11.01.2008

Word, back

WB. It has been just about a year since my last post. It seems like I blinked and the time all passed me by. Well, I've definitely been busy. Busy is good! I'm going to make time to start posting here again and hopefully I'll get some readers back. :D Late PM/ Early AM...who knows anymore...I fixed the dead images and cleaned up the links sections. I think I'm ready to drop a good post tomorrow or maybe I'll just see you next year. Same time, same place?

Latez

11.14.2007

Windows DNS Server Cache Poisoning

Amit Klein finally released his research on Windows DNS Server Cache Poisoning today. He discovered the vulnerability that enables DNS cache poisoning attack against the Windows DNS server back in April. It took Microsoft over 6 months to come up with a patch. The weakness found is in the transaction ID generation algorithm. This is very similar to some of Amit's earlier research on Bind 8 & 9 dns cache poisoning. Here are the links to the research.

Windows DNS Server Cache Poisoning

BIND 8 DNS Cache Poisoning

BIND 9 DNS Cache Poisoning

8.21.2007

Botnets Become More Evasive

Botnets have adapted once again to become more evasive and reliable. They are now working in a more organized and coordinated fashion. Botnets are now employing load-balancing and high-availability techniques similar to those used by high traffic web applications. Here is some good reading material on the newest trend in bots...Fast-Flux Botnets.

Fast flux foils bot-net takedown

Know Your Enemy: Fast-flux Service Networks

8.04.2007

Broadband Blockage of Outbound SMTP

Recently, I've noticed that more and more broadband ISPs are blocking outbound SMTP connections (TCP Port 25). I'm guessing this is an attempt to slow down all the spam relayed from infected computers on their networks. Instead of taking a more proactive approach and looking to better protect their user base some ISPs have opted for an easy and abrasive solution. They say lets just block outbound SMTP. Well, this affects many legit customers that are road warriors that work from home. Some of these remote workers VPN into work and should not encounter this issue, but I'm sure there is still a large number of remote workers that need to connect directly to TCP port 25. Do you think that maybe this is a ploy to sell more broadband business accounts without restrictions? Who knows! Anyways, this is how I got around this little inconvenience. If your mail server is running linux or unix and you have iptables installed.

iptables -t nat -A PREROUTING -d mail.ip.goes.here -p tcp --dport 26 -j REDIRECT --to-ports 25

Now, instead of connecting to TCP port 25 on your mail server...try connecting to TCP port 26. You should successfully connect and be able to do your business. :) This same technique can be applied if you have a network or host based firewall/nat device. All it's doing is redirecting traffic from TCP port 26 to 25.

7.05.2007

Wordpress Captcha Plugin

CapCC is a Wordpress Captcha Plugin used for user registration and comments. I am using it on all my Wordpress blogs and loving it. The combination of CapCC & Akismet for fighting spam on your blogs is lethal. :)

5.29.2007

Dynamic DNS Script for Namecheap.com

I have an Apache 2.2 web server running Debian Etch Linux on cable broadband Internet. My Internet Service Provider(like many others) charges way too much for static IP addresses. So the problem that I have is that my ISP frequently changes my IP, so static domain name resolution would suck. Also, I got lucky and my ISP leaves HTTP port 80 open. The solution to my problem is registering my domain with a domain registrar that offers dynamic DNS. I have chosen Namecheap.com because they offer dynamic DNS and have free whois protection. I checked out the Namecheap.com knowledge base to see exactly how their dynamic DNS works. There are a few clients that support Namecheap.com dynamic DNS for Windows. There is ddclient which supports Linux, but I decided since it was only a HTTP GET request I would just write a quick Perl script to do the task. The only requirement is that you have the LWP module installed. I setup a crontab so that every 10 minutes the script is called like this:

0,10,20,30,40,50 * * * * /home/dns/dynamicdns-namecheap-v1.pl >/dev/null 2>&1

You can download the Dynamic DNS Script for Namecheap.com here and the source is below.

#!/usr/bin/perl
#Perl script to update Dynamic DNS for Namecheap.com
#dynamicdns-namecheap-v1.pl
use strict;
use LWP::Simple;
my($ip, @hosts, $host, $domain, $domainpw, $url, $content);

@hosts = ("www","*");
$domain = "yourdynamicdnsdomainname.com";
$domainpw = "yourdynamicdnsdomainpassword";
$ip = `ifconfig eth0 |grep inet | awk \-F \: \'\{print \$2\}\' | awk \'\{print \$1\}\'`;

foreach $host (@hosts) {

$url = "http://dynamicdns.park-your-domain.com/update?host=".
$host."&domain=".$domain."&password=".$domainpw."&ip=".
$ip;
$content = get($url);
die "cant connect to dubdubdub" unless defined $content;
print $content."\n"; # uncomment for output
}

5.24.2007

Wordpress 2.1 Vulnerabilities

Over the past few weeks there has been some vulnerabilities that have surfaced for Wordpress 2.1.* releases. The first link is sql injection attack in a weakness of xmlrpc.php. A prerequisite is that you must be a user on the target wordpress blog. The second link describes a blind sql injection attack on admin-ajax.php. The third link is the advisory of the admin-ajax.php exploit. The fourth link is to the proof of concept exploit code. I would highly recommend that you upgrade any older wordpress blogs. Enjoy! ;)

Wordpress 2.1.2 xmlrpc Security Issues

Wordpress admin-ajax.php Sql Injection

[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3

WordPress 2.1.3 sql injection blind fishing exploit

5.22.2007

Blogger with Your Own Domain

The goal I set out for is simple. I own the blog digitalcartel.blogspot.com and I have a few posts, but I wanted it on my own domain. I didn't want to migrate the existing posts and content to another blog system. I browsed blogger's management interface a little and noticed that in the Settings section there is a publishing tab that has domain options. Once your there, google has a very helpful link on the domain setup process. Okay, so now you know that we have to create a CNAME record for our domains DNS. Well, this goes one of two ways...Either your registrar is hosting your DNS or you are hosting it on your own. If you have it hosted by a registrar, go ahead and check this google page for more information. I happened to be hosting my own DNS and I'm running djbdns. You can only choose one host to point at google. I choose www.digitalcartel.org to avoid any conflicts involved with using a CNAME on your base domain. My CNAME alias entry in djbdns:

Cwww.digitalcartel.org:ghs.google.com

So now you have the CNAME alias in place so you just complete the rest of the steps from previous links. Once www.digitalcartel.org was working with my blog I was happy. But!!! I wanted the base domain digitalcartel.org to work with the blog as well. My solution of choice is mod_rewrite since I've been using it alot lately. I went ahead and made an DNS A record for digitalcartel.org and pointed it to one of my webservers. My A Record in djbdns:

+digitalcartel.org:1.8.7.0:3600

Basically, I just added the following to the apache webserver configuration to redirect anything heading for digitalcartel.org to www.digitalcartel.org. You could also put this in a .htaccess file.

ServerName digitalcartel.org
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)$
RewriteRule ^.*$ http://www\.%1 [R]

Once this was put into position, now I'm satisfied. :)

5.07.2007

Apache Mod Rewrite Cheat Sheet

Today I was struggling with mod rewrite and as usual feeling lazy. I really didn't want to dig through my apache books/ebooks. I came across this cheat sheet and it was exactly what I needed. Also, see the Apache mod_rewrite reference documentation and URL Rewriting Guide. Maybe if I'm not too lazy sometime next week I will post some examples of how I have used it. :)

4.19.2007

Linux printing with DELL 3100 CN

The goal I set out is to be able to print over the network from my Debian Etch laptop to a Dell 3100CN printer. The first part was just figuring out how to set the printer to have a static IP address. So I hit up the dell support site
for the manual. There is a web interface, but thats for noobs. I myself am a panel hacker. So below is how you would setup your network connectivity. Pay attention to the notes. Assigning an IP address is major stuff. You need an administrator for this or you could blow up your printer.

Assign an IP Address

An IP address is a unique number that consists of four sections that are delimited by a period and can include up to three digits in each section, for example, 111.222.33.44.

Assigning an IP address already in use can cause network performance issues.

NOTE: Assigning an IP address is considered as an advanced function and is normally done by a system administrator.
NOTE: Do not continue with this procedure until you have the following three addresses:
- IP Address
- Subnet Mask Address
- Gateway Address

For more information on using your operator panel, see "Operator Panel."

  1. Turn on the printer.

The Ready to Print appears.

  1. Press Menu.

  2. Press until Configure appears, and then press or .

  3. Press until Network appears, and then press or .

  4. Press until TCP/IP appears, and then press or .

  5. Press until IP AddressSetup appears, and then press or .

  6. Press until Panel appears, and then press .

  7. Press .

  8. Press until IP Address appears, and then press or .

  9. The cursor is located at the first digit of the IP address. Press to enter the numbers for the IP address.

  10. Press .

The cursor moves to the next digit.

  1. Repeat steps 10 and 11 to enter all of the digits in the IP address, and then press .

  2. Press .

  3. Press until Subnet Mask appears, and then press or .

  4. Repeat steps 10 to 11 to set Subnet Mask, and then press .

  5. Press .

  6. Press until Gateway Address appears, and then press or .

  7. Repeat steps 10 to 11 to set Gateway Address, and then press .

  8. Turn off the printer, and then turn it on again.
Okay, so you made it through the printer side configuration. Now, you get on your laptop and download Dell 3100 CN Postscript Printer Description File.
Then do the following:


1. Click "System" → "Administration" → "Printing"
2. Double Click "New Printer"
3. Click "Network Printer"
4. Choose "HP Jetdirect"
5. Enter of the printer
6. Choose "Install Driver..." and select the previously downloaded Dell_3100cn.ppd as the driver file
8. Select "Laser Printer 3100cn v3015.102 PS"
9. Enter the printer name, description, and location
10. Choose "Apply" and print test page.

Apparently, the above process is all good for Ubuntu. On Debian Etch, I was still having an issue, so I peeped out "/var/log/cups/error_log" and it was complaining about missing a file. So I busted out...
#cp /usr/local/src/Dell_3100cn.ppd /usr/share/ppd/
and now all is well. Mission accomplished. Time for a beer. ;)