UNI-FIX Computer

How to use Squid to stop computer worms and vira

Udgivet den juni 25, 2005 af mike

[My credit goes to this clever hacker: http://www.aub.dk/~misak/index.php/archives/2004/10/27/35/]

I am a one of the administrators for a network with about 900 residential users. We have no control over what people are running on their computer and therefor we get our share (and more) of worms and vira on the network. Some of theese are wery agressive and slows the whole network down with arp broadcasts.

We are using squid as a proxy and I came up with a good idea (at least I think so) on how to use squid to force the users to clean their computers if it is infected.

The method is not bulletproof. The Squid server listen after arp broadcasts on the LAN and if a computer is sending more of theese than normal the IP address get in a ACL and the computer is prevented from accessing the internet except from a few selected sites such as windowsupdate and housecall.antivirus.com. The deny_info function in squid is used to notice the users that their computers are infected and that they need to clean it in order to get their normal internet access back. When the stops sending arp requests the IP is removed from the ACL.

#!/bin/sh
# Make sure the /etc/worms.txt file have at least one line of text
echo “10.0.0.1″ > /tmp/worms.txt
tcpdump -n -c 1000 arp 2> /dev/null | cut -d ” ” -f 6 | sort | uniq -c | perl -n
e ‘/s+(d+).(S+).*/; print “$2n” if $1>200′ >> /tmp/worms.txt
/usr/local/squid/sbin/squid -k reconfigure

Is run every 10 minutes or so and in squid.conf the following is added:

acl worms src “/tmp/worms.txt”
acl trend dstdomain .trendmicro.com .antivirus.com .akamai.net .microsoft.com
http_access allow trend worms
http_access deny worms
deny_info ERR_WORMS worms

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Mike keder sig og Riis tåger

Udgivet den juni 22, 2005 af mike

#include <stdio.h>
int findlastword(char *string,char *buffer)
{
        int i,c;
        c=0;
        for (i=0; i<=strlen(string); i++)
        {
                buffer[c]=string[i];
                c++;
                if (string[i]==' ') {c=0;}
        }
}
int main(void)
{
        char buffer[255],input[255];
        int inputsize;

        inputsize=0;

        while  ((input[inputsize] = getchar() ) != EOF)   
        { 
                if (inputsize<sizeof(input)) {  inputsize++;}
        }
        input[inputsize]=0;

        findlastword(input,buffer);
        printf("%s",buffer);
}

mike@workstation ~ $ cc lw.c -o lw
mike@workstation ~ $ echo Riis er en ost med salsa | ./lw    
salsa

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Windows LIVE CD’s

Udgivet den juni 21, 2005 af mike

http://www.nu2.nu/pebuilder/

What is BartPE and PE Builder?

Bart’s PE Builder helps you build a “BartPE” (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.

It will give you a complete Win32 environment with network support, a graphical user interface (800×600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!

PE Builder is not a Microsoft product and does not create Microsoft Windows Preinstallation Environment (“WinPE”). Using PE Builder does not grant you a license to Microsoft WinPE or to use the Windows XP or Server 2003 binaries in a manner other than stated in the End-User License Agreement included in your version of Microsoft Windows XP or Windows Server 2003. Microsoft has not reviewed or tested PE Builder and does not endorse its use.

Please do not contact Microsoft for support on the preinstallation environment that has been created by PE Builder!
Microsoft does not provide support for PE Builder or for the preinstallation environment created by PE Builder.

The PE Builder program (pebuilder.exe) runs on Windows 2000/XP/2003/BartPE. It does not run on Windows NT4/ME/9x.

To avoid any confusion, the bootable CD generated by PE Builder should be called by its nickname “BartPE”!

Udgivet i Knowledge Base, Old Base, Windows | Skriv en kommentar

Sladrekort Manual

Udgivet den juni 18, 2005 af mike

http://www.soyogroup.com/dl/manuals/peripherals/techaid_manual_v10.pdf

Udgivet i Knowledge Base, Links, Old Base | Skriv en kommentar

C Pointer Crash Course

Udgivet den juni 17, 2005 af mike

#include <stdio.h>

int main(void)
{
        int buffer;                                     // An integer are declare
        int *pointer;                                   // A pointer to an integer are declared


        buffer=512;                                     // The buffer are set to 512

        pointer=&buffer;                                // Pointer gets assigned the _adress_ that buffer points at


        printf("Pointer points at [%i]\n",*pointer);    // Print the content of whatever pointer points at
        printf("Pointer contains  [%i]\n",pointer);     // Print the adress that pointer points at
        printf("Buffer  contains  [%i]\n",buffer);      // Print the content of the buffer

        printf("Changing values\n");                    // To demonstrate i change the value of buffer
                                                        // and reprint the values
        buffer=1024;

        printf("Pointer points at [%i]\n",*pointer);    // Print the content of whatever pointer points at
        printf("Pointer contains  [%i]\n",pointer);     // Print the adress that pointer points at
        printf("Buffer  contains  [%i]\n",buffer);      // Print the content of the buffer

        printf("Changing values\n");                    // To demonstrate once again
        *pointer=2048;                                  // We now want to change buffer by using the pointer

        printf("Pointer points at [%i]\n",*pointer);    // Print the content of whatever pointer points at
        printf("Pointer contains  [%i]\n",pointer);     // Print the adress that pointer points at
        printf("Buffer  contains  [%i]\n",buffer);      // Print the content of the buffer


}


Generates following output:

bash-2.05b$ ./a.out 
Pointer points at [512]
Pointer contains  [-1073745188]
Buffer  contains  [512]
Changing values
Pointer points at [1024]
Pointer contains  [-1073745188]
Buffer  contains  [1024]
Changing values
Pointer points at [2048]
Pointer contains  [-1073745188]
Buffer  contains  [2048]


  Whats it good for? Give me some examples!

Very simple example would be a sub-routine that does work on several values and returns more than one result, as follow:
#include <stdio.h>


int multi(ap,bp,cp)   // Function that works on 3 pointers
        int *ap,*bp,*cp;
{
        int temp;

        *ap=*bp + *cp; // add the values of c and b and store the result in a

        temp=*bp;       // Swap bp and bc
        *bp=*cp;
        *cp=temp;


}

int main(void)
{
        // Practical exampel on use of pointers

        int a,b,c;

        a=b=c=0;
        printf("Initated values\n");
        printf("A:[%i] B:[%i] C:[%i]\n",a,b,c);

        a=3;b=2;c=1;                                    // Random test values


        printf("\nRandom test values\n");
        printf("A:[%i] B:[%i] C:[%i]\n",a,b,c);

        multi(&a,&b,&c);                                // Calling function, passing on addresses for a,b and c

        printf("\nAfter multi values\n");
        printf("A:[%i] B:[%i] C:[%i]\n",a,b,c);



}

Generates following output:
bash-2.05b$ ./a.out 
Initated values
A:[0] B:[0] C:[0]

Random test values
A:[3] B:[2] C:[1]

After multi values
A:[3] B:[1] C:[2]

Udgivet i Knowledge Base, Old Base, Programmering | Skriv en kommentar

High Availablitiy Clusters in Linux

Udgivet den juni 9, 2005 af mike

Forskellinge links jeg har fundet på min jagt om emnet:

LinuxHA , Failover, heartbeat o.l. snask:
http://linux-ha.org/download/GettingStarted.html

Network Block Device + Raid
http://www2.linuxjournal.com/article/3778

Distributed Remote Block Device
http://www.drbd.org/

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Pastasalat alá Mike og Midnight

Udgivet den juni 4, 2005 af mike

I går lavede Mikkel og jeg den bedste pastasalat, så her kommer lige opskriften 😉

Opskrift på “Verdens bedste pastasalat”, eller
Pastasalat alá Mike og Midnight

Til 25 sultne hanløver skal der bruges:

Ingredienser:
En masse pasta!
4-5 store gulerødder
1 bakke friske ærter
3/4 dåse majs
1 salathoved
1 bakke stenfri vindruer
Cherrytomater
1 pakke croutoner med provence krydderi
Evt. Thousand Island dressing

Gør sådan her:
Den ene af jer (I skal helst være mindst 2 personer, så smager det bedst) sætter sig til at pille ærter, et helvedes arbejde, som tager temmelig lang tid, men det er det værd 😉
Den anden: koger pasta, snitter salat, åbner dåsen med majs, skærer cherrytomaterne i kvarte, skærer gulerødderne i tern, åbner pakken med croutoner og hælder dem i en skål.

Alle frugter og grøntsager blandes i en kæmpestor skål. Og så er det bare om at tage for sig 🙂

NAM! :D:D

Kilde: http://www.midnightshadow.dk

Udgivet i Knowledge Base, Links, Old Base | Skriv en kommentar

Slideshow , autorotation of all files in directory. Written in PHP

Udgivet den maj 19, 2005 af mike

<?

# read .jpg files into array
$dir=opendir(".");
while ($dat = readdir($dir)) { if (substr($dat,strlen($dat)-4)==".jpg") { $pics[]=$dat; }}
closedir($dir);

# Increment the image value
if ($_REQUEST['image'])
{ $img=$_REQUEST['image']; $img++;
} else {$img=1;}
if ( $img >= count($pics))  {$img=0;}

# Automatic reload
print '<meta http-equiv="refresh" content="5, url=?image='.$img.'">';

# Show picture #img in pics array
print "<img src=".$pics[$img+1].">";
?>
~

Udgivet i Knowledge Base, Old Base, Workstation | Skriv en kommentar

BOFH-Mobning

Udgivet den maj 18, 2005 af mike

IT Udvalget + Mike og Niko i Seriøs samtale.

BlackThorne_DK: fuck det her! nu sletter jeg sq lortet
cybermike: Nooh ik slet mig
cybermike: slet Hampuz
Hampuz: HEY!
cybermike: :p
* Hampuz sætter mode: write-protected
* cybermike sets mode: imuteable
* BlackThorne_DK sets mode: BOFH!
Hampuz: Pis
Hampuz: cybermike.. Vi har tabt..
* cybermike flytter sine filer
* Hampuz hiver netkabel ud
* BlackThorne_DK nuker dalgas
* BlackThorne_DK has quit (Quit: Leaving)
cybermike: Godt klaret han ramte sig selv :p
Hampuz: hehe
Niko: pudsigt nok ramte han det største mål i nærheden

Udgivet i Knowledge Base, Old Base | Skriv en kommentar

Create a screencast

Udgivet den maj 18, 2005 af thaufer

Ever tried creating one of these 🙂 ?

http://cs1ajb.staff.shef.ac.uk/blog/?q=node/12

Udgivet i Knowledge Base, Links, Old Base, Uncategorized | Skriv en kommentar