giovedì 13 novembre 2014

Enable SSH on cisco switch

1. Setup Management IP

First, make sure you have performed basic network configurations on your switch. For example, assign default gateway, assign management ip-address, etc. If this is already done, skip to the next step.
In the following example, the management ip address is set as 192.168.101.2 in the 101 VLAN. The default gateway points to the firewall, which is 192.168.101.1
# ip default-gateway 192.168.101.1

# interface vlan 101
(config-if)# ip address 192.168.101.2 255.255.255.0

2. Set hostname and domain-name

Next, make sure the switch has a hostname and domain-name set properly.
# config t
(config)# hostname myswitch
(config)# ip domain-name thegeekstuff.com

3. Generate the RSA Keys

The switch or router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below.
myswitch(config)# crypto key generate rsa
 The name for the keys will be: myswitch.thegeekstuff.com
 Choose the size of the key modulus in the range of 360 to 2048 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 1024
 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Also, if you are running on an older Cisco IOS image, it is highly recommended that you upgrade to latest Cisco IOS.

4. Setup the Line VTY configurations

Setup the following line vty configuration parameters, where input transport is set to SSH. Set the login to local, and password to 7.
# line vty 0 4
(config-line)# transport input ssh
(config-line)# login local
(config-line)# password 7
(config-line)# exit
If you have not set the console line yet, set it to the following values.
# line console 0
(config-line)# logging synchronous
(config-line)# login local

5. Create the username password

If you don’t have an username created already, do it as shown below.
myswitch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
myswitch(config)# username ramesh password mypassword
Note: If you don’t have the enable password setup properly, do it now.
myswitch# enable secret myenablepassword
Make sure the password-encryption service is turned-on, which will encrypt the password, and when you do “sh run”, you’ll seee only the encrypted password and not clear-text password.
myswitch# service password-encryption

5. Verify SSH access

From the switch, if you do ‘sh ip ssh’, it will confirm that the SSH is enabled on this cisco device.
myswitch# sh ip ssh
SSH Enabled - version 1.99
Au

martedì 11 novembre 2014

How to extract a filesystem from a disk image

You need to backup an entire hard disk to a single file. Supposing your disk is at /dev/hda and the backup file is image-file, you’d do:
# cat /dev/hda > image-file
or
# dd if=/dev/hda of=image-file

The file backup you get will hold a copy of every single bit from the hard disk. This means that you also have a copy of the MBR in the first 512 bytes of the file.
Because of this, you can see the partition table on the backup file:

# sfdisk -l -uS image-file
Disk image-file: 0 cylinders, 0 heads, 0 sectors/track
Warning: The partition table looks like it was made
for C/H/S=*/255/32 (instead of 0/0/0).
For this listing I'll assume that geometry.
Units = sectors of 512 bytes, counting from 0
Device Boot Start End #sectors Id System
image-filep1 32 261119 261088 83 Linux
image-filep2 261120 4267679 4006560 82 Linux swap / Solaris
image-filep3 4267680 142253279 137985600 83 Linux
image-filep4 0 - 0 0 Empty


Now, suppose you want to extract partition number 3. You can see that it starts at block 4267680 and is 137985600 blocks long. This translates into:

# dd if=image-file of=partition3-file skip=4267680 count=137985600

Now, peeking into the contents of the partition is as easy as:
# mount -t ext3 -o loop partition3-file /mnt/hack

lunedì 10 novembre 2014

amule un ubuntu net best practice

The TCP and UDP port will have to be open from aMule to the internet. The first obstacle is iptables in Ubuntu. Iptables will cause aMule to receive firewalled status – or low id. Being firewalled will drastically decrease performance. To open the ports you can either install Firestarter, the GUI for iptables by typing the following in the terminal:


sudo apt-get install firestarter

From Firestarter, open the ports in Preferences->Connection in aMule.
Or, you can just open the ports using the terminal. Type, e,g,


sudo iptables -A INPUT -p tcp --dport 4711 -j ACCEPT

to open tcp port 4711, and


sudo iptables -A INPUT -p udp --dport 4712 -j ACCEPT

to open udp port 4712. (To close the ports again, use the same parameters, except replace «ACCEPT» with «DROP».)

To acieve maximim performance, it is also a good idea to open a UDP-port for extended server requests. This means the port through which all non-core packets are sent to the server. That is data such as file rates, extended file descriptions (encoding, audio length, video resolution, etc), and other trivial but very handy data. The UDP port for extended server requests is always TCP-port +3, so in this case we open it with


sudo iptables -A INPUT -p udp --dport 4714 -j ACCEPT

If you have a router, you also need to open the above mentioned ports and forward them to your computer. If you open the ports but don`t forward them to the right device, you will be firewalled.

If you don`t know how to open and forward your ports, enter this page: http://portforward.com/routers.htm From this page, select your router. You will now enter a new image with a lot of application names. aMule is unfortunately not on the list, but select eMule instead. You should now get a guide for your router on how to open and forward the ports. (Remember that eMule and aMule uses different default ports.)

Max sources per file: This all depends on how much your router and modem can handle. The more connections they can handle without problems, the better. I have mine at 500 and 700 respectively. You may want to experiment with these values. If you put the limit too high, you may choke your router and internet becomes unresponsive.

Networks: Make sure you have both ed2k and Kad ticked.
Message Filter. This is where you can fill in common spam-messages. Just copy and paste the spam message into the box and separate messages with a «,» (without the «s) and you`ll never see the message again.

Server. This is important. Some servers are fakes, mainly run by the entertainment industy, and will not give any results. To avoid the bad ones, untick the «update serverlist» boxes, and tick «autoconnect to servers in static list only».

Directories. Incoming directory is where your finished downloads will be saved. Keep in mind that the default setting is within the hidden .aMule folder, so if you don`t change it you will have to use Ctrl+h to make it visible. I recommend making a folder in your home directory for incoming files, and point towards it from aMule. Tempfiles is reserved for non-complete files, and may well be hidden. Shared directories is the files you share using aMule. (Please be generous. Filesharing is after all about sharing, and not about using aMule as a download machine. Whatever you download has to be uploaded by someone else. Roughly speaking: Total network upload speed = Total network download speed.) By default, you only share your incoming folder, and you can`t unshare it. Double click on a folder to share the contents. This will not share subdirectories! If you have one or more subdirectory within that folder you want to share, right click the folder! Any shared directory will be marked in bold letters.

Security. Tick «Enable IP-filtering.» The purpose of using an IP-filter is to block the bad guys, mainly the entertainment industry and their lackeys, who are sabotaging the ed2k network. Clients on your ipfilter will not be able to establish a connection to your computer. I use the ipfilter from Bluetack, so you can insert this url http://www.bluetack.co.uk/config/nipfilter.dat.gz and then click «Update now». The ipfilter should then download and install. (A known bug in Feisty may cause aMule to crash while updating the IPfilter.) If you can`t do without an IPfilter, try Moblock. http://ubuntuforums.org/showthread.php?t=192559

Gui-tweaks contains a few useful settings, like percentage, progress bar and fast ed2k-links handler. You can use the latter for ed2k links found on the internet and click apply, and the file shoud be on your download list.
That`s it for the Preferences box! Click ok to save the changes.

The last thing you have to do before starting to use aMule is to add servers. There are no servers by default. Select the Networks icon between the Disconnect and Search button in the main menu. Add this line in the top box and press enter: http://peerates.net/peerates/certifiedservers.met
You can also add servers manually from e.g. http://gruk.org/list.php and enter name, IP and portnumber in the boxes below. (Avoid servers marked in pink.) Once you have a few servers, right click a couple of large servers with low responsetime (ping) and right click. Select add to static server list. (If you chose to autoconnect only to servers in static serverlist, aMule will only try reconnecting to one of these safe servers if disconnected.) Remember: Do not connect to servers located in the USA, since they almost certainly are fakes.