cPanel WHM – Wipe cpHulk Lockouts

Posted by & filed under Firewalls, Security, Server Admin.

cPanel WHM’s cpHulk system manages iptables blocks against IP addresses that fail to authenticate repeatedly. While the settings are fairly lenient and shouldn’t result in legitimate users being blacklisted, occasionally it can happen. The following command will reset the blocklist completely. While this is akin to using a shotgun when a scalpel is required, the blocks are time based and any malicious addresses would get quickly re-blocked.


iptables -F cphulk && mysql -e "Delete from cphulkd.login_track;"

There is a method to remove specific addresses, but I do not have the commands handy at present, and if I remember correctly it entails connecting to the mysql console, running a query to find the IP in the block table and issuing a drop query.

The effects of hurricane Sandy from a network point of view

Posted by & filed under Networking.

I took a look at Internet Traffic report while the storm was hitting the upper northeast, and the results weren’t surprising. North American packet loss went up ~5%, while the traffic index went down. Again, not surprising, but cool to see nonetheless.

Next Generation firewall port knocking

Posted by & filed under Firewalls, Networking.

fwknop stands for the “FireWall KNock OPerator”, and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD) and libpcap. SPA is essentially next generation port knocking (more on this below). The design decisions that guide the development of fwknop can be found in the blog post “Single Packet Authorization: The fwknop Approach”.

fwknop Hone:
SPA with fwknop:

Mosh: MObile SHell

Posted by & filed under Networking, Server Admin.

Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for SSH. It’s more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, FreeBSD, and Mac OS X.

Visualizing Device Utilization

Posted by & filed under Networking, Server Admin.

Brendan Gregg recently posted some interesting data about visualizing large data sets. Particularly, device utilization which is a key metric for performance analysis and capacity planning. In his post, he illustrates different ways to visualize device utilization across multiple devices, and how that utilization is changing over time. The study included over 5,000 virtual CPU nodes and over 600 physical nodes on a production cloud environment.

Data visualization…

Wi-Fi Protected Setup Vulnerability

Posted by & filed under Hardware, Networking, WiFi.

The Wi-Fi protected setup with which a large majority of new routers ship with enabled by default has a serious flaw opening it up to a brute force attack against the WPS pin. Additional flaws allow for a successful brute force attack in 11,000 attempts. This means the network key of a protected network can be retrieved within hours.

The best course of action right now is to disable WPS if possible. This is not a option on all routers, but the possibility may exist of re-flashing the router’s firmware to a different one such as Open-WRT, DD-WRT, Tomato, etc. to disable it.

CERT’s Release:
Vulnerability Technical Details:…
Reaver — Functional exploit:

JS — and node.js

Posted by & filed under Networking, Programming. —
Socket.IO aims to make realtime apps possible in every browser and mobile device, blurring the differences between the different transport mechanisms. It’s care-free realtime 100% in JavaScript.

node.js —
Node.js is a platform built on Chrome’s JavaScript runtime (v8) for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. RAD!!!!!!!!!

v8 —
V8 is Google’s open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 5th edition, and runs on Windows (XP or newer), Mac OS X (10.5 or newer), and Linux systems that use IA-32, x64, or ARM processors. V8 can run standalone, or can be embedded into any C++ application.

How NetFlix does disaster recovery and testing with an army of monkeys

Posted by & filed under Networking.

The cloud is all about redundancy and fault-tolerance. Since no single component can guarantee 100% uptime (and even the most expensive hardware eventually fails), we have to design a cloud architecture where individual components can fail without affecting the availability of the entire system. In effect, we have to be stronger than our weakest link. We can use techniques like graceful degradation on dependency failures, as well as node-, rack-, datacenter/availability-zone and even regionally-redundant deployments. But just designing a fault tolerant architecture is not enough. We have to constantly test our ability to actually survive these “once in a blue moon” failures.

Imagine getting a flat tire. Even if you have a spare tire in your trunk, do you know if it is inflated? Do you have the tools to change it? And, most importantly, do you remember how to do it right? One way to make sure you can deal with a flat tire on the freeway, in the rain, in the middle of the night is to poke a hole in your tire once a week in your driveway on a Sunday afternoon and go through the drill of replacing it. This is expensive and time-consuming in the real world, but can be (almost) free and automated in the cloud.

This was our philosophy when we built Chaos Monkey, a tool that randomly disables our production instances to make sure we can survive this common type of failure without any customer impact. The name comes from the idea of unleashing a wild monkey with a weapon in your data center (or cloud region) to randomly shoot down instances and chew through cables — all the while we continue serving our customers without interruption. By running Chaos Monkey in the middle of a business day, in a carefully monitored environment with engineers standing by to address any problems, we can still learn the lessons about the weaknesses of our system, and build automatic recovery mechanisms to deal with them. So next time an instance fails at 3 am on a Sunday, we won’t even notice.…

GNS3 – Graphican Network Simulator

Posted by & filed under Networking, Uncategorized.

GNS3 is an excellent complementary tool to real labs for network engineers, administrators and people wanting to study for certifications such as Cisco CCNA, CCNP, CCIP and CCIE as well as Juniper JNCIA, JNCIS and JNCIE.

It can also be used to experiment features of Cisco IOS, Juniper JunOS or to check configurations that need to be deployed later on real routers.

IPv6 Cheat Sheet

Posted by & filed under Networking.

A handy cheat sheet for identifying IPv6 CIDR and showing total hosts in network.

      ||| |||| |||| |||| |||| |||| ||||
      ||| |||| |||| |||| |||| |||| |||128--1
      ||| |||| |||| |||| |||| |||| ||124---16
      ||| |||| |||| |||| |||| |||| |120----256
      ||| |||| |||| |||| |||| |||| 116-----4,096
      ||| |||| |||| |||| |||| |||112-------65,536
      ||| |||| |||| |||| |||| ||108--------1,048,576
      ||| |||| |||| |||| |||| |104---------16,777,216
      ||| |||| |||| |||| |||| 100----------268,435,456
      ||| |||| |||| |||| |||96-------------4,294,967,296
      ||| |||| |||| |||| ||92--------------68,719,476,736
      ||| |||| |||| |||| |88---------------1,099,511,627,776
      ||| |||| |||| |||| 84----------------17,592,186,044,416
      ||| |||| |||| |||80------------------281,474,976,710,656
      ||| |||| |||| ||76-------------------4,503,599,627,370,496
      ||| |||| |||| |72--------------------72,057,594,037,927,936
      ||| |||| |||| 68---------------------1,152,921,504,606,846,976
      ||| |||| |||64-----------------------18,446,744,073,709,551,616
      ||| |||| ||60------------------------295,147,905,179,352,825,856
      ||| |||| |56-------------------------4,722,366,482,869,645,213,696
      ||| |||| 52--------------------------75,557,863,725,914,323,419,136
      ||| |||48----------------------------1,208,925,819,614,629,174,706,176
      ||| ||44-----------------------------19,342,813,113,834,066,795,298,816
      ||| |40------------------------------309,485,009,821,345,068,724,781,056
      ||| 36-------------------------------4,951,760,157,141,521,099,596,496,896

Special use ranges

::/0 Default route
::/128 Unspecified
::1/128 Loopback
::/96 IPv4-compatible*
::FFFF:0:0/96 IPv4-mapped
2001::/32 Teredo
2001:DB8::/32 Documentation
2002::/16 6to4
FC00::/7 Unique local
FE80::/10 Link-local unicast
FEC0::/10 Site-local unicast*
FF00::/8 Multicast

Additionally, there is the IPv6 PDF cheat sheet with a lot more useful information here. Doc found on the excellent

Gliffy — Online diagrams — visio style

Posted by & filed under Networking.

With a tool that makes it easy to create, share, and collaborate on a wide range of diagrams, Gliffy users can communicate more clearly, boost innovation, improve decisions, and work more effectively.

But why the name Gliffy?
It comes from the word glyph, a symbol or character that imparts information non-verbally. Gliffy is an online diagramming service that helps users communicate with a combination of shapes, text, and lines.

The best part? You can try it right away with zero registration or other annoyances.

Tails — Tor

Posted by & filed under Networking.

Tails relies on the Tor anonymity network to protect your privacy online: all outgoing connections to the Internet are forced to go through Tor.

Tails is a live system: a complete operating-system designed to be used from a CD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails is configured with a special care to not use the computer’s hard-disks, even if there is some swap space on it. The only storage space used by Tails is the RAM memory, which is automatically erased when the computer shuts down. So you won’t leave any trace neither of the Tails system nor of what you did on the computer. That’s why we call it “amnesic”.