yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Russian English Slang Dictionary of the Russian Hacking Community

This dictionary, which I will update from time to time, comes to help those following the Russian Internet Undeground with the aid of Google Translate and alike. Those tools unfortunately fail on any word that is a slang word or a less known variation of a generic word. For this reason I list here words with some of their variations - like number, gender, conjugation, so that you can search for them after Google Translate did its work. If you stumble upon the word not in the list - feel free to send me it and I will add its meaning to the dictionary. You can reach me via yuri@yurisk.info or on Twitter. You can download PDF version Here

A
ава avatar
абузоустойчивые хостинги abuse-proof hosting companies, that is – hosting companies that ignore the abuse complaints on their clients. It can be either legitimate hosting providers or servers ‘owned’ by the seller
абузы abuse complaints
автозапуск autoloading of software
АЗ (Автозалив) automatic upload of software
айфон, яМобилко, яблофон, айвонь nicknames for the iPhone
ак / акки / акков / акками account in any sense of the word
анонимайзер / анонимайзеры anonymizer
атака посередине MiTM attack

Б
бакинские / бакинскими / бакинских US dollars
бан / банить to ban, block someone/something from using a resource
бат файл bat file
БД database in the wide context (forum db / client db / IPs db/ etc)
билд / билдом / билды build, as a software versioning feature
бинарник binary file
бот bot
брандмауэр firewall
брутфорс / брутфорсы / брутфорсом process of bruteforce attacking, also a verb
БС Base Station in cellular telephony en.wikipedia.org/wiki/Base_station
бурж / буржуйский foreign to the Russia/former USSR, mostly everything belonging to the West
В
варез / вареза warez, pirated software
валидный / валидными / валидных / валидными / валидная adj. valid, current, working
ведроид Android OS as well as any smartphone running it
взять за жопу to apprehend, be caught with grave consequences
виндофон smartphone running Windows
винчестер hard dsik
вифи wi-fi
вафля / вафле wi-fi [literal meaning – waffle]
вложение / вложения attachment
впаяли / запаяли / паяли / паять to sentence to serve jail time
впска / впски VPS server
Continue reading

Check Point Gaia route missing after adding via ip route add problem

Check Point Gaia route missing after adding via ip route add problem

Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate. I gues it was done on purpose to give more control to the administrator over the routing table. One of the quirks of it is when you add a route via SSH the Linux way you don’t get any error but this new route does not show anywhere – neither in Gaia nor on Linux level. On the other hand if you add the very same route via Gaia GUI or in clish – works fine. The culprit for this behavior is this setting you can change in Gaia https GUI: Gaia ip route kernel propagate option

Go to Gaia https: Advanced Routing -> Routing Options -> and click to select on “Kernel Routes” -> then Apply. That is it – now if you add routes in expert mode with ip route add 192.13.13.0/24 via 192.168.13.254 this newly added static route will appear on both Gaia and Linux OS with the mark K for Kernel:

smartcenterr77> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive
S 0.0.0.0/0 via 192.168.211.254, eth0, cost 0, age 16426
C 127.0.0.0/8 is directly connected, lo
K 192.13.13.0/24 via 192.168.13.254, eth0, cost 0, age 25

RHEL get firewall zones and their interfaces in one go

The firewall-cmd  doesn’t have an option to show all zones and to which one the server interfaces belong, so here is aone-line to show that:

# for ii in `ls /usr/lib/firewalld/zones/`; do echo ${ii%%.xml}: ; firewall-cmd –zone=${ii%%.xml} –list-interfaces; done
The output:
block:
dmz:
drop:
external:
home:
internal:
public:
eno16777736 eno50332184
trusted:
work:

Do not miss Netflow capability of Check Point Gaia R77 and above

Do not miss Netflow capability of Check Point Gaia R77 and above. In the past measuring the traffic passing through firewall wasn't easy - you had to either query interface counters via SNMP or run custom Bash scripts on the firewall itself to get interface statistics. The problem with both of the ways was that you didn't get exact results. And to get insight into what kind of packets are going through the firewall wasn't possible to do easily at all.
Sure, you have always had SmartView Monitor dashboard to see real-time statistics, but you need a separate license for that.
Finally, starting with R76 for regular firewall and R75.40VS for virtual one we have Netflow export capability available in Gaia OS. It supports Netflow version 5 and 9. I haven't tried version 9 but all common version 5 works as expected. Features and limitations:
  • SecureXL (i.e. hardware acceleration) should be enabled for correct results (most of today's firewalls have it on anyway).
  • You can set up to 3 external collectors to receive Netflow data. Of course it means that the same Netflow packet will be sent 3 times, I don't see reason to do so.
  • You can specify source IP address for outgoing Netflow packets, the defult is IP of the interface where packets leave.
  • Do not forget to set Netflow version, as default is 9.
To configure and enable Netflow on Gaia clish (here I send Netflow to 192.168.13.77 port 2055, version 5) :
gateway1> add netflow collector ip 192.168.13.77 port 2055 export-format Netflow_V5
gateway1> save config

Vefiy:
gateway1> show netflow all
Address           Port    Format      Src Addr          Enable
192.168.13.77     2055    Netflow_V5                    yes

Change colors of ls output in the bash shell

Usually colorization is put in action via alias : alias ls=’ls –color=auto’
You can turn off the colors each time you run ls: ls –color=never l or change the alias itself to disable fancy colors permanently or even simple \ls . But to change the colors you’d need to cause dircolors utility to read your own color database when the login session starts. So let’s do just that
1) Export existing db:
[bash]dircolors -p > dircolors.db[/bash]
2) edit :
[bash]vi dircolors.db[/bash]
e.g. change directories color from blue to red:[bash]di=01;34 -> di=01;31[/bash]
3) save changes
4) make bash to reload color scheme:
[bash]eval `dircolors dircolors.db`[/bash]
5) put [bash]eval `dircolors $HOME/dircolors.db`[/bash] into .profile file at the end of it.
That is it.

How to know Checkpoint UTM Appliance model from the cli

Many times you get to work on some UTM appliance remotely via ssh and need to know which exact model it is. It takes just one cli Expert level command to know: dmidecode | grep “Product Name” . Then you go and compare the output with the UTM models table which Tobias Lachmann diligently compiled for us Determine appliance hardware from command line .
As of 09/07/2016 Tobias’ website is down. So to preserve the useful info I put the list of UTM models to compare with:
G-50 Check Point 21400
P-230 Check Point 12600
P-220 Check Point 12400
P-210 Check Point 12200
T-180 Check Point 4800
T-160 Check Point 4600
T-140 Check Point 4400
T-120 Check Point 4200
T-110 Check Point 2200
L-50 Security Gateway 80

P-30 Power-1 11000 Series VSX-1 11000 Series
P-20 Power-1 9070 Connectra 9072 VSX-1 9070
P-10 Power-1 5070

U-40 UTM-1 3070 Connectra 3070 Smart-1 3074 VSX-1 3070
U-30 UTM-1 2070
U-20 UTM-1 1070
U-15 UTM-1 570
U-10 UTM-1 270 Connectra 270
U-5 UTM-1 130
C6P_UTM UTM-1 2050
C6_UTM UTM-1 1050
C2_UTM UTM-1 450

IP-150 IP-150
IP-282 IP-282
IP-295 IP-295
IP-395 IP-395
IP-565 IP-565
IP-695 IP-695
IP-1285 IP-1285
IP-2455 IP-2455

U-31 IPS-1 2076
P-11 IPS-1 5076
P-21 IPS-1 9076

U-42 DLP-1 2571
P-22 DLP-1 9571

S-10 Smart-1 5
S-20 Smart-1 25
S-21 Smart-1 25
S-30 Smart-1 50
S-40 Smart-1 150

Undocumented command to install policy on Locally managed Checkpoint UTM 1100 series appliance

I was trying the other day to exclude on UTM 1180 gateway some IP address and service combination from being encrypted inside VPN tunnel and noted that any changes you do to the firewall files on the CLI, in this case – crypt.def, do not take effect . It is actually logical as every SK asking you to do such changes also specifies that “Changes are to be done on SmartCenter/Management server and then you are to install Security Policy” . The catch here is “installing the policy” – if it is what is known as Locally managed UTM, i.e. you manage it via its Web interface, you have no such action – “install policy” .
One solution would be to restart the UTM – works, but kinda harsh. The other solution is this undocumented (not listed in any Checkpoint documentation I searched) command :
* You should be in Expert mode to run it . Also pay attention to the output – there should be no errors.

# fw_configload
FW.pf:
Compiled OK.
Resolver Error 0 (no error)
Resolver Error 0 (no error)
Resolver Error 0 (no error)
Resolver Error 0 (no error)

 

Useful CLI commands for Cisco CUCM

Useful CLI commands for Cisco CUCM .

I don’t work on the command line of CUCM often, if ever – you may add, but when the need arises here is the short list of commands to keep. A little reminder – the latest (starting version 5 and on) of Cisco CUCM software is Linux (namely Red Hat) based,  which of course includes the terminal access – be it a physical via console or a network one over ssh .
You create a username/password for the terminal during the CUCM  installation.
As Cisco do not want us to mess with the underlying OS, our interaction is limited to a very restricted kind of shell . So you don’t have access to the Linux commands, but you do have a predefined set of CUCM commands of which I present most useful ones here.
I run the examples below on a MCS hardware server so your output may vary.

 

– Changing password for yourself/another user . Know that it is here, but do not play with it risking to lock yourself out of the server.

admin:set password { age* | complexity* | expiry* | inactivity* | user* }

–  Get the disk usage

show diskusage activelog

– Show the status of the fans (irrelevant for VMware based install)

admin:show environment fans
(RPMS)     Lower                     Critical

ID     Current   Threshold Status

Fan Sensor 1 7800     4200      OK
Fan Sensor 2 7950     4200      OK
Fan Sensor 3 7800     4200      OK
Fan Sensor 4 7350     4200      OK
Fan Sensor 5 7200     4200      OK

– Show the server temperature (irrelevant for VMware based install)

show environment temperatures

(Celcius)    Non-Critical   Critical   Threshold    Threshold

     ID       Current  Lower   Upper   Lower   Upper  Location Temperature Sensor
1             
24          53          54           55        62   1

– Show the server hardware (irrelevant for VMware based install)

show hardware

HW Platform    : 7825I4
Processors     : 1
Type           : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz
CPU Speed      : 3000
Memory         : 2048 MBytes

show logins
administ pts/0     192.168.7.1   Wed Aug 12 09:56   still logged in

– Show physical memory (irrelevant for VMware based install)

show memory modules

Bank  Locator   Size  Active Status
DIMM 1  DIMM 1  1024 MB TRUE OK
DIMM 3  DIMM 3  1024 MB TRUE OK

– Show interface status (more useful for hardware based servers than VMware ones)

show network eth0

Ethernet 0
DHCP      : disabled        Status : up
IP Address   : 192.168.10.1     IP Mask : 255.255.255.000
Link Detected: yes             Mode    : Auto enabled, Full, 100 Mbits/s
Duplicate IP : no
DNS   Not configured.
Gateway   : 192.168.10.254 on Ethernet 0

– Show number of open connections . If there is some network connectivity issue this number will be unusually low as each IP Phone/voice gateway is counted as a connection.
show network ip_conntrack

972

– Show open and accessible over the network ports

show network ipprefs public

Application  IPProtocol   PortValue Type      XlatedPort   Status    Description

———— ———— ———— ———— ———— ———— ————

sshd      tcp       22        public    –         enabled   sftp and ssh access
clm       udp       8500      public    –         enabled   cluster manager
clm       tcp       8500      public    –         enabled   cluster manager
tomcat    tcp       8443      translated   443       enabled   secure web access
tomcat    tcp       8080      translated   80        enabled   web access
ntpd      udp       123       public    –         enabled   network time sync Continue reading

Overlooked but nice utility from Checkpoint – cpview

Checkpoint has made available starting with R77 this helpful information utility called cpview of which not many are aware. This is basically a Bash script that runs a bunch of native Checkpoint commands in the background and displays the output on the terminal while updating the data every other second.
– Running the command (you have to be in the Expert mode):

#cpview – File location:
# which cpview alias cpview='/bin/cpview_start.sh' /bin/cpview_start.sh
– Some of the commands the utility runs:
fw ctl pstat
fw ctl multik stat
fw ctl affinity -l -r

Example output:cpview
« Older posts

© 2016 yurisk.info