Article on sFlow

NWFusion reports on sFlow, saying: "SFlow, which the IETF approved as a draft standard in 2001, is a technology that uses random sampling of LAN and WAN data packet flows across an entire network to give users a detailed, real-time view of network traffic performance, trends and problems, according to Foundry Networks and HP. Both offer sFlow-based switches." Notice this is a sampling technology, unlike the default usage of Cisco's NetFlow. NetFlow...

Read More

Great Article on Status of X

Confused about the state of the graphical desktop X? Read X Marks the Spot by Oscar Boykin. Many of the story comments are interesting t...

Read More

A Great Day for Open Source Software

Just in time to raise my spirits after my SMC NIC debacle, FreeBSD 5.2.1 was released, along with Snort 2.1.1. All I need now is barnyard 0.2 and I'll release a new install guide for Sguil using those tools and MySQL 4.0.x. Remember to download FreeBSD .iso images using one of the mirrors. If you want to upgrade you can go the binary-only route using freebsd-update. I just saw that OpenSSh 3.8 was released too. There's a FreeBSD HEADS-UP message...

Read More

Adventures in Flashing Firmware

Yesterday I began a journey to get two of my 802.11b NICs to function as promiscuous sniffers. I own a SMC EZ Connect 802.11b Wireless PCMCIA card, model 2632W v.1, and a SMC EZ Connect 802.11b Wireless PCI card, model 2602W v.1. I wanted to use Tcpdump's new ieee802_11_radio options to see raw 802.11 traffic, announced for FreeBSD in December.I started with the 2632W and had the most luck. It worked as a normal NIC under FreeBSD 5.2, but I could...

Read More

New net-mgmt Ports Category

Today I got my new ports email from FreshPorts and saw a new ports category: net-mgmt. This contains some of my favorite programs, like Argus and fprobe. I don't agree with many of the ports being in this category though. Why are ISIC, NBTScan, and Packit in net-mgmt when Nemesis, NAT, and IPsorc still in n...

Read More

Article on SPARC Compiler Optimization

OSNews featured an article by Tony Bourke on SPARC Optimizations with GCC. Tony does a good job explaining the different SPARC CPUs in Sun hardware and how to compile applications with various fla...

Read More

Tcpdump with Privilege Separation in OpenBSD

I read at the OpenBSD Journal of a privilege separation version of Tcpdump being committed to OpenBSD current. You can see the changes in the OpenBSD source tree. (Browsing CVS source trees, as can also be done with FreeBSD, feature alone makes the BSD's coherent, understandable operating systems. Tcpdump also has a browsable CVS Web interface. Privilege separation is a topic I first learned about through Niels Provos' OpenSSH modifications. There appears to be interest in having Tcpdump run with less privileges. I found this thread on Tcpdump-workers...

Read More

etting Flash to Work on Mozilla 1.6 and FreeBSD 5.2 REL

freebsd.png" align=left>I hadn't had luck getting Macromedia Flash support to work on FreeBSD with Mozilla until today. I read this thread and learned I needed to install the www/linux-flashplugin6 and www/linuxpluginwrapper ports. I noticed the linuxpluginwrapper port installed these items:/usr/bin/install -c flash6.so /usr/local/lib/pluginwrapper/flash6.so/usr/bin/install -c acrobat.so /usr/local/lib/pluginwrapper/acrobat.so/usr/bin/install -c java3d.so /usr/local/lib/pluginwrapper/java3d.so/usr/bin/install -c java3d_snd.so /usr/local/lib/pluginwrapper/java3d_snd.so/usr/bin/install...

Read More

Open Source Lab Prepares "Beaver Challenge"

The Oregon State University Open Source Lab is preparing to host the 2004 Beaver Challenge. This contest seeks to benchmark different open source operating systems on Dell PowerEdge 2650 servers. The challenge states:"There will be two classes that each team will compete in. There will be a base class where everyone must follow the rules outlined below. The second class will have no rules except for the fact that every team must document all changes made to the base install."I recommend reading the methodology to see the full rule set.The FreeBSD-Hackers...

Read More

New Set of FreeBSD Packages Available

In my never-ending question to understand FreeBSD application management, I took note of this post to the freebsd-current mailing list:From: Kris Kennaway (kris_at_obsecurity.org)Date: Fri, 20 Feb 2004 16:59:48 -0800To: current@FreeBSD.orgI don't normally announce these here, but since there's recently been a "flag day" people may like to know that I've uploaded a full set of 9189 post-libpthread i386 5.2-CURRENT packages to ftp-master. You can use...

Read More

SecurityFocus Article on Keeping Windows Patched

Jonathan Hassell wrote the first of a planned three articles on patching Windows. The first article describes Microsoft's Software Update Services (SUS).One of the tenets of operating defensible networks is that they can be kept current. In future articles, Jonathan will look at third party open source and commercial options for Windows patch management.Hopefully this will change, but a visit to www.jonathanhassell.com shows the default Windows Small Business Server home page...

Read More

New Security News Site

I'm adding new Web site, Hacker Intel, to my TaoSecurity Interests page. Hacker Intel reminds me of the now defunct Hacker News Network. I'll check in with the site daily as it seems to post short summaries of security news on a daily basis.In related news, PacketStorm is back on my Interests page as it is being updated aga...

Read More

Advice for Programmers in a Rush

While reading the Slashdot story Tech Training Schools Going Bust, I saw a link to Teach Yourself Programming in Ten Years. This essay argues it takes ten years to master a subject, so trying to "learn Java in 21 days" will result in failure. The author provides advice on the proper way to learn computer-related subjec...

Read More

Systrace Support for FreeBSD

While writing the last chapter of my book I checked into the status of Systrace support in FreeBSD. I mentioned Systrace last August. Since then, Vladimir Kotal has been working on porting Systrace to FreeBSD. I haven't tried his patches yet but I applaud his work. Systrace is a system-call monitoring and enforcement mechanism that brings a great deal of security functionality to Unix syste...

Read More

Excellent SecurityFocus Article on Modem Uncappers

Kevin Poulsen, the best original writer in the security scene, published an article on TCNiSO. This group wrote Sigma, a program giving owners of certain Surfboard cable modems control of the device. Sigma only works with DOCSIS 1.0 cable modems, but the TCNiSO crew has plans for working with newer specifications. The article is an excellent re...

Read More

Microsoft Security Updates Free on CD

If you're a dial-up user who avoids patching Windows, check out the Windows Security Update CD. It's available for Windows XP, Windows Me, Windows 2000, Windows 98, and Windows 98 Second Edition (SE). When I placed my order this is what I got: B82-00170 1 Win Update 2004 English NA Feb Direct 2CD Windows Security Kit For enterprise Windows users there's the Microsoft Security Guidance Kit CD v1.0. It's free too, so I ordered one: P73-00958...

Read More

Expert Opinion on Microsoft Source Leak

I downloaded this analysis (.doc) of the Windows source code leak from a Dutch Windows news site, Bink.nu. The author is a Dutch programmer named Tamura Jones, who wrote a book called Undocumented Windows. Jones makes several good points, which I reproduce below."This is not the first time that Microsoft source code leaked onto the net. In 2000, the source code for MS-DOS 6 was leaked. It received considerable less attention, as most journalist considered it obsolete, despite the fact that it still had millions of users around the world, and...

Read More

History of Operating Systems and Languages

I was aware that Éric Lévénez was the author of the UNIX history chart, but I just discovered his Windows and programming languages diagrams. They are truly amazing and very education...

Read More

Informative Register Article on Solaris 10

After hearing and reading misinformed commentary on Microsoft's source code leak elsewhere, I was pleased to be reminded that the Register has clueful writers. One of them, Ashlee Vance, reported on Solaris 10. I've had a soft spot for Solaris since 1997, when I first used it as an Air Force lieutenant. I've only just started playing with Solaris 8 on my Ultra 30, never mind Solaris 9. (Incidentally, major kudos to Sun for providing easy access to these earlier versions with intuitive URLs!) According to Ms. Vance: "One of the major new additions...

Read More

Live CDs for the Rest of Us

Not everyone wants to use a Linux-based live CD like Knoppix. I mentioned various live CD projects last year, but hadn't tried any but Knoppix until today.Slashdot informed of Bart's Preinstalled Environment (BartPE), a Windows-based live CD. I downloaded the software and created a Windows Server 2003-based .iso image using the evaluation copy Microsoft sent me. I tested the .iso within VMWare on my FreeBSD 5.2 REL laptop. It seemed to work fine.I...

Read More

Musings on Microsoft's Bad Week

By now everyone knows about Microsoft code being "made available on the Internet", according to the linked press release. Microsoft claims:"On Thursday, February 12, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Subsequent investigation has shown this was not the result of any breach of Microsoft?s corporate network or internal security, nor is it...

Read More

Amazon Glitch Reveals "A Reader From..." Identities

I'm so sad I missed this when it was active. AP and the New York Times report that Amazon.ca accidentally replaced the anonymous "A Reader From" monikers with the real names of reviewers on its Web site. For example, instead of reading a glowing five star review by "a reader from Chicago" for a book by author John Rechy, the name "John Rechy" appeared -- showing the author reviewing his own book!Fake reviews at Amazon.com have been a problem for years. The hundreds of fake reviews of Hack Attacks Revealed hit home for me, especially when the...

Read More

Printing from FreeBSD to a Printer on Windows XP

We have a HP DeskJet 970 series printer connected to a Windows XP system. I wanted to print from my FreeBSD laptop to this printer. I decided to try installing Windows Print Services for UNIX, a sort of LPD for Windows, using these instructions. Once done the Windows system was listening on port 515 for print jobs.If the DeskJet understood Postscript, I should have been able to print directly from FreeBSD using the lpr command. Without Postscript...

Read More

Understanding My Laptop's Graphics Capabilities

While perusing the FreeBSD-current news archive, I read a thread on comparing glxgears performance. I had never used this tool so I fired it up and saw my Thinkpad a20p laptop's performance: Xlib: extension "XFree86-DRI" missing on display ":0.0".303 frames in 5.0 seconds = 60.600 FPS361 frames in 5.0 seconds = 72.200 FPS360 frames in 5.0 seconds = 72.000 FPS360 frames in 5.0 seconds = 72.000 FPS360 frames in 5.0 seconds = 72.000 FPSThe error message...

Read More

Packet Storm Lives

I just read this at Packet Storm: On January 12, 2004, Packet Storm had its connectivity turned off without any forewarning. After the plug was pulled, it took approximately two weeks to get a straight answer from our provider as to whether or not we were going to get turned back on. It seems that when bandwidth is donated to a worthy cause, the cause is not so worthy when it comes to returning phone calls. In the end, our hosting was cancelled. Due to the abrupt turnoff, we did not have time to set up safe hosting elsewhere. If you have a strong,...

Read More

Another Critical Microsoft Hole

Today Microsoft announced their Security Updates for February 2004. Security consultancy eEye told Microsoft about one of the flaws, called MS04-007 by Microsoft, six months ago. The vulnerability affects code using Microsoft's ASN.1 library (MSASN1.DLL).The OpenSSL team reported a vulnerability and fix for ASN problems in September 2003. The Slashdot thread makes good points about how Microsoft claims to fix errors faster and better than open...

Read More

Setting Custom Prompts

O'Reilly's UNIX Power Tools, 3rd Ed inspired me to change the default prompts on my FreeBSD systems. My user account uses bash, so I made the following entry in ~/.profile to ensure my prompt shows my username, system name, and present working directory when I log in. The single straight quotes ensure that $PWD is substituted every time I change directories. If I had used double straight quotes, then $PWD would be fixed at whatever my current...

Read More

Using Session Data to Look for Worm Activity

Currently a slew of worms are scanning port 3127 TCP, looking for systems infected by MyDoom.A. They include MyDoom.B, Doomjuice, and Vesser.I collect session data using a variety of means, including Argus. I have the Argus daemon write what it sees into a directory. The elaborate date in the file name is a result of calling the date command like so:DATE=`/bin/date "+%Y%m%d-%H%M%S"`When the process is running, it looks like this:/usr/local/src/argus-2.0.6/bin/argus_bpf...

Read More

Review of Security Warrior Posted

Amazon.com just published my five star review of Security Warrior. From the review: "Security Warrior is a heavyweight contender. Peikari and Chuvakin offer a dark counterpart to O'Reilly classics like Practical UNIX and Internet Security (PUAIS) and Securing Windows NT/2000 Servers for the Internet. If you've been waiting for the next good security book from O'Reilly, "Security Warrior" (SW) is it. Part I, "Software Cracking," was my favorite section....

Read More

FreeBSD Guru on Updating Ports

Keeping the ports tree up-to-date is a big concern for FreeBSD users. Kris Kennaway posted a comparison of 'make index' and the portupgrade command 'portsdb -U'. Already one change has been made to the portupgrade port to address Kris' findings.Dru Lavigne wrote articles about Ports Tricks, Portupgrade, and Cleaning and Customizing Your Ports. Michael Lucas and Dan Langille have also written articles on using the ports tree. This thread in the...

Read More

Annoying DNS Issues in Mozilla

I've finally figured out why visits to some Web sites take forever. I've maintained for years that "if something works, but takes a long time, blame DNS." Sure enough, a combination of Mozilla's behavior and uncooperative DNS servers are conspiring against Web users. Here's how Mozilla resolves a host name when the remote DNS server cooperates. First Mozilla causes a DNS query for an AAAA record. This is an IPv6 record. The name server (here a forwarding name server) replies that it doesn't know an AAAA record for xlonhcld.xlontech.net. Mozilla...

Read More

Using Binary Security Updates for FreeBSD and OpenBSD

A few security advisories for FreeBSD and OpenBSD were announced. The latest for FreeBSD involves the System V Shared Memory interface. If you're running a GENERIC kernel you may be able to use Colin Percival's binary updates, like this:bourque# uname -aFreeBSD bourque.taosecurity.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386bourque# freebsd-update -v fetchFetching...

Read More

Assembly and OS Threads at Slashdot

Slashdot has covered two interesting topics recently: Learning Computer Science via Assembly Language and Building Your Own Operating System. I learned of two online books to assist with these topics: PC Assembly Language and Programming from the Ground Up. If you want to run UNIX on your Commodore 64, try LUn...

Read More

Configuing ssh-askpass and ssh-agent

I decided to set up ssh-agent and ssh-askpass on my laptop to allow easier access to other systems on my LAN. First I created a public/private key pair:bash-2.05b$ ssh-keygen -t dsaGenerating public/private dsa key pair.Enter file in which to save the key (/home/richard/.ssh/id_dsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/richard/.ssh/id_dsa.Your public key has been saved...

Read More

FreeBSD Ports Gettext Problems Over

If you've been having troubles upgrading FreeBSD ports due to conflicts between version of devel/gettext, your problems are over. Joe Marcus Clarke's post to freebsd-ports indicates he's set all ports requiring gettext to use the newest version. The problem originated with the way the gettext port was modified in late January. I just updated all ports on my FreeBSD 4.9 STABLE system and am doing the same on my FreeBSD 5.2 RELEASE box now. Everything...

Read More

Review of The Art of UNIX Programming Posted

Amazon.com just posted my four star review of The Art of UNIX Programming. From the review: "I found histories of "UNIX vs. UNIX" and "UNIX vs the world" very informative. TAOUP presents concise explanations of licensing, RFC creation, and UNIX philosophy. I was happy to see that an open source project to which I contribute (Sguil) met many UNIX design criteria, like text-based communication between small collaborating daemons. I plan to follow...

Read More

Is PacketStorm Dead?

One of my favorite sites, www.packetstormsecurity.org, hasn't been updated since the second week in January. Email to staff@packetstormsecurity.org and staff@packetstormsecurity.nl is being refused: This is the Postfix program at host fallback-2.mail.widexs.nl.I'm sorry to have to inform you that the message returnedbelow could not be delivered to one or more destinations.For further assistance, please send mail to If you do so, please include this problem report. You candelete your own text from the message returned below. The Postfix program:...

Read More

Kung Fu Coming to DVD

I'm in the last month of writing The Tao of Network Security Monitoring, so I haven't had much time to fool around with FreeBSD or other items of technical or security interest. However, I'm still happy. The New England Patriots won Superbowl XXXVIII, considered by some to be the best ever. Now, after perusing Amazon.com, I just learned that on 16 March 2004, the entire First Season of the classic 1970s TV series Kung Fu will be released on DVD...

Read More