Projects…interjects…Part Deux!


Yesterday was a fantastic day trying to get the IP data field to be pointed to by in the skbuff structure. The documentation in the files did not help make things clearer.
The situation was where I was supposed to use the
unsigned char* data field in the skbuff structure to point to the IP data starting point.
Tried a lot of pointer math and the following finally worked:
IP Data pointer location:

unsigned char * ptr = sb->data +
int byte_size = ntohs(sb->nh.iph->tot_len) –

In fact, Vinay Reddy (vinayvinay@gmail.com) suggested something which I think was even better than the stuff that was working for me. He said the pointer value should be:

unsigned char * ptr = sb->nh.iph->raw + sb->nh.iph->ihl*4;

I think this actually grabs the gist of what I exactly want to do.
I *really* want to point with respect to the IP Header. I do not really care about where sb->data really points to so I guess Vinay’s method is much better. Haven’t implemented it so I really don’t know but sounds the most logical!

– Rajat


Error: Installshield Engine could not be launched


I was being troubled by the error:
The InstallShield Engine (iKernel.exe) could not be launched.
The RPC Server is unavailable.

If you start the service “DCOM Server Process Launcher” you should be able to do away with this error.


Something new that I learnt in Excel


While my roommate was doing an excel sheet I came to know of an interesting thing:
If you wanted to transpose rows and columns in an excel file (i.e. interchange rows and columns) just select all the rows and columns that you want to be interchanged and copy them. Then select another cell outside the selected range and right-click. Then click on “Paste Special” and then click on the check box on “Transpose”. That’s it!


System Information


This has been a weird one, finding version information on the operating systems.
On Ubuntu, the following gets the version information
  cat /etc/issue
  cat /etc/lsb-release

On Linux, finding the kernel version
  uname -a
  cat /proc/version

On Windows, from Start-> Run -> cmd.exe

This is very simple but still there are a few times when memory fails and we’re not able to do the obvious.

To see the information about the hardware mapping :

Finding your CPU Information
  cat /proc/cpuinfo

Finding memory information
  cat /proc/meminfo

Maximum number of SYN requests that the host will remember which did not receive an ACK from clients:
  cat /proc/sys/net/ipv4/tcp_max_syn_backlog

Finding data bus-size or bit-size i.e., whether my CPU is 32-bit or 64-bit:
  sudo lshw -C cpu | grep width


Using awk with bash variables


I wanted to use variables in a bash script’s for loop inside awk’s print statement.
Here’s an easy way to do it – enclose the bash variable within "’"

Here’s a sample scripts to take a list of IPs and do a DNS lookup and generate a CSV:

for ip in `cat ips.txt`
host $ip|grep -v NXDOMAIN|sed 's/\.$//g'|awk '{print "'"$ip"'"","$NF}'

MS Word and Printed Watermarks – Stupidity


Using watermarks in word documents looks really cool. But the problem occurs when the documents become too big. In such cases, the document becomes exceedingly slow to react to scrolling. Adobe PDF conversion is an even bigger problem.
To remove the watermark it is simple enough : Format -> Background -> Printed Watermark. Then click on “No watermark” and you are golden (or you should be golden).
I’ve observed that the watermark does not get removed many times when you have too many sections in the document.
In such cases: Goto View -> Header and Footer. Click on “Show/Hide Document Text”.
You should see that all your text has disappeared except the watermark. Click on the watermark and you should be able to select it like a floating image. Press the “delete” key and lo! behold! the watermark is gone.
This took me a while to figure out and it was quite frustrating. I hope this post helps someone!


Cisco Router Security


Long time since I posted anything here …. but it’s just been those times been busy as a bee. So securing Cisco routers is a big deal especially since the routers (especially the edge routers) can be critical to any organizations infrastructure. I am not a Cisco guru but am only a student. However, I thought I should create a list that could help me perform security reviews of routers.
Security of routers is important as attackers could add static routes, advertise bad BGP neighbours on edge routers, create inbound tunnel into the intranets and such. Therefore, it’s imperative that adequate efforts be put in to secure Cisco routers.

I thought I’ll put in my first attempt at creating a small checklist:

  1. Use SSH for non-console access (“line vty” command should not have telnet in it)
  2. Use class 5 passwords, do *not* use class 7 passwords as they’re easily reversed (“enable secret”) alongwith the use of strong passez
  3. Limit virtual terminal access by using an ACL
       access-list 100 permit log
       access-list 100 permit log
       access-list deny any log
       line vty 0 4
        access-class 100 in
  4. Disable Proxy ARP on each interface (“no ip proxy arp”)
  5. Disable CDP as it can be used for information disclosures (“no cdp run”)
  6. Use AAA (TACACS+ or RADIUS) (“aaa new-model”, “aaa authentication”, etc.)
  7. Use “access-list ACL_NAME deny ip any any log” at the end of each ACL
  8. Disable http server (“no ip http server”)
  9. Keep the IOS versions updated
  10. Set centralized logging using a syslog (“logging internal_ip_address”)
  11. Configure NTP to keep the time synchronization (“ntp server”)
  12. Disable TCP and UDP small services e.g., echo, chargen, discard, etc. (“no service tcp-small-servers” and “no service udp-small-servers”)
  13. Put RFC 1918 (ingress filtering) protections using ACLs
       access-list 100 deny ip any log
       access-list 100 deny ip any log
       access-list 100 deny ip any log
       access-list 100 deny ip any log
  14. Put some more filtering for common IPs
       access-list 100 deny ip any log
  15. Use SNMPv3 with ACLs if you must (“snmp-server v3 auth priv”)
  16. Use SSHv2 (“ip ssh version 2”)
  17. Try to use EIGRP instead of RIP/OSPF (“ip authentication mode eigrp N md5”)
  18. Use MD5 authentication for RIP/OSPF if you must use these protocols (RIPv2/OSPF)
    (“ip rip authentication mode md5”)
  19. For edge routers using BGP authentication (if possible)
       router bgp 10
        neighbor password Cr4zY$%^
  20. Configure BGP route flap dampening that prevents BGP oscillations (“bgp dampening”)
  21. Use warning banners that could be used for legal purposes for prosecuting hackers