Tunnel your tcp traffic through ICMP echo/ reply packets or UDP 53(DNS) packets

So you are at a local coffee shop with your laptop and see an open access point that you want to connect to. You connect to the AP and open up your favorite webrowser, only to find that you are presented with a page that asks for a code for you to proceed with your internet cravings. WTF !! Many places such as coffee shops provide you with wireless internet connectiviy at a small cost (usually more than the coffee you purchased). You recieve a code when you purchase the coupon for wireless access and then you go onto your webrowser, enter that in and the you’re good to go. Well for almost everything digital, there is most likely a walkaround to do things and in this case there is. Enter the world of protocol tunneling. The basic idea behind this is to transfer data from one protocol or port number, using another protocol (or port number). Read more

Helpful log parsing tips

tux_awk1Most programs and services produce logs. When a user visits an apache web server, the service will most likely keep a log of that request, along with the date and requester’s ip address. Other details might be logged as well. Here us an example of some entries in a logfile: - - [21/Sep/2011:11:04:40 +1000] "GET / HTTP/1.0" 200 468 - - [21/Sep/2011:11:07:48 +1000] "GET /login.php HTTP/1.0" 200 6433

Log files would usually contain hundreds of such entries, most, if not all of which are important to us. If there is an issue with a service, perhaps there is an entry in the logfile that can tell us why. Another scenario is where management require some statistical information. For example, how many unique IP addresses visited their website in the past hour and what pages did they visit. Or which web pages are the most frequently visited. Read more

Install and Config Fail2Ban in Debian 7 Wheezy

debianFail2Ban (authentication failure monitor) is an intrusion prevention software, written in Python. Fail2Ban analyzes various services log files (ssh, apache, postfix etc) and if it detects possible attacks (mainly Brute-force attacks), it creates rules on the firewall (iptables and many others) or tcp wrappers (/etc/hosts.deny) to ban (temporarily or permanently) the wannabe hacker. Simultaneously, fail2Ban informs system administrator with email for its activity in real time.

Some activities which considered as attacks are: Read more

1 2 3