Last time I posted something it had to do with troubleshooting MTU mis-match issues using Wireshark. Today I'd like to post some clarity for administrators who have Juniper NetScreen devices somewhere in their network back-bone.
I spent a lot of time poring through books, blog posts and 'kb' documents to understand what the NetScreens in my environment were doing. The end result was that we were able to alter the configuration of one of the devices to resolve the MTU mis-match issue (ICMP Type 3, Code 4 and tcp retransmissions / RST packets captured via WireShark).
We had a mysterious issue in our network that caused certain SSH sessions and HTTPS/TLS sessions to fail intermittently. Some machines were unable to communicate at all while other machines could occasionally and sporadically establish a connection that would fail at inopportune times.
I performed a comprehensive analysis of our networking infrastructure and router configurations and captured PCAP files to gather enough data to root cause the problem. The core problem was an MTU mis-match between our gigabit network and our 100-megabit VPN tunnel.
I was working on a ZBook G3 the other day and ran into an infuriating issue with its Synaptics Touch Pad: The touch sensitivity out-of-the-box was set so high that when I slowly moved the cursor it would get jittery and not respond.
While examining specific trackpad details, I found that I have a Synaptics LuxPad V1.3 device that communicates using an SMB port (whatever that is!)
In investigating this further I found that the Synaptics driver hides the 'advanced settings' from windows 10 users for some inexplicable reason. Once enabled I was able to fine-tune the trackpad settings to be more bearable.
I recently had to automate the configuration of a NetScreen SSG device and decided to use ruby along with the net ssh gem to accomplish this.
The trouble is that when I use the basic ssh connection / command syntax listed on the github page I get an empty string back as a result, no matter what command I execute.
There is a way to automate ssh commands via the the channel api, though!
Updated May 21st, 2016: The NetScreen device is a far more wiley device than I had originally anticipated, so my original solution ended up not working. I dug deep and found a better way to automate the netscreen device.
I spent a couple hours troubleshooting NFS today. The backup server I setup in 2010 is wearing out so I upgraded to a shiny new T320 (on sale!) and set out to reconfigure my NFS backup datastore to point to the new backup server.
Since I haven't played around with NFS in ages, I had forgotten what a joy it could be /s
In the end everything worked once I got the configuration straightened up, so yay!
I've used pfSense in certain parts of my network for several years now. While there is occasionally a hiccup, most of the time the product works perfectly for my needs. Today I updated my installations to the latest update which re-brands the web console as "pfSense Community Edition". After the update I was unable to start the Radius service via the web console.
I'm in the midst of re-implementing our network. Phase 1 entailed standing up a new OpenLDAP Server. Phase 2 involves setting up a new Samba server that can take user and groups from LDAP and use them to assign share permissions.
This guide will show how to take a Centos 7 Samba installation and configure it to talk securely to an LDAP server for authentication.
I will also cover how to get SMB3 transport encryption setup and working.
As part of a network infrastructure refresh I ended up rebuilding our OpenLDAP and Samba servers so they would play nicely with each other. Configuring OpenLDAP is a non-trivial exercise which required examining dozens of web pages and PDFs to get the information I needed to complete my task.
Unfortunately, most resources out there on the internet revolve around configuring the slapd.conf file, which isn't a viable solution when standing up a new server given that OpenLDAP uses a newer and much more confusing system to store its settings.
This guide will walk through setting up OpenLDAP server that communicates using a self-signed certificate (LDAPS over port 636) and that has the appropriate schema files which allow a separate samba server to leverage OpenLDAP for share permissions (configuring Samba is a different article for another day!)
While setting up a new OpenLDAP server (v2.4.40) I encountered an error message while running ldapadd to configure my base directory tree:
[rtrz@tehbox config_n_stuff]# ldapadd -x -W -D "cn=Manager,dc=domain,dc=tld" -f /var/prototypes/ldap_config/dit.domain.tld.ldif
Enter LDAP Password:
adding new entry "dc=domain,dc=tld"
ldapadd: invalid format (line 16) entry: ""
The solution to the problem was to remove the tab from line 16 of my ldif file. Apparently OpenLDAP does not like whitespace on blank or empty lines. Go figure.
I setup a new Centos 7 box yesterday and configured rsyslog to send me an email whenever there is a successful authentication attempt. The funny thing was that no email would get sent when rsyslog was run as a service, yet when I ran it directly from the command line it seemed to work correctly.
In digging deeper I found that SELinux was blocking syslog from sending emails and was able to resolve it with a few configuration changes.
At my new job we use a lot of Macs, so I have been reacquainting myself with OS X. To help me feel more at home I've been using Karabiner to remap keystrokes in ways that help Linux/Windows users like myself be more comfortable.
After moving to a MacBook I find I still need the occasional windows application to be productive so I use Codeweavers CrossOver. Not surprisingly, Karabiner doesn't care what application is running and performs its remapping regardless of the application being run.
I needed my Home/End keys to work correctly both inside and outside the Crossover environment so I reconfigured Karabiner to allow for this.
I updated my laptop recently to find that my wifi connection stopped working. I run a pfSense machine which runs a FreeRADIUS server to handle authentication (with a goal of avoiding Microsoft's wifi credential sharing nonsense) and it looks like a recent MS update causes that to stop working.
I installed VMware Fusion Pro recently and tried to use the Tilde key in debian, ubuntu, kali and windows Virtual machines without success. When I would try to type the ` or ~ keys I would get < and >, which was infuriating when working at a linux command prompt.
In digging around I eventually found a way to resolve the issue, I just wish it was easier.
After updating to OS X El Capitan (Mac OS 10.11) I tried to update brew and got a couple lovely errors:
Error: The /usr/local directory is not writable.
Even if this directory was writable when you installed Homebrew, other
software may change permissions on this directory. Some versions of the
"InstantOn" component of Airfoil are known to do this.
You should probably change the ownership and permissions of /usr/local
back to your user account.
sudo chown -R $(whoami):admin /usr/local
-- And this one --
Error: Failure while executing: git stash pop --quiet
I'm starting a new ruby project to run my LED Lightboard using this gem from github. After following the instructions to add the dream-cheeky-led gem to the gemfile I ran bundle and found this error:
/Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:456:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:587:in `try_cpp'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:1067:in `block in have_header'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:918:in `block in checking_for'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:351:in `block (2 levels) in postpone'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:321:in `open'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:351:in `block in postpone'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:321:in `open'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:347:in `postpone'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:917:in `checking_for'
from /Users/rioncarter/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/mkmf.rb:1066:in `have_header'
from extconf.rb:16:in `<main>'
extconf failed, exit code 1
Gem files will remain installed in /Users/rioncarter/.rvm/gems/ruby-2.1.4/gems/ffi-1.9.10 for inspection.
Results logged to /Users/rioncarter/.rvm/gems/ruby-2.1.4/extensions/x86_64-darwin-14/2.1.0-static/ffi-1.9.10/gem_make.out
An error occurred while installing ffi (1.9.10), and Bundler cannot continue.
Make sure that `gem install ffi -v '1.9.10'` succeeds before bundling.
This will be quick: I just wasted several hours troubleshooting why QNetworkAccessManager was not connecting to one of my webservices. Apparently the version of Qt that ships with Black Berry 10 does not support TLS 1.1 or 1.2, which really rains on my parade. You can see the enumeration of supported SSL protocols here and how it tops out at TLS 1.0.
For reference, this is the error message I was getting. I don't know why it doesn't contain any useful information:
INFO "Error: Connection closed status: "
QT 5 supports TLS 1.2, so I hope that we get that goodness in the platform before it gets completely androidized.
I've been playing around with Visual Studio's cross-platform capabilities over the last couple days and decided to try a 'raw' Cordova project to see if it fits my needs better than the other options I've explored (Xamarin, ionic). Visual studio abstracts most of the complexity away which is nice most of the time, but what if you run into a problem?
In my case I ran into a few cryptic error messages when I tried to build and run my Cordova app on a real Android device from within Visual Studio:
MSB3073 The command "platforms\android\cordova\clean.bat" exited with code 1.
Could not create the Java Virtual Machine.
A fatal exception has occurred. Program will exit.
(As it turns out, these messages aren't super helpful. The resolution lies in further troubleshooting)
I'm in the process of creating a cross-platfrom utility application for mobile devices and wanted to avoid having to rewrite the UI for each platform (BlackBerry, iOS, Windows Phone, Android). In looking for cross-platform solutions, I ran across ionic which builds on Cordova to produce a native-like experience.
I'm using VS 2015 and installed the ionic tabs template from the online gallery. While the sample application that gets generated runs fine in Ripple, I just see a white-screen when running on my Android device. The best part is that there are no error messages even when I run in Debug mode. Fun.
Fortunately the solution in my case was pretty straight forward.
In an effort to retain the what I learned in the Adaptive Pen Test class I took this year at Black Hat I'm going through the Metasploit Unleashed online course. I hit a snag on the first 'hands-on' lab (snmp_enum) which caused me to take a couple hour detour into snmp troubleshooting-land. It was pretty annoying so I'm posting my solution here in the hope that it will be useful to others.
This is the error I was seeing in Metasploit: Unknown error: Errno::ECONNREFUSED Connection refused
This is the first year that I've been able to make it to Black Hat (3rd to DEF CON, starting a couple days). I took a Training put on by the Veris Group titled "Adaptive Penetration Testing". Here's how the course describes itself:
Practice and real world application is critical to learning how to effectively conduct penetration tests. Adaptive Penetration Testing is an immersive course that will provide practical experience and a solid framework for conducting in-depth security assessments. The majority of this course is spent in a fully operational lab environment, overcoming the real-world obstacles faced in today enterprise networks. We will cover tactics, techniques and procedures (TTPs) successful penetration testers use to provide comprehensive and efficient security assessments in a variety of enterprise environments. Methods presented are based on TTPs consistently being refined by our penetration testers' operational experience.
subscribe via RSS