NetScreen Snooping

1- Increase the size of the dbuf buffer from the default of 32k

set dbuf size 4096

2- By default, snoop will only capture the headers of packets, i.e. 96 bytes. It won't capture the entire packet. If you want to capture the entire packet, you will need to use snoop detail len, where len specifies the amount of data in bytes you wish to capture for each packet, e.g., snoop detail len 256 to capture the first 256 bytes of packets

snoop detail len 256

3- To create a filter so that you see only the pertinent data, unless you want to see everything.
snoop filter ip 10.10.10.10

4- Before starting snoop, make sure that the buffer is empty:

clear dbuf

5- Start snooping:

snoop

6- Make sure to close snoop, as it's resource intensive:

snoop off

7- You can send the captured data to an external tftp server:

get dbuf stream > tftp 10.10.10.11 capture.pcap

Reference: http://support.moonpoint.com/security/firewalls/netscreen/snoop.php 

How to disable SSL v2 on IIS 7.0/7.5 on Windows 2008

SSL v2 is weak and outdated protocol. All modern browsers support SSL v3 and it's enabled by default on Windows 2008 (IIS 7 / IIS 7.5). To make sure all clients are using SSL v3 we must disable SSL v2.

This is what needs to be done to disable SSL v2:

1. Start - Run
2. Type "regedit" and click OK
3. Locate the following key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
4. Right click the "SSL 2.0" key and select Edit > Add key
5. Type "Server" and click Enter
6. Right click Server and select New > Add DWORD (32 bit) value
7. Type "Enabled" as the name and make sure the value is "0"
8. Restart the server

You can test your web server if it still supports SSL v2 or not using http://www.serversniff.net/content.php?do=ssl or http://foundeo.com/products/iis-weak-ssl-ciphers/

Reference: http://www.aip.im/2012/03/how-to-disable-ssl-v2-enable-ssl-v3-on-windows-2008/

Schedule Task for NPS Config Backup [Server 2008]

On Windows Server 2008

1- Create a text file and modify extension to PS1

C:\Config_Backup_Script\nps_radius_config_bk.PS1

2- Enter the powershell command in the

netsh nps export filename="C:\NPS Configration Backup\nps_config_$(get-date -f yyyy-MM-dd).xml" exportPSK=YES

3- Open Task Scheduler, "Create Basic Task", follow the wizard.
4- Under the action, choose "Start program" and enter
powershell.exe "&'C:\Config_Backup_Script\nps_radius_config_bk.PS1'"
5- Right click the task and open properties.

• "Change User or Group", choose "administrator" or any privileged user.
• Tick "Run whether user is logged on or not".
• Tick "Run with highest privileges".
• Click Ok and provide the administrator password.

Enjoy

Nagios Log File Time Conversion [Human Readable]

To tail the file online:

tail -f /var/log/nagios3/nagios.log | perl -pe 's/(\d+)/localtime($1)/e'

To convert certain time stamp:

echo 1376930831 | perl -pe 's/(\d+)/localtime($1)/e'
Mon Aug 19 19:47:11 2013

Ubuntu APT Proxy Settings

Open apt configuration file

vim /etc/apt/apt.conf

and add the following:

Acquire::http::Proxy "http://username:password@proxyhostname:port";

The syntax shown above should be strictly followed.

This configuration may fail if your username or password has an '@' in it. You can also add proxy configuration for other protocols such as FTP.