Friday, July 27, 2007

How to implement Proxy ARP on linux box

Note If you dont know what is proxy arp then stop reading this
and read this first

The scenario before implementation of Proxy ARP is as bellow (Before Proxy ARP)
There is a server ( on the LAN ( that
we want to put in to DMZ. But normally if we move the server we
have to change its ip address and put it into different lan network
But by using proxy arp we can port the server to DMZ without changing
any configuration like ip address.

Before proxy ARP

| eth1
|Linux |-- eth2
|Box |
| eth0
| | 10.10.10.?

After implementation of the Proxy arp we can put the Server directly connected to eth2
without changing its ip address.

To implement proxy ARP following steps should be followed

1.Turn on the proxy ARP option on the selected interfaces
To do this we have to put value 1 in to the proc file.

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp

2. Delete Route of LAN from eth0

route del -net netmask dev eth0

3. Add Routes for proxy ARP

route add dev eth0
route add -net netmask dev eth0

Now the Proxy ARP is working and the Systems in the LAN ( will
be able to communicate with server ( similar to what that was before
proxy arp. Now you can put the iptables rules to prevent/allow access the server if you want.

After Proxy ARP

| eth1
|Linux |-------
|Box | eth2
| eth0
| |

Wednesday, July 18, 2007

Lack of Information Security Conern in India - Part 2

Continuing from where I left...
The only sector which has a little bit of sense of security is the financial sector.
That too they have learned from the foreign financial institutes. There has been lots
of wire frauds, cracking in the financial sector. Lots of time this kind of cracking is
done by a script kiddie.
(For the Dummies: Script Kiddie is a person who just downloads
some programs and try to attack on a computer system without understanding what the program
does. I have also seen conditions where the script kiddies are using some windowz cracking program
against the linux sytems)
The most famous crack in the financial sector is phishing ( pronounced as Fishing).
Phishing is done by using social engineering techniques. Phishers attempt to fraudulently acquire
sensitive information, such as usernames, passwords and credit card details, by acting as a mail came from the financial institute. eBay and PayPal are two of the most targeted companies, and online banks are also common targets.
Phishing also work most of the times when there is no concern about security in the users mind. No I have a concern for
security. i know that no bank in the world will ask me to send my password in the mail. But lots of normal users dont
understand this. Phishing also used Fake websites lots of times. But if the user is carefull to look at the url bar to
see that the url of the site is different that the url user is visiting then harm can be avoided. I know some of you will say that there are some java scripts that try to cover the address bar by a image of the leagal url. But this type
of phishing is more sophisticated and not that much in numbers. (If we disable javascript for unknown site we can stop this kind of attack.) Lot more phishing is done by script kiddies than the pros. I wont say we will be 100% percent secure but with a little bit of awareness we can avoid these script kiddies. So I again say that awareness in people is must.

Sunday, July 8, 2007

Lack of Information Security Conern in India

When 2-3 Days Ago I was watching some news of one indian university network was hacked by some nygerian hacker. News channel was telling that he hacked their mail server. And stole their economic information.I am very much surprise that how much ignorance is in theindian people aobut the importance of the information security.
    I have seen in my own university also. When I was university I was able to get the root access of the linux system very easly that was giving shared access to the students. Also I was able to torjen the whole network, every PC wasunder my control. Though I did not do any damage, (damaging system never gains anything, unless you are getting paid to damge the system, but a real hacker will never damage the system) I was very surprise to see the lack of security. There were more than 80 computers having internet access on which I had installed RAT (Remote Access Trojan) So if I wished I could use them as Bot-Network to do any kind of attack.
      I think the history repeats itself, as in america first the hackers and system security were not given any notice. But when cracker get in the situation, they started damaging systems, or shutting down telphone networks, etc. Then one day american governmentgot awake of sudden and started hunting the hackers. India also is on the samepath. You will be surprised to hear that one fren of mine who is in marketing the firewall and IDS (Intruder Detection System) tell me that the product is not sold by how much security it provides but most of the times to just manage the network bandwidth, block the URLs for users. He says he has till this date not mate with a CTO who has genuine interest in the security of his network. After some big attacks by some cracker the people will awake. But do we want this ?
   I think the people should become aware before such things. We should make people aware of things. In my later blogs I will try to handle more such issues.