Older blog entries for beraldo (starting at number 18)

mutt + sidebar patch + postfix + vim + offlineimap + cron = MUA perfeito (para mim)

Fazia bastante tempo que eu queria voltar a usar o mutt, mas tinha perdido meus backups dos arquivos de configuração e estava sem tempo para configurá-lo novamente. Finalmente neste fds tive tempo para fazer a brincadeira funcionar com múltiplas contas. Depois eu posto aqui os arquivos de configuração.... (se me restar tempo...)

Mutt

Syndicated 2009-09-06 23:08:21 from beraldoleal.com

Grabbing and sending packets with Scapy (Scapy, part 2)

HI folk, in the last post (a long time ago), I write a short introduction to Scapy tool. With this post, I need, show to you, how grab and send packets with Scapy. This is a good way to develop tools to test any network application, such study Kaminsky's DNS flaw, since no talks about anything else on the Internet.

In scapy there are many methods to send or receive a packet in network. We have the families of commands, below:

  • Send family - Just send packets in layer 2 or 3.
  • Send and Receive family - Send packets in layer 2 or 3 and print or store results.
  • Sniff family - Receive packets in promisc mode and return them in a packet list.

This post is not intended as a reference for each of the families above. For more informations, execute lsc() in scapy and see Scapy doc.

You can see a sample of Sniff family in action, below (execute scapy as root):

>>> a=sniff(count=2)
>>> a
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>> a.nsummary()
0000 Ether / IP / UDP / DNS Qry "www.google.com."
0001 Ether / IP / UDP / DNS Ans "www.l.google.com."
>>> a[0].show()
###[ Ethernet ]###
dst= 00:03:99:89:83:a9
src= 00:1e:c9:1b:7b:da
type= 0x800
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 60
id= 12959
flags= DF
frag= 0L
ttl= 64
proto= udp
chksum= 0xd5af
src= 10.1.0.1
dst= 200.170.95.182
options= ''
###[ UDP ]###
sport= 54584
dport= domain
len= 40
chksum= 0x329c
###[ DNS ]###
id= 16628
qr= 0L
opcode= QUERY
aa= 0L
tc= 0L
rd= 1L
ra= 0L
z= 0L
rcode= ok
qdcount= 1
ancount= 0
nscount= 0
arcount= 0
qd
|###[ DNS Question Record ]###
|  qname= 'www.google.com.'
|  qtype= A
|  qclass= IN
an= 0
ns= 0
ar= 0
>>>

You can have many parameters in sniff() function, like a filter , timeout , an interface (iface ), and a function to apply to each packet (prn and lfilter ).

>>>  sniff(filter="udp and port 53", count=2, iface="eth0")
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>>

Sending a simple ICMP packet

>>> pkt=IP(dst="10.0.0.1")/ICMP()
>>> pkt
<IP  frag=0 proto=icmp dst=10.0.0.1 |<ICMP  |>>
>>> send(pkt,count=2)
..
Sent 2 packets.

Ok, this is a simple sample, I know, but you now can use your mind and play with Scapy.

Syndicated 2009-02-19 19:15:32 from beraldoleal.com

Grabbing and sending packets with Scapy (Scapy, part 2)

HI folk, in the last post (a long time ago), I write a short introduction to Scapy tool. With this post, I need, show to you, how grab and send packets with Scapy. This is a good way to develop tools to test any network application, such study Kaminsky's DNS flaw, since no talks about anything else on the Internet.

In scapy there are many methods to send or receive a packet in network. We have the families of commands, below:

  • Send family - Just send packets in layer 2 or 3.
  • Send and Receive family - Send packets in layer 2 or 3 and print or store results.
  • Sniff family - Receive packets in promisc mode and return them in a packet list.

This post is not intended as a reference for each of the families above. For more informations, execute lsc() in scapy and see Scapy doc.

You can see a sample of Sniff family in action, below (execute scapy as root):

>>> a=sniff(count=2)
>>> a
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>> a.nsummary()
0000 Ether / IP / UDP / DNS Qry "www.google.com."
0001 Ether / IP / UDP / DNS Ans "www.l.google.com."
>>> a[0].show()
###[ Ethernet ]###
dst= 00:03:99:89:83:a9
src= 00:1e:c9:1b:7b:da
type= 0x800
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 60
id= 12959
flags= DF
frag= 0L
ttl= 64
proto= udp
chksum= 0xd5af
src= 10.1.0.1
dst= 200.170.95.182
options= ''
###[ UDP ]###
sport= 54584
dport= domain
len= 40
chksum= 0x329c
###[ DNS ]###
id= 16628
qr= 0L
opcode= QUERY
aa= 0L
tc= 0L
rd= 1L
ra= 0L
z= 0L
rcode= ok
qdcount= 1
ancount= 0
nscount= 0
arcount= 0
qd
|###[ DNS Question Record ]###
|  qname= 'www.google.com.'
|  qtype= A
|  qclass= IN
an= 0
ns= 0
ar= 0
>>>

You can have many parameters in sniff() function, like a filter , timeout , an interface (iface ), and a function to apply to each packet (prn and lfilter ).

>>>  sniff(filter="udp and port 53", count=2, iface="eth0")
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>>

Sending a simple ICMP packet

>>> pkt=IP(dst="10.0.0.1")/ICMP()
>>> pkt
<IP  frag=0 proto=icmp dst=10.0.0.1 |<ICMP  |>>
>>> send(pkt,count=2)
..
Sent 2 packets.

Ok, this a simple sample, I know, but you now can use your mind and play with Scapy.

Syndicated 2008-08-28 14:20:24 from beraldoleal.com

Scapy, part 1

Okay, you can say: You are outdated!! Since it is a tool of five years old. But I never gave considerable attention to it. In last week I see in top 100 network security tool in Fyodor's site, and I can't stop using it. I am talking about the Scapy, a Python program that enables you to forge, dissect, emit or sniff network packets, probe, scan and what your mind wants.

This is a simple post, only to show the basic concepts of scapy.

What is scapy?

From scapy:

"Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc."

ls -la
teste

Syndicated 2008-07-01 16:45:38 from beraldoleal.com

Development at the hackathon, go Forrest go!!

In openbsd-misc mail list:

"Development is really fast right now, because of the hackathon in Edmonton.

We are testing as much as we can before we commit, but as always during these hackathon processes we really depend on our user community -- to track our changes and help spot the occasional bug we accidentally introduce.

We are developing really fast and hard; please help us by testing really fast and hard too.

There are some snapshots being made, of course, but people who are familiar with checking out their own trees can really help us by buildind and running it immediately."

- Theo de Raddt, in a June 11th, 2008 message.

Syndicated 2008-06-17 20:31:40 from beraldoleal.com

Teste

teste de um post rápido para os asides.

Syndicated 2008-04-01 02:52:16 from beraldoleal.com

14 Feb 2008 (updated 4 Mar 2008 at 13:52 UTC) »

Kids 0.1b released

It is my great pleasure to announce the availability of KIDS 0.1b, an Kernel (Network) Intrusion Detection System. This project is the result of a year of research on kernel and Network IDS. The Kernel Intrusion Detection System-KIDS, is a Network IDS, where the main part, packets grab/string match, is running at kernelspace, with a hook of Netfilter Framework. This project is not ready for use. It is only a proof of concept and should not be put in an environment in production, yet.

The main goal of KIDS is to try to reduce the delay in the processing of the rules, with the elimination of two changes in context (kernel-user-user-kernel), as this task is performed in kernelspace.

The main goal of KIDS is to try to reduce the delay in the processing of the rules, with the elimination of two changes in context (kernel-user-user-kernel), as this task is performed in kernelspace.

A more detailed document for development / hacking will be drafted later.

For more information about KIDS project, please see:

http://sourceforge.net/projects/ids-kids/

Syndicated 2008-02-07 16:47:16 from beraldoleal.com

Bitlbee

Bom.. depois de mais de um mês out, voltei, espero. Ano novo, vida nova, cidade nova (estou morando agora em Sampa) e eu na luta para conseguir tempo para postar algo aqui.

Bom... eu sou fã do tal do IRC, desde de mil novecentos e bolinha, e depois que passei a usar o bitlbee, mais ainda! :) Para quem não conhece, trata-se de um gateway IRC para redes de instant messaging (atualmente suporta gtalk, jabber, yahoo, icq, msn, aim e skype). Se você fica conectado full time no IRC, trocando ideias com outros nerds, e não quer ter outras aplicações abertas como Gaim, Gtalk, amsn, ou qualquer outro IM, para falar com as pessoas que não usam IRC, seus problemas acabaram!! Instale hoje mesmo o bitlbee, e tenha seus contatos em uma sala IRC, normalmente, com seu client preferido. Tem até integração com o emacs!

Instalação fácil fácil (disponível no apt-get mais próximo de você), conectou, registrou, logou, tá lá.. todos os contatos, perfeito! Ou quase, por default vem sem suporte a SSL, então trate de fazer um túnel seguro (stunnel é uma boa sugestão), e seja feliz.

Syndicated 2008-01-29 21:21:37 from beraldoleal.com

9 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!