Adding an IP Address to an Interface With Red Hat and CentOS

There is some apparent voodoo on what, exactly, is needed to add an IP address to an interface using Red Hat style scripts. We have tested this on Red Hat Enterprise 3 and CentOS 4, and it appears that the convention is quite forgiving. This makes sense, really, since if you hose up these interfaces, […]

Changing the IP Address on a Cisco Router With an IP Conflict

If you wish to bring up a Cisco router that has an IP address that conflicts with existing hosts on your network, there are a variety of ways to change it. We just happened to have a crossover network cable sitting on our work bench, and a GNU/Linux host on the LAN with an extra […]

Using OS Identification with Nmap

Nmap can be used to fingerprint operating systems. Here is a typical session: [root@srv-1 usr-1]# nmap -O –min_rtt_timeout=6000 10.50.100.1-80 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-05-05 12:49 PDT Interesting ports on 10.50.100.1: (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 6000/tcp […]

Tunnelling Through a Gateway With SSH

Here is a diagram of three servers: What we want to do is create a tunnel with SSH so that 10.50.101.100 can go directly to 10.50.100.72. There is no routing between the networks. The box in between is dual-homed and acting as a security buffer between the 10.50.100 and 10.50.101 networks. After we set up […]

Maximum Number of Sockets and FD_SETSIZE

There is a limit on the number of concurrent socket connections that an application can accept in BSD, Windows, and other operating systems. This is set at compile time, but it can be overridden. Here is a discussion of this limitation by Microsoft, and here is further discussion. One application that is sticking this on […]

TCP and UDP Service Listing

Here is a text version of /etc/services that might be useful for determining whether a port is being used by a trojan, etc: TCP and UDP Service Listing

Subnet Reference Guide + Perl script to generate it

Here is our subnet reference guide and The Perl script used to generate it Subnet Reference Guide — //www.netadmintools.com Value of individual bits in an eight bit byte if true: Bit 7 = 128 Bit 6 = 64 Bit 5 = 32 Bit 4 = 16 Bit 3 = 8 Bit 2 = 4 Bit […]

Latency Tips

If you have a WAN, then one very important concern should be latency. Latency, in this case, is the time that a package of information takes to reach the other end of the slow link. This package of information could be a DNS query, ping, file, or a transaction in a client/server application. Notice that […]

Cisco IOS Upgrade

There are some nasty, nasty SNMP vulnerabilities that have recently been revealed. Many different products are affected. See the CERT Advisory Here. This inspired us to upgrade our Cisco. To upgrade the IOS on your Cisco router, you have a couple of options. You can either upgrade via TFTP, or you can use the console. […]

Recycling a Watchguard Firebox FB10

We picked up a Watchguard Firebox FB-10R from RE-PC (Tukwila) for 15 bucks. There is almost always some kind of auction on Ebay selling a Firebox FB-10. The motherboard on ours, it turns out, was damaged. Now the Firebox FB-10R is just a regular PC clone. It has three 3COM 3C509 NICs in it. We […]