Category: Networking

Tunnelix.com is now IPv6 ready! Are you?

Validated by IPV6-test.com, Tunnelix.com is now IPV6 ready. Woohoo.. I now have the IPv6 validation button 🙂 Can you spot it?

So, what is exactly IPV6-test.comIPv6-test.com is a free service that checks your IPv6 and IPv4 connectivity and speed. Diagnose connection problems, discover which address(es) you are currently using to browse the Internet, and what is your browser’s protocol of choice when both v6 and v4 are available. 

How i got an IPv6 address ?

If you are running a low-cost budget blog, i would recommend you to try out Cloudflare to have make maximum use of the free IPV6 address that you can activate on the network tab. The IPv6 compatibility option is not activated by default.

Screenshot from 2016-07-17 10-55-06

Cloudflare provide both free and paid service for CDN service, security, DDOS protection etc… However, the IPv6 address is a free one. 

Why you might need to start moving towards IPv6 ?

Loganaden Velvindron of hackers.mu recently shed some light in his Medium blog after attending the National Innovation Framework in Mauritius “The other issue that I think is strongly lacking are the remaining IPv4 resources left in our region to be able to make Internet of things a reality. There are currently 26.4 million of IPv4 addresses left, and it keeps shrinking at a frightening rate.” The world is running out of IPv4 addresses. I think we need to move on quickly on the IPv6 world because of Internet of Things (IoT) will depend on IPv6.

What is an IPv6? What are the parts of an IPv6 ?

Lets now get on the technical parts. As you should know already IPv4 use 32 bits infrastructure whilst an IPv6 use 128-bits which makes an IPv6 a lot more longer. Here is an idea of a representation of an IPv6 adress.

Photo credits: zeusdb.com
Photo credits: zeusdb.com

As you can see IPv6 address is composed of 8 segments of 4 hexadecimal strings. A simple math is by multiplying 8×4=32 then 32×4= 128 bits. When representing IPv6 addresses, zeroes are compressed and leading zeroes are further compressed by representing it with “: :” . See picture above.

The internet might run out of room

Since 2012, Vint Cerf, Chief Internet Evangelist at Google, and a founding father of the Internet, discussed the next version of the Internet, IPv6, and why we need it. Just as phones use a system of phone numbers in order to place calls, every Internet-connected device gets a unique number known as an “IP address” that connects it to the global online network. Watch out the video

 

 


Dare to do a brute force attack again!

Dare to do a SSH Bruteforce attack again and you are banned!! I have noticed that there are several DDOS SSH botnets attack these days on my server. Despite that i would prefer SSH to listen on port 22, i can imagine how many attempts can be made to breakthrough it. Though these attacks are very common, it can increase CPU consumption on your server and consequently the server can die. However, if you did not protect the server from malicious SSH remote connection, things can get pretty dangerous and the attacker can take over the machine.

fail2ban
Photo credits – fail2ban.org

Fail2Ban is one of the tools which you can installed on your machine to ban IPs that show malicious signs. However, today with the help of Kheshav, we have decided to find a solution to reveal all the IPs to the public. From the fail2Ban log we can find all IPs that that are being banned. The solution was an easy one.

1.Install Nodejs, npm package

yum install nodejs npm

2. Install frontail with the npm utility

npm install frontail -g

3. Now you can launch frontail on any port as a demon with the following command

frontail -p {port number here} -h {IP or Hostname here} {location of your log} -d

Afterwards, you have to include the IP, the port number and the location where you want the log to be streamed live.

Here are the banned IPs – US time attempting some brute force on tunnelix.com. You can also view the IPs on the right side widget of the blog. It might take some few seconds before loading.

There are several websites where you can report IPs for abuse as well as verification of precedent attacks. We are still brewing up some ideas to produce a better and well defined output of the log.


Debug your Internet bugs and vulnerabilities with ICSI Netalyzr

Can your Network be easily compromised? Is your Internet vulnerable? You might want to perform some tests on the Quality of Service your Internet Service Provider – ISP is providing you. It can also be more dangerous if your ISP is also your router vendor! One of the fast and reliable tool which i would proposed is the ICSI Netalyzr tool which test your internet connections for signs of trouble and provide you detailed report vulnerabilities, latency and several tests. The test can be performed by almost anyone with just a simple click.

“ICSI Netalyzr is a service maintained by the Networking Group at the International Computer Science Institute, an affiliate with the University of California, Berkeley  and funded by the National Science Foundation. The service got some publicity and found importance after late 2007 when Comcast was sued for throttling Internet traffic which Comcast later admitted to be true.” – freewareGenius

The report consist of:

  • A summary of the Noteworthy Events
  • Addresses-based Tests
  • Reachability Tests
  • Network Access Link Properties
  • HTTP and DNS tests
  • IPV6 tests and Network Security Protocols
  • Host Properties

I made several tests myself and notice that many routers are vulnerable to attacks. One of the test i made from a Netgear router DG series intentionally downgraded with an old firmware from the official website of Netgear was found to be vulnerable. Click here on this link to access to the Netalyzr tool.I would however recommend you to use DDWRT or OpenWRT for best QOS.

Example - A Netgear router vulnerable to CVE-2012-5958 and CVE-2012-5959
Example – A Netgear router vulnerable to CVE-2012-5958 and CVE-2012-5959

You could also check for DNS resolution, Latency issues and Measurement of your Network buffering capacity. You would need to authorize your browser to access a JAVA plugin to be able to perform the test.

You can also perform your test using the Android App as well as on the Netalyzer command line client.


ZeNmap – The classic way of Nmap

Nmap is a free and open source utility for network exploration and security auditing whilst ZeNmap is a multi-platform graphical Nmap frontend and results viewer. It was originally derived from Umit which was created as part of the Nmap/Google Summer of Code program. ZeNmap is compatible with almost all types of Operating system. I have tested ZeNmap on Ubuntu and FreeBSD and it works pretty fine.

Some basic ‘nmapping’ funs from my Kali Linux Box

Look for visible IP in your network –  nmap -sP 192.168.1.0/24

Check number of ports opened – nmap -Ss 192.168.1.0/24

Find the operating systems being used in the same network – nmap -O 192.168.1.0/24

You can even check the ACK bit during the TCP handshake authentication – nmap -sA 192.168.1.0/24

Screenshot from 2015-10-19 19:02:35
Tested with instances of several OS running on Vbox

Of course the world of Nmap is so vast that you will need to go through the Manual to design your own way of exploring the Nmap command. There are many features and capabilities such as Hosts identification, Port scanning, Interrogation of network services, OS detection etc.. How does Nmap works? Since every hosts or deivces is connected to a network and has some network ports open and is consequently waiting for connections, the Nmap tool initiate connection to the 1000 most used ports whether it is open responding to an incoming connection, closed and has no service running but can respond to probes, filtered; i.e protected by a Firewall, unfiltered; post can be accessed but no chance to determine if its opened or not and the last one is the open / close filtered.

What is more interesting is the ZeNmap tool where you can scan network using GUI. At this level, parameters are defined like Paranoid, Sneaky, Polite, Normal, Agressive and Insane.

Screenshot from 2015-10-17 11:37:21
A paranoid scan performed here

 ZeNmap can also be used for firewall evasion techniques, source address and port spoofing, setting flag values on both IP and transport level. Results are also shown through a Map.

Screenshot from 2015-10-20 05:54:29


Internet Speed – How far is your ISP truthful ?

Have you ever notice that your ISP (Internet Service Provider) advertise you Internet package in a very tricky way? One of the best way to manipulate you is with the use of technical term such as Bytes and bits. To be more brief its the term Kilobits per seconds (kbps).

However, if you would be browsing the Internet or downloading some files, you would notice that your browser is indicating the speed at Kilobytes per second (kB/s)

To be more clear, your ISP sells Internet service in terms of kilobits per seconds (kbps) whilst your browser indicates you kilobytes per seconds (kBp/s). The trap is the word b – bits and B – Bytes.

lets say you have applied  for a 512 kbps.

Firstly, divide your speed by 8 and multiply by 1024 to convert from kilobits per second to bytes per second; i.e 512 x 1024/8 = 65,536 bytes per second

Then convert from bytes/s to kilobytes/s

65,535 bytes = 65,535/1000 kB/s = 65.5 kB/s 

So, in brief Internet speed is what are advertised to you and what you pay for! On the other hand, what your browser download speed is What you should get!

512 kbps = 65.5 kB/s

1 Mbps = 122.1 kB/s 

2 Mbps = 244.2 kB/s

10 Mbps = 1220.1 kB/s

Now, make as if you are going to download a 700 Megabytes file. What will happen is that your browser will make an estimation of the Downtime. However, you can monitor your downloads with several tools available on the Internet. Lets say, you have a 1Mbps Internet connection from your ISP which means that your speed will be 65.5KB/s.
 
Calculate the Download time as follows

700 x 1024 = 716800 kilobytes (convert from 700 megabytes to kilobytes)

Therefore, if

65.5 kilobytes downloads in 1 sec (i.e 65.5kB = 1 s) then,

716800 kilobytes will download in 716800/65.5 = 5870.6 seconds

5870.597870598 / 60 = 97 minutes

Assume we have still have to subscribe to a 1 mb. The trick is that when you buy an internet connection. Your ISP does not inform you or commit themselves to what is required! and evade the fact by using the famous word “up to”!! What i am referring is that your pay the internet connection up to “xxx kbps”
 

This is called CIR – committed information rate. According to wikipedia, CIR is “Committed information rate or CIR in a Frame relay network is the average bandwidth for a virtual circuit guaranteed by an ISP to work under normal conditions.”

Therefore the CIR is the minimum speed provided by your ISP. Does ISPs provide that CIR? Is this mentioned in the Law?. My understanding is that, one cannot complain until that CIR is mentioned in the contract!!.
 

Another issue is something called PEO (Protocol Encapsulation Overhead). When you’re buying, say an ADSL link of 2 Mbps, your line is syncing with your ISP at 2 Mbps over ATM or any other backbone technology. (PPOA. PPOE). Now, the catch is that the Point to Point Protocol over ATM (PPOA), needs to be encapsulated over the ATM media. There is an overhead to do so, meaning you are not effectively getting 2 Mbps Internet Protocol connectivity.