What www.hak5.org started was quite commendable and I’m really not sure what the status of the Community Rainbow Tables project is at hak5.
They are generating the rainbow tables with the following configuration:

* NTLM
* mixalpha-numeric-all-space
* [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]
* 26 indexes, 22 files/index
* 572 tables total
* 340.93GB
* 96.07% probability of successful crack

I’m currently generating index 13 and index 26 on this configuration. It would be cool to have multiple people generate it and upload it. I know many people are already doing that as we speak. We should also have SHA1, MD5 project for mixalpha-numberic-all-space configurations.

Long time since I posted anything here …. but it’s just been those times been busy as a bee. So securing Cisco routers is a big deal especially since the routers (especially the edge routers) can be critical to any organizations infrastructure. I am not a Cisco guru but am only a student. However, I thought I should create a list that could help me perform security reviews of routers.
Security of routers is important as attackers could add static routes, advertise bad BGP neighbours on edge routers, create inbound tunnel into the intranets and such. Therefore, it’s imperative that adequate efforts be put in to secure Cisco routers.

I thought I’ll put in my first attempt at creating a small checklist:

1. Use SSH for non-console access (“line vty” command should not have telnet in it)
2. Use class 5 passwords, do *not* use class 7 passwords as they’re easily reversed (“enable secret”) alongwith the use of strong passez
3. Limit virtual terminal access by using an ACL
      access-list 100 permit 10.10.10.10 log
      access-list 100 permit 10.10.10.11 log
      access-list deny any log
      line vty 0 4
       access-class 100 in
4. Disable Proxy ARP on each interface (“no ip proxy arp”)
5. Disable CDP as it can be used for information disclosures (“no cdp run”)
6. Use AAA (TACACS+ or RADIUS) (“aaa new-model”, “aaa authentication”, etc.)
7. Use “access-list ACL_NAME deny ip any any log” at the end of each ACL
8. Disable http server (“no ip http server”)
9. Keep the IOS versions updated
10. Set centralized logging using a syslog (“logging internal_ip_address”)
11. Configure NTP to keep the time synchronization (“ntp server 129.6.15.28”)
12. Disable TCP and UDP small services e.g., echo, chargen, discard, etc. (“no service tcp-small-servers” and “no service udp-small-servers”)
13. Put RFC 1918 (ingress filtering) protections using ACLs
       access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
       access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
       access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
       access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
14. Put some more filtering for common IPs
       access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
15. Use SNMPv3 with ACLs if you must (“snmp-server v3 auth priv”)
16. Use SSHv2 (“ip ssh version 2”)
17. Try to use EIGRP instead of RIP/OSPF (“ip authentication mode eigrp N md5”)
18. Use MD5 authentication for RIP/OSPF if you must use these protocols (RIPv2/OSPF)
    (“ip rip authentication mode md5”)
19. For edge routers using BGP authentication (if possible)
       router bgp 10
        neighbor 10.10.10.10 password Cr4zY$%^
20. Configure BGP route flap dampening that prevents BGP oscillations (“bgp dampening”)
21. Use warning banners that could be used for legal purposes for prosecuting hackers

This is not a post but nostalgia. This post is actually a transcript of the first interview of my life. It was for a top Indian Software Consultancy Company (referred to as “XYZ” from now on). I remember that it was July 9th, 2001 and it was a really rainy day in Bombay. While coming to the college I was totally drenched and was looking rather distraught! I cleared the aptitude test and then came the Big One – The Interview!
I went to the interview thinking that i wanted to completely screw up the interview (coz I was interested in some other company) so i went there casually dressed with a demonic smile on my face >:-) . In hindsight, I think the way I appeared for this interview was really gutsy for me and I probably couldn’t have done that had I been craving to get a job in this company. Here is the transcript of the interview.

XYZ: So Mr Rajat … tell me about urself and ur family in *short*
Me : In the year 1980 i was born in allahabad and spent the initial yrs of mylife in blah blah blah ….and completed my schooling in Shree Ram Welfare Society’s High School, Andheri(W), Mumbai . therafter i went to Sathaye College….(blah blah blah) and i came to this college thinking that this college would be good.
XYZ: & how did u find this college?
Me : (thinkin for a while and then with a heavy heart ) ok !
XYZ: Rajat y did u chose our company (XYZ) instead of other companies.
Me : i did not choose XYZ i’ve just come for this interview ! In fact u guys have come to our college (for on-campus placements) i haven’t come for this interview.
XYZ: but would u like to join our co.?
Me: i’ve come for this interview ! what does this indicate to u?
XYZ: give me one reason why u want to join XYZ?
Me: i don’t want join XYZ… i’ll goto any other co. that comes next…as a matter of fact any other co. will take me!
XYZ: Mr Rajat in this form (these guys had given us a form to fill in whichwe were supposed to write the salary we desired which i forgot to fill… oops faux pas ? well not quite) which we have given to u , uhaven’t mentioned the salary u want…. what r ur expectations?
Me : I want more!
XYZ: MORE !%#$%$#$ y do u want more?
Me: because i know i’m worth it!
XYZ: u say so but it is for us to see whether u r worth it!
Me: put me to test and i’ll prove i’m worth it !
XYZ: but why do u want more ?
Me : everybody wants more so what is wrong if i want more!(the guy seems to be pissed off to my delight)
XYZ: but u must be having some expectations , don’t u?
Me : yes of course , i have . but u r not gonna live up to them. u had made it quite clear the salary u’ll be offering to us … so it doesn’t matter what my expectations are u r gonna give only what *you* want to give us , so there rests the matter.
XYZ: tell me about this person whom u know & works in XYZ.
Me : He is my cousin and he stays at andheri.
XYZ: so what have u heard from him about our co. ?
Me : NOTHING!
XYZ: but u might have heard something at least!!!!!
ME : we meet at social gatherings and the last thing we want to speak about is XYZ!!!
XYZ: ok tell me about ur project … this assembler
Me : blah blah blah
XYZ: ok … so in ur form u write u want “A GOOD NETWORKING PROJECT PREFERABLY BASED ON NETWORK SECURITY” . what do u know about networking?
Me : NOTHING!
XYZ: (a very surprised Mr. Sleepy said) NOTHING !?!? then how can u say u want a project in it?
Me: well , i’ve attended a few seminars @ IIT and it ensured me that that was the only field i’m interested in.
XYZ: then ur interest may change after studying the subject!
Me : No, it won’t change!!!!
XYZ: wat do u know bout networkin?
Me: latest happenings … blah blah blah
XYZ: suppose that we don’t have a project in network securities for you then what will u do?
Me: i have written that it is my ambition to work on a networking project…AMBITIONS ARE NOT ALWAYS FULFILLED.
XYZ: Rajat … there is a rule in ur college that if u get 1 co. u r noteligible for the rest.we offer u 16k .. so if tomorrow infosys comes and offers u 20k wat will u do?
Me : I WILL GO !!!!!
XYZ: u’ll go !?! that means you are after money ?
Me : who said that !? i never said that ! i want more money but more important than that is the work environment & the kind of projects i get. if i getbetter projects there i’ll go money is secondary but still important .
XYZ: (as if trying to juistify a lesser salary) u know rajat that on paper their (Infosys) salary may look large but 20% blah blah blah ….. 12.5 % blahblah blah …6% blah blah blah … (and lots more statistics which lasted foran eternity as far as my viewpoint goes)
XYZ: do u realise that XYZ has a 3yr. service agreement or u r chargedRs.50,000/- . what are your feelings about that?
Me : it is absolutely wrong.
XYZ: why?
Me: The word “bond” itself says that u r “bound” to the co. no matter what.
XYZ: that is why we don’t call it a “bond” we call it a “service agreement”.
Me: ok…that’s just another name for it. i personally think that instead of”binding” people to ur co. u should create such an environment that people like to stay in ur co. with their wishes and so the co. will benefit if peoplework with their wishes.
XYZ: do u havre any questions for us?
Me: yes , sir i do! in ur qns a few minutes back u mentioned infosys and in ur pre-placement talks u said u r no.1 software co. of india. how can u say thatwhen all that we see in the newspapers is infosys and with u comparing urself to infosys?
XYZ: infosys is 12% blah blah blah … 19% blah blah blah …(and lots morestatistics that made me feel as miserable as our indian cricket team witheverything out of control)does that answer ur qn?
Me: ya! sir may i ask another question ?
XYZ: ya sure! (with some uneasiness)
Me: sir, this yr. we have seen our seniors get whole lot of “back out” letters! what r ur feelings about that?
XYZ: OUR FEELINGS !!??!
Me: i mean r u people going to do the same with us?
XYZ: (i think this was it and he lost his complete cool and he pointed to me & said sternly) till this date our company has not given any “back-out” letters to anybody.
Me: Thank u .sir. it was a pleasure!

This was the first interview of my life and I ended up getting selected for this company. It was a great experience working there and I realized that money is not everything! At the end of it I think I was not rude but dangerously honest in giving my answers and this plan could have backfired on me but it didn’t … may be I was lucky or may be this was destiny!

If you’re like me and recently upgraded to Verizon FiOS and you have your PS3 on the wired segment and the Media Server (such as PS3 Media Server, TVersity, etc.) on the wireless segment, you’re in for a ride with the configuration.
By default, you can’t route the traffic between the wired and wireless segments over UDP! You can send ICMP echo packets (i.e., ping) but the PS3 just won’t detect the Media server. You may disable the Host-based firewall (e.g., Norton, Kaspersky, McAfee, etc.) but it still won’t work.

If you happen to read posts like these, you will see that you have to disable “IGMP proxy”. IGMP Proxy basically reduces the traffic on the multicast addresses to a bare minimum. Unfortunately for you, this causes the traffic between PS3 Media Server and PS3 to drop.

So you log into your FiOS router’s administration console typically located at 192.168.1.1. Click on Advanced -> Yes -> Firmware Upgrade and check the firmware version. You will see that it is an ActionTec router (based on the Auto-update URL). But nowhere do you see the option to update the “IGMP Proxy” settings. That’s because that feature is “hidden” in the latest firmwares.

So you just need to copy/paste the following URL into the browser address bar and you will see the option to disable “IGMP proxy”.
http://192.168.1.1/index.cgi?active_page=6059
Disable it and Voila! The PS3 Media Server and PS3 can now talk to each other.

A simple way to install Backtrack 4 on a USB stick is to use UNetBootin. UNetbootin can be used to create live (i.e., bootable images with a fully functional OS on it) USB images. This is the first time I tried this route and it seems to work alright.
Otherwise, if you are the linux fans, our good old friend dd does a great job.

dd if=bt4-final.iso of=/dev/sda bs=4096 conv=noerror,sync

Back again in the lab to get the module completed as this part needs a lot of effort.
The RabinHash available at Jaspell was very helpful in getting me started with the actual coding of the whole thing. Now since the Rabin Hash values are really varied I need to first figure out ways to search the packet hash presence effectively. Today I’ll try an idea where I’ll mod out the hashes to 3 distinct prime numbers and see the values they hash to. These indices from the table of pointers would point to respective hash values.

           mod p1                          mod p3
      |_______________|                |_______________|
      |_______________|--->[val1]<--+  |_______________|
      |_______________|--->[val2]   |__|_______________|
      |_______________|--->[val3]<--+
              :          :   :      |         :
              :          :   :      |___      :

First I needed to read through how kernel memory allocation works.
Kernel Korner – Allocating Memory in the Kernel | Linux Journal was a fantastic link that got me right into the mem allocation principles!.
Let’s see how the day goes!

If you are a South Indian, have a long name, use lotus notes and want to send encrypted e-mail using Internet Certificates…you may just be out of luck! Why?
Lotus Notes 6 does not support importing of PKCS#12 (.pfx) certificates which have the CN (Customer name), OU (Organization unit), O (Organization), CA (Certificatio Authority) fields together more than 255 characters. Many of my south Indian friends in fact have names that are 40 characters themselves! Alongwith the O, OU and the CA taken together this could easily exceed more than 255 characters. On encountering such a situation, Lotus Notes also gives a friendly error message which my friends may not find quite amusing at that point “Name too long”. Once you encounter this error, you cannot proceed with the import. To work around this see if you can reduce the characters in OU and O fields because your e-mail ID has to match the one in Lotus.
I also found a useless response from IBM to get rid of this problem. Their response was pretty much “learn to deal with it! we won’t correct our stupid software”.
Justin’s written a pretty useful how to on importing S/MIME certificates into Lotus notes.