Thursday, July 30, 2009

Why wireless network is insecure and how to secure it

This video is a general introduction to wireless security.
To improve your wireless security.
  • Out of the box WiFi is generally insecure.
  • Enable wireless encryption via WPA.
  • Change the default router password.
  • Change the default wireless SSID.
  • Hide the SSID.
  • Secure all home workstations.

Saturday, July 25, 2009

My bad experience on fedora 10 network bug


One of my friends chat with me on msn, saying that she just installed a new linux system, but the firefox connects nowhere, so she was in panic. After finding out their office didn't use dhcp, I realized what she wants is to set static ip address and default gateway. Simple enough.
I wish I knew fedora 10 have a network bug for static ip configuration, but I didn't!
I went through the normal steps.
Check OS information with "uname -a" and "dmesg head -1".
Check network information with "ifconfig", "/sbin/route -n" and a few ping and traceroute.
Ask my friend for the default gateway and the previous ip address (it's better to use the previous ip to save us from nasty kinks).
Educate my friend about the Linux desktop, where to find the GUI to fill in the ip address and default gateway.
Ahaaaa, here's the catch! She kept complaining that linux automatically changes netmask to gateway...
So, I decided to go the sure way --
Ask her to add default gateway into
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
And restart the network service by typing "service network restart"

She still complained that linux automatically changes netmask to gateway...

I got confused, but make another try -- "route add default gw xxx.xxx.xxx.xxx eth0" -- and got more confused after getting "siocaddrt no such process".

Now it's my time to panic...
After googling for a while, this post finally explained everything:
"Unfortunately, to date (8th/Dec/2008) there is a bug with system-config-network (GUI Version) in which it incorrectly stores the network mask as the default gateway address."
"Fedora 10 disables the "network" service in preference to using "NetworkManager", therefore NetworkManager will need to be disabled before enabling and configuring the network service."

Now I'm happy my friend's firefox can link to pages.

[ Socialize This]

Wednesday, July 15, 2009

STAR WARS Episode you never seen before



To watch the move.
In windowsXP,
press "START"
press "Run..."
type "command" then ENTER
type "telnet" then ENTER
type "O" then ENTER
type "towel.blinkenlights.nl" then ENTER

Just wait and enjoy the brand new STAR WARS Episode...

[ Socialize This]

Tuesday, July 14, 2009

How to setup VPN Server at home

If you have a PC with windows XP professional and a router supporting port-forward, then you can setup a VPN server at home without cost a penny.
Even PPTP based VPN is criticized for low security compared with L2TP/IPSec based VPN, Microsoft Inc. is constantly promoting it. The PPTP VPN client is included by default in all versions of windows XP, windows vista. If you have windows XP Professional, you can even set up a PPTP based VPN server at home. The good side is PPTP based VPN setup don’t cost you a penny, and functioned the same as those expensive cisco gateway backed VPN setup; the bad side is, you should be aware of the security issue facing the PPTP VPN — for PPTP the authentication process is not done over secured connections hence credentials can be lost to hackers and thus they can have access to the VPN server. The secure connection is setup only after the authentication is done.
To set up VPN, you should do three things.
Task #1: Having a router supporting port-forward. (Here is a farely completed list for routers supporting port-forward. My recommandation is LINKSYS WRT54GL. It is a perfect router for someone with networking experience who wants an inexpensive router to do expensive networking tasks.)
Task #2: Configure your router so that the traffic at your router’s port TCP-1723 will be forwarded to the local IP address of the PC running your VPN server software.
Port Forwarding How to
Task #3: Enable and configure the VPN server software at that home PC.
Simple PPTP VPN Server Setup in Windows XP
Now, the VPN client on the internet can access your VPN network anywhere, the only thing the client need to know is your router’s external IP address (which is dynamically assigned by your ISP) and the password of your VPN (of course). The IP address may change now and then, so your VPN client need to adjust the IP address accordingly.
If updating the dynamic IP address annoys you, you can ask a software to do this for you.
This is how to: firstly bind the dynamic IP address to a domain name, then point your VPN client to the domain name, so that no update is needed at the client side. At the server side, a software periodically tests your external IP address, then binds the new IP address to the domain name. no-ip.com have already wrote such a software for you, they even provide free domain name! If you are a hard-core programmer and dare not trust the softwares downloaded from the web, writing a software in Java or C++ is not that hard.

[ Socialize This]

Monday, July 13, 2009

Yahoo! 360° is closing today

Finally, the rumor became reality, the Yahoo! 360° is closing today. Here is the official declaration from yahoo! site:
"Make sure to save or download your existing content before July 13, 2009. On this date, all remaining material on Yahoo! 360° will no longer be accessible."

Yahoo! 360° has many nice blog feature to it, easy to use and give user a social networking site running by Yahoo!. As many users noticed long time ago, Yahoo! 360° gets slower and slower, besides, the social aspect of Yahoo! 360° turned out not so successful, there are plenty of other social networking sites which just fulfill a different function.

I think many users will move to blogger or blogspot after the closing.

[ Socialize This]

Monday, July 6, 2009

How to remote contorl your LAN computers


If you have followed my previous posts on how to set up workgroup and file sharing in your home network.

You maybe commuted between your computers to configure, debug, inspect results... What a hack...

How nice if we can sit on one computer and remote control other computers without physically walked there. Fortunetly, we have a very easy solution with VNC server.

"VNC is remote control software which allows you to view and fully interact with one computer desktop (the "VNC server") using a simple program (the "VNC viewer") on another computer desktop anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view a Windows Vista desktop at the office on a Linux or Mac computer at home. For ultimate simplicity, there is even a Java viewer, so that any desktop can be controlled remotely from within a browser without having to install software."
To set up VNC server-client connections.
Download and install RealVNC (Free Edition is good enough) from

SelectVNC Free Edition for Windows
Installer including both Server and Viewer
Follow the install wizard, which will show you how to configure a vnc server on your computer so that other computers can remote control your computer after login with password. The wizard also installs a vnc viewer, so that you can remote login and control other vnc-server installed computers.

After installing vnc servers and clients on all your home computers.

Sit in front of one of your pc, Click START -> All Programs -> RealVNC -> VNC viewer 4 -> Run VNC viewer
In the server text box, type in the IP address of the remote computer and click OK. In the next screen, input the correct password and click OK.

Walla, magic.

Enable File-sharing in windows xp

In my previous post, I have set up a workgroup on windows xp computers. In this post, I will go through a few steps to enable the simple file sharing.

Step 1, enable simple file sharing.
For winxp pro:
Double click My Computer -> Tools -> Folder Options -> View -> make sure "User simple file sharing [Recommended]" is checked.

Step 2, modify shared documents properties.
For winxp Home Edition:
Double Click My Computer -> Right Click Shared Documents -> Click Sharing tab -> Check "Share this folder on the network" and "Allow network users to change my files".
For winxp Professional:
Double Click My Computer -> Double Click Shared Documents -> Right Click the folders you want to share and change the Sharing properties one by one.

Now go to START -> My Network Places -> Viw workgroup computers -> Double Click the computer in your workgroup, the shared folder shows up. You can copy/paste or drag/drop files from/to that remote folder.

Windows workgroup debug "User has not been Granted the Requested Login Type"

In my previous post, I demonstrated how to set up windows workgroup.

Setting up windows workgroup is easy, only if you are lucky enough.
The most common error message ppl bumped into is:

"\\xxx is not accessible. You might not have permission to use this network resource. Contact the administrator of this Server to find out if you have access permissions."

A lot of reason can cause the above error message.

1. Check the firewall settings (it may even prevent you to ping through).
Go to START -> Control Panel -> Securety Center -> Windows Firewall -> Select OFF
and see if the error gets fixed. If so, you may turn on firewall and change the firewall exceptions.

2. Make sure user "Guest" is enabled.
Go to START -> Control panel -> User Accounts -> click User Accounts -> Make sure Guest is turned on.

3. For windows xp pro, you may need to modify the Local Security Policy to allow the Guest to access the computer from network.
Go to START -> Control Panel -> Performance and Maintainance -> Administrative Tools -> Local Security Policy -> Local Policy -> User Rights Accessment
Find the key "Deny access to this computer from network", double click the key, high-light "Guest", Click remove, Click OK.

4. In some odd situations, you may need to check the registry to make sure restrictanonymous key is correctly set.

Click Start, click Run, type regedit, and then click OK.
Locate and then double-click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
On the right side, double-click restrictanonymous.
Make sure that the value in the Value data box is set to 0, and then click OK.
Close Registry Editor.
Restart the computer.

5. If none of the above works, here is the ultimate solution from John Will.
Download the Windows Server 2003 Resource Kit Tools from microsoft Download center, which are a set of tools to help administrators streamline management tasks.

After installation is complete, click on: Start -> All Programs -> Windows Resource Kit
Tools -> Command Shell

Then enter the following commands. (Attention: they are case sensitive.)

net user guest /active:yes
ntrights +r SeNetworkLogonRight -u Guest
ntrights -r SeDenyNetworkLogonRight -u Guest
The first command enables network access for Guest, the two subsequent ones change two different policies to allow network access for Guest.

So far, the errors should be clean and you should be able to double click into the computers on your local workgroup. However, nothing too interesting there except the default folder "Printers and Faxes". To enable file-sharing, we need to do a few tweeks, which will be discussed in my next post.

[ Socialize This]

How to set up windows home network


If you have more than 2 computers in your home, you may want to connect them together so that you can share files and resources among them.

There are two types of windows network you can set up -- domains and workgroup.

Windows domain is basically a server/client system, which is more secure and feature rich. How ever, you need a computer installed with Windows 2000 Server or Windows 2003 server as the dedicated domain server.

Comparably, setting up the peer to peer workgroup network is much easier on all versions of windows operation system, of course, it is not as secure.


To set up a workgroup in windows xp:
  • Right click on the My Computer icon and choose PROPERTIES from the menu.

  • Select the COMPUTER NAME tab

  • Select the CHANGE button

  • In the Workgroup text box, type a workgroup name of your choice and click OK. This workgroup name must be the SAME for all the computers in your Home Network. In the Computer name text box, type a unque name for this computer.

  • Now Click OK.

  • Click OK at the bottom of this window. When prompt for restart computer, Click OK.

  • Repeat the above process for all the computers in your home, remember the workgroup name must be the SAME!
Now your workgroup-based home network have been setup. You can find your workgroup peers by clicking START -> My Network Places -> View Workgroup Computers.
If you click on the other computer in the Network it may only show you the SHARED FOLDERS that Windows sets up by default. To view other computers Folders and Files you must now share those items.

Better chances are you got error message such as "You might not have permission to use this network resource". Don't panic, we all got error messages. check my next post on how to trouble-shooting this.


Sunday, July 5, 2009

Wordpress blog came back

I sent a message to the supporting team to explain the problem, now it's back.

Thursday, July 2, 2009

Blog on WordPress got suspended

WordPress.com

This blog has been archived or suspended for a violation of our Terms of Service.


The above scaring image is what I saw when visiting my blog at wordpress tonight.

I wonder what happened to my blog?

As I google "This blog has been archived or suspended for a violation of our Terms of Service. wordpress". I realized many people got automatically banned by their Spam-Filter. Wordpress's current Spam-Filter technology using words or links alone to detect the untrustworthy content, which isn’t context-aware. They may ban ppl for a bad link in the post or ban ppl because of taking others content.

I guess a post copied from a blog caused the trouble, but I I DO put a link to the source at the first line of my post as source article! Anyway, I should receive an email from their supporting group soon.

By the way, complaining on the WordPress.com Forums is not an option now, because the supporting group became clever after dealing with numerous similar cases.

You've been blocked. If you think a mistake has been made, contact this site's administrator.

Back to WordPress.com Forums.

[ Socialize This]

Wednesday, July 1, 2009

How to implement network protocol

network stack
network stack


Common questions regarding the network protocols include:
What is network protocol?
Why network protocol?
How to implement network protocol?

The best way to answer the question of "What" and "Why" is looking into a helloworld-style example of network protocols -- Time Protocol. Then the question "How" will follow naturally.

Here it is: the Time Protocol, defined in RFC 868.
Network Working Group J. Postel - ISI
Request for Comments: 868 K. Harrenstien - SRI
May 1983

Time Protocol
This RFC specifies a standard for the ARPA Internet community. Hosts on
the ARPA Internet that choose to implement a Time Protocol are expected
to adopt and implement this standard.
This protocol provides a site-independent, machine readable date and
time. The Time service sends back to the originating source the time in
seconds since midnight on January first 1900.
One motivation arises from the fact that not all systems have a
date/time clock, and all are subject to occasional human or machine
error. The use of time-servers makes it possible to quickly confirm or
correct a system's idea of the time, by making a brief poll of several
independent sites on the network.
This protocol may be used either above the Transmission Control Protocol
(TCP) or above the User Datagram Protocol (UDP).

When used via TCP the time service works as follows:
S: Listen on port 37 (45 octal).
U: Connect to port 37.
S: Send the time as a 32 bit binary number.
U: Receive the time.
U: Close the connection.
S: Close the connection.

The server listens for a connection on port 37. When the connection
is established, the server returns a 32-bit time value and closes the
connection. If the server is unable to determine the time at its
site, it should either refuse the connection or close it without
sending anything.
Postel [Page 1]
RFC 868 May 1983
Time Protocol
When used via UDP the time service works as follows:
S: Listen on port 37 (45 octal).
U: Send an empty datagram to port 37.
S: Receive the empty datagram.
S: Send a datagram containing the time as a 32 bit binary number.
U: Receive the time datagram.

The server listens for a datagram on port 37. When a datagram
arrives, the server returns a datagram containing the 32-bit time
value. If the server is unable to determine the time at its site, it
should discard the arriving datagram and make no reply.
The Time
The time is the number of seconds since 00:00 (midnight) 1 January 1900
GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this
base will serve until the year 2036.
For example:
the time 2,208,988,800 corresponds to 00:00 1 Jan 1970 GMT,
2,398,291,200 corresponds to 00:00 1 Jan 1976 GMT,
2,524,521,600 corresponds to 00:00 1 Jan 1980 GMT,
2,629,584,000 corresponds to 00:00 1 May 1983 GMT,
and -1,297,728,000 corresponds to 00:00 17 Nov 1858 GMT.

After reading through the 2 page definition document, which is self-explaining, we can see
A protocol is a set of rules used by computers to communicate with each other across a network. In the case of Time Protocol, it defines the way Server and User communicate about the time and the syntax of the time.

At this point, we are eager to materialize the protocol with the Time server and the Time client. But wait, questions:

Question #1: What is the time format to use?
Let's check RFC 868 -- Aha, "The time is the number of seconds since 00:00 (midnight) 1 January 1900GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; thisbase will serve until the year 2036." Clear enough.

Question #2: Where to start?
Let's check the RFC 868 again:
"This protocol may be used either above the Transmission Control Protocol(TCP) or above the User Datagram Protocol (UDP)."

Ok, now we know, we can build our server-client on top of TCP or UDP service (usually provided by code libraries). Sure enough, Java/C/Python/Perl... all have socket library which allow an application to connect to ports on remote host, listen to local port, send data, receive data, close connection, etc. So, very doable!

Question #3: How to synchronize the server and client?
Let's check the RFC 868 again (and again):
When used via TCP the time service works as follows:
S: Listen on port 37 (45 octal).
U: Connect to port 37.
S: Send the time as a 32 bit binary number.
U: Receive the time.
U: Close the connection.
S: Close the connection.
The server listens for a connection on port 37. When the connection
is established, the server returns a 32-bit time value and closes the
connection. If the server is unable to determine the time at its
site, it should either refuse the connection or close it without
sending anything.
That's almost the pseudo code!

Before we jump right into the code, notice protocols may be implemented by hardware, software, or a combination of the two. When implemented in software, the programming language doesn't matter. As long as the implementation follow the protocol defined in RFC xxx, it shall work, that's why we need network protocols!

Implementaion in Python

time_client.py
# File:time_client.py
import socket
import struct, time
# server
HOST = "www.python.org"
PORT = 37
# reference time (in seconds since 1900-01-01 00:00:00)
TIME1970 = 2208988800L # 1970-01-01 00:00:00
# connect to server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
# read 4 bytes, and convert to time value
t = s.recv(4)
t = struct.unpack("!I", t)[0]
t = int(t - TIME1970)
s.close()
# print results
print "server time is", time.ctime(t)
print "local clock is", int(time.time()) - t, "seconds off"
time_server.py
# File:time_server.py
import socket
import struct, time
# user-accessible port
PORT = 8037
# reference time
TIME1970 = 2208988800L
# establish server
service = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
service.bind(("", PORT))
service.listen(1)
print "listening on port", PORT
while 1:
# serve forever
channel, info = service.accept()
print "connection from", info
t = int(time.time()) + TIME1970
t = struct.pack("!I", t)
channel.send(t) # send timestamp
channel.close() # disconnect

Learn Network Basics With Interesting Video

The interesting movie follows the life journey of a network packet in the net.


His journey starts from the web browser, where he was born at a click then met his fellow citizens ICMP ping packets, ping of death packets, TCP packets, UDP packets, AppleTalk packets... He went out from the LAN, entered into the WAN, reached his destination LAN and finally found the web server he is looking for. During the journey, he met a lot of vivid characters such as web browser, proxy server, router, firewall, router switch, internet backbone,webserver...
[ Socialize This]

Why I stopped publishing blog posts as information provider

Now the AI can generate content. Does that mean the web publishing industry reaches the end? ChatGPT said: ChatGPT Not at all. While AI can ...