE: Squid with proxy
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
Author: syedbilalmasaud
Posted: Wed Jul 25, 2007 3:02 pm (GMT 5)
Topic Replies: 6
can you copy your firewall script so that problem is rectified eaisly
_________________
Best Regards!
Syed Bilal Masaud
-
RE: DHCP security
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
Author: syedbilalmasaud
Subject: Lambda is Right
Posted: Wed Jul 25, 2007 3:00 pm (GMT 5)
Topic Replies: 7
Lambda you are right , its only way to that
make sample DHCP conf file script and pass the dynamic values in to it like include file in for loop operation when you run the dhcpd script it will automatically add the macs from file that you have made and reload the service , if you need help on this you can contact me
_________________
Best Regards!
Syed Bilal Masaud
-
RE: Yahoo Web Site Allow
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
Author: syedbilalmasaud
Subject: Re: Yahoo web site allow
Posted: Wed Jul 25, 2007 2:55 pm (GMT 5)
Topic Replies: 4
majidnazeer wrote: I already allow amai, but problem persist.
Open the web site yahoo.com and save all its log in file and check it , and allow web site like .yahoo.com .akamai.net your yahoo starts working , also check the DNS Dump if you are dumping DNS traffic , you will be succeed
_________________
Best Regards!
Syed Bilal Masaud
-
RE: GroupWare solution using Linux
Fetched: July 25th, 2007, 8:35pm BST
Tags: Security [edit]
Author: syedbilalmasaud
Subject: eGroupWare
Posted: Wed Jul 25, 2007 2:52 pm (GMT 5)
Topic Replies: 6
maiqbal wrote: Dear Saad & Farrukh,
As I have told you my requirements are as below:
Global address book
Shared Calender
Group Tasks
Group schedules
Public Folders with permissions
Portal
None of the suggested groupware has Public Folders. Can you guys have a search again (I am in search too)?
P.S To Saad: I am not dependent on MTA and can use any of sendmail, Postfix, qmail etc.
Regards,
Muhammad Asif Iqbal
Dear Asif
If you want to go it with eGroupware so there are lot of on Linux , but almost are licensed based not open source i am also using novell Groupwise 7 on SuSE Linux , its works perfectly, I am using it from last 9 months and i have even no single problem with that no single reboot , email delivery is perfect ,
[www.novell.com] have a look at that
it is completly managed by novell directory services which is novell eDirectory (bit complicated to deploy first time but too much reliable)
other is openExchange it is also a good product its works with Redhat and SuSE both may be other
If you have purchased the subscription of Redhat Enterprise Linux leave every thing and Deploy
Zimbra eGroupware go to Redhat Exchange [rhx.redhat.com]
you can also do the all centralization using LDAP and postfix but its need good knowledge on LDAP and mySQL if you have you can do this , [google.com] is your Good Friend to help you out
_________________
Best Regards!
Syed Bilal Masaud
-
RE: Multiple IP's with same MAC Address
Fetched: July 24th, 2007, 8:36pm BST
Tags: Security [edit]
Author: lambda
Subject: Re: Multiple IP's with same MAC Address
Posted: Tue Jul 24, 2007 5:14 pm (GMT 5)
Topic Replies: 1
sure. here's a little script to help you out:sevensins wrote: I was wondering is there any way to find out duplicate hosts (ip's) with same mac address? Code: #!/usr/bin/env ruby
reg = Regexp.new /^([0-9.]+)s+w+s+([0-9A-F:]+)/
macs = {}
f = IO.popen '/usr/sbin/arp -aven'
f.each_line do |line|
matches = reg.match line
if matches
ip = matches[1]
ether = matches[2]
if macs[ether]
macs[ether] << ip
else
macs[ether] = [ip]
end
end
end
macs.each { |mac, iplist| puts "#{mac} has more than one ip: #{iplist}" if iplist.size > 1 }
exit 0
-
Multiple IP's with same MAC Address
Fetched: July 24th, 2007, 8:36pm BST
Tags: Security [edit]
Author: sevensins
Subject: Multiple IP's with same MAC Address
Posted: Tue Jul 24, 2007 4:00 pm (GMT 5)
Topic Replies: 1
AOA,
on my network I have 4 subnets. People on one subnet add the other subnet free ip address to bypass the gateway (lynx box). e.g
# arp -aven | grep 00:16:76:94:49:BB
192.168.59.38 ether 00:16:76:94:49:BB C eth0
192.168.79.50 ether 00:16:76:94:49:BB C eth0
I was wondering is there any way to find out duplicate hosts (ip's) with same mac address?
Any help, guidance would be much appreciated.
_________________
Regards,
Shehzad
mypapit gnu/linux blog
-
How to Get Detailed Information from Ubuntu Software Updates
Posted: July 23rd, 2007, 4:35pm BST by mypapit
Tags: ubuntu Security debian opensource [edit]
Users of Ubuntu Linux are probably already accustomed to Ubuntu update screen which appears when there are security or critical updates to the operating system. A typical software update screen will display a list of softwares that require updates along with their release number. What most people would probably overlooked is the “Description of update” [...]
Please read the full post from my website.
Planet MYOSS
-
Mohammad Hafiz bin Ismail: How to Get Detailed Information from Ubuntu Software Updates
Posted: July 23rd, 2007, 4:35pm BST
Tags: ubuntu Security debian opensource [edit]
Users of Ubuntu Linux are probably already accustomed to Ubuntu update screen which appears when there are security or critical updates to the operating system.
A typical software update screen will display a list of softwares that require updates along with their release number. What most people would probably overlooked is the “Description of update” below the the list. Clicking it will reveal the description of the updates along with a brief explanation about security hole or bug that it fixes.
The expanded description also provide hyperlinks to the patch website which contains security advisory references to the aforementioned patch. This information would help users understand which bugs/security hole that has been eliminated with the current updates.
Tags: ubuntu, security, debian, open source, opensource, linux, apt-get, synaptic, feisty fawn, feisty
linuxpakistan.net
-
RE: Restrict Download Bandwidth
Fetched: July 17th, 2007, 4:35pm BST
Tags: Security [edit]
Author: AcidEYE
Posted: Tue Jul 17, 2007 12:43 pm (GMT 5)
Topic Replies: 5
Traffic Shaping in FreeBSD is hell easy, use ipfw with dummynet, you can get everything.
in linux i found traffic shapping is tough.
_________________
Linux Addicted
-
RE: Restrict Download Bandwidth
Fetched: July 17th, 2007, 4:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Tue Jul 17, 2007 12:13 pm (GMT 5)
Topic Replies: 5
ping you? are there actually people sitting around, waiting for someone to ask for a traffic shaper?
-
RE: Restrict Download Bandwidth
Fetched: July 17th, 2007, 4:35pm BST
Tags: Security [edit]
Author: abakali
Subject: Re: Restrict Download Bandwidth
Posted: Tue Jul 17, 2007 12:01 pm (GMT 5)
Topic Replies: 5
majidnazeer wrote: Hi All
I want to restrict download bandwidth per user or ip through squid or iptables. I want user can not get download speed more than 6k. I use 512K bandwidth. Anybody know and help me about it.
Thanks
Hello
need solution Source Ping me !
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: Restrict Download Bandwidth
Fetched: July 12th, 2007, 8:35pm BST
Tags: Security [edit]
Author: nomankhn
Posted: Thu Jul 12, 2007 6:38 pm (GMT 5)
Topic Replies: 2
Dear Asif,
The link you mentioned is not reliable, lambda also said in previous posts that ,that links is not reliable because we dont know the source code, whats going on inside that and we can not control thing properly i also tested that thing, that is meaning less.
Regards
Noman Liaquat Khanzada
-
RE: Restrict Download Bandwidth
Fetched: July 12th, 2007, 4:35pm BST
Tags: Security [edit]
Author: abakali
Subject: Re: Restrict Download Bandwidth
Posted: Thu Jul 12, 2007 2:08 pm (GMT 5)
Topic Replies: 2
majidnazeer wrote: Hi All
I want to restrict download bandwidth per user or ip through squid or iptables. I want user can not get download speed more than 6k. I use 512K bandwidth. Anybody know and help me about it.
Thanks
[www.linuxpakistan.net]
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: 80 GB SATA HDD on FC2
Fetched: July 12th, 2007, 4:35pm BST
Tags: Security [edit]
Author: majidnazeer
Posted: Thu Jul 12, 2007 11:21 am (GMT 5)
Topic Replies: 2
OK i will try then confirm.
Thanks
-
Restrict Download Bandwidth
Fetched: July 12th, 2007, 4:35pm BST
Tags: Security [edit]
Author: majidnazeer
Subject: Restrict Download Bandwidth
Posted: Thu Jul 12, 2007 11:14 am (GMT 5)
Topic Replies: 2
Hi All
I want to restrict download bandwidth per user or ip through squid or iptables. I want user can not get download speed more than 6k. I use 512K bandwidth. Anybody know and help me about it.
Thanks
-
RE: ARP Cache Poisoning !
Fetched: July 11th, 2007, 4:35pm BST
Tags: Security [edit]
Author: guddibaaz
Subject: Manually Assigning arp entries
Posted: Wed Jul 11, 2007 2:35 pm (GMT 5)
Topic Replies: 7
If you are using manually assingned ip addresses on your lan you can bind ipaddress to MAC addresses so there is no way of spoofed arp entries. Open /etc/ethers in vim and enter ip and mac adresses in following format
ipaddress1 mac1
ipaddress2 mac2
issue command arp -f and it will bind these mac to ips pemanently i.e until a reboot
_________________
Guddibaaz
-
RE: 80 GB SATA HDD on FC2
Fetched: July 10th, 2007, 7:12pm BST
Tags: Security [edit]
Author: nomankhn
Posted: Tue Jul 10, 2007 5:18 pm (GMT 5)
Topic Replies: 1
Dear Majid,
Try to install Kernel above 2.6.9, like if you will try FC-4 or above i am sure that will must work.
Same RHEL 4 not work with SATA but update#1 works fine with SATA Drive.
Regards
Noman Khanzada
-
80 GB SATA HDD on FC2
Fetched: July 10th, 2007, 7:12pm BST
Tags: Security [edit]
Author: majidnazeer
Subject: 80 GB SATA HDD on FC2
Posted: Tue Jul 10, 2007 3:53 pm (GMT 5)
Topic Replies: 1
Hi All
Can i install FC2 on 80 GB SATA Hard Drive? I try to install FC2 but SATA hdd not dected when created partition. Do i need additional driver for SATA or upgrade kernel. My kernel version is
2.6.5-1.358
Anybody knows and help me how can i install FC2 on 80 GB SATA.
Thanks
-
RE: ARP Cache Poisoning !
Fetched: July 2nd, 2007, 2:57am BST
Tags: Security [edit]
Author: abakali
Posted: Mon Jul 02, 2007 4:26 pm (GMT 5)
Topic Replies: 6
AOA
By disable dynamic listening arp broadcast packets for more information try to read ifconfig man pages
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: ARP Cache Poisoning !
Fetched: July 2nd, 2007, 2:57am BST
Tags: Security [edit]
Author: Zaheer
Posted: Mon Jul 02, 2007 3:57 pm (GMT 5)
Topic Replies: 6
AA,
how they can configure by ifconfig ?
_________________
Good Judgement comes from Experience and Experience comes from bad Judgement!!
The more I know, the more I realize I don't know!?
The easiest way to find out is to try Out!!!
Registered Linux user #333501
-
RE: ARP Cache Poisoning !
Fetched: July 2nd, 2007, 2:57am BST
Tags: Security [edit]
Author: abakali
Posted: Mon Jul 02, 2007 3:55 pm (GMT 5)
Topic Replies: 6
Zaheer wrote: AA,
Tell me one thing what if the client is a linux user and these patches are .exe ?
linux users use ifconfig program configures this tweaks !
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: ARP Cache Poisoning !
Fetched: July 2nd, 2007, 2:57am BST
Tags: Security [edit]
Author: Zaheer
Posted: Mon Jul 02, 2007 3:50 pm (GMT 5)
Topic Replies: 6
AA,
Tell me one thing what if the client is a linux user and these patches are .exe ?
_________________
Good Judgement comes from Experience and Experience comes from bad Judgement!!
The more I know, the more I realize I don't know!?
The easiest way to find out is to try Out!!!
Registered Linux user #333501
-
RE: ARP Cache Poisoning !
Fetched: July 2nd, 2007, 2:57am BST
Tags: Security [edit]
Author: abakali
Posted: Mon Jul 02, 2007 3:10 pm (GMT 5)
Topic Replies: 6
Zaheer wrote: AA,
Yes i know of a network affected by this and peoples placed some patch and setup files on their ftp so that net can run fine.
AOA
Their is no patch are given any O/S to fix this problem this is a tweak to manage network pcs some experts are made own utility . are your faced this problem ever ?
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: ARP Cache Poisoning !
Fetched: July 2nd, 2007, 4:36pm BST
Tags: Security [edit]
Author: Zaheer
Posted: Mon Jul 02, 2007 2:20 pm (GMT 5)
Topic Replies: 6
AA,
Yes i know of a network affected by this and peoples placed some patch and setup files on their ftp so that net can run fine.
_________________
Good Judgement comes from Experience and Experience comes from bad Judgement!!
The more I know, the more I realize I don't know!?
The easiest way to find out is to try Out!!!
Registered Linux user #333501
-
ARP Cache Poisoning !
Fetched: July 2nd, 2007, 4:36pm BST
Tags: Security [edit]
Author: abakali
Subject: ARP Cache Poisoning !
Posted: Mon Jul 02, 2007 12:33 pm (GMT 5)
Topic Replies: 1
How one bad machine on your Ethernet Local Area Network (LAN) can ruin your whole day.
Notice that in this example, our gateway computer added this new entry into its ARP cache upon the receipt of an ARP Reply packet. The ARP protocol is so simple â just asking who has the IP and replying "I have the IP" â that there is no provision for any sort of security or authentication of the replying computer. In other words, any computer on the LAN could claim to have the IP in question.
The implementation of the ARP protocol is so simple and straightforward that the receipt of an ARP reply at any time, even when there are no ARP requests outstanding, causes the receiving computer to add the newly received information to its ARP cache.
Consequently, if the gateway computer were to receive a SPOOFED ARP REPLY from an attacking computer claiming that it was assigned an IP that belonged to some other computer, the gateway would trustingly and blindly REPLACE its current correct entry with the maliciously misleading replacement!
If at the same time the malicious attacking computer were to send a similar ARP reply to the computer being hijacked, maliciously replacing the ARP cache entry for the gateway computer, then any subsequent traffic bound for the gateway would instead be sent to the attacking computer. If the attacker forwards any of the redirected traffic it receives onto the proper original computer â after inspecting and perhaps even modifying the data â neither of the intercepted computers will detect that all of their communications is now being relayed through an unknown and probably malicious intermediary computer.
By merely injecting two ARP reply packets into a totally trusting LAN, any malicious computer is able to receive all traffic going back and forth between any two computers on the LAN such as any target machine and the LAN's gateway.
What does this mean?
ARP Reply spoofing for the purpose of ARP Cache Poisoning allows any computer on the local area network to obtain one of the most dangerous and powerful attack postures in network security: the so-called "Man In The Middle" (MITM). The man in the middle is able to monitor, filter, modify and edit any and all traffic moving between the LAN's unsuspecting and inherently trusting computers. In fact, there is nothing to prevent it from filling every computer's ARP cache with entries pointing to it, thus allowing it to effectively become a master hub for all information moving throughout the network.
Internet "switches" offer no help
As you can see from the diagram above, the use of a standard Internet switch (as compared with a hub), which prevents passive monitoring and sniffing of the LAN's traffic by isolating the traffic of each computer from all others, is of no help in the face of active ARP cache poisoning since the LAN's traffic is being actively sent to the attacking computer.
Is the threat from ARP poisoning just theoretical, or can it be easily accomplished?
The intrinsic weakness of Ethernet LAN security is well known within the hacker community and many easy-to-use "point and click" tools have been developed and are in constant use by malicious hackers. Since many of these tools have recently migrated from the less common Linux and Unix platform to the ubiquitous Windows environment, their use is rapidly becoming more widespread.
Here's text from the introductory description of a well known Windows tool set known as Cain & Abel [www.oxid.it]
Ethernet Insecurity by
Description: Leo and Steve discuss the design, operation
[aolradio.podcast.aol.com]
ARP - Q&A
[www.geocities.com]
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: Secure Firewall
Fetched: June 29th, 2007, 8:36pm BST
Tags: Security [edit]
Author: lambda
Posted: Fri Jun 29, 2007 3:36 pm (GMT 5)
Topic Replies: 5
since you're using it as a directory, it should be MACDIR.abakali wrote: ## Define your Mac Address Path
MACFILE="/extra/scripts"
rm -f $MACFILE/allowed.macs
why >> and not >?Quote: cat $MACFILE/mac.addresses | awk '{ print $1, $2 }' >> $MACFILE/raw1
why the sleeps?Quote: sleep 1
i think you mean '^$'Quote: cat $MACFILE/raw1 | grep -v '#' |grep -v '^ ' > $MACFILE/allowed.macs
learn to use shell builtins:Quote: mac=`echo $allowedmacs | awk '{ print $1 }'`
ip=`echo $allowedmacs | awk '{ print $2 }'`
Code: cat allowed.macs | while read line
do
set $line
mac=$1
ip=$2
...
done
and you win an award for the useless use of cat (see also).
-
RE: Secure Firewall
Fetched: June 29th, 2007, 4:36pm BST
Tags: Security [edit]
Author: abakali
Posted: Fri Jun 29, 2007 2:40 pm (GMT 5)
Topic Replies: 5
mudasir wrote: Deat Asif Bakali,
I just want to know how can we integrate MAC address base security in this firewall like for example
iptables -A INPUT -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
now i have a list of MAC Address only which i want to allow and rest should be dropped...
Can you tell me how to implement you firewall with MAC Address
and one more thing, it is a bit out of the topic....
can you tell me or guide me in creating a script that can limit bandwidth on per user base to exact 15 KB with out giving high latency.
looking forward for your response
Create file mac.addresses and put
00:00:00:00:00:00 10.0.0.2 # user 1
### Replace with PROTECT FOR NETWORK ERROR Tag
iptables -t nat -I PREROUTING -m mark --mark 1 -p tcp -j DNAT --to-destination=10.0.0.1:80
iptables -t mangle -I maccheck -j RETURN
iptables -t mangle -I maccheck -j MARK --set-mark 1
## Define your Mac Address Path
MACFILE="/extra/scripts"
rm -f $MACFILE/allowed.macs
cat $MACFILE/mac.addresses | awk '{ print $1, $2 }' >> $MACFILE/raw1
sleep 1
cat $MACFILE/raw1 | grep -v '#' |grep -v '^ ' > $MACFILE/allowed.macs
sleep 1
rm -f $MACFILE/raw1
rm -f $MACFILE/raw2
cat $MACFILE/allowed.macs | while read allowedmacs
do
mac=`echo $allowedmacs | awk '{ print $1 }'`
ip=`echo $allowedmacs | awk '{ print $2 }'`
iptables -t mangle -I maccheck -m mac -j RETURN --mac-source $mac -s $ip
done
iptables -t mangle -I PREROUTING -i eth0 -p tcp -j maccheck
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: Secure Firewall
Fetched: June 28th, 2007, 8:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Thu Jun 28, 2007 5:54 am (GMT 5)
Topic Replies: 3
Deat Asif Bakali,
I just want to know how can we integrate MAC address base security in this firewall like for example
iptables -A INPUT -i eth1 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
now i have a list of MAC Address only which i want to allow and rest should be dropped...
Can you tell me how to implement you firewall with MAC Address
and one more thing, it is a bit out of the topic....
can you tell me or guide me in creating a script that can limit bandwidth on per user base to exact 15 KB with out giving high latency.
looking forward for your response
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: Hotspot With Linux
Fetched: June 27th, 2007, 8:36pm BST
Tags: Security [edit]
-
RE: Hotspot With Linux
Fetched: June 27th, 2007, 8:36pm BST
Tags: Security [edit]
Author: abakali
Posted: Wed Jun 27, 2007 5:03 pm (GMT 5)
Topic Replies: 5
[www.chillispot.org]
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: Secure Firewall
Fetched: June 27th, 2007, 8:36pm BST
Tags: Security [edit]
Author: abakali
Posted: Wed Jun 27, 2007 5:00 pm (GMT 5)
Topic Replies: 3
sakimustafa wrote: Please explain me Code: -p tcp ! --syn
TCP SYN : This technique is often referred to as "half-open" scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and wait for a response. A SYN|ACK indicates the port is listening. A RST is indicative of a non- listener. If a SYN|ACK is received, you immediately send a RST to tear down the connection (actually the kernel does this for us). The primary advantage to this scanning technique is that fewer sites will log it. and your iptables are not increase tcp connections
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
-
RE: Hotspot With Linux
Fetched: June 27th, 2007, 4:35pm BST
Tags: Security [edit]
-
RE: Hotspot With Linux
Fetched: June 27th, 2007, 4:35pm BST
Tags: Security [edit]
Author: sakimustafa
Posted: Wed Jun 27, 2007 12:15 pm (GMT 5)
Topic Replies: 5
Any other solution?
_________________
Best Regards,
SAKI
8801712764543
-
RE: Secure Firewall
Fetched: June 27th, 2007, 4:35pm BST
Tags: Security [edit]
Author: sakimustafa
Posted: Wed Jun 27, 2007 11:54 am (GMT 5)
Topic Replies: 3
Please explain meCode: -p tcp ! --syn
_________________
Best Regards,
SAKI
8801712764543
-
Secure Firewall
Fetched: June 25th, 2007, 8:36pm BST
Tags: Security [edit]
Author: abakali
Subject: Secure Firewall
Posted: Mon Jun 25, 2007 3:37 pm (GMT 5)
Topic Replies: 0
Gateway Firewall
is connector between internal network and external network, In this case use connecting with Lease Line you need to have 2 network card for connect to external network (eth0) and connect to internal network (eth1 for LAN and have private ip such as 192.168.1.1) . Next, Create firewall file in /etc/rc.d/init.d/ by command :
#vi /etc/rc.d/init.d/firewall
Add firewall script as below, some services is disable if you need to use you can uncomment that service line for enable it to working
#!/bin/sh
#chkconfig: 2345 60 95
#description: IPTABLES Firewall
#CALL FUNCTION-------------------------------
. /etc/rc.d/init.d/functions
#CHECK NETWORK----------------------------
. /etc/sysconfig/network
#CHECK NETWORK STATUS-----------------
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
if [ ! -x /sbin/iptables ]; then
exit 0
fi
#CREATE SCRIPT FOR PARAMETER BEHIND SERVICE---------------------------
case "$1" in
start)
echo -n "Starting Firewall : "
#-----------------------------------------------------------------------------------------------------
#YOUR NETWORK INFORMATION------------------------------------------------
IP_ADDR="your Public IP Address"
EXT_INTERFACE="eth0"
LO_INTERFACE="lo"
LOCAL_INTERFACE_1="eth1"
LOCALNET="192.168.1.0/24"
PRI_DNS="your Primary DNS"
LOOPBACK="127.0.0.0/8"
CLASS_A="10.0.0.0/8"
CLASS_B="172.16.0.0/12"
CLASS_C="192.168.0.0/16"
CLASS_D_MULTICAST="224.0.0.0/4"
CLASS_E_RESERVED_NET="240.0.0.0/5"
BROADCAST_SRC="0.0.0.0"
BROADCAST_DEST="255.255.255.255"
PRIV_PORTS="0:1023"
UNPRIV_PORTS="1024:"
#--------------------------------------------------------------------------------------------
#USE SSH CLIENT---------------------------------------------------------------
SSH_LOCAL_PORTS="1022:65535"
SSH_REMOTE_PORTS="513:65535"
#USE TRACEROUTE------------------------------------------------------------
TRACEROUTE_SRC_PORTS="32769:65535"
TRACEROUTE_DEST_PORTS="33434:33523"
#----------------------------------------------------------------------------------------------
#FIREWALL MODULES---------------------------------------------------------
/sbin/modprobe ip_tables
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_MARK
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ipt_REDIRECT
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_TOS
#/sbin/modprobe ipt_limit
#/sbin/modprobe ipt_mac
#/sbin/modprobe ipt_mark
#/sbin/modprobe ipt_multiport
#/sbin/modprobe ipt_state
#/sbin/modprobe ipt_tos
#/sbin/modprobe iptable_mangle
#-----------------------------------------------------------------------------------------------
#DELTE ALL OLD CHAINS----------------------------------------
iptables -F
iptables -F -t nat
#DELETE CHAINS FOR USER CREATE-------------------------
iptables -X
#SET POLICY ALL TO DENY--------------------------------------
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#---------------------------------------------------------------------------------------------------
#UNLIMITED TRAFFIC ON LOOPBACK-----------------------------
iptables -A INPUT -i $LO_INTERFACE -j ACCEPT
iptables -A OUTPUT -o $LO_INTERFACE -j ACCEPT
#----------------------------------------------------------------------------------------------------
#UNLIMITED TRAFFIC ON LOCAL NETWORK-----------------------------
iptables -A INPUT -i $LOCAL_INTERFACE_1 -s $LOCALNET -j ACCEPT
iptables -A OUTPUT -o $LOCAL_INTERFACE_1 -d $LOCALNET -j ACCEPT
#----------------------------------------------------------------------------------------------------
#DROP PACKAGE FOR ERROR------------------------------------------------------
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A FORWARD -p tcp --tcp-flags ALL ALL -j DROP
#DROP NONE DATA PACKAGE------------------------------------------------------
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP
#BLOCK PACKAGE------------------------------------------------------
iptables -A FORWARD -i $LOCAL_INTERFACE_1 -s ! $LOCALNET -j DROP
#SEND PACKAGE FROM LOCAL TO OUT NETWORK------------------------------------------------------
iptables -A FORWARD -m state --state NEW,ESTABLISHED
-i $LOCAL_INTERFACE_1 -s $LOCALNET -j ACCEPT
#RECEIVE PACKAGE GROUP IN------------------------------------------------------
iptables -A FORWARD -m state --state ESTABLISHED,RELATED
-i $EXT_INTERFACE -s ! $LOCALNET -j ACCEPT
#SET INTERNAL TRAFFIC OUTGOING------------------------------------------------------
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A POSTROUTING -t nat -o $EXT_INTERFACE -j MASQUERADE
#-----------------------------------------------------------------------------------------------------------------------------
#PROTECT FOR NETWORK ERROR-------------------------------------------------------------------------
#/etc/rc.d/rc.firewall.blocked contains a list of
#iptables -A INPUT -i $EXT_INTERFACE -s address -j DROP
#MANAGE FOR WEBSITE ERROR-------------------------------------------------------------
if [ -f /etc/rc.d/rc.firewall.blocked ]; then
deny_file="/etc/rc.d/rc.firewall.blocked"
temp_file="/tmp/temp.ip.addresses"
cat $deny_file | sed -n -e "s/^[ ]* ([0-9.]*).*$/ 1/p"
| awk '$1' > $temp_file
while read ip_addy
do
case $ip_addy in
*) iptables -A INPUT -i $EXT_INTERFACE -s $ip_addy -j DROP
iptables -A INPUT -i $EXT_INTERFACE -d $ip_addy -j DROP
iptables -A OUTPUT -o $EXT_INTERFACE -s $ip_addy -j REJECT
iptables -A OUTPUT -o $EXT_INTERFACE -d $ip_addy -j REJECT
;;
esac
done < $temp_file
rm -f $temp_file > /dev/null 2>&1
unset temp_file
unset deny_file
fi
#------------------------------------------------------------------------------------------------------------------------
#SPOOFING & BAD ADDRESSES--------------------------------------------------
iptables -A INPUT -s $IP_ADDR -j DROP
iptables -A INPUT -s $CLASS_A -j DROP
iptables -A INPUT -s $CLASS_B -j DROP
#iptables -A INPUT -s $CLASS_C -j DROP
#DROP BROADCAST ADDRESS SOURCE PACKETS------------------------
iptables -A INPUT -s $BROADCAST_DEST -j DROP
iptables -A INPUT -d $BROADCAST_SRC -j DROP
#DROP CLASS D MULTICAST ADDRESS------------------------
iptables -A INPUT -s $CLASS_D_MULTICAST -j DROP
#DROP CLASS E RESERVED IP ADDRESS------------------------
iptables -A INPUT -s $CLASS_E_RESERVED_NET -j DROP
#DROP SPECIAL ADDRESSES BY IANA.-----------------------------
#Note: This list includes the loopback, multicast, & reserved addresses.
#0.*.*.* NOT USE DHCP USERS.
#127.*.*.*--------------LoopBack
#169.254.*.*-----------Link Local Networks
#192.0.2.*---------------TEST-NET
#224-255.*.*.*---------Classes D & E, plus unallocated.
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 192.0.2.0/24 -j DROP
iptables -A INPUT -s 224.0.0.0/3 -j DROP
#--------------------------------------------------------------------------------------------------------
#UDP TRACEROUTE
#traceroute usually uses -S 32769:65535 -D 33434:33523
iptables -A INPUT -i $EXT_INTERFACE -p udp
--source-port $TRACEROUTE_SRC_PORTS
-d $IP_ADDR --destination-port $TRACEROUTE_DEST_PORTS -j DROP
iptables -A OUTPUT -o $EXT_INTERFACE -p udp
-s $IP_ADDR --source-port $TRACEROUTE_SRC_PORTS
--destination-port $TRACEROUTE_DEST_PORTS -j ACCEPT
#---------------------------------------------------------------------------------------------------------
#DNS forward-only nameserver
iptables -A INPUT -i $EXT_INTERFACE -p udp
-s $PRI_DNS --source-port 53
-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
iptables -A OUTPUT -o $EXT_INTERFACE -p udp
-s $IP_ADDR --source-port $UNPRIV_PORTS
-d $PRI_DNS --destination-port 53 -j ACCEPT
iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
-s $PRI_DNS --source-port 53
-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
-s $IP_ADDR --source-port $UNPRIV_PORTS
-d $PRI_DNS --destination-port 53 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#HTTP CLIENT (80)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 80
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 80 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#HTTPS CLIENT (443)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 443
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 443 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#WWW-CACHE CLIENT
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 3128
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 3128 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#NNTP NEWS CLIENT (119)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 119
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 119 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#POP CLIENT (110)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 110
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 110 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#IMAP CLIENT (143)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 143
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 143 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#SMTP CLIENT (25)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 25
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 25 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#SSH SERVER (22)
iptables -A INPUT -i $EXT_INTERFACE -p tcp
--source-port $SSH_REMOTE_PORTS
-d $IP_ADDR --destination-port 22 -j ACCEPT
iptables -A OUTPUT -o $EXT_INTERFACE -p tcp ! --syn
-s $IP_ADDR --source-port 22
--destination-port $SSH_REMOTE_PORTS -j ACCEPT
#SSH CLIENT (22)
iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
--source-port 22
-d $IP_ADDR --destination-port $SSH_LOCAL_PORTS -j ACCEPT
iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
-s $IP_ADDR --source-port $SSH_LOCAL_PORTS
--destination-port 22 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#TELNET CLIENT (23)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 23
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 23 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#AUTH SERVER (113)
#Reject, rather than deny, the incoming auth port. (NET-3-HOWTO)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp
#--source-port $UNPRIV_PORTS
#-d $IP_ADDR --destination-port 113 -j REJECT
#AUTH CLIENT (113)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 113
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 113 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#WHOIS CLIENT (43)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 43
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 43 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#FINGER CLIENT (79)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 79
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 79 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#FTP CLIENT (21)
#outgoing request
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 21 -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 21
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#PORT mode data channel
#iptables -A INPUT -i $EXT_INTERFACE -p tcp
#--source-port 20
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp ! --syn
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 20 -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#IRC CLIENT (6667)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 6667
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 6667 -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p tcp
#--source-port $UNPRIV_PORTS
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port $UNPRIV_PORTS -j ACCEPT
#----------------------------------------------------------------------------------------------------------------
#RealAudio / QuickTime Client
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 554
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 554 -j ACCEPT
#TCP is a more secure method : 7070:7071
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 7070:7071
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 7070:7071 -j ACCEPT
#UDP is the preferred method: 6970:6999
#For LAN machines, UDP requires the RealAudio masquerading module and
#the ipmasqadm third-party software.
#iptables -A INPUT -i $EXT_INTERFACE -p udp
#--source-port $UNPRIV_PORTS
#-d $IP_ADDR --destination-port 6970:6999 -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p udp
#-s $IP_ADDR --source-port 6970:6999
#--destination-port $UNPRIV_PORTS -j ACCEPT
#-------------------------------------------------------------------------------------
#ICQ client (4000)
#iptables -A INPUT -i $EXT_INTERFACE -p tcp ! --syn
#--source-port 2000:4000
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p tcp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 2000:4000 -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p udp
#--source-port 4000
#-d $IP_ADDR --destination-port $UNPRIV_PORTS -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p udp
#-s $IP_ADDR --source-port $UNPRIV_PORTS
#--destination-port 4000 -j ACCEPT
#-------------------------------------------------------------------------------------
#SYSLOG client (514)
#iptables -A OUTPUT -o $EXT_INTERFACE -p udp
#-s $IP_ADDR -source-port 514
#-d $SYSLOG_SERVER -destination-port $UNPRIV_PORTS -j ACCEPT
#-------------------------------------------------------------------------------------
#ICMP
#iptables -A INPUT -i $EXT_INTERFACE -p icmp
#--icmp-type echo-reply
#-d $IP_ADDR -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p icmp
#--icmp-type destination-unreachable
#-d $IP_ADDR -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p icmp
#--icmp-type source-quench
#-d $IP_ADDR -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p icmp
#--icmp-type time-exceeded
#-d $IP_ADDR -j ACCEPT
#iptables -A INPUT -i $EXT_INTERFACE -p icmp
#--icmp-type parameter-problem
#-d $IP_ADDR -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p icmp
#-s $IP_ADDR --icmp-type fragmentation-needed -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p icmp
#-s $IP_ADDR --icmp-type source-quench -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p icmp
#-s $IP_ADDR --icmp-type echo-request -j ACCEPT
#iptables -A OUTPUT -o $EXT_INTERFACE -p icmp
#-s $IP_ADDR --icmp-type parameter-problem -j ACCEPT
#-------------------------------------------------------------------------------------
#Enable logging for selected denied packets
iptables -A INPUT -i $EXT_INTERFACE -p tcp -j DROP
iptables -A INPUT -i $EXT_INTERFACE -p udp
--destination-port $PRIV_PORTS -j DROP
iptables -A INPUT -i $EXT_INTERFACE -p udp
--destination-port $UNPRIV_PORTS -j DROP
iptables -A INPUT -i $EXT_INTERFACE -p icmp
--icmp-type 5 -j DROP
iptables -A INPUT -i $EXT_INTERFACE -p icmp
--icmp-type 13/255 -j DROP
iptables -A OUTPUT -o $EXT_INTERFACE -j REJECT
#-------------------------------------------------------------------------------------
iptables -A OUTPUT -o $EXT_INTERFACE -p tcp -s $IP_ADDR -d website ipaddress --dport www -j REJECT
iptables -A OUTPUT -d www.example.com -j REJECT
iptables -L OUTPUT
;;
stop)
echo -n "Shutting Firewall : "
# Remove all existing rules belonging to this filter
iptables -F
# Delete all user-defined chain to this filter
iptables -X
#Reset the default policy of the filter to accept.
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
;;
status)
status iptables
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo "Usage: iptables {start|stop|status|restart|reload}"
exit 1
esac
echo "done"
exit 0
Next, save this file and change file permission with command as below :
#chmod 700 /etc/rc.d/init.d/firewall
#chmod 0.0 /etc/rc.d/init.d/firewall
#chkconfig - -add firewall
#chkconfig - -level 2345 firewall on
Starting your firewall with command :
#/etc/init.d/firewall start or #service firewall start
If no have problem your firewall is running
Command you can use for control your firewall :
Start Firewall : #service firewall start
Stop Firewall : #service firewall stop
Status Firewall : #service firewall status
Restart Firewall : #service firewall restart
Reload Firewall : #service firewall reload
_________________
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
Planet MYOSS
-
Colin Charles: MySQL and Security: what do you consider a security hole that warrants immediate action?
Posted: June 14th, 2007, 9:39pm BST
Tags: mysql Security [edit]
I don’t claim to be a security expert, but I’d like opinions from people in the field, as well as database experts that view security highly. Here are some opinions from a discussion with Chad and Lenz a while ago. What do you consider a security hole, that warrants immediate action or a release of a server within a sensible timeframe?
- Remotely exploiting MySQL without login credentials
- Remotely crashing MySQL without login credentials
The above two are definite problems. What about:
- denial of service attacks
- data loss
- data changes
- data insertion
Chad tells us, “security is policy enforcement.” And the policy should state: “the service should always be available to authorized people, never to unauthrized people”.
Opinions, please. Tell me what are on the “definite list” that should be fixed within 24-hours, whats on the possibly annoying list, that should be released within 72-hours, and whats on the its an annoying bug, but its not a “high”/”large” security violation (like, Chad finds “a function SUBSTR that always returns one too few characters” a problem in his definition) which can be fixed during the next release cycle.
Also, if anyone has pointers to how other OSS projects or major release software deals with security. Say, like Mark Cox’s security information (he’s Mr. Security at Red Hat, and they’ve got some amazing turnaround times).
Technorati Tags: mysql, security
linuxpakistan.net
-
RE: Squid with proxy
Fetched: June 14th, 2007, 12:35pm BST
Tags: Security [edit]
Author: majidnazeer
Posted: Thu Jun 14, 2007 11:04 am (GMT 5)
Topic Replies: 5
Dear Farrukh!
I use your mention rule already. My firewall rule are under.
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
squid config file is same as other squid server config file which is web site are run perfectly.
Thanks
Majid
[/quote]
-
RE: SMTP blocking?
Fetched: June 14th, 2007, 11:22am BST
Tags: Security [edit]
Author: LinuxFreaK
Posted: Thu Jun 14, 2007 7:40 am (GMT 5)
Topic Replies: 4
_________________
Farrukh Ahmed
-
RE: SMTP blocking?
Fetched: June 13th, 2007, 8:27pm BST
Tags: Security [edit]
Author: lambda
Posted: Wed Jun 13, 2007 4:52 pm (GMT 5)
Topic Replies: 4
he answered your question. did you understand his reply? i don't think you did.azfar wrote: do you understand my question.
that's because your rules are incorrect. post your iptables rules.Quote: i tried diff firewalls but it aslo block the client traffic to external smtps.
-
RE: SMTP blocking?
Fetched: June 13th, 2007, 8:27pm BST
Tags: Security [edit]
Author: azfar
Posted: Wed Jun 13, 2007 4:44 pm (GMT 5)
Topic Replies: 4
do you understand my question.
i tried diff firewalls but it aslo block the client traffic to external smtps.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: SMTP blocking?
Fetched: June 12th, 2007, 12:36pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Tue Jun 12, 2007 7:32 am (GMT 5)
Topic Replies: 1
Dear azfar,
Salam,
iptables is your friend.
Best Regards.
_________________
Farrukh Ahmed
-
SMTP blocking?
Fetched: June 11th, 2007, 3:57pm BST
Tags: Security [edit]
Author: azfar
Subject: SMTP blocking?
Posted: Mon Jun 11, 2007 1:31 pm (GMT 5)
Topic Replies: 1
is it possible to block smtp server traffic from all ips but allow client smtp traffic to remote or local servers.
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
RE: Squid with proxy
Fetched: June 10th, 2007, 4:36pm BST
Tags: Security [edit]
Author: mudasir
Posted: Sun Jun 10, 2007 2:44 pm (GMT 5)
Topic Replies: 4
Salam.
yes Farrukh bhai you are right. Masquerading the outgoing interface will make JAVA Applet work fine, and many other Apps.
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: Squid with proxy
Fetched: June 9th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Sat Jun 09, 2007 7:17 am (GMT 5)
Topic Replies: 4
Dear majidnazeer,
Salam,
Below command will help you. If you still face any problem you can paste you configuration file along with your firewall rules.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Best Regards.
_________________
Farrukh Ahmed
-
RE: Squid with proxy
Fetched: June 8th, 2007, 4:35pm BST
Tags: Security [edit]
Author: majidnazeer
Posted: Fri Jun 08, 2007 12:54 pm (GMT 5)
Topic Replies: 2
i have use another server of squid. which run java applet web site successfully with proxy. which server don't have any sock server.
-
RE: Squid with proxy
Fetched: June 8th, 2007, 12:36pm BST
Tags: Security [edit]
Author: lambda
Posted: Fri Jun 08, 2007 11:02 am (GMT 5)
Topic Replies: 2
the applet may need to connect directly with the server. you could set up a socks proxy, or enable nat.
socks is probably a better idea. java supports it.
-
Squid with proxy
Fetched: June 8th, 2007, 12:36pm BST
Tags: Security [edit]
Author: majidnazeer
Subject: Squid with proxy
Posted: Fri Jun 08, 2007 10:36 am (GMT 5)
Topic Replies: 2
salam
I use squid with transparent proxy. Everything work fine. When i use proxy in browser and open some website which use java applet could not be open with proxy. I want to allow these web site with proxy.
Thanks
Majid
-
RE: Hotspot With Linux
Fetched: June 5th, 2007, 10:50am BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Tue Jun 05, 2007 7:38 am (GMT 5)
Topic Replies: 1
Dear sakimustafa,
Salam,
FYI, [www.howtoforge.com]
Best Regards.
_________________
Farrukh Ahmed
-
Hotspot With Linux
Fetched: June 4th, 2007, 8:35pm BST
Tags: Security [edit]
Author: sakimustafa
Subject: Hotspot With Linux
Posted: Mon Jun 04, 2007 6:35 pm (GMT 5)
Topic Replies: 1
Dear all,
Could anyone tell me about Hotspot server setup with Linux.
_________________
Best Regards,
SAKI
8801712764543
-
RE: QoS In LINUX
Fetched: June 4th, 2007, 8:35pm BST
Tags: Security [edit]
Author: sakimustafa
Posted: Mon Jun 04, 2007 6:45 pm (GMT 5)
Topic Replies: 12
Definitely we can do it with Linux.
See this link [dynagen.org]
I did all my CCNA and CCNP lab with this.
_________________
Best Regards,
SAKI
8801712764543
-
RE: Upload Bandwidh Shaping
Fetched: June 4th, 2007, 4:36pm BST
Tags: Security [edit]
Author: mudasir
Posted: Mon Jun 04, 2007 2:29 pm (GMT 5)
Topic Replies: 13
Salam,
Dear Sakimustafa as u have prefered me this www.mikrotik.com , this is costly, i am looking for a opensource solution.
Currently i am working to make something of my own in TC, inshallah will be completing it soon.
Any way thanks for
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: Upload Bandwidh Shaping
Fetched: June 3rd, 2007, 12:00am BST
Tags: Security [edit]
Author: sakimustafa
Posted: Sun Jun 03, 2007 9:05 pm (GMT 5)
Topic Replies: 13
Use Mikrotik
See www.mikrotik.com
_________________
Best Regards,
SAKI
8801712764543
-
RE: how to configure ssh to allow login from only specific ip's
Fetched: June 2nd, 2007, 12:35pm BST
Tags: Security [edit]
Author: ranatanveer
Posted: Sat Jun 02, 2007 11:01 am (GMT 5)
Topic Replies: 3
Dear Lambda
AOA
I appreciate the approach you convey your knowledge.
_________________
Regards
Rana Tanveer
+923224194457
Linux Student
[sysadminsline.com]
-
RE: DHCP security
Fetched: June 1st, 2007, 4:36am BST
Tags: Security [edit]
Author: lambda
Posted: Fri Jun 01, 2007 11:23 pm (GMT 5)
Topic Replies: 5
and his point is you can achieve your aims if you simply configure your dhcp server correctly. you can give your dhcp server the arp addresses, and tell it to ignore unknown clients. you'll need to place the addresses in the dhcpd.conf file. you can even write a script that takes the addresses out of that file and dynamically generates a dhcpd.conf.
i'll be willing to help you out for a fee.
-
RE: DHCP security
Fetched: June 1st, 2007, 11:42pm BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Jun 01, 2007 9:24 pm (GMT 5)
Topic Replies: 5
Salam,
Farrukh bhai i think you did not got the point. I am saying that only few MAC addresses sohould get IP's from my DHCP server, and those IP's have to be dynamically given those MAC addresses.
This is what i am trying to say.
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: DHCP security
Fetched: June 1st, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Fri Jun 01, 2007 9:12 am (GMT 5)
Topic Replies: 3
Dear mudasir,
Salam,
FYI, [www.yolinux.com]
Best Regards.
_________________
Farrukh Ahmed
-
RE: how to configure ssh to allow login from only specific ip's
Fetched: May 31st, 2007, 4:35am BST
Tags: Security [edit]
Author: small^one
Subject: Re: how to configure ssh to allow login from only specific i
Posted: Thu May 31, 2007 11:56 pm (GMT 5)
Topic Replies: 2
lambda wrote:
be exact about what you want. access by specific users is a very different thing from access by specific ips.small^one wrote: how cud i make my ssh allow login from only specific users, i mean specific ip's
the two general ways of restricting access to certain ips are to use the /etc/hosts.{allow,deny} files, or iptables. for iptables, you need to add entries to the INPUT chain to allow access from certain ips, and to deny all other access, like so:
don't forget to save your rules.Code: iptables -A INPUT -m tcp -p tcp -s 192.168.1.10 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.12 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.24 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j REJECT
the other solution is to edit /etc/hosts.allow and list the ips there:
and then edit /etc/hosts.deny and deny all other hosts:Code: sshd: 192.168.1.10, 192.168.1.12, 192.168.1.24 Code: sshd: ALL
Thx
It really helped me a lot to manage my network. As some users were trying to access my system through ssh, now it is ok
thx again
Best regards;
Muhammad imran ali
_________________
Allah is Great. . . .
-
RE: DHCP security
Fetched: May 31st, 2007, 3:28pm BST
Tags: Security [edit]
Author: mudasir
Posted: Thu May 31, 2007 11:18 am (GMT 5)
Topic Replies: 2
salam,
So farrukh bhai what i have to do to complete the task i want to do.
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: DHCP security
Fetched: May 31st, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Thu May 31, 2007 7:41 am (GMT 5)
Topic Replies: 2
Dear mudasir,
Salam,
Iptables have nothing to do with DHCP.
Best Regards.
_________________
Farrukh Ahmed
-
DHCP security
Fetched: May 30th, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Subject: DHCP security
Posted: Wed May 30, 2007 10:54 pm (GMT 5)
Topic Replies: 1
I have setup a DHCP Server on RHEL 4, now i have a list of MAC Addresses in a fie located at "/Firewall/macs/all.macs", now what i want to do is that, my DHCP server should assign IP's dynamically to only these MAC addresses present in this file. How is this possible.
What IPTABLES rules do i have to make in order to overcome this porblem.
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: how to configure ssh to allow login from only specific ip's
Fetched: May 29th, 2007, 11:48pm BST
Tags: Security [edit]
Author: lambda
Subject: Re: how to configure ssh to allow login from only specific i
Posted: Tue May 29, 2007 7:43 pm (GMT 5)
Topic Replies: 1
be exact about what you want. access by specific users is a very different thing from access by specific ips.small^one wrote: how cud i make my ssh allow login from only specific users, i mean specific ip's
the two general ways of restricting access to certain ips are to use the /etc/hosts.{allow,deny} files, or iptables. for iptables, you need to add entries to the INPUT chain to allow access from certain ips, and to deny all other access, like so:
don't forget to save your rules.Code: iptables -A INPUT -m tcp -p tcp -s 192.168.1.10 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.12 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.24 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j REJECT
the other solution is to edit /etc/hosts.allow and list the ips there:
and then edit /etc/hosts.deny and deny all other hosts:Code: sshd: 192.168.1.10, 192.168.1.12, 192.168.1.24 Code: sshd: ALL
-
how to configure ssh to allow login from only specific ip's
Fetched: May 29th, 2007, 8:36pm BST
Tags: Security [edit]
Author: small^one
Subject: how to configure ssh to allow login from only specific ip's
Posted: Tue May 29, 2007 6:31 pm (GMT 5)
Topic Replies: 1
aslam-o-alaikum
i wan't to allow a system at network to access my system through ssh, but the main prob is that the other users will also try to access my sysem through ssh. how cud i make my ssh allow login from only specific users, i mean specific ip's
Best regards
Imran Ali
_________________
Allah is Great. . . .
-
RE: Multiple MAC's
Fetched: May 10th, 2007, 8:36pm BST
Tags: Security [edit]
Author: compucated
Posted: Thu May 10, 2007 5:24 pm (GMT 5)
Topic Replies: 2
Not possible with static arp entries level (FIX ME).
However what about to deal this situation with iptables?
iptables -t mangle -I PREROUTING -s 12.12.12.12 -m mac --mac-source xx:xx:xx:xx:xx:01 -j ACCEPT
iptables -t mangle -I PREROUTING -s 12.12.12.12 -m mac --mac-source xx:xx:xx:xx:xx:02 -j ACCEPT
iptables -t mangle -A PREROUTING -s 12.12.12.12 -j DROP
-
RE: Multiple MAC's
Fetched: May 10th, 2007, 8:36pm BST
Tags: Security [edit]
Author: kbukhari
Subject: Re: Multiple MAC's
Posted: Thu May 10, 2007 5:04 pm (GMT 5)
Topic Replies: 2
venky145 wrote:
It is possible.
NO! It is not.
_________________
--
Syed Kashif Ali Bukhari
+92-300-4295604
[sysadminsline.com]
-
Multiple MAC's
Fetched: May 10th, 2007, 4:35pm BST
Tags: Security [edit]
Author: venky145
Subject: Multiple MAC's
Posted: Thu May 10, 2007 1:02 pm (GMT 5)
Topic Replies: 2
hi
how to bind 2 MAC address to one IP .
It is possible.
-
RE: Penetration Testing ..
Fetched: May 7th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re: other than that
Posted: Mon May 07, 2007 7:57 am (GMT 5)
Topic Replies: 4
Dear raheelahmad,
Salam,
I suggest you start with a methodology the two listed below are good.
1. OSSTMM - [www.isecom.org]
2. ISSAF - [www.oissg.org]
Also take a look at the Security Technical Implementation Guides [iase.disa.mil] in addition to Security Configuration Guides [www.nsa.gov]
For the Tools see the [sectools.org] and [vulnerabilityassessment.co.uk]
Best Regards.
_________________
Farrukh Ahmed
-
RE: Penetration Testing ..
Fetched: May 6th, 2007, 8:36pm BST
Tags: Security [edit]
Author: raheelahmad
Subject: other than that
Posted: Sun May 06, 2007 5:17 pm (GMT 5)
Topic Replies: 3
thankx for reply ....
other than the above links ? does snort able to work as Host based IPS?
if yes how to do ?
_________________
raheel ahmad
AntiWindows
-
RE: MAC Address Filtering
Fetched: April 29th, 2007, 4:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Sun Apr 29, 2007 1:02 pm (GMT 5)
Topic Replies: 16
start a different post for that issue.
make sure you search the forum before posting about it.
-
RE: MAC Address Filtering
Fetched: April 29th, 2007, 8:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Sun Apr 29, 2007 6:25 am (GMT 5)
Topic Replies: 16
Salam,
The script is working now.
Thanks to all of you - specially
Farrukh bhai
Lambda
Compucated
Now i need one more help. I want to Restrict Bandwidth on Per User base. Like each user should get total of 16 KBps no matter which software of what ever the user uses.
I tried [www.communitypk.com] script, but this is not working. CBQ and HTB, dont know how to configure them, i tried to configure them but cant get it right.
Looking Forward for Help
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: MAC Address Filtering
Fetched: April 28th, 2007, 4:35am BST
Tags: Security [edit]
Author: compucated
Posted: Sun Apr 29, 2007 1:22 am (GMT 5)
Topic Replies: 16
beside the fact & amaze, the fact, these scripts were wrote by me several years ago when I was novice with scripting and amaze to see that I never distribute my those novice work so how they reach to you?
anyway, the problem in your case is, there are garbage characters in fourth line of mac.addresses file , that seems to look like just a blank line with general text editors.
Just delete Fourth line and re run the script, the problem will go away.
regards
-
RE: MAC Address Filtering
Fetched: April 28th, 2007, 12:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Sat Apr 28, 2007 7:23 pm (GMT 5)
Topic Replies: 16
Salam,
Dear Lambda,
There is no line left empty between any the MAC Address.
I am uploading the whole firewall script, so that you can check the whole script and help me out.
www.geocities.com/cool_mudasir/Firewall.tar.gz
Sequence in which Files Run
1. /Firewall/firewall
The above script run all the other script in a particular manner
Looking Forward For Help.
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: MAC Address Filtering
Fetched: April 28th, 2007, 8:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Sat Apr 28, 2007 4:46 pm (GMT 5)
Topic Replies: 16
make sure the first line in the file is not empty.
-
RE: MAC Address Filtering
Fetched: April 28th, 2007, 4:35pm BST
Tags: Security [edit]
Author: mudasir
Posted: Sat Apr 28, 2007 3:01 pm (GMT 5)
Topic Replies: 16
Salam,
Dear Lambda,
I did edit this file on windows about 1 month back, since than have not even opened it on windows.
I have pasted the my MAC Address Filtering Script above.
and the MAC Address file /Firewall/macs/allowed.macs is as follows
Quote:
00:16:76:8D:50:2A
00:90:FE:23:19:D4
00:02:A5:83:36:09
00:16:36:e7:6a:da
00:90:27:75:01:C4
00:02:44:36:3C:AA
00:08:C7:84:D0:73
00:00:24:C9:BC:76
00:B0:D0:14:A3:29
00:B0:D0:B5:D6:E0
00:60:08:37:6E:3C
00:0F:1F:B2:ED:96
00:90:27:84:F3:DA
00:D0:B7:27:FC:05
00:90:FE:22:FB:FF
00:0C:F1:D9:C2:D7
00:10:4B:2C:B3:BF
00:01:03:02:75:F8
00:30:4F:04:BE:C9
00:06:29:EF:21:B7
00:80:5F:77:A8:DC
00:01:03:04:D7:86
00:01:02:5F:0F:73
00:01:02:F7:1C:E5
00:01:02:25:29:11
00:13:20:24:88:E2
00:D0:B7:27:4C:E0
00:04:76:BA:9D:E1
00:30:4F:06:FE:43
00:40:B9:53:51:00
00:11:11:05:48:F3
00:0D:56:1F:FB:0D
00:C0:CA:11:ED:DD
4C:00:10:52:35:0F
00:08:C7:81:A0:4B
00:60:08:95:64:65
00:07:E9:F6:AA:CE
00:15:F2:BA:54:54
00:01:03:13:3A:7E
00:06:29:F7:D4:79
4C:00:10:60:DA:DA
00:C0:26:79:DB:67
00:02:44:4B:58:EE
00:05:1C:1A:A3:CA
00:11:D8:FE:69:D0
00:90:FE:22:F9:36
00:16:76:4A:14:C3
00:07:95:C2:BF:3A
00:11:D8:FA:30:A7
00:02:55:30:C1:CB
00:00:1C:DD:7F:2D
00:C0:4F:73:D4:75
00:C0:4F:41:7A:56
00:02:B3:95:84:CB
00:B0:D0:92:F5:BC
00:02:B3:4A:D8:13
00:0B:2B:0B:B3:D5
00:C0:26:79:D7:5C
00:01:02:40:8B:07
00:C0:26:68:B8:AC
00:E0:81:2F:B9:16
00:B0:D0:DB:A1:21
00:0B:DB:42:98:86
00:50:04:B1:8F:77
00:50:DA:0A:6C:0D
00:15:F2:7E:3C:23
00:50:FC:87:A2:32
00:02:44:05:EE:41
00:C0:26:6A:FB:52
00:50:DA:23:BB:A8
00:50:DA:38:7E:11
00:B0:D0:54:5F:58
00:10:b5:43:18:f0
00:10:4B:D1:AE:39
00:50:DA:5B:ae:89
00:08:C7:DB:2D:08
00:04:AC:45:90:AD
Now Looking Forward For Help
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: MAC Address Filtering
Fetched: April 28th, 2007, 4:35pm BST
Tags: Security [edit]
Author: lambda
Posted: Sat Apr 28, 2007 12:40 pm (GMT 5)
Topic Replies: 16
step 1: quit editing your files on windows.
step 2: paste the contents of the file.
-
RE: Penetration Testing ..
Fetched: April 28th, 2007, 12:36pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Sat Apr 28, 2007 10:38 am (GMT 5)
Topic Replies: 2
Dear raheelahmad,
Salam,
You can use available tools like nmap, nessus etc..
FYI, [www.honeypots.net] and [www.nessus.org]
Best Regards.
_________________
Farrukh Ahmed
-
RE: MAC Address Filtering
Fetched: April 28th, 2007, 8:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Sat Apr 28, 2007 5:36 am (GMT 5)
Topic Replies: 11
Salam
Dear Lambda, i tried the commands you have stated above. Now i am getting a different error
Quote:
+ read allowedmac
+ iptables -A INPUT -i eth2 -p ALL -m mac --mac-source -j ACCEPT
iptables v1.2.11: Bad mac address `-j'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -A FORWARD -i eth2 -p ALL -m mac --mac-source -j ACCEPT
iptables v1.2.11: Bad mac address `-j'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source --dport 5100 -j ACCEPT
iptables v1.2.11: Bad mac address `--dport'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source --dport 5100 -j ACCEPT
iptables v1.2.11: Bad mac address `--dport'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source --dport 5000:5010 -j ACCEPT
iptables v1.2.11: Bad mac address `--dport'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source --dport 5000:5010 -j ACCEPT
iptables v1.2.11: Bad mac address `--dport'
Try `iptables -h' or 'iptables --help' for more information.
+ read allowedmac
+ iptables -A INPUT -i eth2 -p ALL -m mac --mac-source 00:10:b5:43:18:f0 -j ACCEPT
+ iptables -A FORWARD -i eth2 -p ALL -m mac --mac-source 00:10:b5:43:18:f0 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source 00:10:b5:43:18:f0 --dport 5100 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source 00:10:b5:43:18:f0 --dport 5100 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source 00:10:b5:43:18:f0 --dport 5000:5010 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source 00:10:b5:43:18:f0 --dport 5000:5010 -j ACCEPT
+ read allowedmac
Now it is not even getting those MAC Addresses. The script is getting almost all the MAC addresses in the FIREWALL except few and those few are making problems for me, now if those MAC addreses are not added in the FIREWALL, INTERNET wont work on them.
Looking Forward For Help
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: MAC Address Filtering
Fetched: April 27th, 2007, 4:36am BST
Tags: Security [edit]
Author: compucated
Posted: Sat Apr 28, 2007 2:15 am (GMT 5)
Topic Replies: 9
mudasir wrote: And one more thing.
I just want to know what does the following lines do....
Quote:
iptables -t mangle -F maccheck
iptables -t mangle -X maccheck
iptables -t mangle -N maccheck
iptables -t mangle -I PREROUTING -i eth2 -p tcp -j maccheck
iptables -t mangle -A maccheck -j MARK --set-mark 1
iptables -t mangle -A maccheck -j RETURN
iptables -t nat -A PREROUTING -m mark --mark 1 -p tcp -j DNAT --to-destination=10.10.10.1:81
I found them i a firewall script but dont know the function of these lines.
looking forward for your help
iptables -t mangle -F maccheck
Flushing Chain maccheck at mangle table
iptables -t mangle -X maccheck
Deleting Chain maccheck at mangle table
iptables -t mangle -N maccheck
Creating new chain with name maccheck at mangle table
iptables -t mangle -I PREROUTING -i eth2 -p tcp -j maccheck
Jumping All tcp traffic coming from ethernet 2 to chain maccheck at mangle table
iptables -t mangle -A maccheck -j MARK --set-mark 1
Appending traffic to chain machceck with mark 1 (which not matched through allowed macs list)
iptables -t mangle -A maccheck -j RETURN
Returning the packets to stop traveling through the chain
iptables -t nat -A PREROUTING -m mark --mark 1 -p tcp -j DNAT --to-destination=10.10.10.1:81
Redirecting the all tcp mark 1 packets to host 10.10.10.1 port 81
-
RE: MAC Address Filtering
Fetched: April 27th, 2007, 4:36am BST
Tags: Security [edit]
Author: compucated
Posted: Sat Apr 28, 2007 1:55 am (GMT 5)
Topic Replies: 9
mudasir wrote:
Now when i run this script, it gives error
Quote: 'ptables v1.2.11: Bad mac address `00:B0:D0:85:0A:42
All the MAC Address and not recognised as BAD MAC Addresses, only Few of the MAC Addresses are recognised as BAD Mac Addresses.
And these MAC Addresses are not loaded in the Firewall.
Just want to know why thses MAC Addresses are BAD MAC Addresses.
check your /firewall/macs/allowed.macs file, why the character ` is adding as suffix.
Try to use some plain text editor i.e. pico, pine, vi etc might you are using some text editor that is adding those characters.
Also be aware about the illegal symbols & characters (i.e. o ) which are not legal to use as mac address.
regards
-
RE: MAC Address Filtering
Fetched: April 27th, 2007, 4:36am BST
Tags: Security [edit]
Author: lambda
Posted: Fri Apr 27, 2007 11:31 pm (GMT 5)
Topic Replies: 9
Code: tr -d 15 < /Firewall/macs/allowed.macs > /tmp/am
mv /tmp/am /Firewall/macs/allowed.macs
-
RE: Penetration Testing ..
Fetched: April 27th, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Apr 27, 2007 8:50 pm (GMT 5)
Topic Replies: 2
Salam,
Try This Web Site, it has many tools for Network Related Stuff
[www.insecure.org]
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: MAC Address Filtering
Fetched: April 27th, 2007, 12:36am BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Apr 27, 2007 8:49 pm (GMT 5)
Topic Replies: 9
Salam,
I have tried it... I am getting following OUTPUT.
Quote:
+ iptables -A FORWARD -i eth2 -p ALL -m mac --mac-source $'00:10:4B:2C:B3:BFr' -j ACCEPT
'ptables v1.2.11: Bad mac address `00:10:4B:2C:B3:BF
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source $'00:10:4B:2C:B3:BFr' --dport 5100 -j ACCEPT
'ptables v1.2.11: Bad mac address `00:10:4B:2C:B3:BF
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source $'00:10:4B:2C:B3:BFr' --dport 5100 -j ACCEPT
'ptables v1.2.11: Bad mac address `00:10:4B:2C:B3:BF
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source $'00:10:4B:2C:B3:BFr' --dport 5000:5010 -j ACCEPT
'ptables v1.2.11: Bad mac address `00:10:4B:2C:B3:BF
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source $'00:10:4B:2C:B3:BFr' --dport 5000:5010 -j ACCEPT
'ptables v1.2.11: Bad mac address `00:10:4B:2C:B3:BF
Try `iptables -h' or 'iptables --help' for more information.
+ read allowedmac
+ iptables -A INPUT -i eth2 -p ALL -m mac --mac-source 00:30:4F:04:BE:C9 -j ACCEPT
+ iptables -A FORWARD -i eth2 -p ALL -m mac --mac-source 00:30:4F:04:BE:C9 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source 00:30:4F:04:BE:C9 --dport 5100 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source 00:30:4F:04:BE:C9 --dport 5100 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source 00:30:4F:04:BE:C9 --dport 5000:5010 -j ACCEPT
+ iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source 00:30:4F:04:BE:C9 --dport 5000:5010 -j ACCEPT
Still dont know why i am getting errors, according to me the file should work. MAC Addresses are written 1 MAC in 1 Line.
Looking Forword For Help
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
Penetration Testing ..
Fetched: April 27th, 2007, 8:35pm BST
Tags: Security [edit]
Author: raheelahmad
Subject: Penetration Testing ..
Posted: Fri Apr 27, 2007 5:45 pm (GMT 5)
Topic Replies: 1
hello guyz can any one let me know about oenetratiion testing tools ....
_________________
raheel ahmad
AntiWindows
-
RE: MAC Address Filtering
Fetched: April 27th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Fri Apr 27, 2007 10:38 am (GMT 5)
Topic Replies: 5
Dear mudasir,
Salam,
It should work. Try adding below code on the top of your script for debugging.
Code: set -x
Best Regards.
_________________
Farrukh Ahmed
-
RE: MAC Address Filtering
Fetched: April 27th, 2007, 12:35pm BST
Tags: Security [edit]
Author: mudasir
Posted: Fri Apr 27, 2007 9:44 am (GMT 5)
Topic Replies: 5
Salam
I have done some work to make my own script of MAC Address Filtering, but getting error of BAD MAC ADDRESS. My MAC Address Filtering Scirpt is below
Quote:
#!/bin/bash
##################################
### Flusing All IPTABLES Rules ###
##################################
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
########################################
### Setting Default Policies To DROP ###
########################################
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#####################################
### MAC Address Filtering Process ###
#####################################
cat /Firewall/macs/allowed.macs | while read allowedmac
do
iptables -A INPUT -i eth2 -p ALL -m mac --mac-source $allowedmac -j ACCEPT
iptables -A FORWARD -i eth2 -p ALL -m mac --mac-source $allowedmac -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source $allowedmac --dport 5100 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source $allowedmac --dport 5100 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p tcp -m mac --mac-source $allowedmac --dport 5000:5010 -j ACCEPT
iptables -t nat -A PREROUTING -i eth2 -p udp -m mac --mac-source $allowedmac --dport 5000:5010 -j ACCEPT
done
##############################
### Enabling IP Forwarding ###
##############################
echo 1 > /proc/sys/net/ipv4/ip_forward
##############################################
### Rules To Redirect Web Traffic To Squid ###
##############################################
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 8080
#############################################
### Droping All Traffic For Voice And Cam ###
#############################################
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 5100 -j DROP
iptables -t nat -A PREROUTING -i eth2 -p udp --dport 5100 -j DROP
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 5000:5010 -j DROP
iptables -t nat -A PREROUTING -i eth2 -p udp --dport 5000:5010 -j DROP
#########################################
### Accepting Established Connections ###
#########################################
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#############################
### Allow PING Requests ###
#############################
iptables -A FORWARD -s 10.10.10.0/23 -p ICMP -d ! 10.10.10.0/23 -j ACCEPT
iptables -A INPUT -i eth2 -p icmp -j ACCEPT
###############################################################################
### Drop Requests Coming From Internet Claiming To Be From Internal Network ###
###############################################################################
#iptables -A INPUT -i eth1 -s 10.10.10.0/23 -j DROP
iptables -t nat -A PREROUTING -i ! eth2 -s 10.10.10.0/23 -j DROP
Now when i run this script, it gives error
Quote: 'ptables v1.2.11: Bad mac address `00:B0:D0:85:0A:42
All the MAC Address and not recognised as BAD MAC Addresses, only Few of the MAC Addresses are recognised as BAD Mac Addresses.
And these MAC Addresses are not loaded in the Firewall.
Just want to know why thses MAC Addresses are BAD MAC Addresses.
looking forward for help
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: MAC Address Filtering
Fetched: April 24th, 2007, 12:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Tue Apr 24, 2007 9:13 am (GMT 5)
Topic Replies: 2
Dear mudasir,
Salam,
Read Documentation then you will have better understanding.
FYI, [www.netfilter.org]
Best Regards.
_________________
Farrukh Ahmed
-
RE: MAC Address Filtering
Fetched: April 23rd, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Posted: Tue Apr 24, 2007 2:58 am (GMT 5)
Topic Replies: 2
And one more thing.
I just want to know what does the following lines do....
Quote:
iptables -t mangle -F maccheck
iptables -t mangle -X maccheck
iptables -t mangle -N maccheck
iptables -t mangle -I PREROUTING -i eth2 -p tcp -j maccheck
iptables -t mangle -A maccheck -j MARK --set-mark 1
iptables -t mangle -A maccheck -j RETURN
iptables -t nat -A PREROUTING -m mark --mark 1 -p tcp -j DNAT --to-destination=10.10.10.1:81
I found them i a firewall script but dont know the function of these lines.
looking forward for your help
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
MAC Address Filtering
Fetched: April 23rd, 2007, 4:35am BST
Tags: Security [edit]
Author: mudasir
Subject: MAC Address Filtering
Posted: Tue Apr 24, 2007 2:50 am (GMT 5)
Topic Replies: 2
Salam,
Again i am a bit confused about MAC Address Filtering. I came across a DOC that described a very good method for MAC Address Filtering
Quote:
cat /firewall/macs/allowed.macs | while read allowedmacs
do
$IPTABLES -A INPUT -p ALL -m mac --mac-source $allowedmacs -j ACCEPT
$IPTABLES -A INPUT -p ALL -m mac --mac-source ! $allowedmacs -j DROP
done
I just want to know that will it be able to help me out...
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: April 23rd, 2007, 4:36pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re:
Posted: Mon Apr 23, 2007 11:22 am (GMT 5)
Topic Replies: 7
Dear mudasir,
Salam,
I will update checkmac script by this week.
Best Regards.
_________________
Farrukh Ahmed
-
RE: Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: April 20th, 2007, 11:04pm BST
Tags: Security [edit]
Author: lambda
Subject: Re: Help in implementing CHECKMAC Script By Farrukh Bhai
Posted: Fri Apr 20, 2007 8:23 pm (GMT 5)
Topic Replies: 1
help you how?mudasir wrote: Please Help me out in impleenting this mac check script By Farrukh Bhai
-
Help in implementing CHECKMAC Script By Farrukh Bhai
Fetched: April 20th, 2007, 8:18pm BST
Tags: Security [edit]
Author: mudasir
Subject: Help in implementing CHECKMAC Script By Farrukh Bhai
Posted: Fri Apr 20, 2007 6:18 pm (GMT 5)
Topic Replies: 1
Salam,
I want to implement the MAC-Check script by Farrukh Bhai in ti my Current Firewall.
I have posted my Firewal Here...
[www2.linuxpakistan.net]
Please Help me out in impleenting this mac check script By Farrukh Bhai
Quote:
#
# MAC Check Script
# This Script will add Allowed/Blocked and Blocked Users in Firewall
#
#!/bin/sh
set -x
MAC_ALLOW="/etc/mac.allow"
MAC_DENY="/etc/mac.deny"
TMP_ALLOW="/tmp/mac.allow"
TMP_DENY="/tmp/mac.deny"
cat $MAC_ALLOW | awk '{ print $1}' > $TMP_ALLOW
cat $MAC_DENY | awk '{ print $1}' > $TMP_DENY
echo -e "Loading MAC Address...."
/sbin/iptables -F INPUT
/sbin/iptables -I INPUT -p all -j DROP
for MAC in `cat $TMP_ALLOW`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j ACCEPT
done
for MAC in `cat $TMP_DENY`
do
/sbin/iptables -I INPUT -p all -m mac --mac-source $MAC -j DROP
done
rm -f $TMP_ALLOW
rm -f $TMP_DENY
echo -e "MAC Address Loaded Successfully...."
One more thing i want to know if i enter the MAC address in the file "/etc/mac.allow" will it automatically be alowed or will i have to restart the script.....
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
RE: su command - Security concerns
Fetched: April 19th, 2007, 4:35pm BST
Tags: Security [edit]
Author: LinuxFreaK
Subject: Re: su command - Security concerns
Posted: Thu Apr 19, 2007 1:49 pm (GMT 5)
Topic Replies: 3
lambda wrote:
look, we can't turn off the internet just so you can type your root password. there are millions of people and computers on the internet. they can't go offline for you.phoenix wrote: How safe it is to 'su' while internet in on?
as long as your connection to the system is either at the console or over an encrypted link (like ssh), and no one's installed a keylogger, or is able to read keystrokes off your x window session, it's safe to type 'su'.
in fact, it's safer to use sudo.
indeed
_________________
Farrukh Ahmed
-
nmap basics
Fetched: April 18th, 2007, 8:35am BST
Tags: Security [edit]
Author: waqaskhawaja
Subject: nmap basics
Posted: Wed Apr 18, 2007 1:49 am (GMT 5)
Topic Replies: 0
Introduction
Nmap (âNetwork Mapperâ) is a free and open-source software utility that is available for both Windows and UNIX. It is used for scanning ports, exploring networks, security auditing, while careless usage might cause target host(s) to stop responding or crash. There is much more that you can do with nmap. This document will highlight only the basic commands and usage of nmap combined with a few other concepts. Those who are interested in details are recommended to read newest nmap manual, or refer to help available within the software.
I assume that you have nmap installed. Windows users can download it here and installation instructions can be found here. Ubuntu users need to typeCode: apt-get install nmap
Installation on other distributions will not be any harder using distribution specific commands. Though same functionalities of nmap are available under Windows and UNIX, there is a lot of performance difference. Nmap performs a lot faster under UNIX. Also, for some commands you need administrative privileges under UNIX.
Network Host Discovery
The very first step is to find out whether a host is alive on a network or to list the number of hosts that are alive within a range of ip addresses. Every one of us has heard of the Internet Control Message Protocol (ICMP). Letâs find out if host 192.168.0.1 is alive on my network. For the purpose, I will use â-sPâ option that tells nmap to perform a ping scan i.e. send a type 8 ICMP message.
Code: waqas@home1:~$ nmap -sP -v 172.16.1.1
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:39 PKT
Initiating Parallel DNS resolution of 1 host. at 13:39
Completed Parallel DNS resolution of 1 host. at 13:39, 0.00s elapsed
Host 172.16.1.1 appears to be up.
Nmap finished: 1 IP address (1 host up) scanned in 0.007 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
If you want to be aware of what nmap is doing, using "-v" is always a good idea. Anyway, the host is up and responds to ping request. Fortunately the host mentioned above is mine so we take a step further and block replies to ping requests. The same command now produces the following result.
Code: waqas@home1:~$ nmap -sP 172.16.1.1
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:43 PKT
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.254 seconds
You may see the same result most of the times when ping scanning because the ping replies are usually blocked by administrators. As you can see that nmap has already made a suggestion of using â-P0â but we ignore it for the time being. We have more to go in ICMP query messages as we can use â-PEâ for timestamp request and â-PMâ for address mask. What if all of these ICMP requests are blocked?
I hope we need not review the three-way handshake carried out by TCP for connection establishment. It can be used to serve the same purpose as above and find the alive host(s) on a network. â-PSâ generates an empty TCP packet with the SYN flag set to port 80 by default. In case the port is blocked, the target host replies with an RST packet or takes a step further to establish a connection by sending SYN/ACK packet. Nmap does not care about the type of reply and finds that the host is up in both cases. Similarly, â-PAâ can be used to send a SYN/ACK packet. Further, we can use â-PUâ for UDP ping.
In many cases, nmap is used to scan an Ethernet LAN. I will now use â-sLâ to simply list all the hosts within my LAN (The option can also be used for WAN).
Code: root@home1:~# nmap -sL 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:48 PKT
Host 192.168.0.0 not scanned
Host 192.168.0.1 not scanned
Host 192.168.0.2 not scanned
-------------------------------------------------------------------
Host 192.168.0.253 not scanned
Host 192.168.0.254 not scanned
Host 192.168.0.255 not scanned
Nmap finished: 256 IP addresses (0 hosts up) scanned in 4.803 seconds
The above command simply lists all the hosts of a network without finding if they are alive. However, reverse DNS resolution is still performed slowing things down in our case (Note the time taken!). â-nâ instructs nmap never to do reverse DNS resolution so
took just 0.010 seconds to complete. Scanning ports of all hosts in an Ethernet is not viable as most of the addresses at one time are unused. It is always a good option to check first for the hosts that are alive using ping scan.Code: nmap -sL -n 192.168.0/24
Code: root@home1:~# nmap -sP -n 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:48 PKT
Host 192.168.0.1 appears to be up.
MAC Address: 00:0D:88:B7:8D:FE (D-Link)
Host 192.168.0.2 appears to be up.
MAC Address: 00:50:04:64:A0:FC (3com)
Host 192.168.0.5 appears to be up.
Nmap finished: 256 IP addresses (3 hosts up) scanned in 5.723 seconds
Since we are now able to see if a certain host is alive or what hosts are alive in a network, we take a step further to scanning ports.
Port Scanning
The status displayed for scanned ports is of six types or states. These states are not intrinsic properties of the port itself, but describe how Nmap sees them. For example, an Nmap scan from the same network as the target may show port 135/tcp as open, while a scan at the same time with the same options from across the Internet might show that port as filtered.
The six port states recognized by Nmap (From Nmap Documentation)
Quote: open
An application is actively accepting TCP connections or UDP packets on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
open | filtered
Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP Protocol, FIN, Null, and Xmas scans classify ports this way.
closed | filtered
This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IPID Idle scan.
This is what the software was built for. I have only listed the available options and left the rest to you for creating your custom scans and testing them (against your own hosts of course!). Before listing the options I have inducted a paragraph from nmap reference guide written by author of nmap, Foyodor, that explains a lot about port scanning and is recommended for reading and understanding by anyone planning use of nmap.
Quote: As a novice performing automotive repair, I can struggle for hours trying to fit my rudimentary tools (hammer, duct tape, wrench, etc.) to the task at hand. When I fail miserably and tow my jalopy to a real mechanic, he invariably fishes around in a huge tool chest until pulling out the perfect gizmo which makes the job seem effortless. The art of port scanning is similar. Experts understand the dozens of scan techniques and choose the appropriate one (or combination) for a given task. Inexperienced users and script kiddies, on the other hand, try to solve every problem with the default SYN scan. Since Nmap is free, the only barrier to port scanning mastery is knowledge. That certainly beats the automotive world, where it may take great skill to determine that you need a strut spring compressor, then you still have to pay thousands of dollars for it. Code: Scan Type Explanation
-sS TCP SYN scan
-sT TCP connect scan
-sU UDP scan
-sF FIN scan
-sN Null scan
-sX Xmas scan
-sA TCP ACK scan
-sW TCP window scan
-sM TCP Maimon scan
-sL Idle scan (http://insecure.org/nmap/idlescan.html)
Version and Operating System Detection
Port scanning by default lists the open ports and the services running for them. But, for finding out vulnerabilities and exploits, it is necessary to know which version of the service is running on a specific port. As an example, php4 might be vulnerable to certain exploits that do not work for php5. Similarly, services might be vulnerable running on one operating system and not on others. In order to detect service version during scans, use â-sVâ and use â-Oâ for operating system detection. Alternatively, use â-Aâ for both.
Try
to see what output it produces for you. Then, try to change â-sSâ with other available options listed above to see if ports found and their status change. â-pâ is used for specifying the ports to scan.Code: nmap -sS -A -p 1-2000 127.0.0.1
I am thankful to lambda for reviewing this document.
-
nmapbasics
Fetched: April 17th, 2007, 4:36am BST
Tags: Security [edit]
Author: waqaskhawaja
Subject: nmapbasics
Posted: Wed Apr 18, 2007 1:49 am (GMT 5)
Topic Replies: 0
Introduction
Nmap (âNetwork Mapperâ) is a free and open-source software utility that is available for both Windows and UNIX. It is used for scanning ports, exploring networks, security auditing, while careless usage might cause target host(s) to stop responding or crash. There is much more that you can do with nmap. This document will highlight only the basic commands and usage of nmap combined with a few other concepts. Those who are interested in details are recommended to read newest nmap manual, or refer to help available within the software.
I assume that you have nmap installed. Windows users can download it here and installation instructions can be found here. Ubuntu users need to typeCode: apt-get install nmap
Installation on other distributions will not be any harder using distribution specific commands. Though same functionalities of nmap are available under Windows and UNIX, there is a lot of performance difference. Nmap performs a lot faster under UNIX. Also, for some commands you need administrative privileges under UNIX.
Network Host Discovery
The very first step is to find out whether a host is alive on a network or to list the number of hosts that are alive within a range of ip addresses. Every one of us has heard of the Internet Control Message Protocol (ICMP). Letâs find out if host 192.168.0.1 is alive on my network. For the purpose, I will use â-sPâ option that tells nmap to perform a ping scan i.e. send a type 8 ICMP message.
Code: waqas@home1:~$ nmap -sP -v 172.16.1.1
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:39 PKT
Initiating Parallel DNS resolution of 1 host. at 13:39
Completed Parallel DNS resolution of 1 host. at 13:39, 0.00s elapsed
Host 172.16.1.1 appears to be up.
Nmap finished: 1 IP address (1 host up) scanned in 0.007 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
If you want to be aware of what nmap is doing, using "-v" is always a good idea. Anyway, the host is up and responds to ping request. Fortunately the host mentioned above is mine so we take a step further and block replies to ping requests. The same command now produces the following result.
Code: waqas@home1:~$ nmap -sP 172.16.1.1
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:43 PKT
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.254 seconds
You may see the same result most of the times when ping scanning because the ping replies are usually blocked by administrators. As you can see that nmap has already made a suggestion of using â-P0â but we ignore it for the time being. We have more to go in ICMP query messages as we can use â-PEâ for timestamp request and â-PMâ for address mask. What if all of these ICMP requests are blocked?
I hope we need not review the three-way handshake carried out by TCP for connection establishment. It can be used to serve the same purpose as above and find the alive host(s) on a network. â-PSâ generates an empty TCP packet with the SYN flag set to port 80 by default. In case the port is blocked, the target host replies with an RST packet or takes a step further to establish a connection by sending SYN/ACK packet. Nmap does not care about the type of reply and finds that the host is up in both cases. Similarly, â-PAâ can be used to send a SYN/ACK packet. Further, we can use â-PUâ for UDP ping.
In many cases, nmap is used to scan an Ethernet LAN. I will now use â-sLâ to simply list all the hosts within my LAN (The option can also be used for WAN).
Code: root@home1:~# nmap -sL 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:48 PKT
Host 192.168.0.0 not scanned
Host 192.168.0.1 not scanned
Host 192.168.0.2 not scanned
-------------------------------------------------------------------
Host 192.168.0.253 not scanned
Host 192.168.0.254 not scanned
Host 192.168.0.255 not scanned
Nmap finished: 256 IP addresses (0 hosts up) scanned in 4.803 seconds
The above command simply lists all the hosts of a network without finding if they are alive. However, reverse DNS resolution is still performed slowing things down in our case (Note the time taken!). â-nâ instructs nmap never to do reverse DNS resolution so
took just 0.010 seconds to complete. Scanning ports of all hosts in an Ethernet is not viable as most of the addresses at one time are unused. It is always a good option to check first for the hosts that are alive using ping scan.Code: nmap -sL -n 192.168.0/24
Code: root@home1:~# nmap -sP -n 192.168.0.0/24
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-15 13:48 PKT
Host 192.168.0.1 appears to be up.
MAC Address: 00:0D:88:B7:8D:FE (D-Link)
Host 192.168.0.2 appears to be up.
MAC Address: 00:50:04:64:A0:FC (3com)
Host 192.168.0.5 appears to be up.
Nmap finished: 256 IP addresses (3 hosts up) scanned in 5.723 seconds
Since we are now able to see if a certain host is alive or what hosts are alive in a network, we take a step further to scanning ports.
Port Scanning
The status displayed for scanned ports is of six types or states. These states are not intrinsic properties of the port itself, but describe how Nmap sees them. For example, an Nmap scan from the same network as the target may show port 135/tcp as open, while a scan at the same time with the same options from across the Internet might show that port as filtered.
The six port states recognized by Nmap (From Nmap Documentation)
Quote: open
An application is actively accepting TCP connections or UDP packets on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
open | filtered
Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP Protocol, FIN, Null, and Xmas scans classify ports this way.
closed | filtered
This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IPID Idle scan.
This is what the software was built for. I have only listed the available options and left the rest to you for creating your custom scans and testing them (against your own hosts of course!). Before listing the options I have inducted a paragraph from nmap reference guide written by author of nmap, Foyodor, that explains a lot about port scanning and is recommended for reading and understanding by anyone planning use of nmap.
Quote: As a novice performing automotive repair, I can struggle for hours trying to fit my rudimentary tools (hammer, duct tape, wrench, etc.) to the task at hand. When I fail miserably and tow my jalopy to a real mechanic, he invariably fishes around in a huge tool chest until pulling out the perfect gizmo which makes the job seem effortless. The art of port scanning is similar. Experts understand the dozens of scan techniques and choose the appropriate one (or combination) for a given task. Inexperienced users and script kiddies, on the other hand, try to solve every problem with the default SYN scan. Since Nmap is free, the only barrier to port scanning mastery is knowledge. That certainly beats the automotive world, where it may take great skill to determine that you need a strut spring compressor, then you still have to pay thousands of dollars for it. Code: Scan Type Explanation
-sS TCP SYN scan
-sT TCP connect scan
-sU UDP scan
-sF FIN scan
-sN Null scan
-sX Xmas scan
-sA TCP ACK scan
-sW TCP window scan
-sM TCP Maimon scan
-sL Idle scan (http://insecure.org/nmap/idlescan.html)
Version and Operating System Detection
Port scanning by default lists the open ports and the services running for them. But, for finding out vulnerabilities and exploits, it is necessary to know which version of the service is running on a specific port. As an example, php4 might be vulnerable to certain exploits that do not work for php5. Similarly, services might be vulnerable running on one operating system and not on others. In order to detect service version during scans, use â-sVâ and use â-Oâ for operating system detection. Alternatively, use â-Aâ for both.
Try
to see what output it produces for you. Then, try to change â-sSâ with other available options listed above to see if ports found and their status change. â-pâ is used for specifying the ports to scan.Code: nmap -sS -A -p 1-2000 127.0.0.1
I am thankful to lambda for reviewing this document.
-
RE: su command - Security concerns
Fetched: April 17th, 2007, 8:35pm BST
Tags: Security [edit]
Author: lambda
Subject: Re: su command - Security concerns
Posted: Tue Apr 17, 2007 3:49 pm (GMT 5)
Topic Replies: 2
look, we can't turn off the internet just so you can type your root password. there are millions of people and computers on the internet. they can't go offline for you.phoenix wrote: How safe it is to 'su' while internet in on?
as long as your connection to the system is either at the console or over an encrypted link (like ssh), and no one's installed a keylogger, or is able to read keystrokes off your x window session, it's safe to type 'su'.
in fact, it's safer to use sudo.
-
RE: su command - Security concerns
Fetched: April 17th, 2007, 12:35pm BST
Tags: Security [edit]
Author: nomankhn
Subject: Re: su command - Security concerns
Posted: Tue Apr 17, 2007 10:14 am (GMT 5)
Topic Replies: 2
Dear
su is good option.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
-
su command - Security concerns
Fetched: April 17th, 2007, 12:35pm BST
Tags: Security [edit]
Author: phoenix
Subject: su command - Security concerns
Posted: Tue Apr 17, 2007 8:38 am (GMT 5)
Topic Replies: 2
AoA
How safe it is to 'su' while internet in on?
supose I want to change ownership of some
file, should I 'su' from the user account, with
X on, internet on; OR
should I do CTRL+SHIFT+FX and login as 'root'
there?
which one is better?
I'm using Slackware 11.
_________________
__/__/__/__/__/__/__/__/__/__/__/__/
Pakistan - Kashmir
__/__/__/__/__/__/__/__/__/__/__/__/
-
Upload Bandwidh Shaping
Fetched: April 6th, 2007, 8:18pm BST
Tags: Security [edit]
Author: mudasir
Subject: Upload Bandwidh Shaping
Posted: Wed Apr 04, 2007 5:12 pm (GMT 5)
Topic Replies: 11
Salam,
Hi i am running CABLE NET of 150 users. I am using this script to restrict DOWNLOADING bandwidth.
[www.communitypk.com]
What i want to know is that how will i be able to restrict the uploading bandwidth per user.
And one thing more....I am using IP range 10.10.10.0 and 10.10.11.0....
will this script be applicable on both ranges.
i have added this in this script 10.10.0.0
please help me out
_________________
Kind Regards
Mudasir Mirza
Crystal Net
0321-2395320
-
ssh: Read from socket failed: Connection reset by peer
Fetched: April 3rd, 2007, 5:40pm BST
Tags: Security [edit]
Author: waqaskhawaja
Subject: ssh: Read from socket failed: Connection reset by peer
Posted: Sun Apr 01, 2007 7:28 pm (GMT 5)
Topic Replies: 2
I receive the following error when I try to connect to a machine using ssh.
Code: OpenSSH_4.2p1 Debian-7ubuntu3.1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 172.16.1.1 [172.16.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/waqas/.ssh/identity type -1
debug1: identity file /home/waqas/.ssh/id_rsa type -1
debug1: identity file /home/waqas/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-5ubuntu1
debug1: match: OpenSSH_4.3p2 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3.1
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer
sshd_config of the host running openssh-server
Code: # Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
-
hostname
Fetched: April 3rd, 2007, 5:40pm BST
Tags: Security [edit]
Author: venky145
Subject: hostname
Posted: Sun Apr 01, 2007 3:46 pm (GMT 5)
Topic Replies: 1
hai
how to find a windows (hostname) in linux
-
IT Candidate Required on Urgent Basis
Fetched: March 30th, 2007, 5:29pm BST
Tags: Security [edit]
Author: adilkhan_86
Subject: IT Candidate Required on Urgent Basis
Posted: Fri Mar 30, 2007 2:55 pm (GMT 5)
Topic Replies: 0
Our company immediately requires the services of an energetic and skilled Data Base Analyst to meet its off-shore support commitments. The job timings will be from 5pm to 2am (Monday - Friday) to match the client's day time working hours.
The ideal candidate shall be able to work independently and with discipline to fulfill the committed performance requirements on a routine basis. Following is a profile that we would like to see in prospective candidates.
Four years Bachelors Degree in Computer Science or in a related field,
excellent English and communications skills, and at least 2 years DBA
experience is a must. Oracle DBA certification (OCP) will be a plus.
Technical requirements:
- Experience with large Oracle 9i/10g databases on Unix in a
production environment.
- Database upgrade/migration expertise.
- Database and SQL performance tuning experience.
- Well versed with RMAN, DataGuard, and RAC concepts
Please send YOUR CV TO adilkhan_86@yahoo.com or Call at : 0301-2200030
_________________
Warm Regards
Mohammad Adil Zulqarnain
Cell# 0301 2200030
-
ping
Fetched: March 30th, 2007, 5:29pm BST
Tags: Security [edit]
Author: venky145
Subject: ping
Posted: Thu Mar 29, 2007 2:56 pm (GMT 5)
Topic Replies: 3
hai
how to ping a windows OS firewall enabled system in linux.
-
how to stop yahoo booting
Fetched: March 30th, 2007, 5:29pm BST
Tags: Security [edit]
Author: whyrus
Subject: how to stop yahoo booting
Posted: Wed Mar 28, 2007 11:58 am (GMT 5)
Topic Replies: 1
Dear friends.
I,m running a cable network i have a static ip. my problem is when ever
any clients of my network booting on yahoo or use any kind of locking
yahoo softwares. yahoo stops working on my whole network then i have to change my real ip . After changing my ip it starts again.
i would like to know is there any possibilities to stop these kind of stuffs on lan or any way to stop banning my IP. i have IP pools on my connection.
thanks u all in advance
take care
Allah Hafiz
Planet MYOSS
-
Takizo Technology: VNSECON07: Vietnam Security Conference 2007 in Ho Chi Minh City
Posted: March 26th, 2007, 9:05am BST
Tags: VNSecurity Security Conference Vietnam Technology [edit]
VNSECON’07 is going to held at Ho Chi Minh city on 2nd-4th August 2007. Call for paper is opened right now, for more information please visit VNSECON07 official website.With the growing speed of Vietnam IT industry and the increasing number of local Vietnamese people who get interested into information security research as well as underground community, it is necessary to have an event that enable the dissemination, discussion and sharing of security information between the security community, government, academic organizations and companies.
Tags: VNSecurity, Security, Conference, Vietnam, Technology, Ho Chi Minh
linuxpakistan.net
-
squid service start with ./squid
Fetched: March 15th, 2007, 4:36pm GMT
Tags: Security [edit]
Author: majidnazeer
Subject: squid service start with ./squid
Posted: Thu Mar 15, 2007 2:14 pm (GMT 5)
Topic Replies: 3
AoA!
I installed squid-2.5.STABLE12. Everything work fine. when i restart machine afterthat i need to be manually start squid. I want to set squid to boot run level.
secondly i start squid with ./squid command. I want to run start service with just (squid start) command.
I add ./squid command to rc.local. but after restart machine that's not restarted. Again i start squid manually.
Anybody can solve these problems. 1) squid start on startup 2) squid service start with squid command don't with ./squid.
thanks
Majid Nazeer
-
Security AND VOIP Distro ..Any one Here..!
Fetched: March 8th, 2007, 4:35am GMT
Tags: Security [edit]
Author: raheelahmad
Subject: Security AND VOIP Distro ..Any one Here..!
Posted: Fri Mar 09, 2007 12:26 am (GMT 5)
Topic Replies: 6
Hello friends,
anyone here working on linux distro building .. i did tried it ..did well but still majors to go..............
any one ?
_________________
Geek ? oh N()
------
raheel ahmad
Linux Learner opz lover.
Planet MYOSS
-
Linux By Examples: Monitor who runs what, listen to what ports, established what connections.
Posted: March 8th, 2007, 8:23pm GMT
Tags: Networks Internet networkmonitoring Security [edit]
To identify and monitor who is running what applications, which the application is listening to what port, established what connections, we can use lsof. lsof (List Open Files) are use for listing all current opened files. Besides the file name, it includes info such as who open it, what command use to open it, what type of file is it etc.
To list all Internet or network related opened files.
lsof -ioutput:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ktorrent 5220 mysurface 14u IPv4 13129 TCP *:6881 (LISTEN) ktorrent 5220 mysurface 15u IPv6 13152 UDP *:6881 ktorrent 5220 mysurface 16u IPv4 41606 TCP 192.168.1.101:43234->122.49.147.27:32006 (SYN_SENT) ktorrent 5220 mysurface 17u IPv4 41597 TCP 192.168.1.101:59485->host-63-239-252-1.tetonwireless.com:6881 (SYN_SENT) ktorrent 5220 mysurface 18u IPv4 36757 TCP 192.168.1.101:42724->203-36-217-77.dsl.dodo.com.au:25423 (ESTABLISHED) ...You might facing some latency while listing them, the reason is, lsof cleverly replace your IP with DNS, so it need times to resolve DNS. To ask it stop to act smart and display with only numerical IP addresses, specified -n.
lsof -i -nYou may want to list open files with root permission, which returns you more entries.
sudo lsof -i -nlsof list both IPv6 and IPv4 related files by default. You specified -i4 if you want entries with IPv4 only, same thing to IPv6, specified -i6.
sudo lsof -i4 -nOkay, If you just want to list files which triggers by a specific user only, you can do this:
sudo lsof -i -n -a -u toydi-a indicate AND logic, the entire line simply means, I want to list Internet related open files and these files must be trigger by toydi.
Again, lsof capable of doing more, check out the manuals for more details.
Technorati Tags: networks, internet, network monitoring, security
linuxpakistan.net
-
QoS In LINUX
Fetched: March 6th, 2007, 4:35am GMT
Tags: Security [edit]
Author: raheelahmad
Subject: QoS In LINUX
Posted: Wed Mar 07, 2007 2:28 am (GMT 5)
Topic Replies: 4
Hello to all Linux Geeks,
Friends any one of you , can let me know about Qos in linux,i would like to mastering iptables, I hav being using filter table for long but now I like to play wid mangle.... any guide.. or any hint any tutorial....! ???
m waiting for u peoples reply............especially Farrukh..............
_________________
Geek ? oh N()
------
raheel ahmad
Linux Learner opz lover.
-
squid/iptables problem
Fetched: March 5th, 2007, 12:35pm GMT
Tags: Security [edit]
Author: mushtaq
Subject: squid/iptables problem
Posted: Mon Mar 05, 2007 8:44 am (GMT 5)
Topic Replies: 3
Asalamualikum,
i am using squid as my transparent proxy server on my gateway machine.
Problem is that guyz can enter different proxy server addresses to bypass the proxy server what is the solution. Below is one of the address they are using.
165.228.133.10(ip) 3128(port)
My IPTables contain two rules
iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT 3128
iptables -t nat -A POSTROUTING -j MASQUERADE
i dont understand where it is causing them to access outside directly.
any help will be appreciated.
Best regds
mushtaq
_________________
Life is just a deception from truth
-
traffic overflow
Fetched: March 2nd, 2007, 8:36pm GMT
Tags: Security [edit]
Author: venky145
Subject: traffic overflow
Posted: Fri Mar 02, 2007 7:59 pm (GMT 5)
Topic Replies: 1
hi
what is neightbour traffic overflow
and how to solve
-
squid bypassing
Fetched: February 22nd, 2007, 8:35pm GMT
Tags: Security [edit]
Author: mushtaq
Subject: squid bypassing
Posted: Thu Feb 22, 2007 7:47 pm (GMT 5)
Topic Replies: 3
Asalamualikum,
i am using transparent proxy but one of my client is using external proxy addresses in his browser to bypass my proxy server which is also the gateway as required i get the following line in response
1171684374.733 524 192.168.0.44 TCP_MISS/200 1264 GET [www.acclaimimages.com]
css - DIRECT/67.15.4.226 text/css
67.15.4.226 this is the address he is using but as much as i know if i block this he has a list of online proxy addresses how to block this please advise. I want strict no access to the external world from my clients.
Best regds
mushtaq
_________________
Life is just a deception from truth
mypapit gnu/linux blog
-
How to secure your SSH server
Posted: February 21st, 2007, 12:20pm GMT by mypapit
Tags: ssh iptables ubuntu debian Security [edit]
I came across this interesting post about how to secure your SSH without changing the SSH listening port.
Things that the post author suggested are :
- Enforce the use of secure and hard to guess password
- Disable login by password, use Public Key Authentication for greater security.
- Allow SSH connection from trusted network only.
- Implement Port Knocking - [www.linuxjournal.com]
- Use iptables RECENT match to filter SSH scanners
Personally I’ve enabled public-key authentication and SSH scanner filter to secure my server at the advice of my friend from a local security firm. Although, I haven’t tried the port knocking method yet, it seems interesting to know that ’secret port knocking’ pattern also exists in computer security (remember ali baba?)
Hopefully this post will serve as a reminder to myself and those who read them, ah oh, most of this post content are lifted shamelessly from False sense of security
Tags: ssh, iptables, ubuntu, debian, security, port knocking, nmap, security scanners, exploit
http://blog.drinsama.de/erich/en/linux/2007021502-false-sense-of-security
Thanks To Our Sponsor: Get Linux CD/DVD in Malaysia Fast & affordable, delivered right to your doorsteps
Planet MYOSS
-
Mohammad Hafiz bin Ismail: How to secure your SSH server
Posted: February 21st, 2007, 12:20pm GMT
Tags: ssh iptables ubuntu debian Security [edit]
I came across this interesting post about how to secure your SSH without changing the SSH listening port.
Things that the post author suggested are :
- Enforce the use of secure and hard to guess password
- Disable login by password, use Public Key Authentication for greater security.
- Allow SSH connection from trusted network only.
- Implement Port Knocking - [www.linuxjournal.com]
- Use iptables RECENT match to filter SSH scanners
Personally I’ve enabled public-key authentication and SSH scanner filter to secure my server at the advice of my friend from a local security firm. Although, I haven’t tried the port knocking method yet, it seems interesting to know that ’secret port knocking’ pattern also exists in computer security (remember ali baba?)
Hopefully this post will serve as a reminder to myself and those who read them, ah oh, most of this post content are lifted shamelessly from False sense of security
Tags: ssh, iptables, ubuntu, debian, security, port knocking, nmap, security scanners, exploit
http://blog.drinsama.de/erich/en/linux/2007021502-false-sense-of-security
Thanks To Our Sponsor: Create Stunning E-book Covers How-to design E-book overs with Photoshop
linuxpakistan.net
-
Ubuntu auth.log
Fetched: February 10th, 2007, 4:35am GMT
Tags: Security [edit]
Author: waqaskhawaja
Subject: Ubuntu auth.log
Posted: Sat Feb 10, 2007 3:35 pm (GMT -5)
Topic Replies: 3
Since the last two days, auth.log of an Ubuntu machine I ssh into has stopped updating. The last login displayed is two days old and it does not show any current logins. I have already gone through sshd.conf. Any idea where shall I start?
-
Linux box eth1 chocking
Fetched: February 5th, 2007, 4:35am GMT
Tags: Security [edit]
Author: hyperlinux
Subject: Linux box eth1 chocking
Posted: Mon Feb 05, 2007 3:04 pm (GMT -5)
Topic Replies: 4
Assalam u Alaikum
dear brothers i have a problem i have Linux box having 2 NIC that is eth0 or eth1. eth0 is external and eth1 is local, now the problem is that eth1 is chocking and when i restart the network service it give the error line too much interrupts or when i manually restart the ifconfig eth1 down and up it gives the same error and nothing could running properly unless until i restart the Linux server. . . . . . . . . can any buddy give me the solution for this i think this is for broadcasting on the network and how to control it?
_________________
Register Linux User #435086
-
HELP FOR YAHOOOOOO AND MSN
Fetched: February 5th, 2007, 12:35am GMT
Tags: Security [edit]
Author: mugall
Subject: HELP FOR YAHOOOOOO AND MSN
Posted: Mon Feb 05, 2007 1:15 pm (GMT -5)
Topic Replies: 1
Assalam o Alikum Dear All,
i am runing a cable net, i use DSL connection, but dears i m fasing problem to connect yahoo and msn with proxy and without proxy i want to connect webcam and voice, me implement all most all the solutions which you people gv in this site special Farukh Bhai. but still problem is there, even i install Socket5 server but when i want to connect with socket setver its gvs me the massage Authorization fail.... please help
my ethernet configurations are under...
eth0 is my LAN and ip is 172.16.2.1/255.255.0.0
eth1 is my DSL and ip is 10.0.0.1/255.255.255.0
waiting for prompt reply.....
Regards,
Khalid Zaman
-
How to secure the SSH login @ my Linux box
Fetched: January 28th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: hyperlinux
Subject: How to secure the SSH login @ my Linux box
Posted: Sun Jan 28, 2007 8:41 am (GMT -5)
Topic Replies: 7
Assalam u Alaikum
i have problem in my linux SSH server peoplez try to login to server through ssh. How i want to block those attempts? if some buddy tries for 3rd time wrong password the linux block its IP like that. ... . .
can any budy u guyz help me out in this regard
Thnx
_________________
Register Linux User #435086
-
Yahoo Mail box allow
Fetched: January 27th, 2007, 11:58am GMT
Tags: Security [edit]
Author: majidnazeer
Subject: Yahoo Mail box allow
Posted: Sat Jan 27, 2007 12:04 am (GMT -5)
Topic Replies: 2
alam
I want to allow yahoo web site for specific user (192.168.0.22). I allowed that but page was not successfully open completely. Anyboady can help about this.
Can i receive yahoo mails in outlook? POP3 support available in yahoo for publicly or doesn't? Can i forward yahoo mails to other domains where POP3 support is available for publicly like (hotmail)?
Thanks
Majid
-
/var/log/secure issue
Fetched: January 24th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: mushtaq
Subject: /var/log/secure issue
Posted: Wed Jan 24, 2007 6:12 am (GMT -5)
Topic Replies: 8
Asalamualikum,
i have following in my secure log /var/log/secure
Jan 23 09:39:28 pacific sshd[24999]: Invalid user wnn from 203.167.102.190
Jan 23 09:39:28 pacific sshd[24999]: reverse mapping checking getaddrinfo for 190.102.167.203.unassigned.static.eastern-tele.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 23 09:39:30 pacific sshd[24999]: Failed password for invalid user wnn from 203.167.102.190 port 56121 ssh2
Jan 23 21:10:31 pacific sshd[27824]: Did not receive identification string from 67.15.236.19
please provide what does the above lines mean, does that means someone try to attack "through my server" or "from another server to my server".
thanks
Best regds
mushtaq
_________________
Life is just a deception from truth
-
ping
Fetched: January 17th, 2007, 4:35pm GMT
Tags: Security [edit]
Author: venky145
Subject: ping
Posted: Wed Jan 17, 2007 3:39 am (GMT -5)
Topic Replies: 3
hi
how to deny my server ping except one system.
-
server problem
Fetched: January 12th, 2007, 8:35pm GMT
Tags: Security [edit]
Author: venky145
Subject: server problem
Posted: Fri Jan 12, 2007 8:26 am (GMT -5)
Topic Replies: 1
hi
i am using FC6.
when i am connecting to my LAN . my server IP ping getting 1000+ ms.
i f i remove my LAN ping is 1ms.
my firewall script is:
iptables -t nat -F
iptables -F
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/32 -d 0/0 -j MASQUERADE
pls give me strong firewall solutions to me.
-
how to make daemon?
Fetched: December 26th, 2006, 11:59pm GMT
Tags: Security [edit]
Author: server
Subject: how to make daemon?
Posted: Tue Dec 26, 2006 1:04 pm (GMT -5)
Topic Replies: 6
Assalam-o-Alykum!!
how i make my script file into daemon?
_________________
- Welcome In Red Hat Enterprise 4
- Welcome In Red Hat Enterprise 4
-
Restricting The Uploads
Fetched: December 24th, 2006, 12:36am GMT
Tags: Security [edit]
Author: server
Subject: Restricting The Uploads
Posted: Sun Dec 24, 2006 12:01 pm (GMT -5)
Topic Replies: 1
Assalam-o-Alykum All...!!!
currently im using this script to restrict limits
Quote: #!/bin/bash
IFACE="eth1"
CRATE="40Kbit"
if [ "$1" = "status" ]
then
tc -s qdisc ls dev $IFACE
tc -s class ls dev $IFACE
exit
fi
echo "Cleaning qdiscs if exists any"
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $IFACE root 2> /dev/null > /dev/null
if [ "$1" = "stop" ]
then
exit
fi
echo "Now Setting $CRATE per user at Interface $IFACE"
ipdstprefix="192.168.0."
classid="2"
classidnos="254"
classidnos2=$classidnos
ipdst="2"
tc qdisc add dev $IFACE root handle 10: cbq bandwidth 10Mbit avpkt 1000
tc class add dev $IFACE parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate 10Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
while [ $classid -lt $classidnos ]
do
tc class add dev $IFACE parent 10:1 classid 10:$classid cbq bandwidth 10Mbit rate $CRATE allot 1514 weight 1Kbit prio 5 maxburst 20 avpkt 1000 bounded
classid=$[$classid+1]
done
while [ $ipdst -lt $classidnos2 ]
do
tc filter add dev $IFACE parent 10:0 protocol ip prio 100 u32 match ip dst $ipdstprefix$ipdst flowid 10:$ipdst
ipdst=$[$ipdst+1]
done
its working fine on downloading speed, but i cant work on uploading speed, plz can any one tell how can i limit uploads to?
_________________
- Welcome In Red Hat Enterprise 4
- Welcome In Red Hat Enterprise 4
-
2 Isp Link same Lan
Fetched: December 24th, 2006, 8:36pm GMT
Tags: Security [edit]
Author: rmira
Subject: 2 Isp Link same Lan
Posted: Sun Dec 24, 2006 9:11 am (GMT -5)
Topic Replies: 2
I have some Problem my Lan, I want to use 2 isp Internet Link in my Lan,
one Internet link is real ip, and other is user name and password base internet access, but its not work for me to access 2nd lsp link, is its posible to access this same lan with different isp
thanks
-
ip tables
Fetched: December 24th, 2006, 8:36pm GMT
Tags: Security [edit]
Author: rmira
Subject: ip tables
Posted: Sun Dec 24, 2006 7:49 am (GMT -5)
Topic Replies: 1
This is my Ip tables
[root@hnet]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.16.83 anywhere
DROP all -- 192.168.16.48 anywhere
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
i can't stop internet access this 2 ip (192.168.16.83 and 192.168.16.4,
what wrong i am ?, i use transparent proxy ,by squid. Eth0 is internet and eth1 is Lan, i want block, Kazza,emule,and all p2p connection,cause my Bandwidth is slow,pls help me.
thanks
mypapit gnu/linux blog
-
INSERT : Linux Security and Rescue LiveCD
Posted: December 12th, 2006, 7:42pm GMT by mypapit
Tags: Security livecd rescuecd knoppix Linux [edit]
I’ve tried a compact and useful Linux Rescue LiveCD based on Knoppix. INSERT combine the functionality of network analysis and rescue application in a single LiveCD.
As a rescue LiveCD, INSERT support various filesystem including ext2,ext3,reiserfs,reiser4, jfs, xfs,vfat,ntfs (read write via ntfs-3g), minix,udf,hfs,hpfs,ufs,smbfs,nfs,sshfs and afs. INSERT also supports testdisk and photorec file recovery tool which I’ve reviewed previously.
As for network analysis and security part, INSERT include tcpdump, nmap, ethtool, ettercap, sendip, netcat,wipe, chkrootkit and rkhunter. Refer to INSERT LiveCD website for a complete list of applications
INSERT is compact (59MB) , and it fit straight into business card CD making it portable enough to put in your wallet. Although it lacks end user desktop application, I find INSERT is more useful than Damn Small Linux mainly because it supports more option for connecting to the internet.
Furthermore, I felt having DSL in my wallet isn’t as useful as having INSERT which have an array of recovery tools ready to use when my something happen to my GNU/Linux installations. And for that reason, I’ve ditched DSL from my wallet and replace it with INSERT :p
Download INSERT from : [insert.cd]
Tags: security, livecd, rescuecd, knoppix, security, linux, damnsmalllinux
linuxpakistan.net
-
IPTABLES Help
Fetched: December 4th, 2006, 12:35pm GMT
Tags: Security [edit]
Author: mudasir
Subject: IPTABLES Help
Posted: Sun Dec 03, 2006 6:50 pm (GMT -5)
Topic Replies: 3
Salam to all
I have installed FC5 with Squid 2.5 Stable 12 with TRANSPARENT PROXY....
I have enabled IP Packet Forwarding... and redirected all traffic from port 80 to 8080.....
but the problem i am facing is that none of the chat messengers are working. MSN is working but Voice and Video chat can not be done on it...
when i enter PROXY in yahoo messenger it works but again Voice and Video Chat can not be done on it...
I have applied these rule to make YAHOO and MSN work perfectly....
Quote:
# /sbin/iptables -t nat -F
# /sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.1/255.0.0.0 -j MASQUERADE
# /sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.1/255.0.0.0 -p TCP --dport 5000:5010 -j MASQUERADE
# /sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.1/255.0.0.0 -p UDP --dport 5000:5010 -j MASQUERADE
# /sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.1/255.0.0.0 -p TCP --dport 1863 -j MASQUERADE
# /sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.0.0.1/255.0.0.0 -p UDP --dport 1863 -j MASQUERADE
Still YAHOO and MSN Messengers are not working...
what i want to do is to allow all chat messengers like YAHOO, MSN, PALTALK, EYEBALL CHAT, MIRC, etc. to all client of network 10.0.0.0 and 10.0.1.0
So is there any way by which i will be able to do that...
I have to lan cards on server machine
Quote:
eth0 connected to ADSL modem
eth1 connected to local network
IP address of eth0 192.168.1.5
IP address of eht1 10.0.0.1
IP address of ADSL Modem is 192.168.1.1
I also want to know is there any method to test wheather tranxparent proxy is working or not...
_________________
Kind Regards
Mudasir Mirza (Admin)
Crystal Net
0321-2395320
-
MSN allow for specific user
Fetched: December 1st, 2006, 4:35pm GMT
Tags: Security [edit]
Author: majidnazeer
Subject: MSN allow for specific user
Posted: Fri Dec 01, 2006 5:41 am (GMT -5)
Topic Replies: 8
Hi All!
MSN is block on my network. i want to allow MSN for one user (Manager) only. others could not be use MSN.
Thanks
-
Mail Gateway
Fetched: November 27th, 2006, 4:35pm GMT
Tags: Security [edit]
Author: azfar
Subject: Mail Gateway
Posted: Mon Nov 27, 2006 2:11 am (GMT -5)
Topic Replies: 5
I am looking for free linux based mail gateway solution. Any recomendations ?
_________________
Azfar Hashmi
Email : azfarhashmi@hotmail.com
-
Linux based Open source Apps
Fetched: November 25th, 2006, 12:36am GMT
Tags: Security [edit]
Author: mudasir
Subject: Linux based Open source Apps
Posted: Sat Nov 25, 2006 12:13 pm (GMT -5)
Topic Replies: 5
AOA to all...
Can any one give me a link to page containing Linux Based Open Source Apps of all catagories....
and Open source PHP scripts for different purposes..
_________________
Kind Regards
Mudasir Mirza (Admin)
Crystal Net
0321-2395320
-
Yahoo Web Site Allow
Fetched: November 23rd, 2006, 12:35pm GMT
Tags: Security [edit]
Author: majidnazeer
Subject: Yahoo Web Site Allow
Posted: Thu Nov 23, 2006 12:24 am (GMT -5)
Topic Replies: 3
AoA!
I allowed only yahoo web site for specific user (192.168.0.22). But when i open yahoo web site on his pc, that page could not be open completely. I want to open yahoo web site on specific user completely. I successufully allowed gmail web site on same user(192.168.0.22). But yahoo web site couldn't work properly.
Thanks
Majid
-
permission for user2
Fetched: November 15th, 2006, 8:36pm GMT
Tags: Security [edit]
Author: usamahashimi
Subject: permission for user2
Posted: Wed Nov 15, 2006 7:00 am (GMT -5)
Topic Replies: 1
Hi
I have two user i.e user1 and user2. I want to block some softwares for user2 like xmms, firefox, gaim etc but i do not want them block for user1, how can i do this? Also both belong to same group i.e, "users" and distrubution is Kubuntu.
Thanks
_________________
usama
-
Downloading Prob...
Fetched: November 14th, 2006, 4:36pm GMT
Tags: Security [edit]
Author: mudasir
Subject: Downloading Prob...
Posted: Tue Nov 14, 2006 4:16 am (GMT -5)
Topic Replies: 5
Hi...
i have a problem...i have configured my linux box with SQUID 2.5 STABLE 12....and few IPTABLES rules.....
now the prob is that....i have configured DELAY_POOLS tag to limit downloading speed and to fix http bandwidth per user....now if any one tries to download any thing from our local multimedia server that we have here...it limits the bandwidth on that also...means downloading from local site easily gives 3 to 5 MBps speed....now it is giving the specified amount of bandwidth that i have specified in DELAY_POOLS tag....
what i want to do is that....not to limit bandwidth while downloading from any of our local sites....but the delay_pools should be applied to downloading from internet
i hope i will get some replies not like my previous post.....
only farrukh bhai replied .....
hope to get replies soon....
_________________
Kind Regards
Mudasir Mirza (Admin)
Crystal Net
-
YAHOO, MSN, PALTALK, MIRC Not Working
Fetched: November 10th, 2006, 12:36am GMT
Tags: Security [edit]
Author: mudasir
Subject: YAHOO, MSN, PALTALK, MIRC Not Working
Posted: Fri Nov 10, 2006 11:11 am (GMT -5)
Topic Replies: 4
I need your help.
I have a Cable net of about 100 users. currently i am running on Windows, i am shifting to Linux RHEL4. Now the problem is that i have configured Squid as i want it, but messengers like, MSN, YAHOO, PALTALK, EYEBALL CHAT and MIRC these are the messngers my clients use which are not working on LINUX SERVER.....
As i have read it in posts that this can be done by IPTABLES.....
I dont know how to use IPTABLES..........
Please help me out in making these Messengers Work, cause i am facing alot of problems....i have a dead line of 18th of November....Please Help me out....
And if you guyz can refer me a page for beginers guide of IPTABLES....
And also that i have installed Squid 2.6 Stable4....The Transparent Proxy Options
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
are not there......
So please also tell me how to Set Transparent proxy in Squid 2.6 Stable4
-----------------------------
_________________
Kind Regards
Mudasir Mirza (Admin)
Crystal Net
-
Yahoo Block
Fetched: October 30th, 2006, 4:35pm GMT
Tags: Security [edit]
Author: majidnazeer
Subject: Yahoo Block
Posted: Mon Oct 30, 2006 4:09 am (GMT -5)
Topic Replies: 3
Hi all!
I try to block yahoo through below command.
iptables -A FORWARD -p TCP --dport 5000:5010 -j REJECT
# iptables -A FORWARD -d cs.yahoo.com -j REJECT
# iptables -A FORWARD -d scsa.yahoo.com -j REJECT
But could not be block. Anybody can help me.
Thanks
Majid
-
Iptables not create rules
Fetched: October 21st, 2006, 8:35pm BST
Tags: Security [edit]
Author: majidnazeer
Subject: Iptables not create rules
Posted: Sat Oct 21, 2006 5:54 am (GMT -5)
Topic Replies: 3
Hi all!
I try to create rule by iptables. Command successfully run, but that rule not show in list.
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
when i check iptables list by iptables -L command. doen't have any entry. Anybody know how to solve this problem.
Thanks
Majid
-
Bandwidth Distribution in Squid 2.6 STABLE 4
Fetched: October 17th, 2006, 7:18am BST
Tags: Security [edit]
Author: mudasir
Subject: Bandwidth Distribution in Squid 2.6 STABLE 4
Posted: Mon Oct 16, 2006 7:39 pm (GMT -5)
Topic Replies: 3
Hi,
I am a newbie in Linux. I have installed Linux RH4e and trying to run squid on it. Uptill now everything is going fine, now what i want to do is that to apply bandwidth restriction on per user base. I have about say 80 users on my network, now i want all of them to get no more than 8Kbps, and no ports should be blocked.
Like right now i have no security or anything like it. I am also looking forward to know how to bind IP and MAC Addresses, and to open all ports for all users but only to restrict the bandwidth of each user so that they can do what ever thay want in a given amount of bandwidth.
I hope you guyz understand what i am lookinf for here.
Looking forward for your replies.
_________________
Kind Regards
Mudasir Mirza (Admin)
Crystal Net
-
IPSec GUI with Linux, Mandriva etc....
Fetched: October 9th, 2006, 4:36pm BST
Tags: Security [edit]
Author: aaziz
Subject: IPSec GUI with Linux, Mandriva etc....
Posted: Mon Oct 09, 2006 2:06 am (GMT -5)
Topic Replies: 2
Dear All,
can u tell me any any IPSec GUI Client with configure linux, prefer with Mandriva2006
Thanks in advance
aaziz
-
How to find Email addresses in squid log
Fetched: October 8th, 2006, 4:36am BST
Tags: Security [edit]
Author: sajidali
Subject: How to find Email addresses in squid log
Posted: Sat Oct 07, 2006 5:03 pm (GMT -5)
Topic Replies: 4
Hello every one i need some help about how to track email addresses in squid access log if some one sending fake email through my network please help me
Sajid Ali
-
Windows Live messenger block
Fetched: September 29th, 2006, 12:36pm BST
Tags: Security [edit]
Author: majidnazeer
Subject: Windows Live messenger block
Posted: Fri Sep 29, 2006 12:34 am (GMT -5)
Topic Replies: 8
Hi all!
I am using squid. i blocked MSN. But windows live messenger connect successfully. anybody can help me.
Thanks
-
Squid log viewer
Fetched: September 13th, 2006, 12:36pm BST
Tags: Security [edit]
Author: turab
Subject: Squid log viewer
Posted: Tue Sep 12, 2006 11:35 pm (GMT -5)
Topic Replies: 5
Salam,
Is there any log viewer for access.log of squid ?
Regards,
Turab
_________________
Good Judgement comes from Experience and Experience comes from bad Judgement!!
The more I know, the more I realize I don't know!?
The easiest way to find out is to try it!!!
Register Lynx user # 425340
-
Linux Faisalabad community on ORKUT
Fetched: September 12th, 2006, 8:36pm BST
Tags: Security [edit]
Author: nasacis
Subject: Linux Faisalabad community on ORKUT
Posted: Tue Sep 12, 2006 8:28 am (GMT -5)
Topic Replies: 2
dear plucian,
I created Linux Faisalad community on ORKUT, kindly join my community
Nafees
_________________
Nafees Ahmed
Nexlinx Internet Services
www.nexlinx.net.pk
nafeesahmed@nexlinx.net.pk
-
I have 1mb DSL link now I want to divide it into 2 parts
Fetched: September 12th, 2006, 8:36pm BST
Tags: Security [edit]
Author: shahg_shahg
Subject: I have 1mb DSL link now I want to divide it into 2 parts
Posted: Tue Sep 12, 2006 7:20 am (GMT -5)
Topic Replies: 2
Aoaâ¦dear I have little problem I have 1mb DSL link now I want to divide it into 2 parts one for squid and other for voice and for e-mails kindly tell me how I can do this I m using fc 4.
_________________
Aslam-o-Aliakum-Wa-Rahmatullah-Wa-Barakatuhu .. ALLAH Will Safe ISLAM
-
Authenticating Linux system users from Apache/Web
Fetched: September 8th, 2006, 4:36pm BST
Tags: Security [edit]
Author: sevensins
Subject: Authenticating Linux system users from Apache/Web
Posted: Fri Sep 08, 2006 4:41 am (GMT -5)
Topic Replies: 1
AOA,
what I would want to do is to authenticate a linux user via web browser to a centain directory e.g [domain.com] , the .htpasswd one I know but I want to run some cgi scripts that execute some bash scripts and need a valid linux user who is in the sudoers. So in short when the user access [domain.com] his system user should be passed so the cgi scripts executes and in it the command sudo service httpd restart can execute.
I added the apache user in sudoers and it works but I need the linux users..
Any help/suggestion would be much appreciated.
_________________
Regards,
Shehzad
-
Cache Sites in Squid
Fetched: September 2nd, 2006, 8:37pm BST
Tags: Security [edit]
Author: maiqbal
Subject: Cache Sites in Squid
Posted: Sat Sep 02, 2006 6:27 am (GMT -5)
Topic Replies: 1
Hi,
Is it possible to configure squid in such a way that it cache some sites permanently and will update it on the specific timings everyday?
I would like to cache the following knowledgebase sites and update them at 2am daily:
msdn.microsoft.com
technet.microsoft.com
linuxpakistan.net
Is it possible with refresh_pattern or some other way around?
Regards,
Muhammad Asif Iqbal
-
GroupWare solution using Linux
Fetched: September 1st, 2006, 4:36pm BST
Tags: Security [edit]
Author: maiqbal
Subject: GroupWare solution using Linux
Posted: Fri Sep 01, 2006 3:36 am (GMT -5)
Topic Replies: 4
Hi there,
Has anyone deployed a complete groupware email solution over linux; requirements would be:
Global address book
Shared Calender
Group Tasks
Group schedules
Public Folders with permissions
Portal
I am working on OpenXchange, Scalix and CommuniGate Pro but having a lot of problems. If someone has done it before I will appreciate to listen.
I will publish my experiences in this thread very soon.
Regards,
Muhammad Asif Iqbal
-
MAC to IP matching security in IP Tables
Fetched: August 30th, 2006, 4:36pm BST
Tags: Security [edit]
Author: maiqbal
Subject: MAC to IP matching security in IP Tables
Posted: Wed Aug 30, 2006 4:03 am (GMT -5)
Topic Replies: 16
Hi,
I am a newbie in linux so can anyone help me in the following situation:
I have 50 users on my LAN; I want 20 of them to access my linux machine and none of the others. Given 20 ips and 20 mac addresses from my network administrator.
I want to drop any connection to my linux machine on Eth0 (i.e. my LAN interface) if an ip is not mached with its appropriate mac address; I also want to drop all other ips as well as mac addresses beside the given 20
Can anyone help me in this regard?
Regards,
Muhammad Asif Iqbal
-
Time based download restrictions in Squid
Fetched: August 30th, 2006, 4:36pm BST
Tags: Security [edit]
Author: maiqbal
Subject: Time based download restrictions in Squid
Posted: Wed Aug 30, 2006 3:56 am (GMT -5)
Topic Replies: 4
Hi,
I am a newbie with squid so anyone please help with the following situation in mind:
[/code]
###Source ACLs ###
#
acl proxyusers src 192.168.0.2
acl proxyusers src 192.168.0.3
acl proxyusers src 192.168.0.4
acl proxyusers src 192.168.0.5
acl proxyusers src 192.168.0.6
acl proxyusers src 192.168.0.7
acl proxyusers src 192.168.0.8
#
acl downloaders src 192.168.0.11
acl downloaders src 192.168.0.12
acl downloaders src 192.168.0.13
acl downloaders src 192.168.0.14
acl downloaders src 192.168.0.15
#
#
#
#
#### Restrictions ####
#
acl filenames url_regex -i .mp3$ .mpeg$ .mov$ .asx$ .wmv$ .wma$ .avi$ .mpg$ .qt$ .ram$ .rm$ .iso$ .wav$
#
#
Code:
Requirements:
1. Proxyusers (acl proxyusers) should not be able to download any of the files in acl filenames
2. Want to allow downloaders to download the files in acl filenames but not in this time (evening 5pm till morning 5am)
3. I want to restrict all user (both proxyusers and downloads) to get an average speed of 4k and should not exceed from that at any time any day
Can someone please help me in this regard?
Regards,
Muhammad Asif Iqbal
Planet MYOSS
-
Praburaajan: HITBSecConf2006 !
Posted: August 30th, 2006, 10:43am BST by prabu
Tags: malaysia Hackinthebox Security Conference HITBSecConf [edit]
HIBSecConf2006 is just around the corner guys !, It’s gonna be fun since the arrangements are all in motion, this year there are 35 speakers from all over the world coming down to talk about stuff, Check out the Agenda and then there is 7 technical training tracks which are all pretty cool as well for the list of trainings available you can Click Here, and the Capture the flag game is gonna be fun cos there are a mixed group of hackers in the game there are malaysian teams, singaporean teams as well as an italian team so its gonna be intense !. So if you guys haven’t registered for the conference just go to [conference.hitb.org]. Students should come ! since its really affordable at RM250 per conf seat for students only and RM 499 for anyone else !, it’s probably the cheapest ever ! and well this is the largest network security event in asia !! So quick quick register today !
Technorati Tags: Malaysia, Hackinthebox, Security, Conference, HITBSecConf, Kuala Lumpur
-
Colin Charles: MySQL Connector/PHP for MySQL 5.0.24 and PHP 5.1.5 released
Posted: August 22nd, 2006, 5:49pm BST by byte
Tags: connector mysql mysqli PHP Security [edit]
We interrupt this scheduled viewing, for our faithful Windows users…
We have a new release of the MySQL Connector/PHP. MySQL has released 5.0.24 for a bit, and PHP themselves have released 5.1.5. The PHP release actually fixes some security related issues. Be sure to check the forums out if you encounter issues and if you fancy, the usual announce message.
Now back to your regular scheduled programming…
Technorati Tags: connector, ext/mysql, ext/mysqli, mysql, php, security
mypapit gnu/linux blog
-
owasp php filters - help sanitize php variables
Posted: August 21st, 2006, 5:26pm BST
Tags: PHP Security filters mysql sql [edit]
Internet is full of spam bots, autosubmitters, malicious users and worms that can compromise the security of your website at any given time, therefore you should be suspicious of any data you receive via GET/POST variable in your system.
Among the nasty things that could happen to your system when you don’t filter your data is, SQL injection, Script Injection, Email abusing and Remote Execution the attacker could deface your website or even wipe your entire database if you’re not careful with it.
One of the way to filter your data is to use preg_match to write regex rule for the variable that would be accepted.
However I find writing preg_match sometimes can be tiring, and that’s why I use owasp php filters to simplify the work for me. It consists of one function sanitize(), that take the variable that you want to filter and an option.
The option may be any of this value PARANOID,HTML,INT,FLOAT,LDAP,SQL,SYSTEM and UTF-8 that filters the type of data accordingly. For example if you want your variable to contain only floating-point number, then you can code it like this :
I isn’t much, but surely it will simplify your php coding a bit more, the other option is self-explanatory save PARANOID, which means that the variable will contain only alphanumeric character after sanitize.
SQL is handy if you want to include the variable value inside an SQL statement, this will avoid the risk of the notorious SQL injection which will affect the security of your data.
you can download OWASP PHP filter here
Technorati Tags: php, security, filters, mysql, sql, sql injection, injection
Planet MYOSS
-
Mohammad Hafiz bin Ismail: owasp php filters - help sanitize php variables
Posted: August 21st, 2006, 5:26pm BST by mypapit
Tags: PHP Security filters mysql sql [edit]
Internet is full of spam bots, autosubmitters, malicious users and worms that can compromise the security of your website at any given time, therefore you should be suspicious of any data you receive via GET/POST variable in your system.
Among the nasty things that could happen to your system when you don’t filter your data is, SQL injection, Script Injection, Email abusing and Remote Execution the attacker could deface your website or even wipe your entire database if you’re not careful with it.
One of the way to filter your data is to use preg_match to write regex rule for the variable that would be accepted.
However I find writing preg_match sometimes can be tiring, and that’s why I use owasp php filters to simplify the work for me. It consists of one function sanitize(), that take the variable that you want to filter and an option.
The option may be any of this value PARANOID,HTML,INT,FLOAT,LDAP,SQL,SYSTEM and UTF-8 that filters the type of data accordingly. For example if you want your variable to contain only floating-point number, then you can code it like this :
I isn’t much, but surely it will simplify your php coding a bit more, the other option is self-explanatory save PARANOID, which means that the variable will contain only alphanumeric character after sanitize.
SQL is handy if you want to include the variable value inside an SQL statement, this will avoid the risk of the notorious SQL injection which will affect the security of your data.
you can download OWASP PHP filter here
Technorati Tags: php, security, filters, mysql, sql, sql injection, injection
linuxpakistan.net
-
supernetting
Fetched: August 6th, 2006, 8:36pm BST
Tags: Security [edit]
Author: ilias
Subject: supernetting
Posted: Sun Aug 06, 2006 8:27 am (GMT -5)
Topic Replies: 5
Hi all
I have class C network of 192.168.0.x, almost i have 240 host on the network and running out of IP address. I don't want to change to 172.16.x.x. or 10.x.x.x
I have decided to do supernetting i.e i will have another network of 192.168.1.x and change the subnetmask of both network to 255.255.254.0, so that both the network will behave as one.
MY QUERY is that, will this supernetting will have any effect on network performance