iptables router

Sveiki,

susilaukiau klausimu, kaip pasidalinti internetu su kitu kompu turint dvi tinklo plokstes.

Taigi labai paprasta. Tikriausiai Jus naudojate standartini branduoliuka, del to ten bus visi branduolio moduliai ijungti.
Bet del viso ko galite pasibandyti, jei tingit, pereinam prie FW script’uko:


lsmod | grep ip_tables
lsmod | grep x_tables


Jei ten negauname rezultato:


~# lsmod | grep ip_tables
ip_tables 22042 3 iptable_filter,iptable_nat,iptable_mangle
x_tables 19073 11 ip_tables,iptable_filter,iptable_nat,ipt_MASQUERADE,xt_state,xt_tcpudp,ipt_LOG,ipt_REJECT,xt_limit,xt_multiport,iptable_mangle
~# lsmod | grep x_tables
x_tables 19073 11 ip_tables,iptable_filter,iptable_nat,ipt_MASQUERADE,xt_state,xt_tcpudp,ipt_LOG,ipt_REJECT,xt_limit,xt_multiport,iptable_mangle


Tuomet tiesiog pameginkime juos uzkrauti 🙂


modprobe ip_tables
modprobe x_tables


Ir issisaugoti automatiskai kraunamu moduliu sarase:


echo "ip_tables" >> /etc/modules
echo "x_tables" >> /etc/modules


SVARBU!

IPTABLES skaito taisykles EILES TVARKA!!! Taigi UZDAROME PABAIGOJE!

Taigi beliko tik pasirasyti FW script’uka (P.S. pas jus gal neveiks conntrack –ctstate , tai keiskite state –state):


#!/bin/bash
#
export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# apsirasom IPTABLES
IPTABLES="/sbin/iptables"
# Isvalom esamas taisykles
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
# Local interface:
LOCAL_IF=eth1
# External (Internetas) interface:
INTER_IF=eth0
# jei Jusu IP statinis siulau nurotyri rankiniu budu:
INTER_IP="11.222.33.4"
# Pas mane dinaminis IP todel as ji gaudau per skriptuka... Jei Jusu statinis IP, uzkomentuokite sia eilute
INTER_IP=`ip addr show eth0 | grep "inet " | awk '{print $2}' | cut -f1 -d\/`
#
# Ijungiu FORWARDinima:
echo "1" > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A POSTROUTING -o $INTER_IF -j MASQUERADE
# Tinklas LAN'ui
$IPTABLES -A FORWARD -i $INTER_IF -o $LOCAL_IF -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Jei neveikia -m conntrack --ctstate ...
# $IPTABLES -A FORWARD -i $INTER_IF -o $LOCAL_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $LOCAL_IF -o $INTER_IF -j ACCEPT
#
# Kuriu naujas/papildomas grandis:
$IPTABLES -N TCP_DROP_LOG
$IPTABLES -N UDP_DROP_LOG
$IPTABLES -N TCP_ACCEPT_LOG
$IPTABLES -N UDP_ACCEPT_LOG
$IPTABLES -N LOGDROP
$IPTABLES -N LOGDROP2
#
# Leidziu VISKA is VIDAUS
$IPTABLES -A INPUT -i $LOCAL_IF -j ACCEPT
#
# Accept PING, kartais naudinga, patikrint ar jusu servas gyvas
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$IPTABLES -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
#
# Leidziu uzmegstas sesijas
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#
# $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#
# Visus kas kreipiasi i 22 poerta is isores, loginam :)
$IPTABLES -A INPUT -d $INTER_IP --proto tcp --dport 22 -j LOGDROP
#
### PORT FORWARDING
### PORT FORWARD
#
# SSH SERVER internete pasiekiamas per 212 porta, nors realiai kito LAN'e esancio kompo (192.168.168.192) 22 portas
# $IPTABLES -t nat -A PREROUTING -i $INTER_IP --proto tcp --dport 212 -j DNAT --to 192.168.168.192:22
#
# rdp forward i 192.168.111.252 win xp winxp XP masina
$IPTABLES -t nat -A PREROUTING -i $INTER_IP --proto tcp --dport 3389 -j DNAT --to 192.168.111.252:3389
#
#
$IPTABLES -A LOGDROP2 -j LOG --log-prefix "DROPPED " --log-level 4 --log-ip-options --log-tcp-options --log-tcp-sequence
$IPTABLES -A LOGDROP2 -j DROP
$IPTABLES -A LOGDROP -m limit --limit 1/second --limit-burst 10 -j LOGDROP2
$IPTABLES -A LOGDROP -m limit --limit 2/minute --limit-burst 1 -j LOG --log-prefix "LIMITED " --log-level 4
$IPTABLES -A LOGDROP -j DROP
#
##### Po sios komandos, isijungia FIREWALL! ATSARGIAI!
#
$IPTABLES -A INPUT -i $INTER_IF -j DROP
#
logger -p info -t syslog "firewall updated"
exit 0


Na va pas jus toks minimalus, noob’iskas firewall’as 🙂

External links

Gentoo iptables for newbies

skanaus 🙂

(!COPY!) How to Hack wifi (and how to avoid being hacked) WEP/WPA/WPA2 (!COPY!)

This guide is meant to show how easy it is to hack wireless networks if the proper security measures are not in place. First I will show how to hack a WEP or WPA/WPA2 Network and then I will give tips on how to avoid getting hacked.

This is important information in our techno-savy culture. If your wireless network is compromised you can be liable for any illegal activity on it. There are numerous stories of child pornographers and black-hat hackers using other peoples wireless networks.

NOTE: Hacking your neighbors or anyone else’s Wifi without their permission is ILLEGAL. Be smart!
Step 1What you Need

-A Computer. (A Laptop works best)

-A Wireless Card capable of packet injection.
-If your laptop wireless card can’t do packet injection you can purchase a wireless adapter such as the Netgear WG111 v2 for around $8-$12 on eBay.

-A Live installation of BackTrack either on a CD or USB stick.
-BackTrack 5 Can be found Here
-Create a Live USB Install Here
Step 2Hack WEP

WEP is the predecessor of WPA and has been hacked for the past 5+ years yet people continue to use it. With the instructions below we can crack WEP in under 15 minutes.

You can crack WEP from the command line but there is an easy GUI interface in backtrack which makes it a much less painful experience for those who are scared of command prompts.

1. Boot into BackTrack

2. Click on the Backtrack applications menu -> Backtrack -> Exploitation tools -> Wireless exploitation -> WLAN Exploitation -> gerix-wifi-cracker-ng (This will open up the GUI interface seen in the picture).

3. Go to the configuration menu and select the wireless interface wlan0
-Click on Enable/Disable Monitor Mode (this will put the wireless card into monitor mode).
-Select the newly created mon0 interface.

4. Now click on the WEP tab at the top of the window.
-Click on “Start sniffing and logging” and leave the terminal open.
-Once the wireless network you want to crack* shows up (it has to be WEP encryption of course) select the WEP Attacks (with clients). *note that the PWR has to be high enough to work so the closer you can get, the better.
-There you click on “Associate with AP using fake auth”, wait a few seconds and click on “ARP request replay”.

5. Once the Data number reaches over 10,000 you are ready to try (if the data is coming fast wait until 20 or 30,000 to be safe) and crack the key, but don’t close any windows yet.
-Go to the cracking tab and click on “Aircrack-ng – Decrypt WEP password” under Wep Cracking.

It will take a few seconds to minutes to crack the password and then you are good to go.
Step 3Hack WPA/WPA2

At least WPA and WPA2 are safe right? Wrong. WPA and WPA2 are both crackable but the time it takes to crack depends on the strength of their password.

-Boot into BackTrack
-Open up Konsole which is a command line utility built into BackTrack. It is the Black Box in the Lower-Left Hand Corner (See Image).
We will now be entering the following commands into the command line noted by Bold as well as explanations as to what they do:

-The following commands stop the wireless interface so you can change your mac address, this is important because your mac address is a unique identifier so faking one is a good idea if you are accessing a network you don’t have permission to. (which by the way I wholly condemn)

1:
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0

2:
-Now we will put the airodump-ng tool into monitor mode, this will allow us to see all of the wireless networks around us (See the first Picture).

airodump-ng mon0

Now choose the network you want to hack and take note of the BSSID, and the Channel it is one as well as the ESSID. The PWR has to be fairly high to be able to hack it, this is determined by how close you are to the wireless router. The closer you are, the better.

Once you have chosen the wireless network enter the following into the terminal:
This will write capture packets and put them into the “filename” file, we are trying to capture the handshake between the router and wireless connection which will give us the key we need to crack.

3:
airodump-ng mon0 –channel * –bssid **:**:**:**:**:** -w filename

The following step is optional but is highly recommended as it will speed up the process a great deal.

Once “WPA handshake: **:**:**:**:**:**” appears in the top right-hand corner we can move on. If you are having trouble getting the WPA handshake to occur then do step 4.

4:
aireplay-ng -0 1 -a **:**:**:**:**:** -c **:**:**:**:**:** mon0

What this step (4) does is it deauthorizes a wireless connection and trie to re-establish it so it will generate a new handshake to capture. This step ends once you have captured the handshake.

5:
aircrack-ng –w wordlist.lst -b **:**:**:**:**:** filename.cap

Step 5 is now trying to crack the password in “filename.cap” using a list of words, here called “wordlist.lst” you can download a good 200 million word dictionary here (128MB but unzipped is 800MB).

Your computer has to compute the hash value of every password in that list but a computer can go through those 200 million passwords in 6-12 hours.

6.

If the password isn’t found in the dictionary you can try and brute-force the password with this command: (Note this could take a very long time depending on their password strength).

/pentest/password/jtr/john –stdout –incremental:all | aircrack-ng -b **:**:**:**:**:** -w – filename.cap
Step 4Secure Your Own Wireless Network

Hopefully you gained some insight into how to not get your own wireless connection hacked:

1. Use WPA2 (WPA2-AES) if available and by all means never use WEP.
2. Don’t base your password on a dictionary word. The next section focuses on passwords in general.
3. In your router settings you can usually hide your ESSID (the name of the wireless network) this will add a small layer of security.
4. In your router there is probably a mac-address filtering service where you can specify the mac addresses that are allowed to connect. This will make sure that only your approved devices can connect to your network. (obviously a problem though if you have a guest over and wants to connect to your Wifi).
Step 5Passwords

You have to have good passwords in this day and age. If not your credit card information, your personal information and identity are available to those who want to use it and abuse it. Here are some guidelines to coming up with a secure password:

1. At least 8 characters.
2. At least one number, letter and special character ie: $ # % ^ @ !
3. NOT based on a dictionary word
4. Multiple transitions: ie: aaa111aaa111 not aaaa11111.

How can I remember these passwords?

Come up with a word such as: calculus and substitute numbers and other characters for letters ie: c@1cu1u$
This is still based on a dictionary word though so you should still make it harder such as appending something to the end or beginning.

I also highly recommend using a different password for every website, how can you do this easily? Remember random variables in algebra? Have a random variable in your password that is based on the website or some other information.

IE: XpasswordY where the first X is the last letter of the website name and the last Y is the first letter of the website name:

So the Instructables website password would be SpasswordI or your Facebook password would be KpasswordF and your Hotmail password will be LpasswordH.

It might seem like a lot but it’s worth the time to prevent the potential theft of your money, identity and your life ruined.

External Link:

How to Hack wifi (and how to avoid being hacked) WEP/WPA/WPA2

SNMP reikšmės

snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.1.3.0 #- uptime
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.25.1.1 #- uptime
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.6.13.1.3 # – TCP listenning ir uzmegstos sesijos.
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.25.2.3.1.5 #- Total disk space
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.25.2.3.1.6 #- Disk Used
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.4.1.2021.9.1.3.1 #- Disk Reads ir writes: Linux only
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.4.1.2021.9.1.6.1 #- Total size of the disk/partion (kBytes): Linux Only
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.4.1.2021.9.1.7.1 #- Available space on the disk: Linux Only
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.4.1.2021.9.1.8.1 #- Used space on the disk: Linux Only
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.4.1.2021.9.1.9.1 #- Percentage of space used on disk: Linux Only
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.4.1.2021.9.1.10.1 #- Percentage of inodes used on disk: Linux Only
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.25.1.6 #- Procesai veikiantys
snmpwalk -v2c -O n -c local 127.0.0.1 .1.3.6.1.2.1.25.1.7 #- Procesai maks

Išorinė medžiaga: oidview.com HOST RESOURCES MIB

SSH – slaptas naršymas internete

Sveiki,

Nežinau kaip jums, bet man tenka panaršyt tokiuose vietose, kur nežinia ar saugu naršyti, ar galbūt tokius puslapius, kur nereikia, kad žinotų kad tai Jūs. Tokiu atveju, patogu pasinaudoti OpenSSH-server’io teikiamu socks srauto nukreipimu. Tam mums reikia turėti:

  • prisijungimą prie OpenSSH-server’iuko (pasiekiamo iš betkur)
  • putty arba ssh-client
  • IceWeasel ar FF browser‘į

Gaukime prisijungimą prie OpenSSH-server’io: shellmix.com

Užeikime į shellmix.com/ssh registraciją.

  1. Kai pasikrauna puslapis paspauskime ENTER
  2. Kai paraso: shellmix.com login: įrašome newuser
  3. Slaptažodis irgi: newuser
  4. Tuomet įrašome prisijungimo prie šios sitemos naudotojo vardą (nebūtinai tą patį kaip Jūs naudojate) pvz: testinguser
  5. Tuomet tris kartus įvedame savo kokį slaptažodį
  6. Įrašome savo email
  7. Paspaudžiame enter
  8. Pasirenkam kalbą: US
  9. Jei nieko nepraleidau, tai šioje vietoje prašys pasirinkti vhost: shell
  10. Tuomet pasirenkam hdd1
  11. sutinkam su viskuo, jei kas blogai tai bandykite aiškintis kaip pasitaisyti 🙂 aš tingiu 🙂 ir mygiame ENTER

Prisijungimas prie OpenSSH-server

Linux

Taigi dabar beliko prisijungti prie openssh-server’io… Neskubėkit, besijungiant prie ssh serverio reikia nepamiršti, nurodyti papildomą parametrą.
Taigi jei aš pagal nutylėjimą jungiuosi prie openssh-server ssh -l username hostname tai šiuo atveju turėčiau jungtis:


ssh -l username -D 9999 hostname


Windows

Deja, jei Jūs naudojate WINDOWS operacinę sistemą, Jūs deja neturite tiek daug džiaugsmo ir privalote praleisti daugybe laiko ieškodami programų ar sprendimų į Jums iškilusią problemas… tokiu atveju aš padėsiu Jums pataupyti laiko kitiems ieškojimams ir pasakysiu: PuTTy’ę galite parsisiųsti iš ČIA! Šios programos diegtis/install’iuoti net nereikia! Afigenčik ane? 🙂 taigi, pasileiskim ją.
Į laukelį Host įrašome savopasirinktą prisijungimo vardą.shellmix.com pvz: testinguser.shellmix.com
Port palikim 22
PuTTY Configuration session
Tuomet randame kairiame stulpelyje Connection ir jo viduje (kairiame šone esančiame stulpelyje) turi būti SSH išskleiskime jį, paspauskit pliusiuką. ir ten rasite Tunnels
Source port įrašykite 9999 ir pasirinkite Dynamic.
Tuomet paspauskite Add.
PuTTY Configuration tunnels
Grįškime į pradžią ir išsisaugokim, šiuos nustatymus, kad butų naudojami pagal nutylėjimą tam mums reikia grįšti į patį viršutinį kairiojo meniu punktą Session ir pasirinkti pelyte Default Settings ir paspausti Save
PuTTY Configuration session save Default Settings

Naršyklės nustatymai

P.S. Jei norite, kad puslapis nežinotų, kad Jūs dar kažkaip kitaip jungiatės prie jo, tai su ja nesijunkite prie jo daugiau, junkitės per kitą naršyklę.

Tuomet naršyklėje einu į punktą Edit -> Preferences. Tuomet pasirenku tab’us Advanced -> Network. Ten Settings ir pasirenku radio button’ą Manual proxy configuration ir į SOCKS Host įrašome 127.0.0.1, o Port’ą nurodome tuos pačius keturis devynetus. Pasirenkame SOCKS v5, nors SSH (šiuo metu 2010-10-21 OpenSSH v5.1p1) palaiko v4 ir v5. Ir į No proxy for: įrašome savo lokalius tinklus ir jei reikia savo kompiuterį.

Jei norite paslėpti nuo lokalaus admino kus jūs lankotės tai jums reik sekti ir šiuos nustatymus:

Atrodytų viskas… heh, ogi nieko panašaus… Žinot kas dabar lieka ten kur jūs naudojate savo naršyklę? O taip DNS! Heh, pasitikrinkit su wireshark filtruose nurodant port 53. Kaip gi apeiti šį blogį? Kam to reik? kad mūsų nemestu į netikrus puslapius ir iš mūsų neišžvejotų mūsų slaptažodžių. Taigi… Atsidarykite Mozillos produktą ir adreso laukelyje įrašykite about:config ten į filtrą įveskite:socks_remote_dns ir vienintelį (tikriausiai) likusį variantą doubleclick’inkite. jis turėtų pakeisti reikšmę į true. Psio.

Papildyta iš: SSH – saugus ir slaptas naršymas internete

SSH – saugus ir slaptas naršymas internete

Sveiki,
Išsamesnis straipsniukas
Nežinau kaip jūs, bet yra tekę kartais panaršyt tokiuose vietose kur nežinia ar saugu naršyti. Tokiu atveju, patogu pasinaudoti SSH teikiamu socks naršymu. tam mums bereikia turėti SSH serveriuką (pasiekiamą iš išorės) ir bent IceWeasel ar FF browser‘į.
Taigi dabar beliko prisijungti prie ssh serverio… Neskubėkit, besijungiant prie ssh serverio reikia nepamiršti, nurodyti -D parametrą. Taigi jei aš pagal nutylėjimą jungiuosi prie ssh ssh -l username hostname tai šiuo atveju turėčiau jungtis:


ssh -l username -D 9999 hostname


Tuomet naršyklėje einu į punktą Edit -> Preferences. Tuomet pasirenku tab’us Advanced -> Network. Ten Settings ir pasirenku radio button’ą Manual proxy configuration ir į SOCKS Host įrašome 127.0.0.1, o Port’ą nurodome tuos pačius keturis devynetus. Pasirenkame SOCKS v5, nors SSH (šiuo metu 2010-10-21 OpenSSH v5.1p1) palaiko v4 ir v5. Ir į No proxy for: įrašome savo lokalius tinklus ir jei reikia savo kompiuterį.

Atrodytų viskas… heh, ogi nieko panašaus… Žinot kas dabar lieka ten kur jūs naudojate savo naršyklę? O taip DNS! Heh, pasitikrinkit su wireshark filtruose nurodant port 53. Kaip gi apeiti šį blogį? Kam to reik? kad mūsų nemestu į netikrus puslapius ir iš mūsų neišžvejotų mūsų slaptažodžių. Taigi… Atsidarykite Mozillos produktą ir adreso laukelyje įrašykite about:config ten į filtrą įveskite:socks_remote_dns ir vienintelį (tikriausiai) likusį variantą doubleclick’inkite. jis turėtų pakeisti reikšmę į true. Psio.

HP10xx Hewlett-Packard LaserJet 1020 Debian Lenny (stable) english

We will use:

heh, I have installed many packages, so i might miss some packages please fix me if so… (maybe libusb, cupsys?)
So lets add squeeze resource:


deb http://debian.mirror.vu.lt/debian squeeze main
deb-src http://debian.mirror.vu.lt/debian squeeze main


to file: /etc/apt/sources.list.d/squeeze.list
then install p910nd:


apt-get update
apt-get install p910nd


and do not forget to remove squeeze from apt list 😉 using command:


rm /etc/apt/source.list.d/squeeze.list


Next we need just install drivers to our printer and launch printing daemon…
So p910nd printing daemon conf file: /etc/default/p9910nd


# Printer number, if not 0
P910ND_NUM=""
# Additional daemon arguments, see man 8 p910nd
P910ND_OPTS="-b -f /dev/usb/lp0 0"
# my printer connects to device: /dev/usb/lp0 ;)

# Debian specific (set to 1 to enable start by default)
P910ND_START=1


So lets start it:


/etc/init.d/p910nd restart


Next, Dowload firmware: sihp1020.dl extracting it:


wget http://lpic.lt/wp-content/uploads/2010/08/sihp1020.dl.tar.bz2
bunzip2 sihp1020.dl.tar.bz2
tar -xf sihp1020.dl.tar


drop firmware into yours printer:


cat sihp1020.dl > /dev/usb/lp0


As I mentioned /dev/usb/lp0 – my printer device in linux 🙂
so, 🙂 what’s next?
As i recall that’s it… Just go to http://localhost:631 ? (I appeared to be 🙂 after one of cups or cupsys is installed)

If something do not work after reboot or replugging USB printer we should copy paste script a to /usr/sbin/hplj1020 so script a:


#!/bin/sh

if [ -f /tmp/busy-prn ]; then
exit 99
fi

touch /tmp/busy-prn

sleep 2

D=$(awk '/Manufacturer/ {print $2} ' /proc/bus/usb/devices | grep -v Linux | wc -l)

if [ $D == 1 ]; then
# No daemon running
# Start daemon if printer is attached
if [ -e /dev/usb/lp0 ]; then
/etc/init.d/p910nd start
sleep 1
cat /root/sihp1020.dl > /dev/usb/lp0
fi
else
if [ $D == 0 ]; then
# No Printer attached but daemon running
# Kill daemon
/etc/init.d/p910nd stop
fi
fi

# Kill the spare process //hid3

kill `pidof p9100d | awk '{print $2}'`

rm -f /tmp/busy-prn


now copy:


cp a /usr/sbin/hplj1020


that’s it? 😉

External link:
https://answers.launchpad.net/ubuntu/+source/hplip/+question/45032

HP10xx Hewlett-Packard LaserJet 1020 Debian Lenny (stable)

Tam naudosime:

heh, daugybe paketu prisidiegiau, tai nezinia ar kazko nepraleidau… (Galbut libusb, cupsys?)
Taigi pradzioje prisijunkim:


deb http://debian.mirror.vu.lt/debian squeeze main
deb-src http://debian.mirror.vu.lt/debian squeeze main


i byla: /etc/apt/sources.list.d/squeeze.list
tuomet susidiekime p910nd:


apt-get update
apt-get install p910nd


ir nepamirskime squeeze pasalinti is resursu: komandele:


rm /etc/apt/source.list.d/squeeze.list


Toliau mums beliko sudiegti draiveriukus musu printeriui ir paleisti spausdinimo demona…
Taigi p910nd spausdinimo demono konfiguravimas byloje: /etc/default/p9910nd


# Printer number, if not 0
P910ND_NUM=""
# Additional daemon arguments, see man 8 p910nd
P910ND_OPTS="-b -f /dev/usb/lp0 0"
# pas mane jis prisijunge prie device: /dev/usb/lp0 ;)

# Debian specific (set to 1 to enable start by default)
P910ND_START=1


Ir paleiskime si demona:


/etc/init.d/p910nd restart


Toliau parsisiuskime failiuka: sihp1020.dl ir issiarchyvuokime:


wget http://lpic.lt/wp-content/uploads/2010/08/sihp1020.dl.tar.bz2
bunzip2 sihp1020.dl.tar.bz2
tar -xf sihp1020.dl.tar


tuomet numeskim si firmware’a musu printeriui:


cat sihp1020.dl > /dev/usb/lp0


Kaip minejau /dev/usb/lp0 i cia prisilinkino mano usb printeriukas 🙂
toliau 🙂 kas?
lyg ir reiktu tiesiog uzeiti i http://localhost:631 ?

Norint, kad ikisus USB laideli dar reiktu nukopinti skripta a i /usr/sbin/hplj1020 taigi byla a:


#!/bin/sh

if [ -f /tmp/busy-prn ]; then
exit 99
fi

touch /tmp/busy-prn

sleep 2

D=$(awk '/Manufacturer/ {print $2} ' /proc/bus/usb/devices | grep -v Linux | wc -l)

if [ $D == 1 ]; then
# No daemon running
# Start daemon if printer is attached
if [ -e /dev/usb/lp0 ]; then
/etc/init.d/p910nd start
sleep 1
cat /root/sihp1020.dl > /dev/usb/lp0
fi
else
if [ $D == 0 ]; then
# No Printer attached but daemon running
# Kill daemon
/etc/init.d/p910nd stop
fi
fi

# Kill the spare process //hid3

kill `pidof p9100d | awk '{print $2}'`

rm -f /tmp/busy-prn


Ir kopijavimas:


cp a /usr/sbin/hplj1020


Lyg ir tiek ;)

External link:
https://answers.launchpad.net/ubuntu/+source/hplip/+question/45032

telnet i ftp (telnet into ftp server)

prisijunkime prie ftp serverio:
telnet IP 21
Gauname atsakyma:
220 ProFTPD 1.3.1 Server (ProFTPD) [xx.xx.xx.xx]
Irasome:
USER anonymous
Atsakymas:
331 Anonymous login ok, send complete email address as your password
Pateikiame pass:
PASS blogger@webdigi.co.uk
Atsakymas:
230 Anonymous access granted, restrictions apply
Pakeiciam darbini kataloga servery:
CWD ietf/ftpext/
Atsakymas:
250 CWD command successful
Nusistatome pasyva:
PASV
Atsakymas:
227 Entering Passive Mode (xx,xx,xx,xx,151,31).
Parsisiuskime failiuka:
RETR ftpext-charter.txt
Atsiuntimas:
150 Opening ASCII mode data connection for ftpext-charter.txt (6060 bytes)
226 Transfer complete

Iseiname:
QUIT
Goodbye:
221 Goodbye.

Tuomet noredami parsisiusti failiuka turime prisijungti kita telneta prie passive port’o. Kaip jau spejote pastebeti kai ivedeme passive gavome eilute:227 Entering Passive Mode (xx,xx,xx,xx,151,31). kaip matome, pirmi keturi yra IP adresas o like portui generuoti skirti skaiciai: 151 * 256 + 31 = 38687. Taigi prisijunkime:
telnet xx.xx.xx.xx 38687
Kiekviena komanda yra vykdoma i atskira porta 😉 kiekviena karta reik skaiciuotis portus ir nusistatyti pasv 😉

telnet i pasta (telnet into smtp server)

Telnetiname i pasta:
telnet mail.domain.ext 25
Gauname pranesima:
Trying ???.???.???.???...
Connected to mail.domain.ext.
Escape character is '^]'.
220 mail.domain.ext ESMTP Sendmail ?version-number?; ?date+time+gmtoffset?

Valio mes viduje. Pasisveikinkime ir pasakykime kokis musu domenas:
HELO local.domain.name jei norime Extended : EHLO local.domain.name
Turetu atsakyti:
250 mail.domain.ext Hello local.domain.name [loc.al.i.p], pleased to meet you
Dabar turime parasyti savo email:
MAIL FROM: mail@domain.ext
Atsakymas:
250 2.1.0 mail@domain.ext... Sender ok
Rasome kam:
RCPT TO: mail@otherdomain.ext
Gauname atsakyma:
250 2.1.0 mail@otherdomain.ext... Recipient ok
Tuomet kompouzinam laiska:
DATA
Subject:-antraste cia-
bla bla bla
bla bla bla
.

Pabaigiam laiska tasku ir gauname atsakyma:
250 2.0.0 ???????? Message accepted for delivery
Tuomet pabaigiam sesija:
QUIT
Gauname atsakyma:
221 2.0.0 mail.domain.ext closing connection
Connection closed by foreign host.

OSI, Network Layer Header

Sveiki, OSI lygyje mes turime lygi Network (Tinklo).
OSI model from blessedhands3333.com
Sis lygis (kaip ir dauguma ju) ant siunciamo / perduodamo paketo uzdeda savo raktini vokeli, kad kitame kompiuteryje, tas pats lygmuo suprastu, ka daryti su siame voke esancia informacija. Sio vokelio turini galime perziureti pasitelkdami programele wireshark:


aptitude install wireshark


Taigi is ko susideda si antraste?

Network Layer Header – Tinklo lygio antraste
b it a i: 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Version IHL Type of service Total Length
Identification Flags Fragment Offset
Time To Live Protocol Header checksum
Source address
Destination address
Options (Optional)

Lenteles reiksmes

Version:
4 - IP versija 4
Internet header length
32bitu zodziu kiekis IP antrasteje,
minimali reiksme: 5 (20 Baitu) ir
maksimali reiksme: 15 (60 Baitu)

Type of service (PreDTRCx) Differentiated Services
Precedence(000-111) 000
D (1 minimize delay) 0
T (1 maximize throughout) 0
R (1 maximize reliability) 0
C (1 minimize cost) 1 = ECN capable
x (reserved and set to 0) 1 = congestion experienced

Total Length
Kiekis Baitu pakete. Maximalus dydis: 65535.

Flags (xDM)
x - rezervuotas ir yra 0
D = 1 - Nefragmentuoti
M = 1 - Daugiau fragmentu

Fragment Offset
Sio fragmento vieta originalioje deitagramoje (nepatinka man sis zodis) po 8 Baitus...
Protocol
1) ICMP
2) IGMP
6) TCP
9) IGRP
17) UDP
47) GRE
50) ESP
51) AH
57) SKIP
88) EIGRP
89) OSPF
115) L2TP

Header checksum
Tik IP antrastes kontroline suma
Adresai
Siuntejo (source) ir gavejo (destination) IP adresai
Options (0-40 Baitu; padded to 4-byte boundary)
0 - end of options list
1 - No operation (pad)
7 - Record route
68 - Timestamp
131 - Loose source route
137 - Strict source route

External Links

sans.org/security-resources/tcpip.pdf