kernel: Neighbour table overflow

This issues is related to a bit too many arp-entries (in ie – a router).
If you’re for instance having bittorrent traffic doing all those arp’s, you’ll end up with a lot of
entries in your logs. Also, it’s a performance issue later on, since you’ll have problem flushing
and creating new connections to ip’s not listed in the arp already.

Example log:

 kernel: Neighbour table overflow.
  kernel: printk: 100 messages suppressed.
  kernel: Neighbour table overflow.
  kernel: printk: 151 messages suppressed.
  kernel: Neighbour table overflow.

To the solution:

start with doing a couple of arp -anv, or by someother means check your concurrent connections.

Next up (example)

echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 3072 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 

By default, you will have (a guess) a value of 128 in gc_thresh1 and *2 for thresh2 (256) and *2 for thresh3 (512).

Set your limits with how many concurrent connections your hardware and software can handle.

Now, if you’re running something like zeroshell, add the echo-parts into your startup-scripts.
Otherwise, I’d recommend that this is added as a if-up.d script or it’s relevant counterpart.

openvas 3.1.x “bundle” on ubuntu 10.04

Two versions, one is the classic one, the other contains a bunch of ‘new stuff’.

#!/bin/bash
#make me as a [name.sh] and do me a chmod +x [name.sh]
#Ran on ubu 10.04
#Run as root (ie - sudo -i )

#classic
cd $HOME
wget http://wald.intevation.org/frs/download.php/767/openvas-libraries-3.1.2.tar.gz
wget http://wald.intevation.org/frs/download.php/754/openvas-scanner-3.1.0.tar.gz
wget http://wald.intevation.org/frs/download.php/757/openvas-client-3.0.1.tar.gz

gunzip -d $HOME/openvas*.gz
tar -xvvf $HOME/openvas-libraries-3.1.2.tar
tar -xvvf $HOME/openvas-scanner-3.1.0.tar
##tar -xvvf $HOME/openvas-client-3.0.1.tar

apt-get install -y build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan cmake uuid uuid-dev libgtk2.0-dev

#libraries --
$HOME/openvas-libraries-3.1.2/./configure 
$HOME/openvas-libraries-3.1.2/./make 
$HOME/openvas-libraries-3.1.2/./make install
echo "include /usr/local/lib" >> /etc/ld.so.conf && ldconfig

#scanner
$HOME/openvas-scanner-3.1.0/./configure  
$HOME/openvas-scanner-3.1.0/./make 
$HOME/openvas-scanner-3.1.0/./make install

##client
##$HOME/openvas-client-3.0.1/./configure 
##$HOME/openvas-client-3.0.1/./make 
##$HOME/openvas-client-3.0.1/./make install

// second full is wip. (or, just work it out yourself…);

#manual fix

#!/bin/bash
#full
wget http://wald.intevation.org/frs/download.php/767/openvas-libraries-3.1.2.tar.gz
wget http://wald.intevation.org/frs/download.php/754/openvas-scanner-3.1.0.tar.gz
wget http://wald.intevation.org/frs/download.php/757/openvas-client-3.0.1.tar.gz
wget http://wald.intevation.org/frs/download.php/773/openvas-manager-1.0.2.tar.gz
wget http://wald.intevation.org/frs/download.php/774/greenbone-security-assistant-1.0.2.tar.gz
wget http://wald.intevation.org/frs/download.php/766/openvas-cli-1.0.0.tar.gz
wget http://wald.intevation.org/frs/download.php/739/openvas-administrator-0.9.0.tar.gz
wget http://wald.intevation.org/frs/download.php/771/gsa-desktop-0.2.0.tar.gz

https://wald.intevation.org/tracker/index.php?func=detail&aid=1079&group_id=29&atid=exit
220

apt-get install uuid uuid-dev libgtk2.0-dev

after libs:
^? Be sure to add /usr/local/lib in /etc/ld.so.conf and type ‘ldconfig’
echo “include /usr/local/lib/*.conf” >> /etc/ld.so.conf
ldconfig

openvassd

OpenVas-Client

gsa-desktop 0.2.0
apt-get install libqt4-dev

md-raid

So, I keep forgetting how to rebuild my arrays with mdadm (since, it doesn’t break that often).

But, hereĀ“s some information:

mdadm -D /dev/md2
cat /proc/mdstat
#mdadm --stop /dev/md2
mdadm --assemble -v /dev/md2 /dev/sdd1 --run
fsck /dev/md2
mount /point

#example
 mdadm /dev/md0 --add /dev/sda1 --fail /dev/sdb1 --remove /dev/sdb1

Installing metasploit + nexpose on ubuntu 10.04

Is not that fun anymore, the db isn’t autocreated as it once was, so a bit of fiddeling is needed..
Needless to say, you can get it working.
Check out http://ubuntuforums.org/showthread.php?t=1069859 for getting metasploit running again as it should.

Running it is described here:

http://www.metasploit.com/redmine/projects/framework/wiki/NeXpose_Plugin

Good Auditing!