The easiest way to disclose Cisco routers on the network and how to fix it

Cisco gear has a well-known behaviour pattern that when you telnet to some weird and closed port on Cisco you get the uniform response of “Connection refused” . To add more precision it happens when a terminal line management access is enabled on the Cisco but your IP is not in …



Too much of the Zeus on TV

At 19th of October the 1st Russia channel aired the TV show called "Пусть говорят, Однажды в Америке" , dedicated to Zeus trojan story. You all saw and heard about this FBI operation that brought some 38 people to the captivity. The talk show on the most available and popular Russian …



Convert mb4 to mp3 files in one run with ffmpeg

Folks at Defcon.org have been somewhat inconsistent in publishing their conference audio archives - once they do it in mb4 format, once in mp3 . As I listen to them on my mobile phone during my commuting to the work and it doesn't accept anything but mp3 I had to first …



See what your users are doing - awk one-line scripts to parse Aladdin eSafe logs

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



RBLs - more hassle than benefit

as I wrote earlier Google mail servers got blacklisted , but it was only the beginning. Now I got complains from the client that hotmail.com users also get mail bounced because of this list . So, as running after each and every IP blocked by this list endlessly wasn't the best …



Do not miss the long awaited addition to the Fortigate 4 MR2 – sFlow data export

Great news – now Fortigate supports exporting data flows statistics to an external server using sFlow protocol (twin of Netflow from the Cisco world). I configured it in about a minute and it just works. To collect the sFlow data I use nfdump/Nfsen , that I found to be the most …



Darknet can't lie - most of the attacks, scans and other interesting things

indeed come from behind the Great Firewall of China. wordpress_id: 1230 category: Linux tags: awk weekly Working for Telco company entitles me to various perks, one of them is unlimited connection to the Internet with wealth of unallocated yet IP addresses. So to use it somehow I set up a …



Funny things people do - how to turn Checkpoint UTM 450 into Windows Media player

Someone has finally found the best use of the Checkpoint UTM 450 - turned it into the Windows Media player and recorded the instructions so others may follow. In case you still wonder - yes , it certainly voids the warranty. Enjoy youtube.com And to those very few that will try to …



You need no MX record to get mails

That one is funny. One client of ours that is actually themselves provide ISP services in a far-far-away land asked to add PTR record for their mail server . But that was dull, the interesting part was that their domain had absolutely NO MX record ! Only A record for the mail …



Skynet got blacklisted - Google mail servers entered RBL of Sorbs.net

When yesterday my client sent me the headers of blocked by eSafe (Aladdin) mails I was quite surprised - the message said " Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this …