Networking

Troubleshooting episode

I was helping a friend with some E-mail problems he was having. Here is the scenario. He is getting a “Cannot authenticate to server” when using his Outlook 2000 to get mail from his Cobalt Qube server. According to him..”Everything was working fine, but the computer crashed. So I had to rebuild the machine and now mail doesn’t work”. Pretty easy right.. So I troubleshoot it in the following way

1) Check account settings in Outlook and make sure that he has the correct “username”, “password” and “server” properties. Everything checks okay. But client still cannot authenticate to the server.

2) Alright.. Lets see if the service is running on the client. Since I didn’t have access to the server, I had to walk my friend through the process. Again, required daemons are running, but cannot authenticate.

3) Now.. I am getting all excited frustrated. I run nmap on the server remotely and see that SMTP is filtered.. Hmm.. Is that a problem.

4) Finally.. I give up and make my friend change the rules on this firewall so that I can log into the server remotely. First thing I do is check the logs (/var/log/maillog) and Bingo!!! I instantly see the error
Feb 9 21:00:10 www in.qpopper[2269]: Karen at 192.168.1.102 (192.168.1.102): -ERR [AUTH] Password supplied for “Karen” is incorrect.“. My friend was using “Karen” instead of “karen” as the username.

If only I had asked my friend to meticulously check his settings 🙂 in the first place.

Moral of the story: Unix usernames are case sensitive. And never believe the user when they say that all the settings are correct :).

February 11, 2004 by Linux Networking Technology Uncategorized 0

Dlink 614+ and Dynamic DNS

I purchased a server from Dell recently. Want to use it as a test server to play with at home. I have a small LAN at home setup using a Dlink 614+ router. I forwarded some services to the server, so that I can access it remotely. Since the IP address on my cable modem changes every so often, how do I access it remotely? Dynamic DNS from dyndns.org to the rescue :).

Register for an account over here.
Create a Dynamic DNS host on Dyndns.org
Log into the 614+ router
Go to Tools –> Misc.
Enable DDNS
Use members.dyndns.org as the server address
Enter the complete hostname (ex. Samurai.kicks-ass.net)
Enter the username and password that you have registered at dyndns.org
Click on “Apply” and you are all set.

February 3, 2004 by Networking Technology Uncategorized 1

DDoS attacks :: Article

Came across this article on security-protocols.com in which the author discusses DDoS (Distributed Denial of Service). I was particularly interested since we have been experiencing such attacks on our network recently. Unlike DoS (Denial of Service) attacks where the source of attack can be easily identified and blocked, it is very difficult to identify the source of DDoS attacks. The only way we can stop the attack is by blocking all traffic to the destination of the attack. And this is exactly what the attacking party wants. I don’t see a solution to this in the near future. A good point that the author mentions is that all routers should have ingress and egress filtering configured properly. This in effect allows only authorized networks to originate and terminate at a router, thereby minimizing the ability of an attacker to use a spoofed IP address.

January 26, 2004 by Networking Technology Uncategorized 0

A bit of satellite technology

As mentioned here, I work in the satellite industry. I am pretty new to it and everyday is a learning experience. Today, I sat down with our in house satellite guru and found out how one calculates the bandwidth occupied by a carrier from the from the data rate on a satellite link. The formula is

BWAL = (Sr*1.4)

Where
BWAL = Bandwidth allocated for the satellite link in Khz.
Sr = Symbolrate of the link in Ksym/s (Kilo Symbols per second).

Sr in turn is calculated using the following formula

Sr = Dr*(1/MI)*(1/FEC)*(1/RS)

Where
Dr = Datarate in Kbps.
MI = Modulation Index (The values of MI for the different modulations are BPSK=1 | QPSK = 2 | 8PSK = 3 | 16PSK=4 | 16QAM = 4).
FEC = Forward Error Correction.
RS = Reed Solomon value. This can vary depending on what values are being used. Reed Solomon is an external codec as compared to Turbo which is a stand alone codec. If RS is not being used in the link, then a value of 1 is used.

Pretty confusing eh :). As if though this is not enough, there is another value called Information rate (Ir). And the formula for that is

Ir = Dr(1/RS)

Think that is enough satellite technology for one day :).

January 24, 2004 by Networking Technology Uncategorized 0

Link Speed – Maximum speed per session

I work at a teleport and most of our business is related to providing Internet service to ISPs in South Asia. One of the most frequent complaints that our help desk gets is “My link is slow, you guys are not providing us the complete speed”. Usually it is a case of the customer not understanding the finesse of TCP/IP. I came across this article by Adam Grow III. He uses the following formula to calculate the maximum possible speed per session on a link.

Throughput = 8*(TCPS/PropDelay)

Where
Throughput is measured in Kilobits per seconds (Kbps)
TCPS = Size of the TCP/IP stack in byte (Windows default is 8192)
PropDelay = propogation delay in seconds

Using the above formula, for a geostationary satellite (where the propogation delay is ~540ms), the throughput is ~120Kbps. So even if the client has a 1Mb link and he just has one session, he can only use a fraction of the link. Only multiple sessions can saturate the link.

January 20, 2004 by Networking Technology Uncategorized 1

IE Bug – Pretty Scary

During my daily visit to Richard Bejtlich’ blog, I came information about this flaw in IE which can be exploited to make people believe that they are viewing/visting one site (URL) when in fact they are located on another website. To quote from the “Zap The Dingbat” (who actually discovered the bug)

Vulnerability
There is a flaw in the way that Internet Explorer displays URLs in the address bar.
By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current location.Exploit
By opening a window using the http://user@domain nomenclature an attacker can hide the real location of the page by including a non printing character (%01) before the “@”.
Internet Explorer doesn’t display the rest of the URL making the page appear to be at a different domain.

For example, if you click on this button, you will see the URL http://www.microsoft.com in the address bar if you are using IE. But the full address of the URL is http://www.microsoft.com%[email protected]/security/ex01/vun2.htm.

Pretty scary eh.. Just imagine how much this can be abused. People can be tricked into entering their credit card information, usernames/passwords etc.. by mimicking valid sites. And as if though this is not bad enough, Micro$oft hasn’t even released a patch for this yet. So for now, either you type in all addresses manually in the address bar or use trusted saved bookmarks. I would recommend scrapping IE and to start using Mozilla Firebird as your default browser. It is fast, small, adheres to standards and is FREE [as in beer].

January 18, 2004 by Networking Technology Uncategorized Web 0