Adam Palmer, Linux, PHP Programmer, MySQL Developer, Website Security Consultant
msgbartop
I will happily conduct a FREE basic web security scan for any genuine organization interested in my services to point out whether or not I can find vulnerabilities in your application. Just contact me.
Need a PHP Programmer, PHP staff or project manager? Contact me now.
msgbarbottom

10 Feb 10 netfilter/iptables split access with multiple ISPs

Quite a while back, I posted article http://www.adamsinfo.com/extending-tc-and-iproute2-linux-routing-split-access-multiple-uplinks-multiple-isps-iptables-masquerading/

The article focuses on using the standard iproute2 tool to allow the box to attempt to balance traffic over multiple uplinks with multiple default routes. While relatively easy to set up, it has a few problems:

  1. Routes are cached, meaning that once the balancer has decided on a route to a certain IP for the first time, it will continue to use this route for a while.
  2. There is no real control over which packets end up over which route, other than some basic metrics such as source IP and destination IP.
  3. Certain long established TCP connections such as MSN or IRC die after the route cache expires and the packets begin being routed over the other connection. Logically, there should be a fix for this or theres a bug in my script, either way I gave up digging after a while, and just forced connections to given IPs over the same route each time.

I’ve recently decided to give this a go in netfilter purely. My environment is a router with a number of LAN devices, with eth0 being the LAN interface (192.168.1.0/24), while eth1 and eth2 are separate ISP links with public IPs.
(more…)

Tags: , , , , , , , , , , , , ,

Filed in Technology with 2 Comments

16 Sep 09 Multithreaded Tunnel Proxy and OpenVPN experiment

Further to the Multithreaded TCP Tunnel Proxy that I wrote a while ago, I’ve picked up a low end UK VPS and installed OpenVPN on it, as well as my local machine. I set up the iproute2 split access load balancer and established the OpenVPN connection.

Now, each of the two DSL lines is established at 17mbit giving me a theoretical maximum of 2.125MB/sec. In actual fact to kernel.org I can get a steady 1.7-1.8MB/sec which is more than enough. From my 100mbit UK VPS, I can get 8-9MB/sec from kernel.org without issue. Establishing OpenVPN over a single connection and then pulling a file from kernel.org leaves me with only 1.3MB/sec which I’m not best pleased about. Pulling the file through a proxy running on the UK VPS downloads at 1.6MB/sec minimum, so it isn’t my new route that’s causing the slow down, it’s OpenVPN.  Either way, I didn’t bother testing for any improvement with pptpd because I need OpenVPN’s single TCP connection anyway for this experiment to work.

The positive outcome of the story, is that with iproute2 load balancing set up, and OpenVPN established through the multithreaded TCP proxy over both connections, and using -t4. My single 1.3MB/sec became 2.2MB/sec which is IMHO an incredibly successful outcome.

A problem to note, is that on more than one occasion, netstat/lsof showed 3 TCP connections established over one DSL, and 1 over the other DSL. I just restarted my tcp tunnel a few times until I had them equally balanced. If this was a big enough problem -t6, -t8 or -t10 might have showed interesting results, but the more threads the more delay and potential issue with misordered packets. -t4 with iptables forcing the TCP connections equally over the DSLs might also be worth investigating. Nevertheless, as the experiment goes, a pleasing outcome!

Tags: , , , , , , , , ,

Filed in Technology with 0 Comments

10 Sep 09 Security Consultant – Ports & Port Knocking

Port Knocking is a clever and interesting method of allowing remote firewall manipulation whilst leaving all ports closed to all IPs. When I attempt to initiate a TCP connection to a remote host I send a packet with a ‘SYN’ flag, indicating my intention, along with other information such as a source port, destination port, source IP and destination IP. The target machine has the option of responding by accepting, responding by rejecting, or simply ignoring the packet alltogether, known under iptables and most other firewalls as ACCEPT, REJECT or DROP.
(more…)

Tags: , , , , , , , , , , , , ,

Filed in Security Consultant, Technology with 3 Comments

04 Sep 09 Multithreaded Multi-Connection TCP Proxy Tunnel Update

Further to post http://www.adamsinfo.com/multithreaded-tcp-proxy-tunnel-code/

I have received a report from a user experiencing the following error:
# gcc -Wall -g -O2   -o tcp_tun tcp_tun.c  -lpthread
tcp_tun.c:44:37: error: getaddrinfo/getaddrinfo.h: No such file or directory
tcp_tun.c:45:37: error: getaddrinfo/getaddrinfo.c: No such file or directory

I think that this is a common error involving distros without getaddrinfo available. I have packaged up everything up with getaddrinfo and a configure/Makefile also. Please let me know your feedback.

tcp_tun-0.3-beta

Tags: , , , , ,

Filed in C/C++, Development, Linux, Projects, Technology with 1 Comment

02 Sep 09 Security Consultant – Basic NMAP Usage

nmap is one of the most useful tools for a security consultant in a penetration testing environment. It has a massive range of options, and only the most basic will be considered in this tutorial.

It goes without saying, that nmap should only be run against IPs and ports that you yourself have gained authorization to test. Here goes:
(more…)

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Filed in Linux, Security Consultant with 2 Comments

18 Aug 09 Multithreaded TCP Proxy Tunnel Code

Further to my earlier article, I went ahead and developed this application. Here’s a beta!

File: tcp_tun.c
Version: 0.3-beta
Title: TCP reassembling client-server application
Date: 17 Aug 09
Author: Adam Palmer <adam [AT] adamsinfo [DOT] com>
URL: http://www.adamsinfo.com/
(more…)

Tags: , , , , , , , ,

Filed in C/C++, Development, Technology with 1 Comment

15 Jan 09 PHP – fsockopen, TCP and UDP

PHP comes preloaded with a good socket handling function set. Using fsockopen to make HTTP connections however is in most cases obsoleted as the php-curl and set of curl functions covers more HTTP related stuff than you could ever need! fsockopen is available in both PHP4 and PHP5

Regardless, to cover the most basic usage of fsockopen, to establish a TCP connection to “mailserver” on port 110 (POP3):
(more…)

Tags: , , , , , , , ,

Filed in Development, PHP with 1 Comment

16 Sep 08 NetCat tutorial for Linux & Windows, HOWTO, nc

I wrote this article some time ago, but thought I’d publish it here for reference.

This text is dual licenced under the GFDL and GPL

There are two known versions of netcat. The version of netcat used here is the original Avian Research version. Not the newer GNU release

Discuss this page here

Contents:


- Netcat Basics - 1

- What is Netcat? - 1

- Netcat Syntax - 2

- Netcat Installation - 3

- What are the most basic uses? - 4

- Simple File Transfer - 4

- Tar - 5

- UDP - 6

(more…)

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Filed in Internetworking & Routing, Linux, Technology with 12 Comments

15 Sep 08 Quick Linux and Windows OpenVPN HOWTO and tutorial, including VPN routing

OpenVPN is a popular Windows/Linux VPN Server/Client pair. I think there’s a separate GUI available for it if you’re so minded. This howto will cover command line usage only.

I’ll provide example configuration based on a Linux server and a Windows client, however the same applies pretty easily if you wanted to mix and match.

On debian, apt-get install openvpn. On any other linux distro, use your own package manager or alternatively download from source and compile.
(more…)

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Filed in Internetworking & Routing, Linux, Technology with 3 Comments
Adam Palmer I'm Adam Palmer, and I'm a PHP Programmer, Web Security Consultant, and Linux Consultant. I run 'APNIC Solutions Ltd' and spend most of my time consulting, managing server clusters, and writing PHP, whilst what little spare time I have is dedicated to playing with gadgets.
Skype Me.!
sidebartop

Most Popular

sidebarbottom
sidebartop

Pages

sidebarbottom
sidebartop

Categories

sidebarbottom
sidebartop

Meta

sidebarbottom
sidebartop

Recent Comments

sidebarbottom
sidebartop

Recent Posts

sidebarbottom
sidebartop

Tags

alix apt-get bind C debian echo embedded ethernet gcc Hosting iproute2 iptables kernel Linux Linux robot mikrotik minipci mount MySQL openvpn PHP php5 PHP Developer PHP MySQL Developer php programmer picolcd Robot router routerboard 532a script security Security Consultant split access sql sql injection ssh SSL tcp the robot udp usb usb to ttl vps website security consultant xen
sidebarbottom
sidebartop

Archives

sidebarbottom
sidebartop

 

September 2010
M T W T F S S
« Aug    
 12345
6789101112
13141516171819
20212223242526
27282930  
sidebarbottom
sidebartop

Widgets & Links

  RSS Feed
sidebarbottom
Adam Palmer, Linux, PHP Programmer, MySQL Developer, Website Security Consultant   |  Contact Me  |  My Resume & Portfolio
© Adam Palmer . All Rights Reserved. Adam Palmer is a trading name of APNIC Solutions Ltd, Registered in England & Wales No. 05514218