All posts by ewook

DNS Traversal

How to check the entries:

$dig [@server] domain AXFR
; <<>> DiG [version] <<>> @d.c.b.a domain AXFR
; (1 server found)
;; global options: +cmd
domain. 3600 IN SOA ns.domain
etc .....
;; Query time: 150 msec
;; SERVER: a.b.c.d#53(a.b.c.d)
;; WHEN: Mon Dec 20 22:15:34 2010
;; XFR size: YY records (messages 1, bytes AXYZ)

Expand a vmware disk

Well, I do feel stupid sometimes.
Nagging about the original machines disks is to small, well –
why didn’t I just expand it?

Here’s how you do it :


Simply put, locate your installationdir, regardless if you’re running win or *nix,
just go:
[installdir]vmware-vdiskmanager -x [newsize][MB/GB] [disk].vmdk

“default” iptables-setup.

This is always something in progress – but, more or less this is (was) a basic fw-setup:



# delete all existing rules.
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward
# and some good stuff to have enabled..
#no spoofing
echo "net.ipv4.conf.default.rp.filter=1" >> /etc/sysconf.conf
echo "net.ipv4.conf.all.rp_filter=1" >> /etc/sysconf.conf
#no broadcasts
#echo "net.ipv4.icmp_echo_ignore_broadcasts" = 1 >> /etc/sysconf.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses" = 1 >> /etc/sysconf.conf
echo "net.ipv4.conf.all.secure_redirects = 1" >> /etc/sysconf.conf
#echo "net.ipv4.conf.all.send_redirects = 1" >> /etc/sysconf.conf

echo "net.ipv4.conf.all.accept_source_route = 1" >> /etc/sysconf.conf
#echo "net.ipv6.conf.all.accept_source_route = 1" >> /etc/sysconf.conf

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

#yes, you should have fail2ban ;)
#/etc/init.d/./fail2ban restart

#fix tap0 forwarding etc.
#clarify - eth1 internet
#clarify - eth0 lan

# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -m state --state NEW -i eth1 -j REJECT

iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

# portforwarding-rules

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport [port] -j DNAT --to [ip:port]

kernel: Neighbour table overflow

This issues is related to a bit too many arp-entries (in ie – a router).
If you’re for instance having bittorrent traffic doing all those arp’s, you’ll end up with a lot of
entries in your logs. Also, it’s a performance issue later on, since you’ll have problem flushing
and creating new connections to ip’s not listed in the arp already.

Example log:

 kernel: Neighbour table overflow.
  kernel: printk: 100 messages suppressed.
  kernel: Neighbour table overflow.
  kernel: printk: 151 messages suppressed.
  kernel: Neighbour table overflow.

To the solution:

start with doing a couple of arp -anv, or by someother means check your concurrent connections.

Next up (example)

echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 3072 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 

By default, you will have (a guess) a value of 128 in gc_thresh1 and *2 for thresh2 (256) and *2 for thresh3 (512).

Set your limits with how many concurrent connections your hardware and software can handle.

Now, if you’re running something like zeroshell, add the echo-parts into your startup-scripts.
Otherwise, I’d recommend that this is added as a if-up.d script or it’s relevant counterpart.

openvas 3.1.x “bundle” on ubuntu 10.04

Two versions, one is the classic one, the other contains a bunch of ‘new stuff’.

#make me as a [] and do me a chmod +x []
#Ran on ubu 10.04
#Run as root (ie - sudo -i )

cd $HOME

gunzip -d $HOME/openvas*.gz
tar -xvvf $HOME/openvas-libraries-3.1.2.tar
tar -xvvf $HOME/openvas-scanner-3.1.0.tar
##tar -xvvf $HOME/openvas-client-3.0.1.tar

apt-get install -y build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan cmake uuid uuid-dev libgtk2.0-dev

#libraries --
$HOME/openvas-libraries-3.1.2/./make install
echo "include /usr/local/lib" >> /etc/ && ldconfig

$HOME/openvas-scanner-3.1.0/./make install

##$HOME/openvas-client-3.0.1/./make install

// second full is wip. (or, just work it out yourself…);

#manual fix


apt-get install uuid uuid-dev libgtk2.0-dev

after libs:
^? Be sure to add /usr/local/lib in /etc/ and type ‘ldconfig’
echo “include /usr/local/lib/*.conf” >> /etc/



gsa-desktop 0.2.0
apt-get install libqt4-dev


So, I keep forgetting how to rebuild my arrays with mdadm (since, it doesn’t break that often).

But, hereĀ“s some information:

mdadm -D /dev/md2
cat /proc/mdstat
#mdadm --stop /dev/md2
mdadm --assemble -v /dev/md2 /dev/sdd1 --run
fsck /dev/md2
mount /point

 mdadm /dev/md0 --add /dev/sda1 --fail /dev/sdb1 --remove /dev/sdb1