August 2010
1 post
1 tag
vmware and ubuntu kernel update
You just upgraded to the latest ubuntu kernel available and vmware stopped working. This time, running the vmware-config.pl script has not be sufficient. It worked but the job was done badly.
This patch solved my problems with the latest ubuntu 10.04 kernel: http://communities.vmware.com/thread/267682
Right after applying patches, re-run the vmware-config.pl script.
July 2010
1 post
1 tag
SPF DNS top domains report
As of 24th july:
dig +short TXT -f top10 | grep spf | wc -l => 7
dig +short TXT -f top100 | grep spf | wc -l => 67
No ip6 filtering within the top100
June 2010
5 posts
Hacking mindmap →
ssl/ssh multiplexer →
1 tag
Cisco Nexus troubleshooting notes
Some commands useful for troubleshooting the nexus platform:
show feature
show version
show system reset-reason
show logging onboard stack-trace
show logging nvram
show proc mem
show system internal kernel meminfo
show system internal flash
show system internal kernel malloc-stats
show system internal kernel memory global detail
show system internal kernel skb-stats
show system...
Google IPv6 Implementors Conference (since 2008) →
1 tag
May 2010
11 posts
Old Version Downloads - OldApps.com →
SixXS - IPv6 Deployment & Tunnel Broker :: IPv6... →
1 tag
2 tags
Scapy and checksum calculation
Sometimes you have to (re)calculate a checksum when you modify packets or when you try to solve friends networking challenge like the following:
I’m 45000064000f0000fe013726c0a80108c0a8030b - a 20 bytes IP header.
What will be my checksum after the next hop? :-)
It’s easy with scapy … first, import the hex, modify the TTL, delete the checksum then apply show2() function. This one...
1 tag
OpenBSD 4.7 goodies and Cisco
Meat and goodies:
OpenBSD and Cizcoeee:
OpenBSD 4.7 official release date is 19th May of 2010 but already available as pre-order.
Leon’s ten rules for improved network security →
2 tags
Big LAN and ARP broadcast
Sometimes the network suffers from a very BAD design (like large L2 domain).
In this situation, some (normal) network behavior are more visible than it should if the network had a better designer.
The reason of the bad design is often part of the history OR the hired consultant dislikes th company he works for and ship them with a bad design :D
One of the visible phenomenon occurs when many...
1 tag
Wireshark configuration for Check Point fw monitor
Here is how to set-up correctly wireshark in order to read fw monitor output friendly:
ctrl+shift+p
Protocols / Ethernet / Attempt to interpret as Firewall-1 monitor file
Protocols / FW-1 / Monitor file includes UUID and Interface list includes chain position
User Interface / Columns / Add : fw-1 chain|FW-1 monitor if/direction
Apply preferences
View / Coloring rules / New
preIn /...
1 tag
802.3x prezo
Breaking the myth about 802.3x usage. Here is a public prezo I did for a customer.
Click here to download the prezo.
Table of contents:
Do you really know Flow Control?
802.3x standard
Places where you will find 802.3x
Pause frames were created to defeat non wirerates switches
Symetric vs Asymetric 802.3x
Asymetric speed connected to the same L2 device
Flow control on...
1 tag
Wireshark · OUI Lookup Tool →
The Wireshark OUI lookup tool provides an easy way to look up OUIs and other MAC address prefixes. It uses the Wireshark manufacturer database, which is a list of OUIs and MAC addresses compiled from a number of sources.
1 tag
Wireshark: extract HTTP objects from captured...
Looking for an elegant way to extract HTTP objects (images, javascript, …) from a pcap file?
Open the pcap file under wireshark then click on FILE => Export => Objects => HTTP.
April 2010
26 posts
1 tag
802.3x blackhat pownage
Little leak from a future prezo for a customer:
802.3x flow control is a quick&dirty protocol. If you have physical access to install a hub anywhere on the network or already have a victim host under control it could lead to a massive Ethernet Denial of Service.
It’s very easy to kill a network at layer 2 if mitm is possible and flow control receive is on by replaying quanta 65535...
Haha received another inquiry from PHP.Hop willing users! yes! phphop rstack page is down. Pls look at HiHat or glastopf projects.
1 tag
1 tag
cleaning python code after a fast and furious session
3 tags
ldpscapy
My last intern developped a MPLS LDP scapy layer.
You can find it here : http://savannah.nongnu.org/p/ldpscapy
Usage example:
LDP(id=”10.2.1.2”)/LDPHello(params=[180,1,1])/LDPInit(id=0x18,rid=rid)/LDPKeepAlive(id=0x19)
1 tag
Offensive Security - The Exploit Database →
The ultimate archive of exploits and vulnerable software - A great resource for vulnerability researchers and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
2 tags
LINUX Kernel Debugging and Crash Dump Analysis →
User-land & kernel-land debugging tools, lkcd toolchain, k(g)db, …
printk is your friend! Could be better than a crontab with few userland commands output - priv8 j0ke! :)
1 tag
1 tag
Impressive skating from Julien Cudot!
Programming Ground Up →
Best of VIM Tips, gVIM's Key Features zzapper →
Metasploit Framework - /external/source/shellcode... →
1 tag
NASM Manual →
This manual documents NASM, the Netwide Assembler: an assembler targetting the Intel x86 series of processors, with portable source.
2 tags
fuzzdb →
Web Fuzzing Discovery and Attack Pattern Database
4 tags
web nowadays: what you see is not what you get
2 tags
2 tags
My spare time is somewhat busy the past weeks
Because of:
Aggressive inline skating - My Salomon STI pro with Featherlite2 frames rolls again as the sunny days are back
A coding project in Python about network security. Actually 3476 lines and growing up every day
Focus focus focus on the objectives
US-CERT Current Activity →
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Linux Assembly →
UNIX assembly programming related resources.
.fr taxes government disclose their ipv4 internal addressing through the online taxes email campaign #fail #each-year
Cyclops →
Cyclops is able to detect several forms of route hijack attacks
Auditing DNS infrastructure security
1 tag
Happy Easter 2010! Roller Bunny
♺ @daveaitel: Penetration Testing: Learn Assembly? http://dlvr.it/QYrY
March 2010
28 posts
Prep’ping windows forensic cdrom for live action soon
1 tag
EDNS0 DNS PMTU
EDNS pmtu calculation:
$ dnsfunnel -t A @c.dns.gandi.net packetfault.org 217.70.182.20 4096B 0.001536 217.70.182.20 2304B 0.001531 217.70.182.20 1408B 0.001587 217.70.182.20 960B 0.001484 217.70.182.20 736B 0.001468 217.70.182.20 624B 0.001484 217.70.182.20 568B 0.001468 217.70.182.20 540B 0.001444 217.70.182.20 526B 0.001635 217.70.182.20 519B ...
1 tag
BGP ASN collision
Gem from the past:
% whois -h whois.ripe.net AS1712
aut-num: AS1712
as-name: FR-RENATER-ENST
descr: Ecole Nationale Superieure des Telecommunications,
descr: Paris, France.
descr: FR
% whois -h whois.arin.net AS1712
OrgName: Twilight Communications
City: Wallis
StateProv: TX
Country: US
oups!
2 tags
vmware is installed, but it has not been...
Here is how to solve the “vmware is installed, but it has not been (correctly) configured” message.
# service vmware start
VMware Server is installed, but it has not been (correctly) configured
for the running kernel. To (re-)configure it, invoke the
following command: /usr/bin/vmware-config.pl.
root@Networker:/etc/vmware# mv not_configured not_configured_backup
...
1 tag
The great firewall block dns g root server
The great firewall of China block the g root serv0r
http://www.cymru.com/monitoring/dnssumm/index.html
1 tag
DNS for Rocket Scientists - Contents →