$Id: blog.parsewiki,v 1.30 2009/02/11 10:59:17 facq Exp $
(using parsewiki)
openoffice dont like white spaces... but office users do !
rename 's/ /-/' *.doc
24 hours display in thuderbird
advanced/general/config editor (in mozilla : about:config)
liste of all config entries : http://kb.mozillazine.org/About:config_entries
(export LC_TIME="fr_FR.UTF-8" ; thunderbird )
http://kb.mozillazine.org/Date_display_format
comptact view, create and set : mail.ui.display.dateformat.thisweek = 4
or add in edit user_pres.fs the line : user_pref("mail.ui.display.dateformat.thisweek", 4);
how to watch forks process name on the whole system ?
poor man solution : ls -alrt /proc/nnn*
tcpdump tcp flags RWE RW RE ???
R = RESET
W = congestion _W_indow reduced (ECN)
E = ecn _E_cho sent (ECN
if (flags & TH_RST) putchar('R'); if (flags & TH_CWR) putchar('W'); /* congestion _W_indow reduced (ECN) */ if (flags & TH_ECNECHO) putchar('E'); /* ecn _E_cho sent (ECN) */
very cool tool to edit ps or pdf files : flpsed
it's possible to set tag on strings to batch editing !
Hints :
to remove a tag, "Edit" and remove all text
to edit a strings, click in the bottom left corner, the type
MRTG and readahead performance problem : http://www.usenix.org/events/lisa07/tech/full_papers/plonka/plonka_html/index.html
amap trigger response for symantec antivirus client
symantec-antivirus-client::tcp::^\x01\x10\x00.*\x14\x01.*\x00\x00\x00\x00\x00\x00\x00\x00\x00
symantec-antivirus-client:2967:tcp:0:0x01 10 00 00 14 00 00 00 00 00 00 00 00 00 00 00
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800945fe.shtml
flapping bgp. try access-list 1 permit x.y.z.t / debug ip routing 1
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094823.shtml
route selection in cisco routers
administrative distance : arbitraty route trustworthiness - lowest is the best
metrics : priority among internal to routing protocols (connected:0, static:1, ebgp:20, ospf:110, rip:120, ibgp:200)
prefix length : most specific is best
bgp stabilisation : use Null0 static route with high administrative distance so that this route is only used when other protocols fails, just to keep bgp announce.
ip route ip.ip.ip.0 255.255.255.0 Null0 254
(dont use 255 value which seems to discard the route!)
network-point-to-point -> annonce en unicast au lieu de broadcast
using siege tool to mesure web server performance with or without mod_perl for nocat (need to modify to avoid IPC::Open3 which dont work with mod_perl)
look at how vmware virtual bridge / nic works ("brctl show" gives nothing !)
http://db.usenix.org/events/usenix01/sugerman/sugerman_html/node5.html
but i can't see the PROMISC flag on my eth0 ???
dmesg says :
device eth0 entered promiscuous mode
bridge-eth0: enabled promiscuous mode
look at common desktop entries for KDE and GNOME "Desktop Entry Standard" : ".desktop" files in /usr/share/applications
default qpopper package on debian is to slow and loads to much disks
get back to the good old cucipop !! so fast !!
perf pb with debian bind 9.2.4 on some requests on some domaines ?!?
bind 9.3.2 without thread => runs ok
very good plugin / add on for firefox : Tamper Data - https://addons.mozilla.org/firefox/966/
allow to trace every request (http and overall https) done par firefox and to modify request on the fly
very usefull to debug application using http redirection like shibboleth
remember that when a cisco router learn a route by two means - example static and ospf, the 'sh ip route' and 'sh ip route ospf' only show active and used routes. i.e. you cannot see that ospf is learning a route if this route is overwrittent by an identical static route.
Take a look at cisco FPM Flexible Packet Matching - should try to write a snort2fpm !
Installing Shibboleth IDP 1.3 with an already running Shibboleth 1.2.1.
Problem : endosrsed libs are differents and seems not compatibles (tried to copy all of them in endorsed/ or to put only new versions : don't work...)
Solution : just install another tomcat on the same host (on an other port) and create another worker.
## give the list of worker instead of only one JkWorkerProperty worker.list=ajp13w,ajp13w-bis
## definition of the worker 'ajp13' JkWorkerProperty worker.ajp13w.type=ajp13 JkWorkerProperty worker.ajp13w.host=localhost JkWorkerProperty worker.ajp13w.port=8019
### definition of the worker 'ajp13-bis' JkWorkerProperty worker.ajp13w-bis.type=ajp13 JkWorkerProperty worker.ajp13w-bis.host=localhost JkWorkerProperty worker.ajp13w-bis.port=8020
JkMount /shibboleth/* ajp13w JkMount /my-manager/* ajp13w JkMount /my-host-manager/* ajp13w
JkMount /shibboleth-1.3/* ajp13w-bis JkMount /my-manager-bis/* ajp13w-bis JkMount /my-host-manager-bis/* ajp13w-bis
working on MTU
VRF and (GRE) tunnel
is it possible to have a tunnel extremity in a vrf and have encapsulated packets going thru the default route (and associated intercace) from the global routing table
working on MTU
MTU on RENATER - ok for big MTU, depending on peering device.
looking for info on dscp / ip precedence
Assure Forwarding http://www.ietf.org/rfc/rfc2597.txt
4 class with low/medium/high drop inside each class.
Expedited Forwarding http://www.ietf.org/rfc/rfc2598.txt
One class for low loss, low latency, low jitter
CoS RENATER
LBE Less than Best Effort AF13 / DSCP 14 00110
BE Best Effort DSCP 000000
BBE-INC Better than Best Effort In Contract AF41 / DSCP 34 100010
BBE-OOC Out Of Contract AF42 / DSCP 36 100100
IP Premium DSCP 46 101110
Supervision DSCP 48 110000 et DSCP 56 111000
Ethernet CoS :http://www.javvin.com/protocol8021P.html "User Priority- Defines user priority, giving eight (2^3) priority levels. IEEE 802.1P defines the operation for these 3 user priority bits".
BreathingReminder : never forget to breath !
good article about Distributed Reflection Denial of Service :
pages on tcp perf tuning :
to get all snmp variables :
snmpwalk router community iso
looking for a one end traffic generator tool for router benchmarking
interesting thesis : Using benchmarking to improve IDS configurations http://www.dsv.su.se/research/seclab/pages/pdf-files/2005-x-219.pdf
isic : generate random packet. good, but random packet is far from real traffic. http://www.cs.wright.edu/~pmateti/GradStudents/MSTheses/MStopics2.html
with Gregoire MOREAU : First ftps warez (ftp over ssl) discovered on our network
to look at the wonderful banners :)
browser pointed at https://pirated.host.name:portnum
curl -v -k ftps://pirated.host.name:portnum
vlc to get codian stream
2 stream bit rate at the same time
have to check how to control bit rate (current bit rate sessions or system settings - what's the strongest !)
vlc is ok to record stream to file (chose stream output / settings / file [ & play locally) )
vnc on linux for codian display
with vncserver,
only able to create a separate virtual server :1 on 5901 port. Launch applications xterm -display :1 ...
with vino for gnome, (use vino-preferences to configure it and set you password)
able to directly grab the :0 display
able to control view only or interaction
able to validate each new vnc connexion
Frozen ip by client room project :
#sh run | inc dhcp ip dhcp snooping vlan START-NUM END-NUM ip dhcp snooping
interface fas 0/24 description uplink ip dhcp snooping trust
!! on backbone switch/router (6500) interface vlan xxx ip helper-address <ip.server.dh.cp> ip dhcp relay information trusted ! allow dhcp request with option-82 inside
todo on router : ip dhcp relay... trust-all ... TODO
12.1(22)EA4 on WS-C2950T-24 : 'ip dhcp snooping information option' is the default dehaviour. 'no ip dhcp snooping information option' to disable it.
12.1(22)EA4 on WS-C2950T-24 : 'show ip igmp snooping group'
multicast ok with level 3 port access-list
tonight, 20% cpu use by a forgotten 'debug ip igmp' on our 7304 NPE-G100 (cpu : IGMP Input 4% and Logger arround 12% !)
how CA root servers are included in popular browsers ? what are the policies ?
http://www.hecker.org/mozilla/ca-certificate-policy - Mozilla CA Certificate Policy
http://www.microsoft.com/technet/archive/security/news/rootcert.mspx - Microsoft Root Certificate Program
pwc quickcam driver for debian sarge (2.6.8)
multicast configuration for shorewall
ACCEPT net fw:224.0.0.0/4
IOS 12.2(20)S10 dont support netflow on sub-interfaces (command "ip route-cache flow" rejected). Workaround : activate netflow on main interface so that all sub-interface traffic is netflow exported.
no "ipv6 default-network" command on cisco. solution to have possible bgp backup routing : static route towards a bgp annonced network - for us, as we don't want full ipv6 bgp routing, RENATER only send it's default route, we use "ipv6 route ::/0 2001:660::/32" -- doesn't work !!! command not supported :)
added some ipv6 metrologie (mrtg on ipv6 sub 802.1q interface)
cisco 6509 upgrade to 12.2(18)SXF2 for better ipv6 support
no problems, except that our new flash disks where accessibles in read/write with no formatting needed, but at the first reboot on the new ios image on flash disk, the filesystem were not recognised and we get a "device does not contain a valid magic number" "loadprog: error - on file open" error message. Solution : format disk0: and copy the ios again.
Rule : always format new flash on the equipement which will use it !
cisco 6509 upgrade to 12.2(18)SXF2 for better ipv6 support
no problems, except that our new flash disks where accessibles in read/write with no formatting needed, but at the first reboot on new ios image, the filesystem were not recognised and we get a "device does not contain a valid magic number" "loadprog: error - on file open" error message. Solution : format disk0: and copy the ios again.
Codian MCU hacking using nph-proxy.cgi :
added experimental and limited Auth Digest RFC 2617 support to nph-proxy.cgi
added lacking https support to codian native web interface.
added shibboleth authentication
final goal : create intermediary access right for group managment based on shibboleth origins ( finer control like : group conf administrator)
Frozen ip by client room
goal : give an internet connection to room mate with a static ip predefined for each room
using cisco switch (2950T/G) with level 3 ACL on level 2 ports to freeze ip source
using dhcp to send the rigth static ip based on port/switch with circuit-id option 82
nocat with shibboleth authentication
dns requests rate-limitation to avoid free ip over dns tunnel hacker
with Gregoire MOREAU : extending wifi nocat architecture with layer 2 openvpn tunnel for remote access point over layer 3 links, managed by only one nocat server.
nocat with shibboleth authentication
debugging
nocat with shibboleth authentication
with Ludovic DOIT
splash screen with bad popup configuration auto detection (connections cut by timeout)
with Gregoire MOREAU
added statistics computations with jpgraph
nocat with shibboleth authentication
(with Mathieu GELI - ENSEIRB)
added shibboleth authentication to nocat
added mac adresse logging
added connections logging by users with iptables / ulog
added splash screen before authentication to give user advices and info
added sessions log to postgres database
added sessions packet and volume to postgres database