What is worse?

I have one question: what is worse than an insalubrious apartment?

This is a potential answer: to realize that the owner of the place is a complete douchebag without any empathy concerning the lease ending. Moronic asshole. I hope environmental services will help me with this mess…

On a brighter tone, I just found a new apartment which is actually better than my current one. I am really looking forward to moving in as soon as possible.

PS: Dear owner, I wish you a merry Christmas and happy fist fucking.

Planned downtime for lv0.in

lv0.in network infrastructure will be down from Tue Nov 23 10:00:00 CET 2010 to an unknown date (maybe after December 15)…

…due to an unscheduled emergency departure from my current apartment to somewhere else in Belfort. Indeed, my roof has turned into moisture because of a water leak and the whole stuff broke down to the floor three days ago…

Sorry for the inconvenience. On the bright side, dresda won’t be affected, including this blog, the wiki, subversion repositories and some other crap.

Stay tuned.

Enabling SNMP on SLM2008 Cisco Small Business Switch

Cisco SLM 2008 is a very efficient layer 2 manageable gigabit ethernet switch, with decent pricing and a large range of features: VLAN, (R)STP, LACP and static link aggregation, 802.1X Authentication, IGMP Snooping, you name it. Even the integrated web interface is quite well designed and not buggy.

But one (native) feature is lacking when you want to monitor per-port network traffic : SNMP.

Here is how to enable and basically configure SNMP on SLM2008 switches.

First, download this script: ename_snmp.pl (Note for Chrome/Safari users: this file may be downloaded as enable_snmp.download, I don’t know why.)

Then there are two ways of using this script :

* remotely by directly altering the switch configuration file.

* locally by first download the switch configuration file, alter it and upload it to the switch.

There is the detail about the remote way, since I used it:

* Configure everything you need in the SLM2008 web interface, especially on the « System » page.

* Open a terminal in the directory where the script was downloaded.

* chmod +x enable_snmp.pl for making the script executable.

Then:

$ ./enable_snmp.pl 
Obtaining data from Switch: 
Administrator Username: [ admin ]: 
Administrator Password: [ admin ]: 
Current Body Checksum: 
Current Header Check Byte: 
SNMP is currently: DISABLED - WILL ENABLE
Both community strings are limited to 15 characters.
New read-only community string: [ public ]: 
New read-write community string: [ private ]: 
New Body Checksum: 
New Header Check Byte: 
End - SNMP Should be enabled.

You will have to provide the right information for , , and parameters.

Finally, use the following command from an host that has network access to the switch:

$ snmpwalk -c   -v 2c

A long output should be displayed, showing every piece of information the embedded SNMP daemon on the SLM2008 can serve.

I hope this will help.

Regards.

Credits: Cisco support forum and David Holland.

DNS recursive attacks, DoS and DDoS : iptables -m recent is your friend

Got plenty of query (cache) 'isc.org/ANY/IN' denied in your bind9 logs? Like about 1 query per second from several IPs? Want to tell them to get lost? This entry may interest you then.

No extensive writing needed here, there is the essential:

$IPT -A INPUT -i $MAIN_IF -p udp --dport 53 -m recent --set

$IPT -A INPUT -i $MAIN_IF -p udp –dport 53 -m recent –update –seconds 30 –hitcount 10 -j DROP

$IPT -A INPUT -p udp –dport 53 -j ACCEPT

I put these rules before other INPUT rules, and restarted my firewall.

Now DNS access on my public IP is limited to 10 separate queries within a 30 seconds timeframe. It seems acceptable for the moment, and DNS fsckers generally get dropped within the first 15 seconds, which is correct for me. But feel free to experiment different values according to your needs.

I hope this will help :)

From 127.0.0.1: Time to live (almost) exceeded

It has been quite some time since I wrote something here, certainly due to laziness, or maybe just because this whole blog thing started to sound like « Meh ».

Life stuff

Nothing earth-shattering for you people since my last article, but quite an interesting and enlightening period for me.

I worked in Paris for 6 months for eNovance, a company focused on Open Source solutions and development. I used to work with wonderful people, and more importantly, I was able to share knowledge with about everyone out there. This intership has been one of the most interesting experience I ever had so far, even if the first three months were not easy. Thanks again to eNovance’s staff for giving me this opportunity.

I also had the chance to discover the /tmp/lab, the most important hackerspace in Paris. I walked in and met new (and very, very interesting) people. I wish to experience this again.

Since then, I went back to Belfort as an UTBM student again, and I had quite a hard time to get used to this sudden change. But now, I feel confident and motivated, and I do not intent to jeopardize the last (long) run to the engineering degree. Moreover, my internship has been ended as a complete success with an excellent feedback from both eNovance and the UTBM.

At the time of writing, I just went through a week of mid-term exams. I expect some surprising results, in both bad and good way. It is also about time to focus on the several projects I have to complete before the end of the semester. Hence this unexpected writing, before I consider myself too tight on schedule…

Geek thoughts

GRSEC and IP Blackhole feature:

Neat for servers without a firewall, not for a router, where I experienced major slowdown while transfering files over a Fast Ethernet link. I eventually decided to disable this feature.

PVST and PVST++ :

Per Vlan Spanning Tree… Cisco’s proprietary protocol that allow vlan specific STP settings. Seems neat and cool, unless you have heterogeneous appliances: A Cisco Catalyst WS-C2924-XL can’t « talk » PVST+ with a Cisco Small Business SLM2008, resulting in useless lines in the Catalyst configuration.

At least you can setup global STP setting within the VLAN 1 (Cisco’s default VLAN for the Ethernet protocol).Therefore STP settings are effectively propagated, since the SLM2008 use the same default VLAN, and

even if you change the administration VLAN.

Surprising fact, a Cisco Small Business WAP 4410 Wireless Access Point seems to be able to receive and certainly handle PVST+ packets… which is SO making sense for a single bridge between a radio interface and a wired interface…

Ubuntu 10.04 Lucid Lynx:

Best Ubuntu experience I ever had so far. Everything seems to work seamlessly on my Thinkpad X300. Canonical and the Ubuntu community worked hard on this one.

That’s all, folks!