13 November 2007

OpenreceiveSocket failed 10049

Remember, remember, this message in November. Yes I came across this one today while trying to set up DHCP relay on a Linksys WRVS4400N wi-fi router. As usual it turns out to be the local network security guru's making life hard while leaving the system vulnerable. Let me explain.

Assuming someone else has set up a DHCP server on your network, you may want to find it using a program called DHCPloc which is on your windows XP installation disk (in \Support\Tools - install the SUPTOOLS.MSI and it installs a bunch of programs into c:\program files\support tools and one of these programs is called DHCPloc.exe).

To use DHCPloc you would normally type in:

DHCPloc 127.0.0.1 (just substitute in your actual IP address here).

Of course Network-God-Overload-Numptyface expects you to do this and so he/she has set up a group policy which prevents you from running the DHCPloc program. Now although this is prevented from running by group policy, MS decide not to tell you this and instead provide you with the meaningful error message:

"OpenreceiveSocket failed 10049".

What all hackers probably already know, and unenlightened sys-admins NEED to know is that if you rename DHCPloc.exe to DHCPfind.exe, you can actually make the program work. If your sysadmin has already read this blog and added DHCPfind.exe to the list of banned programs you will still get this message but do not despair. You can resurrect functionality by renaming DHCPloc.exe to KevinSpacey.Exe, EnglebertHumperdinck.Exe or my personal favourite; that-network-security-guy-is-paid-way-too-much-more-than-me.Exe.

Try it and see. You should find that XP comes up with a firewall block/unblock message and within a few minutes you should be able to find the IP address of your DHCP server.

Update:
If you are still having problems with rogue DHCP servers appearing at random on your network and you are unable to trace them you may want to check if anyone is using an iPhone with an unlocking chip. More details here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_24068432.html

18 October 2007

To VoIP or not to VoIP

Yet again I seem to have rekindled my interest in VoIP. This time out of necessity since my families personal circumstances mean we have to be a bit more frugle at the moment.

So my challenge was to set up an IP connection from home to my wok using a pair of Grandstream budgetone 100 IP phones (borrowed of course). I have to say straight off that I think these phones are great. In our networking lab we just set up a couple in the same 192.168.x.x network and they can communicate with each other just by dialling each others IP numbers.

Of course when you get to corporate level, your local network admin has blocked all external access via a firewall for your safety and protection because all of these things you might want to do over the network are a real security hazard (more than a manager sending usernames and passwords via unencrypted email? I don't think so somehow).

This is where an external telephony service provider can be a real life-line. Most firewalls let internal requests out, but block incoming requests. The solution is to connect both devices to the same external 3rd party (basically a SIP server acting as a go-between). This provides an open route from one device to the other, even though they are at different sites behind different firewalls.

So after 2 weeks of trying direct IP links and tunnelling experiments I finally decided to try an external provider and that was when I discovered Free World Dial-up (FWD). FWD was a natural choice because unlike Skype it is an open network and has a whole host of connection options. Once I went down this route I disovered that I needed to use different connection settings at home than at work (the cause of the direct link failing maybe?). I also discovered I can have multiple phones registered to myself (not sure if I'll ever find a use for this but who knows). I also discovered a version of my favourite soft-phone (SJPhone) already comes configured to connect to FWD so its a doddle to install.

Still, the best part of all this is that the Grandstream phones are so very much like a conventional phone that I consider them granny-friendly (once configured that is). My OH is able to just pickup the handset, dial a 6 digit number and press send and we can chat for any length of time at any time of the day and there is no nasty surprise in the following months phone bill; so a very big thankyou to Jeff Pulver (the man behind FWD) and all who work with/for him.

Links:
http://www.sjlabs.com/ (SJ Labs, creators of SJPhone - get the FWD version for ease of use)
http://www.freeworlddialup.com/ (register for a free 6 digit number for your IP phones)

29 March 2007

Smoothwall tunneling (the great escape)

One of the nice features I've discovered in smoothwall is that you can use putty to tunnel data from a local port to the other side of the firewall. A practical application of this is that you can tunnel the smoothwall configuration website meaning you can change settings from a remote location.

Info on how to do this can be found here: http://martybugs.net/smoothwall/puttyvnc.cgi

By setting the tunnel to send the local port 80 to your remote smoothie's port 441 you get to put the address httpS://localhost:80 into your browser and as long as you've logged in via putty, it will tunnel the local port 80 through to port 441 on the smoothwall box (on the inside, so it doesn't need port 441 enabling in the configuration anywhere).

The linked site above shows how this can be used with VNC to remote control machines on the other side of the firewall. You can also use remote desktop by changing port numbers. There are other things you can do as well.

For instance, Marty goes on to explain how to pass remote VPN connections through the smoothwall box to a server (XP Pro) on the inside of your network here: http://martybugs.net/smoothwall/vpn.cgi

Combine this with Bob Cerelli's guide to setting up the VPN server on XP pro (from http://www.onecomputerguy.com/networking/xp_vpn_server.htm ) and you have a quick and easy way to set up an encrypted private link to your home network. The only catch is you need both your smoothwall box and your VPN server to be switched on which is apparently not good for the environment this week. So the question is can we use the VPN section inside smoothwall to do the same thing? Well I'll let you know when I've figured it out.

Another thing you might want to know is why is smoothwall using port 222 instead of 22 for SSH? Well if you want to change it, edit the /usr/local/etc/sshd_config file.

19 January 2007

Linux security again

Yesterday I had to try the same linux hack as before on a smoothwall box. Exactly the same process to get into the smoothwall machine (remove the X between the colons in the /etc/passwd file). Then I found an article on google about resetting the smoothwall admin account. This was new to me as I've not used .ht access files before. However one command is all it takes to reset that user account and here it is for future reference:

htpasswd /var/smoothwall/auth/users admin

One new password later and I'm back into the admin area of the smoothwall box and able to check my dhcp server settings. It just goes to show that no matter how much effort you put into securing your systems from outside attack, restricting physical access is still the most important aspect of security.