Network

ET P2P Torrent Client User-Agent (Solid Core/0.82)

I have been seeing this alert “ET P2P Torrent Client User-Agent (Solid Core/0.82)” on networks for sometime now and was able to narrow it down to being related to Adobe Flash (Firefox and Chrome). I am not sure why Adobe is using a torrent client in its flash but this seems to be the source.

This is also triggered not only by updating the software, but from the web installer when it connects out.

I later confirmed this myself with the assistance of another who updated their flash and triggered this alert.

 

I hope you enjoyed this post
Please visit me on Facebook @ http://www.facebook.com/jermsmitcom & via twitter: #jermsmit

Some Basic Use of Nmap

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. I along with many other systems and network administrators also find it to be a useful tool for the right job. Nmap can be installed and used in Windows, and mostly common in Linux distributions such as Debian and the well known Ubuntu.

You can get the Windows install form http://nmap.org/ along with the Linux versions.  In Linux (Debian) I simple sudo apt-get install nmap -y and the rest is done in a few seconds.

Now that you have Nmap, what can you do? Here are some examples I use every so often:

~# nmap google.com – gives me info about google.com (Hostname google.com resolves to 11 IPs..)

~# nmap 192.168.1.0/24 – scans my network and return info on machines and service ports listening

~# nmap -sP 192.168.1.100 – attempts to detect if a host is up or down

~# nmap -PN 192.168.1.100 – attempts to detect if a host is up or down (no pings sent)

~# nmap -sT 192.168.1.100 – port scan using TCP

~# nmap -sU 192.168.1.100 – port scan using UDP

~# nmap -O 192.168.1.100 – attempts to identify the remote OS, returns TCP/IP fingerprint

And I could go on, but lets just end these example here and I’m sure you’ll find others.

Run … run, you clever boy … and remember. – Clara Oswald

dump packets with tcpdump

How many times did you forget the parameters.  I have, countless time.
Lets see if my sharing here I will remember some of my favorite commands

# tcpdump -nnXSs 0 ‘port 5060′

Command switches (what they are for)

  • “-nn” plays nice by not looking up hostnames in DNS or service names.
  • “-X” makes it print each packet in hex and ascii
  • “-S” print absolute rather than relative TCP sequence numbers
  • “-s 0″ by default tcpdump will only capture the beginning of each packet, using 0 I get it all

 

Facebook Video Calling (Powered by Skype)

With a simple and straightforward method of using, Facebook video calling is simply awesome. To get up and going with using the video feature you first need to install a plugin (http://www.facebook.com/videocalling) and from that point on you have what is necessary to use this new feature.

 

Making a video call is easy.

Look at the list of your friends (in the lower right-hand corner of your Facebook page) who are currently available on Facebook chat. Double-click a name, and you’ll see there’s a new icon at the top of the chat screen — a small video camera. Click it to send an invitation for that person to participate in a video chat. They’ll receive a pop-up notification to a video chat, and if they don’t have the plugin installed, they’ll be prompted to install it.

 

The video and sound quality is exceptional; however I do have my problems with the video chat screen taking up your screen and the inability to resize it.  All in all, I like it.  Good Job Facebook Team

Update On PlayStation Network: Hacked

It’s been about 4 days that the PlayStation Network has been down.  Sony official admits that its been three days; Whatever!   Last night our friends at Sony admitted to being hacked which is why they chose to take-down the PlayStation Network along with other services.

To Quote what was written on PlayStation blog:

Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
“An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.”http://blog.us.playstation.com/2011/04/22/update-on-playstation-network-qriocity-services/

I am glad Sony has come forward and admitted this to the public, however the question I now ask is… To what extent were they hacked?  Is my account info safe?

 

PlayStation Network Down (Again)

It would seem once again Sony’s PlayStation Network is down again. After trying many of the online tips and even going as far as to boot my router (problem is so not my router) this issue persists.

It seems that Sony has responded to the issue and acknowledges there are ongoing problems, but offer not details to what this problem is or an ETA for its resolution.  Even attempts to log into their website indicate they are under some site maintenance and the server (WHAT SERVER) is down.

The error code provided on the console “80710A06” also uninformative.

 

Update 1: PSN is acknowledging on its EU blog that the network outage may be a result of “the possibility of targeted behavior by an outside party.” Still no ETA for when services will be restored.

Update 2: PSN is now reporting that the network may be offline for “a full day or two.”

 

Facebook – Up, Up, Down, Down

It seems that Facebook is down once again. After a while of troubleshooting my computer, then my home network. Its official! It’s not my side where the problem exists.

Faced with this I took a walk over to the folks at http://downrightnow.com/ to checkup on the up-time of Facebook… It seems they are indeed having issues and I am not the only one experiencing it.

 

More updates: http://downrightnow.com/facebook

 

Configure Firefox to use SSH tunnel for DNS

If you are using SSH to tunnel your web traffic, to keep your information private, you might be vulnerable to a DNS man-in-the-middle attack.  If your DNS requests are not tunneled, the operator of the hostile (or locked down) network can still see where you are navigating to on the web when your client makes DNS requests to resolve hostnames to IP addresses. For these reasons (and for many others), it’s a good idea to tunnel DNS through your SSH tunnel too.  This can be done very easily in Firefox.

In the Firefox URL address bar, enter “about:config“.
In the Filter text field, enter “network.proxy.socks_remote_dns“.
Double-click “network.proxy.socks_remote_dns” to set the value to true.

By |How-To, Technical|Comments Off

How I got my eth0 back

After a recent Ubuntu Linux (server) installation inside in a virtual machine, I decided to move the virtual machine to new a new host where I can run it.  After the move I noticed that I could no longer connect to my system via the IP I had assigned.  So the story begins.

With the discovery that I no longer had network connectivity, I did an ‘ifconfig’ and noticed that my eth0 was missing.  So, I tried to force it to start by issuing the command ‘ifup eth0’ and go the following error:

eth0: ERROR while getting interface flags: No such device…
SIOCSIFADDR: No such device
eth0: ERROR while getting interface flags: No such device
eth0: ERROR while getting interface flags: No such device
Bind socket to interface: No such device
Failed to bring up eth0

I did some searching, as I have run into this issue in my past and could not remember for the life of me what I needed to do to correct this problem (the right way).  The method I used in the past was to edit /etc/network/interfaces and change iface eth0 inet (static or dhcp) to eth1  This would change my static or dynamic settings to use the new interface…  This is not what I wanted to; “lazy admin approach”.

What I did do is… wait! Here is some background info:  When a Virtual Machine starts up, it generates a new MAC address and a new UUID for the guest system. My system had already known of a MAC address and thus made a new one.

Back to what I did to correct my problem

Locating the file /etc/udev/rules.d/70-persistent-net.rules, I removed the former MAC address info and modified the new one, changing the existing eth1 to eth0, and issued a restart

Example:
# PCI device 0x8086:0x100f (e1000)
SUBSYSTEM==”net”, DRIVERS==”?*”, ATTRS{address}=”[bad mac]”, NAME=”eth0″

By |How-To, Technical|Comments Off