push flag (1 bits)
The push flag tells the receiving end of the tcp connection to “push” all buffered data to the receiving application. It basically says “done for now”.
via The TCP Datagram.
This would be the PSH flag that I needed to look up and found this site which makes for a good reference.
Running a transparent proxy server on your network can be used for more advanced content filtering of web pages for environments such as a school or library (where in some locales, filtering is required by law) or as a way to protect children in the household.
This guide will help you enable a transparent proxy server on your network by having your WRT54G router forward all traffic to the proxy server automatically.
Here I’m describing a common set up where we have lots of users in a private network connected to the Internet trough a Linux router with a public ip address that is doing network address translation (NAT). I use this QoS setup to give access to the Internet to 198 users in a university dorm, in which I live and I’m netadmin of. The users here do heavy use of peer to peer programs, so proper traffic control is a must. I hope this serves as a practical example for all interested lartc readers.
Linux: The hole trick to bypass firewall restriction.
As long as remote is behaving itself, it will send back a “port unreachable” response via ICMP – however this is of no consequence. On the second attempt
remote# echo "hello" | nc -p 53 -u local-fw 14141
The netcat listener on console local/1 then coughs up a “hello” – the UDP packet from outside has passed through the firewall and arrived at the computer behind it.
Daytime Protocol – Wikipedia, the free encyclopedia.
The Daytime Protocol is a service in the Internet Protocol Suite, defined in 1983 in RFC 867. It is intended for testing and measurement purposes in computer networks.
A host may connect to a server that supports the Daytime Protocol on either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port 13. The server returns an ASCII character string of the current date and time in an unspecified format.
Apparently some HTC devices use this protocol.
Navicat for MySQL is available for three platforms – Microsoft Windows, Mac OS X and Linux. It connects users to any local/remote MySQL Server, providing several database utilities such as Data Modeling Tool, Data/Structure Synchronization, Import/Export, Backup and Report, to facilitate the process of maintaining data.
via Navicat – MySQL Overview – The Most Popular SQL Server management,
But Rainer Gerhards, the lead developer for the rsyslog tool, has now had a chance to analyze Poettering’s and Sievers’ paper in detail and says that the similarities to the Windows Event Log is actually a good thing, since there are aspects of the Windows Event Log tool that would actually be useful in.
But, Gerhards argues, such a drastic change in the way Linux handles system event logging may not be necessary, given that Gerhards’ rsyslog tool, as well as functionality in the competing syslog-ng tool, already can address many of the problems Sievers and Poettering have addressed.
via Red Hat’s Linux changes: Fixes or ISV positioning? | ITworld.
The Mystery of Duqu: Part Six (The Command and Control servers) – Securelist.
For our particular server, several spikes immediately raise suspicions: 15 February and 19 July, when new versions of OpenSSH were installed; 20 October, when the server cleanup took place. Additionally, we found spikes on 10 February and 3 April, when certain events took place. We were able to identify “dovecot” crashes on these dates, although we can’t be sure they were caused by the attackers (“dovecot” remote exploit?) or simply instabilities.
Of course, for server ‘A’, three big questions remain:
- How did the attackers get access to this computer in the first place?
- What exactly was its purpose and how was it (ab-)used?
- Why did the attackers replace the stock OpenSSH 4.3 with version 5.8?
Interesting read. Apparently there might have been a zero day exploit in openssh.
From: http://en.wikipedia.org/wiki/Duqu
Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS)[1] of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report[2], naming the threat Duqu.[3] Duqu got its name from the prefix “~DQ” it gives to the names of files it creates.
Here‘s an interesting comment on slashdot.
The only things you should need open to the internet are SSH (“the attackers may have used a zero-day in OpenSSH 4.3 to compromise the C&C servers initially”) and/or IPSec/L2TP. Anything else should redirect to a DMZ that does NOT route to the same subnet as SSH/IPSec/L2TP. The DMZ should not have port access to the regular network (everything should be pushed). The firewall should be set to not allow active connections out from the DMZ to anywhere, and any activity should not just be logged, but flagged and sent to the administrator. All devices in the DMZ should log to a remote (to them) syslog that is polled from outside the DMZ.
There… that’s the ideal world. In reality, this doesn’t account for people who don’t have that much hardware/expertise with VMs, for people who don’t keep up with their patches, for those who want to do an end-run around this policy to set up torrents, etc. directly from their working computer, etc.
It also doesn’t help that most gateway routers these days have some full-fledged OS inside and as a result often have exploits that can be leveraged directly against them due to inappropriate default configurations.
The sales process seemed like buying a car. Initially, the rep asked for 100% of the revenue. He eventually “settled” for 50% “Understanding that your business is newer, I decided to split the revenue with you,” he wrote. At one point, Jessie was told that she could only ever run one Groupon over the life of the business.
via Groupon Was “The Single Worst Decision I Have Ever Made As A Business Owner” | TechCrunch.
We assume that the preferred stockholders here are Groupon’s founders; usually it’s venture capital investors who have “preferred stock”, but we’ve never heard of a respectable VC asking for dividends of a money-losing startup.
via The Biggest Red Flag In The Groupon IPO Isn’t The Sea Of Red Ink – Business Insider.
Published on June 2, 2011.