Posts Tagged ‘linux’

Virement bancaire: communication structurée [fr]

dimanche, juin 5th, 2011

Voici un petit bout de script qui génère une communication structurée valable pour un virement bancaire en Belgique. L’avantage de ce système est que la banque n’exécutera pas le virement si il y a une erreur lors de la retranscription des chiffres.

# Generate the 'Communication' field for the virement
# Format: +++DDD/DDDD/DDDSS+++
# DDDDDDDDDD: Any number you like.
# SS: Above number mod 97. Set to 97 if zero.
# Banks love obsolete^Wproven technologies. :-)
mkcomm ()
{
# In case of collision, the function can take a salt as an optional parameter.
COMMSTR="$1$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM"
COMMSTR="${COMMSTR:0:10}" # Trim string length to 10
COMM_MODULO=$(expr $COMMSTR % 97 ) # Get reminder
case $COMM_MODULO in # Padding and/or correction
"0") COMM_MODULO="97" ;;
[1-9]) COMM_MODULO="0$COMM_MODULO" ;;
esac
#echo "$COMMSTR$COMM_MODULO" #Debug
echo "+++${COMMSTR:0:3}/${COMMSTR:3:4}/${COMMSTR:7:3}$COMM_MODULO+++" # Chop into blocks
}

Si votre banque vous autorise à télécharger vos extraits de comptes au format .csv (possible chez Dexia et Argenta), il suffit simplement de faire une recherche sur la chaîne de caractères de la communication structurée pour trouver la trace du paiement.

IPv6 mining exploitation (digging tunnels) [en]

mardi, novembre 23rd, 2010

IPv6 in IPv4

This is the most common situation: you want your IPv6 connectivity on your road warrior through your VPN:

Debian/Ubuntu:

router: /etc/network/interfaces

auto tunv6
iface tunv6 inet6 v4tunnel
address 2001:cafe:babe:1::1
netmask 64
endpoint 192.168.255.10
local 192.168.255.1
ttl 64

road warrior: /etc/network/interfaces

auto tunv6
iface tunv6 inet6 v4tunnel
address 2001:cafe:babe:1::2
netmask 64
gateway 2001:cafe:babe:1::1
endpoint 192.168.255.1
local 192.168.255.10
ttl 64

Shell commands:

Machine A:

ip tunnel add v6tun mode sit remote 192.168.255.10 local 192.168.255.1 ttl 63
ip link set v6tun up mtu 1280
ip addr add 2001:cafe:babe:1::1/96 dev v6tun

Machine B:

ip tunnel add v6tun mode sit remote 192.168.255.1 local 192.168.255.10 ttl 63
ip link set v6tun up mtu 1280
ip addr add 2001:cafe:babe:1::2/96 dev v6tun

IPv4 in IPv6

The weirdest and most interesting one: suppose you have equipment that is not IPv6 compatible, yet you want to connect them through a v6-only link between the two endpoints

Machine A:

ip -6 tunnel add v4tun mode ipip6 local 2a00:ffde:4567:edde::4987 remote 2001:473:fece:cafe::5179
ip addr add 192.168.99.1/24 dev v4tun
ip link set dev v4tun up

Machine B:

ip -6 tunnel add v4tun mode ipip6 remote 2a00:ffde:4567:edde::4987 local 2001:473:fece:cafe::5179
ip addr add 192.168.99.2/24 dev v4tun
ip link set dev v4tun up

Sources:

http://linux-hacks.blogspot.com/2008/02/howto-ipv6-ipv6-tunnel-and-ip4-ipv6.html

(Work in progress: this page will be syncronized with this one)

Acer Aspire One review: two years later [en]

dimanche, juin 27th, 2010

Two years ago i bought my first netbook: here are my impressions

Acer Aspire One

The good

  • The laptop is very light and pleasant to carry around
  • It came with Linpus Linux pre-installed. This mean i didn’t have to pay the Microsoft tax. Since i’m running Debian on it, that install was quickly ditched.
  • There is a gap between the screen and the main chassis, allowing me to hold it open and straight with one hand. There was a note in the user manual that this is NOT the way to hold it (risk of crushed fingers) This is really a killer feature for a road warrior that should be more developped.

The bad

  • small screen, low resolution. This cause a problem with many applications where some dialog boxes « sink » under the bottom of the screen.
  • battery life: i have about two hours of usable battery life: this can be tight sometimes
  • Lack of 3G modem: That was not an issue during the first five months because i didn’t have a subscription at the time. Now i have one and i’m stuck with that huge USB modem hanging from the USB port. A small extension cord and some velcro adhesive partially solved the bulky adapter problem. I’m now trying to find 90° angled male USB A connector to keep the size under control.
  • No bluetooth. Not really an issue because there are USB adapters on the market that stick out by less than 5 mm. Less opportunities to cause damage.
  • Limited CPU ressources: The machine has a hard time to keep up with heavy applications like playing a flash video or running the compiler. You just need to be very patient on that.

The ugly

  • After eight months of use, the right touchpad button was not working anymore.
  • It failed totally ten months after purchase: when turned on, the fan and harddisk were spinning, but the screen stayed black (no backlight) and there was no activity. This was fixed under warranty. However, i had to fight to get it fixed: the first time i got it back, the problem was still there. And the reseller told me that they changed the motherboard. It then went back for repair and it was fixed one month later. In total, i have been without for two months
  • To access the harddisk, you have to COMPLETELY DISMANTLE the laptop. That was a real PITA.

Conclusion

Despite it’s flaws, this machine has become my main workhorse when i’m away from home and saved my butt a few times already. After two years of daily carrying and nearly daily use, there are no cracks in the shell. My previous laptops failed by the case, with cracks at very nasty places after about two years of moderate use and carrying. I don’t plan to retire it at the moment: i tend to keep my machines until they are horribly obsolete or simply fall apart. Let’s see in about two years then. 🙂

Cleaning up your web server logfiles. [fr]

mardi, octobre 27th, 2009

If you are, like me, maintaining a public web server, you might have encountered logfile entries similar to that:

0.0.0.0 - - [19/Apr/2009:01:46:16 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 358 "-" "-"
0.0.0.0 - - [19/Apr/2009:01:52:20 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 358 "-" "-"
0.0.0.0 - - [19/Apr/2009:01:58:23 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 358 "-" "-"

This is the result of a braindead scanner. It cause no real harm, but it is very annoying and pollute your logs with pointless requests.

This is an easy one with iptables:

# Get my IPv4 address
MYIP=$(hostname -i)
# Build the LOGDROP target: log the bad packet before sending it into oblivion
iptables -X LOGDROP # Delete then recreate
iptables -N LOGDROP
iptables -A LOGDROP -j LOG
iptables -A LOGDROP -j DROP
# w00tw00t get out !!
iptables -I INPUT -d $MYIP -p tcp --dport 80 -m string --to 70 --algo bm --string 'GET /w00tw00t.at.ISC.SANS.' -j LOGDROP

Something else you can add to block other random bots:

# anti-scanner
iptables -I INPUT -d $MYIP -p tcp --dport 80 -m string --to 700 --algo bm --string "Host: $MYIP" -j LOGDROP

Why ??
Because a regular web browser will always set the ‘Host:’ entry in the request header with a valid hostname. Zombies tend to generate an IP address at random and put it into the ‘Host:’ entry, hoping for the best.

With that setup, any bad packet will be sent to the system log. If something breaks, you will have a place to start looking.

Thank you: http://spamcleaner.org/fr/misc/w00tw00t.html