Dec 27, 2011

What the hell is "NetCut" doing and how to prevent

NetCut is a program that will help you disconnect other computers in the same subnet of an ethernet network. You can download the program from this link: NetCut.
In this post I will describe the technical detail about NetCut and how to prevent this kind of program/attack.

I. Technical Detail About NetCut:
NetCut use a simple technique called "ARP poisoning" or sometimes called "ARP spoofing". It is a attack technique usually used to trigger an Man In The Middle attack. Before introducing the ARP poisoning, we have to know what is ARP.
ARP is the abbreviation of Address Resolution Protocol. According to wiki, "ARP is a protocol used for resolution network layer address to link layer address." That is, ARP will map the IP address of a machine to it's MAC address.
Consider the following LAN from Fig. 1:

<figure 1> Local Area Network Example

Now If Alice want to send a Packet to Bob, Alice machine will check if the MAC address of IP 192.168.0.3 is exist in the ARP cache table. If it is not exist in the table, it will broadcast a ARP request asking for the MAC address of 192.168.0.3. While Bob's machine receive the broadcast message, it will reply it's MAC address to Alice. Fig. 2 shows the communication process.

<figure 2> ARP communication process

After knowing the ARP, it's time to introduce the "ARP poisoning attack". Consider the following condition. What if Evil reply the ARP request before Bob when Alice broadcast the ARP request. In this scenario, Alice's machine will think that the MAC address of IP 192.168.0.3 is 00:00:00:00:00:03(MAC address of Evil), instead of 00:00:00:00:00:04(MAC address of Bob). Therefore, Alice will send the packet to Evil instead of Bob.Fig. 3 shows the process of this attack.

<figure 3> ARP posioning attack
What if Evil send the ARP reply with a non-exist MAC address of the gateway, then Alice's machine will become a DoS condition. This is how NetCut disconnect other computer in the same subnet.

II. Prevention of ARP poisoning:
The best way to prevent your computer being poisoned is use a static ARP instead of dynamic. In both windows and linux system, there is a command called arp which can let you check the arp cache table and moreover change the dynamic table into static.
You can also installed some application such as arpwatch in unix and Xarp-v2 in winodws to defense this kind of attack.

III. reference website:
ARP and ICMP redirection
arp-spoofing wiki
Writer: at No comments:

Dec 26, 2011

What can you do when linux is not responding

Linux is a very stable system compare to windows(:P). However even it is very stable, it will still crash sometimes.
So what can you do if the system is crashed.

1. go to the tty:
Sometimes, it is the graphic mode crash but the linux kernel and other critical process are still alive.
If you have encounter this situations, There is no need to reboot your system.
Instead, you can goto tty to fix the problem.
In linux system you can go to tty by pressing [ctrl]+[alt]+[f1~f7].
The default graphic mode is in tty7, that is you can press [ctrl]+[alt]+[f7] to return to graphic mode.
A tty is a pure command prompt and you can restart the x-server from here.
ubuntu 11.10 use lightdm, so I take lightdm as an example.
type the following command:
sudo /etc/init.d/lightdm restart
that's it, and you will see the graphic mode is restarted.

2. the magical sysrq:
If your system crash and the keyboard has no respond, it's time to use the sysrq.
What is a sysrq, it is a little button on your keyboard. Normally, it is near the delete key .  If your system crash, and you can not enter the tty mode. Try the following combination keys:
[alt]+[sysrq]+[R]-> [alt]+[sysrq]+[E]-> [alt]+[sysrq]+[I]-> [alt]+[sysrq]+[S]-> [alt]+[sysrq]+[U]-> [alt]+[sysrq]+[B]
If everything works fine, your system will reboot but will save some files and safely kill the process that you are working on.
So what the hell is going on under these combination keys?
The following show you the functionality of each keys.

a. [alt]+[sysrq]+[R] : turn your keyboard into ascii mode, it enables your keyboard to send message to the kernel directly.
b. [alt]+[sysrq]+[E] : send SIGTERM signal to all the process except the init process.
c. [alt]+[sysrq]+[I] : send SIGKILL signal to all the process except the init process. This will kill all the processes except the init process.
d. [alt]+[sysrq]+[S] : sync the buffer pool to the hard disk, in case to lose datas.
e. [alt]+[sysrq]+[U] : remount all the mounted-filesystem to read-only.
f. [alt]+[sysrq]+[B] : reboot the system.
p.s while using the combinations, use it slowly. :P
That is, after using the first combination, wait about 5 secs and then use the second one and so on. If you use the combinations too quick it is no difference than press the power key. 
The recommend wait time is:
R--1 sec-- > E--30 sec --> I-- 10 sec --> S --5 sec --> U -- 5 sec --> B

If you want to know more detailed about the sysrq the following link has a very good explanations.
English version:
Magic sysrq
Chinese version:
https://www.deleak.com/blog/2010/10/20/sysrq/
Writer: at 2 comments:

Ubuntu 11.10 Notes

It's been a really long time that I haven't write a new post. My school work is fucking busy.
I have installed ubuntu 11.10 for a while. I decided to write some note about the installation and configuration process.

Installing ubuntu 11.10 is quite easy, just put the disk into the computer, follow the steps and yes you have installed your ubuntu 11.10.

1. video drivers:
I'm using ATI video cards, and meet some problem while using the default video drivers.
There are many solution of this problem. I just post the solution I used:
First, go to AMD official website and download the video device dirver.
The one I'm using is "ati-driver-installer-11-11-x86.x86_64.run"
and type the following command and reboot, and the video driver is installed.
mkdir ati-11.11;
cd ati-11.11
wget www2.ati.com/drivers/linux/ati-driver-installer-11-12-x86.x86_64.run
sh ati-driver-installer-11-11-x86.x86_64.run --buildpkg Ubuntu/oneiric
dpkg -i fglrx*.deb
aticonfig --initial -f
If you still meet some problems, the following websites maybe a good place
to search your solutions.
x/troubeshooting
ubuntu install guide
ubuntu+gnome shell+ati driver
gnome shell doesn't work properly

2. Installing some applications
   a. upgrade the app: type the following command and upgrade the applications that already install in the system.
   sudo apt-get update && sudo apt-get upgrade

   b. install the restricted packages: this will enable you to play some popular music/video formats such as mp3 and so on. Type the follwoing command:
   sudo apt-get install ubuntu-restricted-extra

   c. enable full dvd play back: After that you can watch videos from dvds.
   The instruction is too long, so I post the original link and you can follow the instructions from those websites.
   install libdvdcss
   15 things I did...

   d. and more: There are still more applications you may want to installed. Reference this link:
   Best applications and tweeks ....

This is pretty much about it.
Writer: at No comments:

Dec 9, 2011

wargame competition Taiwan

You can download the questions in the following link:
wargames


However the archive file is encrypted, if u want the key please send me an email.
mike820324@gmail.com

Description of each questions is listed in t.txt files.

Writer: at 3 comments:
tags:
Subscribe to: Posts (Atom)

Labels