Posts RSS Comments RSS Computer Network, System and Security stuff
This wordpress theme is downloaded from wordpress themes website.

Archive for the 'Protocols' Category

IPv6 tunneling and security

Interesting article to read about IPv6 tunneling and security aspects. The commends are worth reading too.

Follow this link.

JC :: Nov.04.2009 :: Defense, Network, Protocols, Security :: No Comments »

Introduction to network attacks : Physical Layer

That will be a short article, mainly because of two things. First, some methods are beyond my knowledge, involving electronics or hardware manipulation. Second, such methods are not efficient compare to higher level ones, and so rarely used.

The mere concept of a physical attack implies that you have a direct physical access to your target, giving you the ability to modify it as you wish.
This is an ideal situation for an attacker, not quite common. And in that case, there is nothing much to be done on the defensive side.

Continue Reading »

JC :: Aug.24.2008 :: Hacking, Network, Protocols :: No Comments »

FTP configuration issues

I found that it was a real mess to set up a FTP server in a DMZ, behind a firewall Cisco Asa (501 model with IOS version 7.0).

The FTP server is on the DMZ area, and therefore I natted a public IP to the private IP in the DMZ subnet of this server.

static (dmz,outside) <public IP> <private_IP> netmask 255.255.255.255

Doing so, I expect that my FTP server (like Vsftpd on Linux) to be reachable within its public IP, from the Asa external interface.
Continue Reading »

JC :: Nov.02.2007 :: Cisco, Firewalling, Linux, Network, Protocols, Security :: 3 Comments »

Perl : how to monitor a service remotely using sockets

I came to program my first Perl script based on sockets, after setting an IPSEC tunnel.

This tunnel is linking the remote peer and the local peer through an OpenBSD VPN gateway (managed with Isakmp).

The problem is that time allowed for this connection is limited, for security policy reasons. So it is not a 24- hour standard tunnel, but rather an on-demand type connection.

Note that the connection is automatically reset by the remote peer, by invalidating the connection cookie and therefore oblige to renegotiate the VPN tunnel from the beginning (phase 1 of the key exchange).

In other words, the Isakmp service has to be restarted every time we need the tunnel to be up.

Of course, it is not the purpose of Isakmp to have such a mechanism and what we want is to start the tunnel from the local peer, every time it needs to do some transfer.

The graph below summarizes the situation :

IPSEC tunnel with OpenBSD as a VPN gateway

That is why I came to develop a script that opens a socket and allows the peer to remotely restart the Isakmp service.

Continue Reading »

JC :: Jul.15.2007 :: Network, OpenBSD, Perl, Protocols :: No Comments »

OpenVPN and DNS on a linux client

I got a weired issue with Linux clients while it worked fine with Windows machines. For some reason, the /etc/resolv.conf did not get updated. I found out a workaround thanks to this page. Of course, your server configuration file must contain (if 192.168.1.1 is your DNS server):

push "dhcp-option DNS 192.168.1.1"

Continue Reading »

JC :: Dec.07.2006 :: Admin, Cisco, Cryptography, Desktop, Hacking, Hardware, Linux, Network, News, Perl, Protocols, Security, System, Web :: 6 Comments »

Still buying movies offline?