India's only Computer Networking Institute by Corporate Trainers

Simplify Changing Directory

networknuts — Mon, 22 Nov 2010 08:24:08 +0000

Video on Network NUTS YouTube channel showing “how to simplify changing the directories”.

http://www.youtube.com/watch?v=JXujKom9iSU

God Bless.

Hiding APACHE version from Hackers !!

networknuts — Thu, 02 Sep 2010 05:03:21 +0000

Continuing the same flavor of hiding the sendmail version.

This is another feather in the same cap. Here I am going to show you -

How to hide your APACHE version !!

This is a very useful HACK to protect your web-server from potential hackers.

The Problem # Anyone who is well versed with Linux can find out the version of your apache server by simply doing a telnet to your server on port 80, as shown:

Just give-

HEAD / HTTP / 1.0

after doing the telnet

Using telnet to get APACHE version

Now this can be very dangerous !!

Now lets harden our apace server by hiding the version to the world.

Open the /etc/httpd/conf/httpd.conf, find and edit the following parameters

ServerSignature on to ServerSignature off

ServerTokens OS to ServerTokens Prod

Now save and exit and restart your apache service.

service httpd restart

Now if someone now tries to find the version of apache using the previous telnet method, he will get this :

Secured Apache by hiding its version

Happy

Enjoy your Edge!!

God Bless.

Hack to protect sendmail advertising its version

networknuts — Tue, 31 Aug 2010 10:29:24 +0000

Here is a very useful HACK to protect your sendmail server from potential hackers.

You should be knowing that anyone can get your sendmail identity (that means the server name / version) by just simply doing a telnet to your machine. As shown:

Sendmail showing its identity to world

Now this can be a very useful information for any dedicated hacker or any intruder.

We wish to HIDE this information from outside world !!

Here is a very simple but very useful TWEAK / hack that can be used to hide this information.

Just open the /etc/mail/sendmail.cf file and change the value of the SmtpGreetingMessage field.

Here I had commented the original line (above the highlighted line for your reference, which is a good practice also) and copied and edited the code, as shown:

Changing sendmail identity.

REMEMBER - do not use the m4 macro command after editing the /etc/mail/sendmail.cf file. So it should be your last step after configuring sendmail.

Just restart the sendmail service.

service sendmail restart

Now if you do the telnet again to check what sendmail is advertising, you will be more than happy, as shown:

Sendmail Identity Hidden from Outside world

Happy !!

Enjoy your Edge !!

God Bless.

Using NMAP for Ping Sweep and OS Detection

networknuts — Mon, 30 Aug 2010 07:15:48 +0000

Ping Sweeping is the process of pinging numerous hosts. In the case of a large set of target IP addresses, one must perform a ping sweep to determine alive hosts that respond to ICMP echo requests. This information can be very useful for a administrator checking his network status.

We can use “nmap” for this purpose.

Step #1. Install NMAP

You can either use the Internet repositories for this purpose and use:

yum install nmap

or you can manuall download the nmap package from this link – http://nmap.org/download.html

Step #2.Use nmap for Ping Sweep

nmap -sP 172.24.0.*

In this case I am trying to use ping-sweep to scan my whole network to find out which machines are LIVE and KICKING right now.

Here is what I get from this simple command. :P

Ping Sweep in action

NMAP is so wonderful tool in your hands that it can be used for many purposes.

One more very simple, very interesting and very important job that nmap can perform is that it can also give you the OS details of your machines running within your domain.

Using nmap for OS detection:

nmap -O 172.24.0.*

Just give this command and see ALL your machines telling their OS’s to you.

Below is what I get !!

OS Detection using nmap

To watch the video of this post on Network NUTS YouTube channel – http://www.youtube.com/watch?v=WMPr4dvdo74

God Bless !!

Enjoy your EDGE !!

Bash Shell script to check the existence of a file under your linux filesystem

networknuts — Tue, 03 Aug 2010 10:27:02 +0000

Here is a very small but useful shell script that will check the existence of a file and report accordingly.

#!/bin/bash #by alok srivastava #check the existence of a file under your filesystem #this bash shell script use "positional parameters"
file=$1 [ $# -eq 0 ] && { echo "Usage: $0 filename"; exit 999; } if [ -f $file ]; then echo "YES - File $file exists." else echo "NO - File $file does NOT exists." fi

It can be very useful while creating more complex bash shell scripts.

Here is a sample execution shown for your reference:

Super Fast “su”

networknuts — Sun, 18 Jul 2010 12:54:12 +0000

su (single command) – If you just want to execute a single command as root user, then instead of first login as root — getting shell — and then executing the required command.

Here is a SUPER FAST WAY !!!

You can use su with the -c option.

Simply follow the su command with -c and the command you want to run (along with any arguments), and then provide the root not allowed when prompted.

su – -c “fdisk -l”

In this case, the -c tells the su command to run the command in quotes as the root user. After entering the root not allowed you have full root privilege to create, in this case, the fdisk command will execute and will give you your filesystem details.

As soon as the command completes, you return to your original shell (which was presumably owned by a non-root user).

As shown in the picture:

: super fast su command

God Bless.

Create your own bootsplash image

networknuts — Sun, 11 Jul 2010 06:22:41 +0000

Latest video by Network NUTS showing how to create your own bootsplash image.

IPT_RECENT with IPTables

networknuts — Thu, 08 Jul 2010 07:45:47 +0000

Well you know that iptables can be configured to block or allow certain hosts for certain services. That is fairly simple.

But we have a problem… ???

Suppose you have allowed SSH access to certain hosts (say x.x.x.x) and denied SSH access to certain hosts (say y.y.y.y) using iptables.. well that is done, no problem. But what will happen if hosts on y.y.y.y network spoof their IP’s to x.x.x.x range and then try to break in using some password cracking applications.

In the case iptables will simple give service to illegitimate hosts. OR another situation is — someone on x.x.x.x is trying to break the password using hit and trial or using some application. In the later case, even iptables will allow that hosts from x.x.x.x range the service prompt everytime he is trying to get in.

Now this is DANGEROUS !!

What is the solution ??

The solution is to use “IPT_RECENT” module with iptables.

By using IPT_RECENT module with iptables you can restrict ANY IP for ANY SERVICE if the number of wrong hits exceeds your defined limit.

So, if a illegitimate user even from the allowed range x.x.x.x is trying to break in using some password breaking software, he will not be able to succeed. As after the certain number of “MISS HITS” his IP will be automatically PICKED by the iptables as a HOSTILE HOST and that service will automatically be BLOCKED for that HOST.

That’s enough talking…. now lets see how to configure IPT_RECENT with IPTables.

STEP #1 – Download IPT_RECENT module (it usually comes in tarball). You can download it from link given.

http://www.snowman.net/projects/ipt_recent/ipt_recent-0.3.1.tar.gz

STEP #2 – Gunzip the tarball

gunzip ipt_recent-0.3.1.tar.gz

STEP #3 - Extract the .tar file

tar -xvf ipt_recent-0.3.1.tar

STEP #4 – Load the module using modproble command

modprobe ipt_recent

STEP #5 - Configure the IPTables

iptables -N SSH_CHECK

iptables -I INPUT -p tcp –dport 22 -m state –state NEW -j SSH_CHECK

iptables -I SSH_CHECK -m state –state NEW -m recent –set –name SSH

iptables -I SSH_CHECK -m state –state NEW -m recent –update –seconds 60 –hitcount 4 –name SSH

iptables -I SSH_CHECK -m state –state NEW -m recent –rcheck –seconds 60 –hitcount 4 –name SSH -j DROP

STEP #6 - Save your configuration

service iptables save

STEP #7 - Reload the IPT_RECENT module

modprobe ipt_recent

STEP #8 - Make IPT_RECENT active after reboots. Put the entry in /etc/rc.d/rc.local file

modprobe ipt_recent

JOB IS DONE!!!

Enjoy your Intelligent Defense System.

God Bless.

VNC Server Configuration

networknuts — Sun, 27 Jun 2010 09:53:46 +0000

VNC Server Configuration and concept explained in the latest topic on Network NUTS Forum.

http://networknuts.net/phpBB3/viewtopic.php?f=3&t=297&sid=e88a228584a71c21b14a926294ee61c9

DNS Round Robin Configuration.

networknuts — Mon, 21 Jun 2010 11:14:54 +0000

If you are hosting a popular site, you will face a problem in which your server simply can’t serve any more requests.

In the web server world, this is called the Slashdot effect.

One way to overcome the limits of the monolithic server is to distribute the load across many machines. By adding a second (or third) server to the available pool of machines, you can not only increase performance but also add to the stability of the network. If you have a hot spare (or three) running all of the time, then if one develops trouble, the others can take over for it without any downtime.

The easiest way to distribute the load of public traffic is to use the magic of round-robin DNS, inbound requests to a single host name can be directed to come from any number of IP addresses.

We use this in the zone file for our network zone “networknuts.net”:

www 60 IN A 172.24.0.254 www 60 IN A 172.24.0.111

Now, when a hosts looks up www.networknuts.net in DNS, about half of the time they will see:

$ host www.networknuts.net

http://www.networknuts.net has address 172.24.0.254
http://www.networknuts.net has address 172.24.0.111

(172.24.0.254 and 172.24.0.111 are my name-servers hosting http://www.networknuts.net)

and the rest of the time, they get:

$ host www.networknuts.net

http://www.networknuts.net has address 172.24.0.111
http://www.networknuts.net has address 172.24.0.254

Check the video of this post at -

God Bless.