Win XP: Save/Restore network configuration

December 29th, 2007

If you are travelling with your Windows XP based notebook and don’t have DHCP everywhere it would be neat to have a way to save/restore network configuration settings such as IP address, nameservers, ..
Besides some third party tools there is already such a tool built-in: netsh

Read the rest of this entry »

Security implications of listening to IPv6 router advertisements

December 29th, 2007

Most current Linux distributions support IPv6 out of the box. What most people don’t seem to notice is the fact that most are actively listening for IPv6 router advertisements, meaning that as soon as they see a router advertisement on the same network segment they will happily start to use an IPv6 address out of the advertised space. This doesn’t really look like a security issue – you don’t use IPv6, right – but when you consider that nearly all daemons nowadays are IPv6-capable while most firewalls are only being configured to block IPv4 packets..
To make a long story short: If you are protecting your host with IPv4 firewall rules don’t forget that you might have a security problem if your system reacts to IPv6 router advertisements. It only needs a single compromised box within the same network segment to fully open up all your IPv6-capable daemons, e.g. sshd.
Ever seen the “eth0: no IPv6 routers present” message in your syslog and wondered what it is? 😉

Quick fix: echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra (or better the appropriate /etc/sysctl.conf entry)

There is even a related IPv6 operations internet draft:
Rogue IPv6 Router Advertisement Problem Statement

Agile Messenger – spying on you?!

May 1st, 2007

I just took a quick look at Agile Messenger, a messaging application for mobile phones and PDAs supporting the MSN, AOL, Yahoo, ICQ, Googletalk and XMPP protocols. It works great, just..
Why does it connect to billing.am-im.net [69.60.119.161] every time one connects to a messenger network? Why does it complain about broken network connectivity when it can’t? Is it really necessary to send unique identifying IDs to this server (and exchange quite some base64 encoded data)? I found some hints that you might send some more identifying codes there, like IMSI, IMEI, messenger-uids and -passwords.. 🙁
The XML Response contains a base64-Part with my ICQ uin and some more stuff.
Ah, that’s not all. What about the reoccuring usage-reports to usage.am-im.net [64.251.14.202], also containing the unique ID? Not only that, it also contains a value for “traffic” .. – and can’t be disabled!
Should I even mention updates.am-im.net?
Guys, you shouldn’t be watching my messenger traffic or try to track me all the time. And your program is now gone from my mobile phone; thanks.
That’s definitely a program to avoid.

UCEPROTECT-NETWORK – another clever RBL..

April 15th, 2007

After some complaints about mailserver blacklistings in the “UCEPROTECT-NETWORK level 1” blacklist I again spent a few minutes of investigating the issue and looking at their website. They seem to have no problem listing ISP mail relays after 1 or 2 misdirected mails from customer IPs and seem to have very “interesting” ideas about how mail should work and how they are going to police the net.. (read more below)

Read the rest of this entry »

OpenSSL is fun (not)

March 29th, 2007

Today I decided to finally upgrade two of my older boxes to the most recent OpenSSL version (openssl-0.9.8e) as that change has been on my ToDo list for ages. Both hosts are ancient Pentium I based Linux servers, so compiling OpenSSL was great fun and took hours.
Read on if you are interested in never-ending compile sessions, SSHd segfaults, issues with bn_mul_add_words() functions, no-sse2 settings, VIA Padlock crypto engines or other OpenSSL fun. Oh, and don’t ask me anything about OpenSSL in the next weeks, right?! 😉

Read the rest of this entry »