Category: Networking

Debug your Internet bugs and vulnerabilities with ICSI Netalyzr

Can your Network be easily compromised? Is your Internet vulnerable? You might want to perform some tests on the Quality of Service your Internet Service Provider – ISP is providing you. It can also be more dangerous if your ISP is also your router vendor! One of the fast and reliable tools which I would propose is the ICSI Netalyzr tool which tests your internet connections for signs of trouble and provides you detailed report vulnerabilities, latency, and several tests. The test can be performed by almost anyone with just a simple click.

“ICSI Netalyzr is a service maintained by the Networking Group at the International Computer Science Institute, an affiliate with the University of California, Berkeley and funded by the National Science Foundation. The service got some publicity and found importance after late 2007 when Comcast was sued for throttling Internet traffic which Comcast later admitted being true.” – freewareGenius

Debug your Internet bugs and vulnerabilities with ICSI Netalyzr 1

The report consists of:

  • A summary of the Noteworthy Events
  • Addresses-based Tests
  • Reachability Tests
  • Network Access Link Properties
  • HTTP and DNS tests
  • IPV6 tests and Network Security Protocols
  • Host Properties

I made several tests myself and notice that many routers are vulnerable to attacks. One of the tests I made from a Netgear router DG series intentionally downgraded with an old firmware from the official website of Netgear was found to be vulnerable. Click here on this link to access to the Netalyzr tool. I would, however, recommend you to use DD-WRT or OpenWRT for best QoS.

Example - A Netgear router vulnerable to CVE-2012-5958 and CVE-2012-5959
Example – A Netgear router vulnerable to CVE-2012-5958 and CVE-2012-5959

You could also check for DNS resolution, Latency issues and Measurement of your Network buffering capacity. You would need to authorize your browser to access a JAVA plugin to be able to perform the test.

You can also perform your test using the Android App as well as on the Netalyzer command line client.


ZeNmap – The classic way of Nmap

Nmap is a free and open source utility for network exploration and security auditing whilst ZeNmap is a multi-platform graphical Nmap frontend and results viewer. It was originally derived from Umit which was created as part of the Nmap/Google Summer of Code program. ZeNmap is compatible with almost all types of Operating system. I have tested ZeNmap on Ubuntu and FreeBSD and it works pretty fine.


Some basic ‘nmapping’ funs from my Kali Linux Box

Look for visible IP in your network –  nmap -sP 192.168.1.0/24

Check the number of ports opened – nmap -Ss 192.168.1.0/24

Find the operating systems being used in the same network – nmap -O 192.168.1.0/24

You can even check the ACK bit during the TCP handshake authentication – nmap -sA 192.168.1.0/24


Screenshot from 2015-10-19 19:02:35
Tested with instances of several OS running on Vbox


Of course, the world of Nmap is so vast that you will need to go through the Manual to design your own way of exploring the Nmap command. There are many features and capabilities such as Hosts identification, Port scanning, Interrogation of network services, OS detection etc.. How does Nmap work? Since every hosts or device are connected to a network and has some network ports open and is consequently waiting for connections, the Nmap tool initiate connection to the 1000 most used ports whether it is open responding to an incoming connection, closed and has no service running but can respond to probes, filtered; i.e protected by a Firewall, unfiltered; post can be accessed but no chance to determine if its opened or not and the last one is the open/close filtered.

ZeNmap - The classic way of Nmap 2

What is more interesting is the ZeNmap tool where you can scan network using GUI. At this level, parameters are defined like Paranoid, Sneaky, Polite, Normal, Aggressive and Insane.


Screenshot from 2015-10-17 11:37:21
A paranoid scan performed here

 ZeNmap can also be used for firewall evasion techniques, source address and port spoofing, setting flag values on both IP and transport level. Results are also shown through a Map.

Screenshot from 2015-10-20 05:54:29


Internet Speed – How far is your ISP truthful ?

Have you ever notice that your ISP (Internet Service Provider) advertise you Internet package in a very tricky way? One of the best ways to manipulate you is with the use of the technical term such as Bytes and bits. To be briefer its the term Kilobits per seconds (kbps).

However, if you would be browsing the Internet or downloading some files, you would notice that your browser is indicating the speed at Kilobytes per second (kB/s)

Internet Speed - How far is your ISP truthful ? 3

To be more clear, your ISP sells Internet service in terms of kilobits per seconds (kbps) whilst your browser indicates you kilobytes per seconds (kBp/s). The trap is the word b – bits and B – Bytes.


let us say you have applied for a 512 kbps.


Firstly, divide your speed by 8 and multiply by 1024 to convert from kilobits per second to bytes per second; i.e 512 x 1024/8 = 65,536 bytes per second

Then convert from bytes/s to kilobytes/s

65,535 bytes = 65,535/1000 kB/s = 65.5 kB/s 

So, in brief, Internet speed is what is advertised to you and what you pay for! On the other hand, what your browser download speed is What you should get!

512 kbps = 65.5 kB/s

1 Mbps = 122.1 kB/s 

2 Mbps = 244.2 kB/s

10 Mbps = 1220.1 kB/s

Now, make as if you are going to download a 700 Megabytes file. What will happen is that your browser will make an estimation of the Downtime. However, you can monitor your downloads with several tools available on the Internet. Let’s say you have a 1Mbps Internet connection from your ISP which means that your speed will be 65.5KB/s.
 
Calculate the Download time as follows

700 x 1024 = 716800 kilobytes (convert from 700 megabytes to kilobytes)



Therefore, if

65.5 kilobytes downloads in 1 sec (i.e 65.5kB = 1 s) then,

716800 kilobytes will download in 716800/65.5 = 5870.6 seconds

5870.597870598 / 60 = 97 minutes

Assume we have still had to subscribe to a 1 Mb. The trick is that when you buy an internet connection. Your ISP does not inform you or commit themselves to what is required! and evade the fact by using the famous word “up to”!! What I am referring is that you pay the internet connection up to “xxx kbps”
 

This is called CIR – committed information rate. According to Wikipedia, CIR is “Committed information rate or CIR in a Frame Relay network is the average bandwidth for a virtual circuit guaranteed by an ISP to work under normal conditions.”

Therefore the CIR is the minimum speed provided by your ISP. Does ISPs provide that CIR? Is this mentioned in the Law? My understanding is that one cannot complain until that CIR is mentioned in the contract!!.
 


Another issue is something called PEO (Protocol Encapsulation Overhead). When you’re buying, say an ADSL link of 2 Mbps, your line is syncing with your ISP at 2 Mbps over ATM or any other backbone technology. (PPOA. PPOE). Now, the catch is that the Point to Point Protocol over ATM (PPOA), needs to be encapsulated over the ATM media. There is an overhead to do so, meaning you are not effectively getting 2 Mbps Internet Protocol connectivity.

 

Deploying WordPress labs on Virtual Box

Building miniature virtual labs on Virtualbox are most of the time fascinating especially when you have to troubleshoot between the virtual servers within a network environment, however, there are usually bugs that I have to deal with. The difference between NATNETWORK and that of NAT on VirtualBox differs differently to what I have noticed, this can be seen on the official website documentation.

However, I have noticed that in both situations, you are provided with a virtual router within VirtualBox. In the case of a NAT network, you are NOT allowed to ping between two VMs on NAT network unless you have established a tunnel whereas in the option of the NATNETWORK, this allows you to choose to dynamically range of IPs through the DHCP functionality on VirtualBox and you are also allowed to ping the outside world as well as other VMs on NATNETWORK. I have noticed that this work only on the new version compared to old ones where the NAT and NATNETWORK work almost the same way. There are still many discrepancies if ‘NatNetwork’ is the real name that should have been set!!


Screenshot from 2015-09-27 00:48:18

I have install Centos [minimum install] on my first lab. Here are the procedures for building the webserver.

  1. yum install httpd wget mysql-server php php-mysql php-gd nmap traceroute w3m vim
  2. wget https://wordpress.com/latest.tar.gz
  3. tar -xzf latest.tar.gz && cp -r wordpress /var/www
  4. chown -R apache:apache /var/www/wordpress
  5. vi /etc/httpd/conf.d/myweb.conf 

create the vhost with the following values

    • <VirtualHost *:80>
    • DocumentRoot /var/www/wordpress
    • ServerName www.myweb.com
    • ServerAlias myweb.com
  • <DIrectory /var/www/wordpress>
  • Options FollowSymlinks
  • Allow from all
  • </Directory>
  • ErrorLog /var/log/httpd/wordpress-error-log
  • CustomLog /var/log/httpd/wordpress-access-log common
  • </VirtualHost>

Time to create the Database

  1. mysql -u root -p  [mysqld service should be started first]
  2. CREATE DATABASE mydb;
  3. CREATE USER [email protected];
  4. SET PASSWORD FOR [email protected]= PASSWORD (“mypassword”);
  5. GRANT ALL PRIVILEGES ON mydb.* TO [email protected] IDENTIFIED BY ‘mypassword’;
  6. FLUSH PRIVILEGES;

Exit MySQL and proceed with the following instructions.

  1. mv /var/www/wordpress/wp-sample-config.php wp-config.php 
  2. Vi wp-config.php and modify username, dbname, password and hostname
  3. vi /etc/hosts and enter myweb.com to run as localhost
  4. Service httpd start // service httpd graceful // service mysqld start 
  5. w3m www.myweb.com register on wordpress. Website up

Setting up the SSL

  1. For ssl activation [https] do this yum install openssl mod_ssl
  2. openssl genrsa -out ca.key 2048 [to generate a signed certificate]
  3. openssl req -new -key ca.key -out ca.csr [to generate the .csr]
  4. openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt [generate a self-signed key]
  5. cp ca.crt /etc/pki/tls/certs
  6. cp ca.key /etc/pki/tls/private/ca.key
  7. cp ca.csr /etc/pki/tls/private/ca.csr
  8. vi /etc/httpd/conf.d/myweb.conf and add another vhost with the following values
  • <VirtualHost *:443> 
  • SSLEngine on
  • SSLCertificateFile /etc/pki/tls/certs/ca.crt
  • SSLCertificateKeyFile /etc/pki/tls/private/ca.key
  • DocumentRoot /var/www/wordpress
  • ServerName www.myweb.com
  • ServerAlias myweb.com
  • <DIrectory /var/www/wordpress>
  • Options FollowSymlinks
  • Allow from all
  • </Directory>
  • ErrorLog /var/log/httpd/wordpress-error-log
  • CustomLog /var/log/httpd/wordpress-access-log common
  • </VirtualHost>
  1. Service httpd graceful and website up on https


To make the website accessible on any hosts on the same NAT Network, edit /etc/resolv.conf with IP Address 10.0.2.4 myweb.com

176619

Now that two servers are configured the same way, you can add another server as load Balancing to access the servers behind the load balancer. What is most interesting is that end users (hosts) will know only the load balancing server. I have achieved this by installing Pound on the server use as Load Balancing. This means that end users [hosts] will access the load balancing server which will, in turn, decides upon master/slave priorities. Pound converts server3 to a reverse proxy load balancing server. The aim is to make HTTP/S request from the hosts and request server 1/2 according to the configuration.

Based on this article a new Bash project is actually being brewed on Github to automate the installation of WordPress, Apache, MySQL and all the application specified. This project should enable anyone to deploy a website through the script.


Hello Tunnelers

Hello, Tunnelers across the globe. I made this blog to share my experience and knowledge as a System and Application Administrator. Most articles are based on real-life experience in the field of Linux, FreeBSD and Open source technologies. However, additional tests are usually made to support my blog posts and I welcome constructive comments from you to enlighten me if needed.

Fellow Tunnelers, the Tunnelix is a concept that has inspired me to bridge Linux and Unix Operating systems tunneling through the hacking world. Do follow me on Twitter and join the adventure throughout the Tunnel.

linux-bsd-840x420

My website has been made using technologies like Nginx, HHVM, WordPress, CentOS, PHP, JQuery, MariaDB and others. I made some penetration testing using Kali Linux tools, Apache Benchmark and other online testing tools such as GTmetrix. You can follow my tweets to keep in touch with me. Your comments are welcome and I am also reachable on Facebook. Most blog posts will be based on the technical aspects of IT though sometimes I will blog about my own IT Management skills that I have encountered. Sharing is the key to success. Technology always keeps on evolving and just as other blogs, old posts are sometimes void. I will try my best to keep all my blog posts up-to-date.