Last night I was working with an older HP laptop and things hit the fan very quickly. I discovered I couldn’t write a file to disk and before I knew it the system had thrown up to a black screen and needed the power cut to reboot. I immediately realized that there was a serious hardware problem. Then I spent the better hours of the evening trying to salvage everything from the old drive to a new drive, only to have the new drive seemingly show the same symptoms. It is a laptop of course and so I assume it’s the bus for the drives or the cdrom. I pull out the cdrom and it seems to behave itself just fine. This morning as I was checking the last of the package updates it dawned on me how different things would have been if it were a windows laptop. The laptop runs linux and when the system froze I immediately assumed it was either the hard drive or the drive adapter to the mainboard. Why?
Tag: vpn
-
SSH, Proxies (Proxy’s?), Tor and Web Browsing
For quite some time I’ve been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I’m out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and I’ve got a nice fairly secure web browsing setup. But, as they say there’s more than one way to skin a cat. And, that’s what I’ve played around with the last couple days. First off, I guess I should describe the concept. 1) Let’s say that you’re browsing the web at an open wireless access point and you don’t trust the network or 2) let’s say you need to be able to access an intranet web server that is not accessible from the internet side of a network or scenario 3) let’s say a web site is blocking access based on ip address (for instance say you’re behind the great firewall of xyz business/company)…. how can you still manage to access the web pages you want to 3,2) at all or 1) securely with as little snooping as possible.
-
WPA and WPA2 cracked 100 times faster
The days of relying on WPA or WPA2 as your online layer of wireless security may be numbered. A new technique that makes use of NVIDIA’s newer GPU’s to do some of hte processing means that it’s possible to break “forgotten” keys about 100 times faster than was previously possible. This means a key could be broken in days or weeks instead of years. The distributed password recovery software is available here. I think there are a lot of misconceptions about WEP and WPA/WPA2 that we ought to rethink.
-
Zeroshell Livecd – providing main network services
http://www.zeroshell.net/eng/ is an interesting bundle of linux designed to be an out of the box network service swiss army knife of sorts. Here are the network services that it provides…. Kerberos 5 authentication, LDAP, NIS, Radius authentication, x509 certificate authority, unix and windows compatible active directory services, router, implements bridging and vlan protocols, full radius server, captive portal capability, firewall, QoS management, multizone dns server, dhcp server (capable of managing multiple subnets), ntp server, dyndns client, ppoe client, syslog server, lan to lan vpn…..
-
OpenVPN
The last time I used openvpn, it was version 1.x and only supported a single connection per running process. So, if you had a server that you wanted to support multiple clients connecting, you had to… have multiple ports open to the outside world (unless you did something VERY fancy), and had to have as many openvpn processes open and listening for connections, as you had clients you expected to connect. It wasn’t a pretty setup unless you had a small number (1-5) that you expected to connect. Fortunately that has changed with the 2.0 series of openvpn and it’s really matured as a vpn solution.
-
OpenVPN series
After the Hamachi article I wanted to do a series on OpenVPN. I’ve used it before, but not since the 1.x days…. it’s now at version 2.0.5 and has quite a bit more flexibility. When I first used it, it was pretty much a point-to-point vpn solution. You could set up routing to see the rest of the network and for the network to see the vpn client, but only one client could connect to one server. What this meant is that multiple tap or tun devices were needed on the server, one for each remote vpn client. Also, multiple openvpn processes and multiple openvpn ports.
From my understanding this setup wasn’t necessary under the 2.x series.
-
Hamachi p2p vpn
A few days back I was at grc to run a “shields up” scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi… so I revisited and gave a read to the Security Now! transcript. And then visited the Hamachi site. I’ve got to say, I’m impressed on a couple of levels with Hamachi. 1st it sounds as though they’ve done a great approach to a secure free VPN implementation. (Steve Gibson is a pretty good reference….) It’s also easy to install and use and beyond that there are linux/Windows versions of the client currently, Mac will be released after the 1.0 for Linux and Windows.
-
A tun of trouble….
Sorry, VERY bad pun but I couldn’t resist. I mentioned that I was having tun difficulties that kept me from playing around with anything fancy networking-wise with qemu. For starters let me see if I can explain what tun is. Tun is a method of creating a point-to-point “imaginary” network connection between a program and an operating system. For instance, Qemu sets up a device called /dev/tun0 in the host operating system. This /dev/tun0 can communicate with the kernel and then the outside world. /dev/tun0 behaves just like any other network interface to the viewers on the outside (even getting it’s own ip address that is network reachable.)