Simple POP3 Communication HOWTO

December 16th, 2008

POP3 is an incredibly simple protocol, and with the most basic commands, you can access your POP3 server ‘by hand’ with this POP3 HOWTO without the need for a client. You can find the entire POP3 RFC here http://www.ietf.org/rfc/rfc1939.txt

Now, down to business. I have created a temporary test account:  test@iodigitalsec.com – please don’t try and access this as by the time you see this, it’s already been removed! I’ll use telnet to access the service, and send simple plain text commands. I’ve sent myself a test email, which I will also retrieve and then delete. Conversation as follows, I have highlighted my own commands in bold:

Read the rest of this entry »

Linksys WRT54G Serial Console

December 15th, 2008

Adding a serial port to your Linksys WRT54G, WRT54GS, WRT54GL and probably a wide range more is really really easy. The only thing we need is a serial to ttl converter. I personally followed the guide right here: http://www.rwhitby.net/projects/wrt54gs – works perfectly, and very well laid out. This http://www.compsys1.com/workbench/On_top_of_the_Bench/Max233_Adapter/max233_adapter.html is where I purchased my MAX232 kit from.

MAX232

MAX232

MAX232

MAX232

This is the device in it’s entirety. Leave the “Ct/Rt” unconnected, and connect + (+5V), – (GND), Tx and Rx according to the guide. You can then use your favorite serial terminal client to connect using 11500,8N1. You’ll need a null modem cable (serial crossover) to connect. Now it’s been some time since I worked on the Linksys WRT range. The earlier versions allow for a full firmware flash, later versions have seriously crippled hardware and a proprietory OS (VxWorks), and as such as pretty useless to hobbyists. If soldering this tiny board is too much trouble, you can also get hold of a MAX2323CPE chip, which only needs 4 ceramic capacitors to do it’s job.

Some simple filtering and sniffing with tcpdump

December 15th, 2008

tcpdump is one of the best network debugging tools available. In it’s most basic form, it will print network traffic in terms of a source and destination address to the console, more advanced uses include printing out captured ASCII and simple but powerful filtering.

tcpdump -ieth0 -n
# Start tcpdump listening on interface eth0, and do not attempt to resolve IP addresses to hostnames ( -n ).

What we see is:

20:51:40.848211 IP 217.10.X.X.22 > 93.97.Y.Y.52381: P 76216:76364(148) ack 261 win 8576
20:51:40.853726 IP 93.97.Y.Y.52381 > 217.10.X.X.22: . ack 59548 win 16848

And this is repeated over and over. Now this is a feedback loop. As we are connected via port 22 (SSH), this loop will continue, and we must therefore filter it out:

tcpdump -ieth0 -n tcp port not 22

Now we can cleanly monitor traffic. What happens though if we want to view SSH traffic, but not our own?

tcpdump -ieth0 -n tcp port not 22 and host not 93.97.Y.Y

We can build this filter up as much as we wish. Let’s start watching HTTP (tcp port 80) traffic only:

tcpdump -ieth0 -n tcp port 80

Finally, let’s set the ‘snaplen’ to 1500 bytes, and print out the captured data in ASCII:

tcpdump -ieth0 -n tcp port 80 -A -s1500
20:56:25.260143 IP 217.10.X.X.80 > 88.110.Y.Y.51171: P 1:550(549) ack 172 win 1728
E..Mn @.@..w.
..Xn!..P….’@…P…3…HTTP/1.1 404 Not Found
Date: Mon, 15 Dec 2008 21:05:17 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13
Content-Length: 313
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
<hr>
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.[HIDDEN].com Port 80</address>
</body></html>

And from this we can see all HTTP traffic. As you can see, it’s that easy to capture and decode plaintext traffic. We can do the same on port 110 (POP3):

Read the rest of this entry »

A BIND9 zonefile and commentary

December 15th, 2008

I’m often asked for a copy of various zone files for Bind, that other users may use as a template. Here’s the zonefile for www.adampalmer.me/iodigitalsec:

$TTL 604
@       IN      SOA      iodigitalsec.com. root.iodigitalsec.com. (
2008101023        ; Serial
172800         ; Refresh
900         ; Retry
1209600         ; Expire
3600 )       ; Negative Cache TTL
;
IN      NS      ns3.apnichosting.com.
IN      NS      ns2.apnichosting.com.
IN      MX      10      mail3.sasdataservices.com.
IN      MX      100     mail2.sasdataservices.com.
IN      MX      1000    backup-0.l3.iodigitalsec.com.
IN      A       217.10.156.197
*                       CNAME   iodigitalsec.com.

I’ll now cover each type of record briefly, and explain the ellusive decimal point.

The SOA or “start of authority” record indicates the domain name “iodigitalsec.com” and the email address of the domain administrator “root@iodigitalsec.com”, replacing the at symbol with a decimal point (this decimal point does not have the same meaning as those later on). There is only one SOA record allowed per domain. Contained within the SOA record is also a serial number, refresh, retry, expiry and TTL. The serial number is the ‘version’ of the zone. This is generally incremented each time the zone is updated. The refresh is used by the slave or secondary DNS server as an instruction on how often to update in seconds. The ‘retry’ is the length in seconds that the slave DNS server should wait before retrying to contact an unreachable primary DNS server. The expiry specifies how long until the slave DNS server stops responding to requests for this domain name, should the primary DNS server remain unreachable. If the primary DNS server becomes available again, the timer is reset. Lastly, the Negative TTL or ‘time to live’ value indicates how long the server will cache a NAME ERROR (NXDOMAIN) record. The longest permitted is 3h (10800 seconds).

On to the more simple records…
Read the rest of this entry »

Debian Lovers – Why I love Voyage Linux

December 14th, 2008

For those Debian lovers I have finally found a great embedded distro. I’ve always stayed away from the multitude of distros available, each with their own package manager or lack of, each with their own preinstalled software or again, lack of, and each with their own caveats.

I began my jorney into Linux with SuSE about 11 years ago at the time of writing, and have also given RedHat a fair chance in the past. In my first employment I was forced to battle against Slackware for two years, and about 7 years ago, discovered Debian.
Read the rest of this entry »