Symptom: FTP Client does not work.
Applies to: PFSense firewall guarded networks.
Explanation:
PFSense does not allow the native FTP application out. It uses a built in FTP proxy application to proxy all FTP connections through.
The firewall logs will not even show dropped packets!
Solution:
To configure do the following for each LAN interface that you want FTP clients to operate on.
Interface:
1. Uncheck the disable userland FTP proxy application.
Corresponding interface firewall ruleset:
1. Allow src=any proto=tcp spt=any dst=127.0.0.1 dpt=Range(8000-8030).
The port range 8000 to 8030 is where the FTP proxy operates at, and it listens on the loop back address for that interface.
Operate FTP clients and applications as normal.
Monday, November 1, 2010
Remote Analysis of User Internet Explorer History.
This technique is good for auditing a users internet explorer history without the user knowing about it.
Step one is to download Internet Explorer History Viewer, "iehv".
http://www.nirsoft.net/utils/iehv.html
Step two, if PSEXEC is not already installed on the management system, install it.
Step three, from the command prompt change directory into the folder containing iehv.exe.
Step four, execute iehv.exe remotely from the target computer, using the executable push feature of PSEXEC. (Note: you will need domain administrator privilege of course).
Example: Psexec –c –s –d \\computername iehv.exe /shtml “c:\data.html” –user username
Username is going to be the target user profile to explore.
Step five, move the data.html file off of their computer and back to your management workstation.
Example: Move \\computername\c$\data.html c:\
Step six, delete the pushed executable.
Example: Del \\computername\c$\windows\system32\iehv.exe
Now you can analyze the data. The only traces left are windows log files showing the PSEXEC service starting.
Step one is to download Internet Explorer History Viewer, "iehv".
http://www.nirsoft.net/utils/iehv.html
Step two, if PSEXEC is not already installed on the management system, install it.
Step three, from the command prompt change directory into the folder containing iehv.exe.
Step four, execute iehv.exe remotely from the target computer, using the executable push feature of PSEXEC. (Note: you will need domain administrator privilege of course).
Example: Psexec –c –s –d \\computername iehv.exe /shtml “c:\data.html” –user username
Username is going to be the target user profile to explore.
Step five, move the data.html file off of their computer and back to your management workstation.
Example: Move \\computername\c$\data.html c:\
Step six, delete the pushed executable.
Example: Del \\computername\c$\windows\system32\iehv.exe
Now you can analyze the data. The only traces left are windows log files showing the PSEXEC service starting.
Using the Amavis "Soft" White List
Adding individual users or entire domains to the Amavis soft white list is possible. This differs from the hard white list. The difference between the two is that a score is still computed for items on the soft list, and then the soft list value is added to the score to produce, hopefully, a ham value.
The file is 20-debian_defaults under /etc/amavis/conf.d/
Find the section with the static hash table that occurs after the normally commented line of #read_hash(“/var/amavis/sender_scores_sitewide”).
Add entries as follows into the static hash table:
'user@domain.tld' => -3.0,
'wholedomain.tld' => -3.0,
Use negative values to soft white list, use positive values to soft black list.
Generally you will want to use this in response to sender mail being bounced back as UBE "Unsolicited Bulk Email", and should be used before progressing to using the hard white list array.
The file is 20-debian_defaults under /etc/amavis/conf.d/
Find the section with the static hash table that occurs after the normally commented line of #read_hash(“/var/amavis/sender_scores_sitewide”).
Add entries as follows into the static hash table:
'user@domain.tld' => -3.0,
'wholedomain.tld' => -3.0,
Use negative values to soft white list, use positive values to soft black list.
Generally you will want to use this in response to sender mail being bounced back as UBE "Unsolicited Bulk Email", and should be used before progressing to using the hard white list array.
Using Disk Cleanup without Installing the Desktop Experience Suite on Server 2008
How to install the Disk Cleanup application without installing the desktop experience on Windows Server 2008 R2, 2008 x64, 2008 x32. This will avoid having to install desktop themes, media player and so on.
Locate the Cleanmgr.exe and the cleanmgr.exe.mui in the appropriate directory in the table below.
Copy Cleanmgr.exe to C:\windows\system32.
Copy Cleanmgr.exe.mui to C:\windows\system32\en-us.
Then you can run the disk cleaner.
Tables:
Server 2008 R2:
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui
Server 2008 x64:
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_b9f50b71510436f2\cleanmgr.exe.mui
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_c962d1e515e94269\cleanmgr.exe.mui
Server 2008 x32:
C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5dd66fed98a6c5bc\cleanmgr.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_6d4436615d8bd133\cleanmgr.exe
Locate the Cleanmgr.exe and the cleanmgr.exe.mui in the appropriate directory in the table below.
Copy Cleanmgr.exe to C:\windows\system32.
Copy Cleanmgr.exe.mui to C:\windows\system32\en-us.
Then you can run the disk cleaner.
Tables:
Server 2008 R2:
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui
Server 2008 x64:
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_b9f50b71510436f2\cleanmgr.exe.mui
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_c962d1e515e94269\cleanmgr.exe.mui
Server 2008 x32:
C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5dd66fed98a6c5bc\cleanmgr.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_6d4436615d8bd133\cleanmgr.exe
Monday, October 25, 2010
Hard white listing with amavis-new
Previously I had discussed white listing in Amavis, which is a soft white list.
When this continues to fail it is time to modify the Perl code of “20-debian_defaults” to include a hard white list.
Choose a blank space in the Perl code before the soft white listing section, and create a new ARRAY.
Call the array @whitelist_sender_maps and include the domains that you want to globally hard white list.
Here is an example:
@whitelist_sender_maps = ([‘.somedomain.com’.’bronson@bronsonitinnovations.blogspot.com’])
Note: there is a “.” Before globally hard white listing an entire domain.
When this continues to fail it is time to modify the Perl code of “20-debian_defaults” to include a hard white list.
Choose a blank space in the Perl code before the soft white listing section, and create a new ARRAY.
Call the array @whitelist_sender_maps and include the domains that you want to globally hard white list.
Here is an example:
@whitelist_sender_maps = ([‘.somedomain.com’.’bronson@bronsonitinnovations.blogspot.com’])
Note: there is a “.” Before globally hard white listing an entire domain.
Tuesday, October 19, 2010
Recommended MIB Browser
IReasoning makes the best MIB browser that I have ever used. I highly recommend it. Click the link for a shortcut to the download page.
http://ireasoning.com/mibbrowser.shtml
http://ireasoning.com/mibbrowser.shtml
Wednesday, October 6, 2010
Data Migration with Symantec CPS
Don't do it. This is just a bad idea all around. I recommend using WanSync if you are afraid of XCopy.
Subscribe to:
Posts (Atom)