ZebOS 7.7 launches in April – going to support PBB-TE
ZebOS is a Layer 2 and Layer 3 carrier-class routing and switching software suite from IP Infusion, a subsidiary of Japanese mobile software vendor Access
Provider Backbone Bridge Traffic Engineering (PBB-TE) is causing a bit of a stir in the land of the network geeks. Basically, it's hyped to be a replacement for MPLS (mostly by nortel though, and they have little to loose in this market). Lightreading published an article about in April last year.
Anyroad, this release of ZebOS (a customised version of the FOSS Zebra router project, which they sponsor) enables 'some proper serious networking s***' (a direct quote from one of said geeks), all running off of standard off the shelf hardware. Although not the first project to promise (and even deliver) this sort of thing, I have to say it does look a lot more like a serious contender, especially in the world of low cost campus/metro area networks, if you can throw a couple of cheap white boxes in a local hub and deliver a good enough level of QoS & security to make carriers smile then I can see the likes of Juniper & Cisco missing out on some serious cash down the road, but that of course has been said before. Only time will tell.
iplist – block bad p2p traffic HOWTO on a headless server.
iplist is cool. It sits inline with any current firewall that you have and filters selected (government, bad trackers, etc) traffic.
This is how i installed it on a headless edgy server.
apt-get install libnetfilter-queue1sun-java5-jre libnfnetlink1 cd /tmp wget http://downloads.sourceforge.net/iplist/iplist_0.19-0etch1_i386.deb dpkg --force-depends -i iplist_0.19-0etch1_i386.deb sed -i 's/AUTOSTART="No"/AUTOSTART="Yes"/' /etc/ipblock.conf update-rc.d ipblock defaults ipblock -u /etc/init.d/ipblock start
Rename hardware devices (like eth0) using udev for linux
shamelesly stolen
udev is a daemon which dynamically creates and removes
device nodes from /dev/, handles hotplug events and loads drivers at
boot time. It replaces the hotplug package and requires a kernel not
older than 2.6.12.udev - /dev/ and hotplug management daemon
Centos & redhat persistent static routes
On redhat centos
For each device, (say eth0) create the file: /etc/sysconfig/network-scripts/route-eth0
And the contents should be something like:
10.0.1.0/24 via 192.168.2.4 dev eth0
10.0.4.0/24 via 192.168.2.2 dev eth0
Changing windows Mac address
Method 1:
This is depending on the type
of Network Interface Card (NIC) you have. If
you have a card that doesn’t support Clone MAC address, then you have to go to
second method.
-
Go
to Start->Settings->Control Panel and double click on Network and
Dial-up Connections. -
Right
click on the NIC you want to change the MAC address and click on
properties. -
Under
“General� tab, click on the “Configure� button -
Click
on “Advanced� tab -
Under
“Property section�, you should see an item called “Network
Address� or "Locally Administered Address", click on it. (See
figure below as an example)
-
On
the right side, under “Value�, type in the New MAC address you want to
assign to your NIC. Usually
this value is entered without the “-“ between the MAC address numbers.
-
Goto
command prompt and type in “ipconfig /all� or “net config rdr� to
verify the changes. If the
changes are not materialized, then use the second method. -
If
successful, reboot your systems.
This method requires some
knowledge on the Windows Registry.
If you are not familiar with Windows Registry, just use the simple-to-use SMAC
MAC Address Changer to change the MAC addresses (the easiest and safest
way,) or consult with a technical
person before you attempt on the following steps.
Also, make sure you have a good backup of your registry.
1.
Goto command prompt and type “ipconfig /all�, and
I. Record the Description for the NIC you want to change.
II. Record the Physical Address for the NIC you want to change.
Physical Address is the MAC Address
figure 1.
2.
Goto command prompt and type “net config rdr�, and you should see
something like
figure 2.
3.
Remember the number between the long number (GUID) inside the { }.
For example, in the above “net config rdr� output, for MAC address
“00C095ECB793,� you should remember {1C9324AD-ADB7-4920-B02D-AB281838637A}.
You can copy and paste it to the Notepad, that’s probably the easiest
way. (See figure 2.)
4.
Go to Start -> Run, type “regedt32� to start registry editor.
Do not use “Regedit.�
5.
Do a BACKUP of your registry in case you screw up the following steps.
To do this
Click
on “HKEY_LOCAL_MACHINE on Local Machine� sub-window
Click
on the root key “HKEY_LOCAL_MACHINE�.
Click
on the drop-down menu “Registry -> Save Subtree As� and save the backup
registry in to a file. Keep this
file in a safe place.
6.
Go to “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}.
Double click on it to expand the tree. The
subkeys are
adapters. You should see it starts with 0000, then 0001, 0002, 0003 and so
on. (See figure 3.)
Figure 3.
7. Go through each subkey that starts with 0000. Click on 0000, check DriverDesc
keyword on the right to see if that's the NIC you want to change the MAC
address. The DriveDesc should match the Description you
recorded from step (a.-I.). If you are not 100% sure about the DriverDesc,
then you can verify by checking if the NetCfgInstanceID keyword value
matches the GUID from step (c).
If there is no match, then move on to 0001, 0002, 0003, and so on, until you
find the one you want. Usually 0000 contains the first NIC you
installed on the computer.
In this demonstration, 0000 is the NIC I selected. (See figure 3.)
8. Once you selected the subkey (i.e. 0000), check if there is a keyword "NetworkAddress"
exist in the right side of the window. (See figure 3.)
I. If "NetworkAddress" keyword
does not exist, then create this new keyword:
i. Click on the drop down menu “Edit -> Add Value�.
ii. In the Add Value window, enter the following value then click
OK. (See figure 4.)
Value Name: =
NetworkAddress
Data Type: =
REG_SZ
Figure 4.
iii. String Editor window will pop up at this time (see figure
5.)
iv. Enter the new MAC address you want to modify. Then click OK.
(There should not be any "-" in
this address. Your entry should only consist of 12 digits as seen in the
figure 5.)
II. If "NetworkAddress" keyword exists, make sure it shows the
keyword type is REG_SZ, and it should show as NetworkAddress:REG_SZ: .
This keyword might not have a value at this time.
i. Double click on the keyword NetworkAddress
and the String Editor window will pop up. (See Figure 5.)
ii. Enter the new MAC address you want to modify. Then click OK.
(There should not be any
"-" in this address. Your entry should only consist of 12
digits as seen in the figure 5.)
Figure 5.
The
Simple-to-Use
SMAC MAC Address Changer (Spoofer) is
definitely a lot SAFER and EASIER for this type of process. Check out some
SMAC screenshots. ☺
9. There are 2 ways to make the new MAC address active. Method I does
not require a system reboot:
I. Goto Start->Setting->Control Panel, and double click on
"Network Neighborhood".
WARNING: Make sure you understand that you WILL lose the
network connection after completing step "ii." below, and
if you have a DHCP client, you will get a new IP address
after completing step "iii."
i. Select the Network Adaptor you just changed the MAC address.
ii. Right click on the selected Network Adaptor and click
"Disable."
Verify the status column for this adaptor
changes to "Disabled"
iii. Right click on the selected Network Adaptor and click
"Enable."
Verify the status column for this adaptor
changes to "Enabled"
iv. If for any reason it cannot be disabled or re-enabled, you have to
reboot your system to make the
changes effective.
II. Reboot your Windows system.
10. Once completing step j (if rebooting the system,
wait until the reboot is completed), go to command prompt, type “ipconfig /all�
to confirm the new MAC address.
Note: SMAC
2.0 Professional Edition can do step 9 and 10 with "1-click" and that really
means 1 click, on the "Activate MAC" button.
Now
you have seen the whole process, it's time to see how
SMAC MAC Address Changer (Spoofer) is a lot
SAFER and EASIER for changing (spoofing) MAC Address on Windows 2000, XP, 2003,
and VISTA . ☺
Restore The TRUE Hardware burned-in MAC Address:
-
Remove
the entry you added:
If
you followed Method 1, then go back to the advanced properties window and
remove the entry you add.If
you followed Method 2, then remove the "NetworkAddress" keyword
you added in the registry.
-
Use
step (j) above to activate the change you make. -
Once rebooted, go to command prompt, type “ipconfig /all� to confirm
the original MAC address.
If
MAC Address changes does not work:
If for whatever reason the MAC address cannot be changed using
method 2, make sure you restore the registry setting by following the
"Restore The TRUE Hardware burned-in MAC Address" instruction
above.
If necessary, restore the registry you just backed-up to get your system
back to the original state. You can
do this by clicking on the drop-down menu “Registry->Restore,� and
restore your backup registry file.
KLC
Consulting Security Team has developed SMAC,
a Windows MAC Address Changer / Spoofer for Windows 2000, XP, 2003, and VISTA Server
systems, regardless of
whether manufacturers allow this option or not.
SMAC has been used by many
Fortune 500 companies to help enhancing their security and provide network
solutions. KLC has
integrated features requested by network and security professionals, and
SMAC has been published in
many security
books and training manuals.
SMAC URL is http://www.klcconsulting.net/smac.
Microsoft
MSDN - Network Devices and Protocols: Windows DDK NdisReadNetworkAddress
function.Microsoft
Windows 2000 Resource Kit - (Network adapters)
{4D36E972-E325-11CE-BFC1-08002BE10318}
Additional
information:
SMAC MAC
Address Spoofer for Windows 2000, XP, 2003 and VISTAMAC Address Spoofing for Windows
2000, XP, and 2003, and VISTA systems
MAC Address Spoofing for Windows NT 4.0
MAC Address Spoofing for
Windows 98/ME
MAC
Address Spoofing for Unix/Linux
MAC
Address Spoofing for Macintosh
DNS enumeration
I just found robtex.com, and I like it! You can list the first 100 domains that share the same DNS servers.
Squid with Active Directory sso kerberos authentication.
OK, there are basically two (reccomended) ways to do this on linux:
- using Samba and winbind
- using squid LDAP authentication
If you use squidNT the entire process seems much more simple. the disadvantage is obviously that you have to have another windoze server in your DMZ.
I think i'm gonig to have a go with the samba/winbind option. I have found a runthrough that looks helpful it's quite datad now though, as Samba 2.2.X reached its End-Of-Life on October 1, 2004.
Maximum transfer rates
For reference, gigabit ethernet offers theoretical 128 MB/s transfers,
while local hard drives offer between 60 and 90 MB/s. Obviously the
latency will be a bit higher on the networked drives, but you'll see no
drop in sustained transfer rates. Compare that to a theoretical maximum
of 37.5 MB/s for wireless N or 6.75 MB/s for wireless G, and bear in
mind that those speeds will be shared with all clients rather than
dedicated as with the ethernet connection.
Bebox root access
Rory Allford has had a little poke around the bebox. He makes reference to a securiteam.com post which is cause for concern.
Update: It would seem that (on my box anyway) they have patched the hole.