Jimiz.net – Jim Becher on the web

I have a few servers that I help maintain or use for VPN access.  I have found on a few machines that when I use VPN to secure my connection at a coffee shop or any other public WiFi that some sites will not load.  I have seen this issue before when using PPTP but had never taken the time to investigate.   Sites like Digg would just not load.   After a lot of investigation I as able to see a few obscure issues with the mtu size.  The default PPP0 interface MTU size was 1396

Output of ifconfig:

ppp0

Link encap:Point-to-Point Protocol          inet addr:192.168.240.1  P-t-P:192.168.240.2  Mask:255.255.255.255          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1          RX packets:9 errors:0 dropped:0 overruns:0 frame:0          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:3

After some google searching I was able to see that my eth0 MTU was set to 1500.    To correct the issue  I increased the PPP0 MTU size to 1492.   That change allowed the sites to load.

Manually change the MTU:

sudo ifconfig ppp0 mtu 1492

I was unable to find a clean permanent solution to keep this set.  I tried the /etc/ppp/options and options.pptp.  The work around I created was to modify the MTU size on the first PPP connection.  I used the ip-up.local file to make this change on every PPP connection.  The ip-up file is executed once a PPP (vpn) connection is started.

I added the following line to ip-up.local

• ifconfig ppp0 mtu 1492

After these changes every connection will set the mtu to 1492.   This corrected my issue with browsing some sites.

I can now surf the web and get to any site.

What browser do you use. I’m a chrome user. Have been for about a year. The features that draw me to chrome are the very simple view with tabs, easy search by the address bar, and sync of the bookmarks. Also, did I mention speed.

These great features that set chrome apart are not part of both IE9 and the new Firefox. I’ve read the reviews of each and decided to try them for myself. I have to say that I’m impressed.

So far I’ve found that the good features (download manager, minimal window size, and speed) have all been addressed by firefox and ie9.

In terms of reasons to use a browser, I’ve been in love with firebug on firefox for a long time for development. however, recently I’ve been using the inspect element in chrome as well.

In my own personal test I was taken by the performance of FireFox. It appeared to run faster and open quicker than before.

Though I’ve started using FireFox as the default browser for the last 2 days, I have also been using ie9.
IE9 has incorporated a lot of nice features from both FF and chrome. I even like the on browser modal notification for downloads and issues.

Overall both browsers have succeeded in adding new features, being faster, more secure, and more of a minimal feel. Can’t wait to see what else is coming.

I am frequently creating Visio diagrams to use for software development or web applications.  I typically use the built in elements and icons.  Recently I have found it difficult to find some items that I would like to have in my designs.    The great team and group over at OSA (www.opensecurityarchitecture.org) have many tools to both help with designs but also elements in the designs.

If you are not familiar with OSA I would recommend looking at some of their patterns or their library to understand how this great group can be useful.  They help both visually display IT standards but also security standards.

Recently I have been using their Creative Commons released Icon set to help in my designs.  Simple icons like padlocks, wifi signals, users, and servers.  Not only are they good looking but it is very functional.    It never hurts to have a design that is both elegant and useful.

I recently launched a new application that generates an image. In the app I created a custom image handler that returns a 2D barcode. The Handler used the System.Drawing class to generate the image. This all worked great locally on both Visual Studios Cassini and my local IIS box. However when I published the application to my server (win 2008) I was getting this obscure error “A generic error occurred in GDI+.”

What a great informative error. I did a quick google search only to find that this is a common issue. Many of the posts suggest this is a security issue, and that may be true is you were saving the image to a file structure. In my app, I am streaming the results out of memory back to the context in the handler, so it can display the image.

The offending line of code was:
context.Response.ContentType = "image/Jpeg";
System.Drawing.Image.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg)

I started looking at permissions, I assumed that since 90% of the fixes I read were done with permissions that this would be the simple answer. I was wrong, in my case permissions did not help. In a last ditch attempt I changed the image type. I was using System.Drawing.Image.ImageFormat.Jpeg I changed this to ImageFormat.Png.

This simple format change allowed the page to render on the server. I am not sure why the rendering of a jpg would be more of an issue than a PNG but I am ok with the result.

Fixed code
The offending line of code was:
context.Response.ContentType = "image/Png";
System.Drawing.Image.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Png)

If you are unfortunate enough to have this error I hope this post helps you. Good luck with the dreaded A generic error occurred in GDI+ error.

I’ve posted before regarding browsing the web on a public wifi network like your local coffee shop or restaurant. I will repeat my message, this type of browsing is not secure, you don’t know who else is on the same network you are using. It is not hard for someone to view your sessions or info. (take for example firesheep) It allows anyone that uses firefox the ability to download a plug-in and see other wifi users facebook sessions.

So what are you suppose to do? To begin with, you should secure your connection to the internet. Securing your connection can be done a few ways. Some of the more practical methods are SSH tunneling or a VPN connection. These allow you to use an unsecured wifi network and send your traffic to a known secure network somewhere else.

If you are unsure what a SSH tunnel or a VPN is, you may have more trouble securing your connection. For the novice I suggest using a Free or Paid VPN service if your work does not offer one.

Here are two free VPN connections that I am aware of:
1. OPENVPN.net – http://www.openvpn.net/ SSL/TLS based VPN that you need to install software to use (windows or linux)
2. MacroVPN – http://www.macrovpn.com/
3. USA IP – http://www.usaip.eu/en/free_vpn.php
4. Projectloki – http://www.projectloki.com/

Paid VPN connections
1. AlwaysVPN – http://alwaysvpn.com/
2. Wifi-vpn – http://www.wifi-vpn.com/
3. AccessVPN – http://www.accessvpn.com/
4. http://worldvpn.net/

I have not used any of these services but have seen them on a few top 5 lists. I use both SSH and VPN connections back to my home or my office to secure my connections.

I recommend using a PPTP client on your home router as a simple method to secure your connections. Read my article on how to setup a VPN on DDWRT.

I love the new firefox plug-in that allows you to view user sessions. It is a simple plug-in called firesheep that uses winpcap to capture packets and hijack web sessions. If you have not heard of this head on over to firesheep and read more

What I find funny is the fact that people are all worked up about their security and the fact that others could see what they are doing. I am amazed, that people somehow think that a wifi hotspot is secure. I’ve seen people do online banking at starbucks, or a few online purchases at BigB’s. If you are not sure of who is giving you WiFi (public wifi does not count) than don’t do anything that you would not want the person to see next to you.

Firesheep is a good example of this, it no longer takes a “computer guy” to be able to sniff packets and basically snoop on your browsing. It is now a simple click and install and watch other’s facebook info…

Here is a great article about the legality of using firesheep. (http://www.computerworld.com/s/article/9194159/Is_it_legal_to_use_Firesheep_at_Starbucks_)
I find this interesting, basically the argument would be that you are doing something illegal by use of wiretap. I would equate firesheep to the same as two people in a coffee shop talking. One person is next to you and the other is all the way across the room. The person next to you is yelling at the top of their lungs to communicate to the person on the other side of the room. Hey may be yelling his credit card number to be able to purchase a coffee drink, or maybe his username / password to his bank account to allow the other guy to enter it into the computer for him. The same is when you share a wireless (wifi) network with your closest friends at a coffee shop you are basically yelling your information over the wire (or wireless in this case).

If a person decides to listen, is that illegal? Aren’t you and that other person sharing the same space , communication, it’s not illegal to both communicate. When does it become illegal to listen?

If you are concerned about people snooping, use some type of security tunnel to your home network, use ssl everywhere, or setup a vpn. If you don’t know about these things and would like some help, give me a call or email. I can help you understand how to do this and also why to do this.

There is now a little firefox plug-in for detecting firesheep called black sheep. http://www.zscaler.com/blacksheep.html Reminds me of the fuzz buster.. then there was the radar detector detector….

Here is a great video to instruct people on how to create a easy to remember strong password

I have had an AOL AIM instant message account for a long time (jimiz12 – IM me if you like). Just recently in the last 4 days, I started to get text messages on my Cell Phone from AIM. I thought that was interesting because I don’t remember every giving AOL / AIM my cell phone number. If I remember properly I did not even have this cellphone number when I created my AIM account.

I wonder what changed on the AIM side. I also wonder how they got my cellphone. Here is a picture of one of the messages. It is interesting that they allow you to block the message by responding. I decided I did not want to reply at all to let them know what I was even on the other end (at first I thought this was spam – not from AOL / AIM).

AOL Spam

So I decided to actually log into AIM and see what setting were available. I typically use Diggsby for my IM client (that does not contain my phone number either). To check AIM settings I used the web version of AIM. It had a thing called Lifestream, I’m starting to think that lifestream is the cause of this new text spam. I finally stumbled upon a AIM mobile setting that allows you to turn off text messages from that system. Interestingly enough, I don’t remember ever telling them I wanted or would like to get text messages. Since I have not logged into AIM in a long time (few years) I can’t imagine that I just recently said yes to anything.

Here is the process to go into AIM and turn off the text messages. Again, interesting. They ask me for my cellphone number and they will send me a code to disable messages. Good thing I have a texting plan, or this would have cost me money.

Here is the message with the confirmation code. In step 4 you get to disable the text messages, I can’t imagine why I would have enabled them in the beginning.

After this process I am starting to wonder how much more text spam I will be getting in the future. I think with any service, I will start using my google voice number to allow for text spam to be handled in my browser instead of my phone.

http://wwj.cbslocal.com/2010/07/08/dangers-of-free-public-wifi/

If this article is news to you, please take the time to learn how to be secure. If the idea of doing more work to be secure scares you then please take the time to do a few minor things. Understand that when using public wifi (anywhere you don’t know who’s wi-fi network you are using) do not do anything that you would not want the person sitting next to you to see. Example: don’t do banking, online purchases, or share any personal information.

The reason you would not do these activites is you do not know who is listening or watching. It is releativley simple for a hacker to intercept (“man in the middle”) your information as you are using the wi-fi network. The interception happens because of the wi-fi you are using is available to everyone around you.

If you do intend to use public wifi please use a VPN or some other method to secure your information.

Continuing my security theme, I decided to see what the iPad looks like on a network. Can you ping it, what does nmap say about it, does OS detection work, are there any open ports?

To test this I used both my iPhone (jimiz-phone) and iPad (jimizIP) connected to my wireless network.

The first thing I did was lookup the MAC address. There are many ways to do this but I like to use (www.coffer.com/mac_find/) It answers with Apple Inc
7C-6D-62 (hex) Apple, Inc
1 Infinite Loop
Cupertino CA 95014
UNITED STATES

I then ran 3 different OS detection tools: Nmap, zenmap, and xprobe2. NOTE: Zenmap is really just a GUI for nmap but it does clean up the OS detection. All three tools did a good job on calling out the OS as MAC

Nmap: iPad (It detected the iPad as OS X 10.5.6)
Interesting ports on JimizIP.jimizhome.com:
PORT STATE SERVICE
62078/tcp open iphone-sync
MAC Address: 7C:6D:62:C7:FA:17
Running: Apple Mac OS X 10.5.X
OS details: Apple Mac OS X 10.5 - 10.5.6 (Leopard) (Darwin 9.0.0b5 - 9.6.0)

Nmap: iPhone (it detected the iPhone OS)
Interesting ports on Jimiz-Phone.jimizhome.com:
PORT STATE SERVICE
62078/tcp open iphone-sync
MAC Address: 00:26:B0:67:18:B3 (Unknown)
Running: Apple iPhone OS 2.X
OS details: Apple iPod touch audio player (iPhone OS 2.2)

Zenmap: (both iPad and iPhone) detected both devices as an iPod Touch iPhone OS 2.2 – Screen Capture

Xprobe2: iPad (OS x 10.4.1)
[+] Primary guess:
[+] Host JimizIP Running OS: "Apple Mac OS X 10.4.1" (Guess probability: 100%)
[+] Other guesses:
[+] Host JimizIP Running OS: "Apple Mac OS X 10.4.0" (Guess probability: 100%)
[+] Host JimizIP Running OS: "Apple Mac OS X 10.3.9" (Guess probability: 100%)

Xprobe2 iPhone (OS x 10.4.1)
[+] Primary guess:
[+] Host Jimiz-Phone Running OS: "Apple Mac OS X 10.4.1" (Guess probability: 100%)
[+] Other guesses:
[+] Host Jimiz-Phone Running OS: "Apple Mac OS X 10.4.0" (Guess probability: 100%)
[+] Host Jimiz-Phone Running OS: "Apple Mac OS X 10.3.9" (Guess probability: 100%)

Each OS detection package did a pretty good job in showing it is an apple product. Nmap was able to identify the iPhone. I am guessing as the nmap OS database get’s updated it will also detect the iPad.

One interesting item that did show up is that port scan showed that port 62708 was open on both the iPhone and iPad. I did a little looking and it is the iphone-sync port.

Overall it looks like both devices are fairly secure over the wifi connection. It is always amazing to see what information your devices leak out (MAC address, open ports, OS detection, and user info)

The iPad is like any other device, it has your data on it. No matter if you use it at home or out in a coffee shop. You need to make sure that your data is safe. The iPad like the iPhone allows you to lock the devise from use with a 4 digit passcode.

To enable locking your screen you need to go to Settings | general | Passcode Lock

Select Turn Passcode On

You will then be asked to enter a passcode. You have to enter this in twice

You then have an option on Require Passcode (Immediately, After 1, 5, 15 min or 1, 4 hours). I use immediately.

It never hurts to add one more level of security. A passcode is a simple way to keep others out of your info / mail / information. I have set the auto-lock to 5 min on the iPad.

So far the iPad has been a great hit in our home. From remote access, browsing the web, email and movies. I have only good things to say about this device.

Inside the comfort of my own home I know my connection is safe. However, when I venture out to public wifi or a coffee shop, I cannot be a comfortable with the network security. When using my laptop at a public wifi I normally use SSH or a VPN to secure my connection. I will show you a quick how-to on using VPN on you iPad to get a secure connection when using a public hotspot.

To use a VPN client on your iPad you will need a VPN server somewhere. I use DDWRT as a vpn server at my home. It has a built-in PPTP VPN server. The iPad supports (PPTP, IPSec, and L2TP).

Thankfully the iPad has a built in VPN client. To access the settings for this you will need to go into settings | general | network.

Under your network settings you can find vpn connections. In this section you can turn on vpn, view the status of a connection, add a connection or edit a connection. We will be adding a connection:

Next you select “Add Vpn Connection”. Select PPTP, L2TP, or IPSec. For each type of vpn you have different options:
PPTP:

L2TP:

IPsec (cisco):

Once you have setup your vpn connection you only need to go back to the setting page (network / vpn) to enable the vpn connection. You then can view the status and be connected or browsing through your VPN tunnel. In the image below I can connected to my home VPN and have an IP of 192.168.2.200.

Happy secure browsing. Remember to still take precautions when in a public location and using any type of secure sites.

If you are in need of a personal VPN provider, I recommend wifi-vpn.com.

My trusty linux box at home needed to be reloaded. The hardware had run it’s course so I now have my linux system using a Dell Zino HD small formfactor PC. (DELL ZINO)

I do enjoy the process of reloading linux. I am currently using Ubuntu 9.10. The first thing I do after installing ubuntu is install SSH and set a few config changes (PermitRoot = no). SSH allows me to access the machine from anywhere. After that I add my favorite program DenyHosts. (DenyHosts)

DenyHosts is a security application that monitors the “/var/log/secure” log. If it sees suspicious activity it will add the IP address to the /etc/hosts.deny file.
This is a great simple security app that keeps bad people away.

It is worth a read to hear how DenyHosts was created and what motivated the developer to write the application (HackTale)

UPDATE:

One feature that I recommend with deny hosts is that you turn on the email option.  It is great to get a little email showing the ip and host (if possible) letting you know that your system is keeping itself secure.