Wednesday, August 7, 2013
NATDet Log Parser
I wrote a NATDet log parser to collect data from log files. It is written in PHP, so you need to install command-line php to run it. By default, it uses PGSQL, but with a small work you can rewrite it to use mysql.
You can download it from SourceForge, the Database is ready to get data from NMap, so I'll update the script later to use that.
Link to download
Install NATdet
I haven't found any tutorials about installing NATDet yet, so I just made one, it's very simple. Here is the official NATDet site: http://elceef.itsec.pl/natdet/ , there is a little documentation about it.
1. You need to install some packages:
2. Install tcpdump
4. Download and install NATDet
So, how to install:
1. You need to install some packages:
- pcap
- bison
2. Install tcpdump
4. Download and install NATDet
Download: http://elceef.itsec.pl/natdet/
Install:
./configure
make
make install
./configure
make
make install
How to use it:
First, you should set your network interface to promisc mode, if you want it to be automated, set it:
/etc/network/interfaces
auto eth1
iface eth1 inet manual
up ifconfig eth1 promisc up
down ifconfig eth1 promisc down
Then:
/etc/init.d/networking restart && ifup eth0 && ifup eth1
Now, your network interface reads every packages, so you can start using natdet:
As shown in the readme:
natdet -v -i eth0 'RULES'
-v : verbose
-vv : more verbose
-i : set interface
-l : set log file
-d : run in background
- RULES : You can set up rules like in tcpdump
And now, just wait, it needs some time to find users who use NAT.
Monday, July 15, 2013
Postfix behind Iptables masquerade (NAT)
I've been working on a mail server behind iptables masquerade for some days, and it just didn't work, but I found the solution, it may help you.
If you use SMTP server behind NAT, and you get the following errors:
- mail postfix/smtp[7854]: warning: host gmail-smtp-in.l.google.com[173.194.70.26]:25 greeted me with my own hostname mail.example.com
- mail for gmail.com loops back to myself
you should check your iptables configuration. A proper port-forward config:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d PUBLICIP --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to MAILSERVERPRIVATEIP:25
(Only forward packets from port 25 to your mail server's private IP port 25, if it comes from the outside.)
(Only forward packets from port 25 to your mail server's private IP port 25, if it comes from the outside.)
You can test it on your mail server by telnetting to a foreign smtp server for example:
telnet smtp.gmail.com 25
It should show:
Trying 173.194.70.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP r54sm45040303eev.8 - gsmtp
If you see
220- mail.yourdomain.com gsmtp
you config is not good yet.
Wednesday, April 10, 2013
Cisco router Telnet Debug
On most of Cisco routers, debug informations via telnet is not enabled, so you will not see any debug information when connected via telnet.
To enable it, you need to enable virtual terminal first:
Router# terminal monitor
Next, you have to enable debugging on virtual monitor:
In privileged mode:
Router# undebug all
To enable it, you need to enable virtual terminal first:
Router# terminal monitor
Next, you have to enable debugging on virtual monitor:
In privileged mode:
Router# undebug all
In configuration mode:
Router(config)# logging monitor debugging
Router(config)# logging on
To disable it:
In privileged mode:
Router# undebug all
Router# terminal no monitor
Router# undebug all
Router# terminal no monitor
In configuration mode:
Router(config)# no logging monitor
Thursday, January 31, 2013
Counter Strike: GO Classic Competitive ,MapGroup not found'
How to solve: ,,Mapgroup not found" error in CS:GO Classic Competitive:
1.
cd steam/csgo/csgo
nano gamemodes_server.txt
2.
You should find a commented line, starting with a 2:
2//some comment
3.
Delete 2 before the commetn:
//some comment
4.
Restart server
Now it should work, it's a bug, valve somehow left a ,,2" before the line, and because of that, the server thinks, that its the end-of-file, so the map groups are not loaded.
1.
cd steam/csgo/csgo
nano gamemodes_server.txt
2.
You should find a commented line, starting with a 2:
2//some comment
3.
Delete 2 before the commetn:
//some comment
4.
Restart server
Now it should work, it's a bug, valve somehow left a ,,2" before the line, and because of that, the server thinks, that its the end-of-file, so the map groups are not loaded.
Friday, January 18, 2013
Windows Server 2008 R2 RDP Port Change
You need to do 3 steps to enable and change RDP Port in Windows Server 2008, 2008R2, 2012. You need to do this, if you have more servers at the same IP address, behind a router.
1st step: Enable RDP in System settings. You can go there by right clicking on Computer -> Propreties. Choose Advanced System Settings from the left side menu.
1st step: Enable RDP in System settings. You can go there by right clicking on Computer -> Propreties. Choose Advanced System Settings from the left side menu.
2nd Step: Change RDP Port: Open the registry editor (regedit: open cmd -> regedit.exe). Select HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber . Change to decimal mode, and change the port number, then click ok.
3rd Step: Enable the new Port in the Firewall settings. Open Server Manager, Select Firewall Settings in the left menu, right click on Inbound Rouls -> New. Choose TCP, set Port number, and name it.
Thats all. After this you should restart your server, then everything should work fine. Default port for RDP is 3389 (TCP). Enjoy.
Subscribe to:
Posts (Atom)