Archive

Articles taggués ‘routage’

Using ssh as a SOCKS proxy on Mac OS X

15/11/2018 Aucun commentaire

Introduction

Many times it can be convenient to tunnel your web traffic through a proxy, particularly an encrypted one. This web page shows how to easily tunnel your traffic through an ssh-encrypted proxy on Mac OS X. This allows your traffic to traverse your local network without being visible to snoopers, even when visiting unencrypted sites.

It also allows you to appear to come from a different IP address, allowing you to defeat geolocation schemes. In particular, some credit card processors try to make sure that your credit card billing address is correlated with your IP address, which can be hard on us expatriates. Another example is the free credit report web site which doesn’t seem to work from outside the United States. There are undoubtedly many other practical, legitimate uses for this sort of redirection. Lire la suite…

How to find out Router MAC address

19/10/2018 Comments off

Source: nixCraft

MAC is acronym for for Media Access Control address. It is a unique identifier attached to almost most all networking equipment such as Routers, Ethernet cards and other devices.

If you do not have access to router admin interface (via telnet or webbased), use following method to find out router MAC address.

You need to use arp command (available on both Windows, Linux/Unixish systems).

arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.

arp shows the entries of the specified hosts. If the hostname parameter is not used, all entries will be displayed.

Task: Find out router Mac Address

To find out your router MAC address, use arp command as follows:

$ /usr/sbin/arp -a
OR
$ arp -a
Output:

router (192.168.1.254) at 00:08:5C:00:00:01 [ether] on eth0
fbsd6 (192.168.1.16) at 00:0F:EA:91:04:07 [ether] on eth0

In above example 00:08:5C:00:00:01 is MAC address of my router. If you cannot find MAC address then just ping to your router once (my router had 192.168.1.254 IP)
$ ping 192.168.1.254
And then run (type arp -a) above arp command again. If you have telnet access to router then you can just telnet into router and find out MAC address:
$ telnet 192.168.1.254

Output:

Welcome to nixCraft Router!
Login: admin
Password:

Once logged in type ifconfig command:

$ ifconfig br0

Output:

br0             Link encap:Ethernet  HWaddr 00:08:5C:00:00:01
        inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:48574 errors:0 dropped:0 overruns:0 frame:0
        TX packets:61329 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:9146189 (8.7 MiB)  TX bytes:74456679 (71.0 MiB)

Please note that your interface name (br0) could be different. You can also use ifconfig -a command.

Windows XP/NT/2003 find out Router Mac address

If you are using Microsoft Windows XP then you need to open MS-DOS shell prompt first. Click on Start > Run > Type cmd command followed by ENTER key. Then at C:\> prompt, type arp command as follows:

C:\> arp -a

Categories: Réseau Tags: ,

CIDR subnet mask cheatsheet ICMP type codes

13/10/2018 Comments off

Source: oav.net

255.255.255.255  11111111.11111111.11111111.11111111  /32  Host (single addr)
255.255.255.254  11111111.11111111.11111111.11111110  /31  Unuseable
255.255.255.252  11111111.11111111.11111111.11111100  /30    2  useable
255.255.255.248  11111111.11111111.11111111.11111000  /29    6  useable
255.255.255.240  11111111.11111111.11111111.11110000  /28   14  useable
255.255.255.224  11111111.11111111.11111111.11100000  /27   30  useable
255.255.255.192  11111111.11111111.11111111.11000000  /26   62  useable
255.255.255.128  11111111.11111111.11111111.10000000  /25  126  useable
255.255.255.0    11111111.11111111.11111111.00000000  /24 "Class C" 254 useable

255.255.254.0    11111111.11111111.11111110.00000000  /23    2  Class C's
255.255.252.0    11111111.11111111.11111100.00000000  /22    4  Class C's
255.255.248.0    11111111.11111111.11111000.00000000  /21    8  Class C's
255.255.240.0    11111111.11111111.11110000.00000000  /20   16  Class C's
255.255.224.0    11111111.11111111.11100000.00000000  /19   32  Class C's
255.255.192.0    11111111.11111111.11000000.00000000  /18   64  Class C's
255.255.128.0    11111111.11111111.10000000.00000000  /17  128  Class C's
255.255.0.0      11111111.11111111.00000000.00000000  /16  "Class B"
     
255.254.0.0      11111111.11111110.00000000.00000000  /15    2  Class B's
255.252.0.0      11111111.11111100.00000000.00000000  /14    4  Class B's
255.248.0.0      11111111.11111000.00000000.00000000  /13    8  Class B's
255.240.0.0      11111111.11110000.00000000.00000000  /12   16  Class B's
255.224.0.0      11111111.11100000.00000000.00000000  /11   32  Class B's
255.192.0.0      11111111.11000000.00000000.00000000  /10   64  Class B's
255.128.0.0      11111111.10000000.00000000.00000000  /9   128  Class B's
255.0.0.0        11111111.00000000.00000000.00000000  /8   "Class A"
  
254.0.0.0        11111110.00000000.00000000.00000000  /7
252.0.0.0        11111100.00000000.00000000.00000000  /6
248.0.0.0        11111000.00000000.00000000.00000000  /5
240.0.0.0        11110000.00000000.00000000.00000000  /4
224.0.0.0        11100000.00000000.00000000.00000000  /3
192.0.0.0        11000000.00000000.00000000.00000000  /2
128.0.0.0        10000000.00000000.00000000.00000000  /1
0.0.0.0          00000000.00000000.00000000.00000000  /0   IP space

                                   Net     Host    Total
Net      Addr                      Addr    Addr    Number
Class   Range      NetMask         Bits    Bits   of hosts
----------------------------------------------------------
A        0-127    255.0.0.0         8      24     16777216   (i.e. 114.0.0.0)
B      128-191    255.255.0.0      16      16        65536   (i.e. 150.0.0.0)
C      192-254    255.255.255.0    24       8          256   (i.e. 199.0.0.0)
D      224-239    (multicast)
E      240-255    (reserved)
F      208-215    255.255.255.240  28       4           16
G      216/8      ARIN - North America
G      217/8      RIPE NCC - Europe
G      218-219/8  APNIC
H      220-221    255.255.255.248  29       3            8   (reserved)
K      222-223    255.255.255.254  31       1            2   (reserved)
(ref: RFC1375 & http://www.iana.org/assignments/ipv4-address-space )
(               http://www.iana.org/numbers.htm                    )
----------------------------------------------------------

The current list of special use prefixes:
	0.0.0.0/8	
	127.0.0.0/8
	192.0.2.0/24
	10.0.0.0/8
	172.16.0.0/12
	192.168.0.0/16
	169.254.0.0/16
	all D/E space
(ref: RFC1918 http://www.rfc-editor.org/rfc/rfc1918.txt   )
(       or     ftp://ftp.isi.edu/in-notes/rfc1918.txt     )
(rfc search:   http://www.rfc-editor.org/rfcsearch.html   )
(              http://www.ietf.org/ietf/1id-abstracts.txt )
(              http://www.ietf.org/shadow.html            )


Martians: (updates at: www.iana.org/assignments/ipv4-address-space )
 no ip source-route
 access-list 100 deny   ip host 0.0.0.0 any
  deny ip 0.0.0.0         0.255.255.255  any log  ! antispoof
  deny ip 0.0.0.0 0.255.255.255  0.0.0.0 255.255.255.255 ! antispoof
  deny ip any             255.255.255.128 0.0.0.127 ! antispoof
  deny ip host            0.0.0.0        any log  ! antispoof
  deny ip host            [router intf]  [router intf] ! antispoof
  deny ip xxx.xxx.xxx.0   0.0.0.255      any log  ! lan area
  deny ip 0/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 1/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 2/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 5/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 7/8             0.255.255.255  any log  ! IANA - Reserved
  deny ip 10.0.0.0        0.255.255.255  any log  ! IANA - Private Use
  deny ip 23/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 27/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 31/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 36-37/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 39/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 41-42/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 50/8            0.255.255.255  any log  ! IANA - Reserved
  deny ip 58-60/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 69-79/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 82-95/8         0.255.255.255  any log  ! IANA - Reserved
  deny ip 96-126/8        0.255.255.255  any log  ! IANA - Reserved
  deny ip 127/8           0.255.255.255  any log  ! IANA - Reserved
  deny ip 169.254.0.0     0.0.255.255    any log  ! link-local network
  deny ip 172.16.0.0      0.15.255.255   any log  ! reserved
  deny ip 192.168.0.0     0.0.255.255    any log  ! reserved
  deny ip 192.0.2.0       0.0.0.255      any log  ! test network
  deny ip 197/8           0.255.255.255  any log  ! IANA - Reserved
  deny ip 220/8           0.255.255.255  any log  ! IANA - Reserved
  deny ip 222-223/8       0.255.255.255  any log  ! IANA - Reserved
  deny ip 224.0.0.0       31.255.255.255 any log  ! multicast
  deny ip 224.0.0.0       15.255.255.255 any log  ! unless MBGP-learned routes
  deny ip 224-239/8       0.255.255.255  any log  ! IANA - Multicast
  deny ip 240-255/8       0.255.255.255  any log  ! IANA - Reserved

filtered source addresses
  0/8                 ! broadcast
  10/8                ! RFC 1918 private
  127/8               ! loopback
  169.254.0/16        ! link local
  172.16.0.0/12       ! RFC 1918 private
  192.0.2.0/24        ! TEST-NET
  192.168.0/16        ! RFC 1918 private
  224.0.0.0/4         ! class D multicast
  240.0.0.0/5         ! class E reserved
  248.0.0.0/5         ! reserved
  255.255.255.255/32  ! broadcast

ARIN administrated blocks: (http://www.arin.net/regserv/IPStats.html)
   24.0.0.0/8 (portions of)
   63.0.0.0/8
   64.0.0.0/8
   65.0.0.0/8
   66.0.0.0/8
  196.0.0.0/8
  198.0.0.0/8
  199.0.0.0/8
  200.0.0.0/8
  204.0.0.0/8
  205.0.0.0/8
  206.0.0.0/8
  207.0.0.0/8
  208.0.0.0/8
  209.0.0.0/8
  216.0.0.0/8
----------------------------------------------------------

well known ports: (rfc1700.txt)
 www.iana.org/assignments/port-numbers

protocol numbers:
 www.iana.org/assignments/protocol-numbers
 www.iana.org/numbers.htm

ICMP(Types/Codes)
 Testing Destination Reachability & Status
  (0/0)  Echo-Reply
  (8/0)  Echo
 Unreachable Destinations
  (3/0)  Network Unreachable
  (3/1)  Host Unreachable
  (3/2)  Protocol Unreachable
  (3/3)  Port Unreachable
  (3/4)  Fragmentaion Needed and DF set (Pkt too big)
  (3/5)  Source Route Failed
  (3/6)  Network Unknown
  (3/7)  Host Unknown
  (3/9)  DOD Net Prohibited
  (3/10) DOD Host Prohibited
  (3/11) Net TOS Unreachable
  (3/12) Host TOS Unreachable
  (3/13) Administratively Prohibited
  (3/14) Host Precedence Unreachable
  (3/15) Precedence Unreachable
 Flow Control
  (4/0)  Source-Quench [RFC 1016]
 Route Change Requests from Gateways
  (5/0)  Redirect Datagrams for the Net
  (5/1)  Redirect Datagrams for the Host
  (5/2)  Redirect Datagrams for the TOS and Net
  (5/3)  Redirect Datagrams for the TOS and Host
 Router
  (6/-)  Alternate-Address
  (9/0)  Router-Advertisement
  (10/0) Router-Solicitation
 Detecting Circular or Excessively Long Routes
  (11/0) Time to Live Count Exceeded
  (11/1) Fragment Reassembly Time Exceeded
 Reporting Incorrect Datagram Headers
  (12/0) Parameter-Problem
  (12/1) Option Missing
  (12/2) No Room for Option
 Clock Synchronization and Transit Time Estimation
  (13/0) Timestamp-Request
  (14/0) Timestamp-Reply
 Obtaining a Network Address (RARP Alternative)
  (15/0) Information-Request
  (16/0) Information-Reply
 Obtaining a Subnet Mask [RFC 950]
  (17/0) Address Mask-Request
  (18/0) Address Mask-Reply
 Other
  (30/0) Traceroute
  (31/0) Conversion-Error
  (32/0) Mobile-Redirect

Ref: [RFC 792] [RFC 896] [RFC 950] [RFC 1016]
  www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/cofigide/qos.htm#19774



Decimal system Prefix's
              Factor               Exponent  Prefix
---------------------------------------------------
 1 000 000 000 000 000 000 000 000...10^24....yotta
     1 000 000 000 000 000 000 000...10^21....zetta
         1 000 000 000 000 000 000...10^18....exa
             1 000 000 000 000 000...10^15....peta
                 1 000 000 000 000...10^12....tera
                     1 000 000 000...10^9.....giga
                         1 000 000...10^6.....mega
                             1 000...10^3.....kilo
                               100...10^2.....hecto
                                10...10^1.....deka
                               0.1...10^-1....deci
                              0.01...10^-2....centi
                             0.001...10^-3....milli
                         0.000 001...10^-6....micro
                     0.000 000 001...10^-9....nano
                 0.000 000 000 001...10^-12...pico
             0.000 000 000 000 001...10^-15...femto
         0.000 000 000 000 000 001...10^-18...atto
     0.000 000 000 000 000 000 001...10^-21...zepto
 0.000 000 000 000 000 000 000 001...10^-24...yocto
---------------------------------------------------

Convert Fahrenheit <> Celsius:
 Celsius = (Fahrenheit - 32) / 1.8
 Fahrenheit = (Celsius * 1.8) + 32

 

Categories: Réseau Tags: ,

Find all active IP addresses in a network

11/10/2018 Comments off

Today I found myself reconfiguring a wireless access point I hadn’t used in a very long time. I no longer have the manual (so I could reset it to factory defaults) nor do I remember what the obscure IP address I configured it with was. Luckily I do know what network it’s setup for ( 192.168.1.x ) but I don’t want to have to try to connect to all 254 IP addresses (192.168.1.1 through 192.168.1.254) as that would take quite some time.

So what I’m going to do is use Nmap a swiss army knife for network operators and system admins. What we’re going to do is use Nmap to scan the entire network and tell us which IP addresses are active. This will allow us to drastically reduce the number of IP addresses we have to try.

There are Nmap versions for all three major OS’s *nix, OS X and Windows. I’ll be showing you the syntax for the *nix/OS X version.

nmap -sP 192.168.1.0/24

replace 192.168.1.0/24 with whatever network it is you’re trying to scan.
The /24 is the netmask of the network in CDIR notation. If you need a cheat sheet you can find one here

Once you press return (or enter) Nmap will start to work pinging each and every IP address on your network and noting which ones respond and which don’t. (Note that if your device has a firewall that discards ping requests it will appear to be down to this scan)

You’ll quickly get an output similar to the following

Starting Nmap 4.50 ( http://insecure.org ) at 2008-08-19 10:15 PDT
HOST 192.168.1.25 appears to be up.
MAC Address: 0:0F:1F:4C:0B:E6 (WW Pcba Test)
Nmap finished: 256 IP addresses (3 hosts up) scanned in 5.711 seconds

IP leak affecting VPN providers with port forwarding

27/11/2015 Comments off

Vulnerability “Port Fail” reveals real IP address

We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim. “Port Fail” affects VPN providers that offer port forwarding and have no protection against this specific attack. Perfect Privacy users are protected from this attack.

This IP leak affects all users: The victim does not need to use port forwarding, only the attacker has to set it up.

We have tested this with nine prominent VPN providers that offer port forwarding. Five of those were vulnerable to the attack and have been notified in advance so they could fix this issue before publication. However, other VPN providers may be vulnerable to this attack as we could not possibly test all existing VPN providers.

Details about the leak

The attacker needs to meet the following requirements:

  • Has an active account at the same VPN provider as the victim
  • Knows victim’s VPN exit IP address (can be obtained by various means, e.g. IRC or torrent client or by making the victim visit a website under the attackers control)
  • The attacker sets up port forwarding. It makes no difference whether the victim has port forwarding activated or not.

The IP leak can then be triggered as follows:

  1. Victim is connected to VPN server 1.2.3.4
  2. Victim’s routing table will look something like this:
    0.0.0.0/0 -> 10.0.0.1 (internal vpn gateway ip)
    1.2.3.4/32 -> 192.168.0.1 (old default gateway)
  3. Attacker connects to same server 1.2.3.4 (knows victim’s exit through IRC or other means)
  4. Attacker activates Port Forwarding on server 1.2.3.4, example port 12345
  5. Attacker gets the victim to visit 1.2.3.4:12345 (for example via embedding <img src=”http://1.2.3.4:12345/x.jpg”> on a website)
  6. This connection will reveal the victim’s real IP to the attacker because of the “1.2.3.4/32 -> 192.168.0.1” vpn route.

The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work. If another user (the attacker) has port forwarding activated for his account on the same server, he can find out the real IP addresses of any user on the same VPN server by tricking him into visiting a link that redirects the traffic to a port under his control.

Also note that due to the nature of this attack all VPN protocols (IPSec, OpenVPN, PPTP, etc.) and all operating systems are affected.

Mitigation

Affected VPN providers should implement one of the following:

  • Have multiple IP addresses, allow incoming connections to ip1, exit connections through ip2-ipx, have portforwardings on ip2-ipx
  • On Client connect set server side firewall rule to block access from Client real ip to portforwardings that are not his own.

 

Source: Perfect Privacy

Categories: Réseau Tags: , ,