I came across an interesting one in the last few days. This system was a Windows XP system with current updates – SP3, IE 8…. and among other things there was a complaint of very sluggish behavior. I updated the antimalware software installed and ran scans. Malware Bytes antimalware actually found and removed two suspect files, but that didn’t seem to sole the sluggishness. The web browser (internet explorer) would take what seemed like a minute or so to respond to any action. One thing I discovered is that Internet explorer 8 can behave VERY slowly if there are a lot of sites in the restricted zone. (Spybot S&D immunization puts lot’s of sites in restricted zones.) So, I found a way to remove them all and retry and things seemed quicker, but… after running for 15-20 minutes the system really started to become unresponsive and so I had to start looking for another cause…. services.exe was running at 99% cpu or 100% cpu from time to time and the memory footprint was growing – the high mark I saw was 350MB of memory in use for it (!)
Tag: firewall
-
Virtual Server on Apache to listen on an alternate port
In the last few days, I had to set up something a bit unusual with apache. Basically the goal was to have apache listen for connections on two different ports (the standard port 80 and an alternate port 85). The problem was that I wanted different content at each port. Port 85 was to be an .htaccess redirect for another domain (with some port forwarding magic at the firewall.) Port 80 was to remain an internal intranet page. So…. this was all done with vhosts (virtual hosts.)
-
Zeroshell Livecd – providing main network services
http://www.zeroshell.net/eng/ is an interesting bundle of linux designed to be an out of the box network service swiss army knife of sorts. Here are the network services that it provides…. Kerberos 5 authentication, LDAP, NIS, Radius authentication, x509 certificate authority, unix and windows compatible active directory services, router, implements bridging and vlan protocols, full radius server, captive portal capability, firewall, QoS management, multizone dns server, dhcp server (capable of managing multiple subnets), ntp server, dyndns client, ppoe client, syslog server, lan to lan vpn…..
-
UDP problem…
I found a peculiar problem while I was setting up an openvpn link the other day. The goal was a simple shared key setup and I started with the sample configuration and modified it a bit to fit the circumstances, I allowed the correct UDP port through the firewall (I think 1194 if I recall correctly) and … it didn’t work. So…. I started over and worked from empty config files and put in the bare minimums… it still didn’t work – no appearance that it was making the connection at all to negotiate the link. I double and triple checked the firewall config/restarted it… nothing Then I decided to try TCP instead of a UDP port. Changed the firewall config to allow the TCP traffic on 1194, adjusted the server and client config and lo and behold it worked. The firewall in question….
-
Recovering lost files
There’s an article at linux.com that gives a good overview of using testdisk and PhotoRec. Testdisk should be able to recover at the partition level and PhotoRec should be able to just pull the files out of a damaged partition. Truth is Hard drives fail in a number of different ways and some of those can give the same error messages. Not too long ago my brother had a laptop hard drive failure, it gave a “no partition found” kind of error message. We talked about a utility such as ghost4linux (g4l) which includes dd_rescue which does a remarkable job with failing disks.
-
Nasty Javascript attack possibilities
There were demonstrations of some nasty javascript attacks at Black Hat as well (as if the wireless driver issues wasn’t a big enough problem…) Javascript is a powerful language and can be used for many things, but in these demonstrations, it was used to track recently visited sites (by the browser victim) and identify the IP address of the victim on the internal LAN AND to alter firewall settings. From the way I read the article at the Security Fix – this is changing HARDWARE firewall settings.
-
IPtables magic, or… Blocking Aggressive Outbound Traffic with IPtables
Blocking Aggressive Outbound Traffic with IPtables.
For starters, I’ve tested this on a test system that started out with NO iptables rules, and then moved on to an IPCop install (the vmware download from vmwarez.com…)
I’ve detailed previously one dilemma that I had with regard to my own cable connection which made me question how one could SAFELY host a wireless access point (in the clear) for guest web browsing, without allowing a wireless user to port scan the outside world/aggressively spread viruses/etc. Traditional firewall setups are typically oriented towards protecting the internal network. This post is an attempt to give an explanation of how to implement the idea put forth in this post.
-
Firewall musings…
Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan… i.e. blocking that activity on the Wireless segment.) You know, traditionally firewalls have had the attitude of defending the internal network from the outside. Of course, these days firewalls sometimes protect the internal network from a WLAN (Wireless segment as well.) But, I put a few events together and started looking for a new feature in a firewall.
-
The great firewall of China
The great firewall of China may be just an illusion in technical terms. This article describes the details of how things work…. Basically when “banned content” is detected, both ends of the connection are sent a flood of tcp reset packets. Which (if both sides are designed to pay attention to) means that the two computers “hang up” assuming the other side reset the connection. But, while most current PC operating systems obey the reset packets…. it’s not something that is imperative. (You might think of this as a targeted/surgical denial of service attack using TCP reset packets…) The article goes a bit deeper though….
-
x11vnc slow internet initial-connection performance – identd timeout
So, I had the script all ready, I’ve got my x11vnc custom compiled to be as widely compatible as possible, I’ve tested thoroughly on the internal network. The next step was to test my x11vnc “one cut and paste” script over the internet. So, I visited my parents pc which dual-boots Windows XP and Mandrake 10.0…. I did the cut and paste into the “run command…” menu and waited and waited and waited. dropped to a console and started again, but checked that x11vnc was already running. I didn’t know what could be taking so long. I tried again and the FIRST connection gave the prompt.