This list of rules doesn’t fit very well with my password scheme, primarily because what I computed in my head fails the test for uppercase characters.

Using the phrase “this is an unbelievably long password that would take a very long time to crack” fails this rule too, as well as the tests for a number and punctuation. I’m not suggesting that this is a good password, but it’s certainly better than “aA1!bcde” which passes all the rules. These 8 characters are trivial to brute force on any modern machine even if the underlying software uses a salted hash.

The offending software appears to be Jive, who perhaps need to set some more sensible defaults on their login system.

Dear User;

Please update to our new server click here to begin

http://glacierdesign.ca/phpform/forms/form1.html

Thanks and have a wonderful day.

Webmaster

The site looked like this:

For a while I was confused, after all I run my own email. Did I really need to remind myself of my password? And what had happened to my unlimited quota?

Then I figured it was obviously a phishing email, so I turned to “do no evil” Google to report it. If the site was included on their block list then users of popular browsers would automatically receive a warning if they tried to go to it.

I tried using the Google report phishing form, even filling in the headers and body of the email in the comments box. Unfortunately, a week later the site is still up and presumably conning less savvy users.

Surprised by Google I’ve just tried the badwarebusters.org report feature, let’s hope it works slightly more efficiently!

There are many situations where packet capture will lack the ethernet header for a good reason, but if you simply want to run it through other tools that deal only with IP and above then adding a fake header is a viable choice.

Fortunately, adding a “fake” ethernet header to these pcap files using tcprewrite (part of the tcpreplay suite) is simple:

Overriding the output data layer type is essential, as is providing the ethernet MAC addresses of the two endpoints. That’s all there is to it.

tcprewrite is available as part of the Debian package tcpreplay.

Swapping out a default project to use Razor instead of (or in addition to) the default engine isn’t too difficult.

Enabling the view engine

In Global.asax, find the few lines below in Application_Start():

We need to register Razor here, by adding the line below:

If you do not plan on using the default view engine then you can comment the existing line and remove all the .aspx files from the Views directory.

Configuring the default layout

Create an empty file called _ViewStart.cshtml in the root of your Views folder:

This code runs before any other view code in this directory or below and sets the default layout so you don’t have to set it manually in every view (see the MVC3 release notes for more information).

Create a basic template

Lastly we need the layout which was referenced above, created as Views/Shared/_Layout.cshtml. You could copy and paste this from a new MVC Razor application, which is what I did to end up with the template below:

Conclusion

This is all that should be necessary to enable Razor and start to return basic views from your controllers. From here on you can create views just like in the MVC3 tutorials.

After a week I have seen a number of accesses to this site using IPv6. I also added an AAAA record for my mail exchanger at the same time, but so far haven’t seen any legitimate messages delivered. SSH login attempts have also been absent, which is good as apparently denyhosts doesn’t support IPv6 just yet.

It is worth considering security too. By default, ip6tables is permissive in ALLOW mode. This has security implications for link-local addresses if the attacker is on the same network segment, but definitely needs thought if you add routable IPv6 addresses. I copied my existing set of iptables rules and modified them where necessary, only allowing the essential services.

Be the first to comment from an IPv6 address!

If you use it, make sure you use the latest version of libnids (currently v1.24) as it fixes a bunch of important bugs. This currently isn’t in Debian/Ubuntu and the maintainer has disappeared, so compile from source for now. Red Hat based distributions get it easy it seems, as somebody has already compiled it for RHEL4 or later.

The best bit? It’s pure Perl, therefore also uses real Perl regular expressions. Yes, there might be grep --perl-regexp, but nobody bothers compiling that in. Plus ack has some other neat features.

See more at the ack website.

I needed this for rsync, to let a remote backup server slowly catch up if large amounts of data were added to the live server during the day. A useful post on the rsync mailing list discusses an rsync patch but also the timeout command.

After installing (the Debian package is simply timeout) it is as easy as running with the number of seconds to run for:

It is also possible to specify the signal which will be sent to a program, which is useful if you do not want to simply send SIGKILL. I used SIGHUP in the hope that rsync would have a chance to exit gracefully:

A full list of signals and their numeric values can be found in man 1 kill.

A wrapper script is also available from Johannes Buchner.

This causes the router to request DNS server addresses when the PPP session is negotiated (when it “dials up” to ADSL).

After reconnecting the PPP session (either reload or shutdown the interface and then bring it back) it is possible to check that DNS servers have been obtained using sh host:

If the router is running a DNS server it is possible to direct DHCP clients at the router IP instead, forcing them to use these same settings.

I grabbed a source tarball from the website and started there. Installing is simple:

1. After extracting, copy defconfig to .config
2. Edit .config to set the user and enable the backends you require
3. Run make and then make install (as root, obviously)
4. Edit the dovecot configuration to set plugin configuration

I chose the dspam-exec backend, but read the documentation before using it as it will spawn the dspam binary for each mail moved in.

You should ensure that the user that the dspam-antispam plugin runs as is trusted by dspam (edit /etc/dspam/dspam.conf and ensure there is a Trust <user> line) and does not violate dovecot security settings (set at compile time). On Debian, this seemed to mean running the plugin as root.

Editing the dovecot configuration includes enabling the plugin in the protocol imap section:

mail_plugins = antispam

And, for the dspam-exec plugin, configuring it like so:

# Which folder the antispam plugin monitors
antispam_spam = Junk
# Antispam trash folder
antispam_trash = trash;Trash;Deleted Items;Deleted Messages

antispam_signature = X-DSPAM-Signature
antispam_signature_missing = move

#===================
# dspam-exec plugin

# dspam binary
antispam_dspam_binary = /usr/bin/dspam

# semicolon-separated list of extra arguments to dspam
# (default unset i.e. none)
antispam_dspam_args = --deliver;--user;%u
# antispam_dspam_args = --deliver=;--user;%u  # % expansion done by dovecot
# antispam_dspam_args = --mode=teft

This seems to be the minimum to get the dspam-exec backend working. Note that configuration for other options will be different, if somebody fancies sharing a configuration that sends mail to <user>-spam@<domain> I’d be very grateful

Thanks to Johannes for writing this plugin.