Category Archives: Computer

Block Skype Traffic on Cisco Router

November 5, 2008 patrick.preuss Leave a comment

Die Ciscos haben ein neues Konzept für die IOS Firewall implementiert. Mit dieser sollte auch das blocken von Skype möglich sein.

ZoneBased Firewall

Auf dem Ansatz der alten Lösung, Link, werd ich das ganze mal auf die ZBF übertragen.

Hier der erste Ansatz:

--- snip ---
class-map type inspect http block-skype-class
match request method connect
!
class−map type inspect match−any private−allowed−class
match protocol tcp
match protocol udp
match protocol icmp
!
policy-map type inspect inside-outside-policy
class type inspect http block-skype-class
 drop
 log
class type inspect private−allowed−class
 inspect
class class-default
!
! the good
zone security inside
!
! the bad 
zone security dmz
!
! and the ugly
zone security outside
!
! combine inside and outside
! traffic goes from inside to outside
zone-pair security inside-outside source inside destination outside
service-policy type inspect inside-outside-policy
!
interface FastEthernet 0
zone-member security inside
!
interface FastEthernet 1
zone-member security outside
!
--- snip ---

Barcodes, Computer, Handy, Nokia

Barcodes und VCARD

November 2, 2008 patrick.preuss Leave a comment

Seit einiger Zeit scheint es möglich zu sein eine VCARD als Bardcode zu encoden.

http://de.wikipedia.org/wiki/QR_Code

http://trau.kainehm.de/2007/06/03/barcodes-in-2d/

http://photo.kaywa.com/roger/detail/430

http://reader.kaywa.com/

qrcode

Cisco, Computer, Routing, xDSL

VDSL mit Cisco Routern

October 26, 2008 patrick.preuss Leave a comment

[sourcecode]
!
interface FastEthernet3
description WAN to VDSL-Modem
switchport mode trunk
!
interface Vlan7
description VLAN fuer VDSL
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap pap callin
ppp pap sent-username @t-online.de password 0
[/sourcecode]

Cisco, Computer, Routing, xDSL

VDSL mit Cisco Routern

October 26, 2008 patrick.preuss Leave a comment

Computer, Security

kerberos und windows xp

October 25, 2008 patrick.preuss Leave a comment

Achtung kann üble Probleme machen.

[sourcecode]
ksetup /SetRealm PATRICK-PREUSS.DE
ksetup /AddKdc 10.0.12.32
ksetup /AddKpasswd PATRICK-PREUSS.DE 10.0.12.32
ksetup /SetComputerPassword somethingverysecret
ksetup /MapUser rt01@PATRICK-PREUSS.DE rt01
[/sourcecode]
[sourcecode]
C:Documents and Settingsrt01> ksetup
default realm = PATRICK-PREUSS.DE (external)
10.0.12.32:
(no kdc entries for this realm)
Realm Flags = 0x0 none
PATRICK-PREUSS.DE:
(no kdc entries for this realm)
kpasswd = 10.0.12.32
Realm Flags = 0x0 none
Mapping rt01@PATRICK-PREUSS.DE to rt01.
[/sourcecode]

Computer, LDAP, Security

OpenLDAP ppolicy

October 23, 2008 patrick.preuss Leave a comment

— snip /etc/ldap/slapd.conf —
# ppolicy schema
include /etc/ldap/schema/ppolicy.schema

moduleload ppolicy.la
overlay ppolicy
ppolicy_default “cn=default,ou=PasswordPolicy,dc=patrick-preuss,dc=de”
ppolicy_use_lockout
— snip /etc/ldap/slapd.conf —

— snip default.ldif —
dn: cn=default,ou=PasswordPolicy,dc=patrick-preuss,dc=de
objectClass: device
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 1
pwdExpireWarning: 432000
pwdFailureCountInterval: 0
pwdGraceAuthNLimit: 0
pwdInHistory: 0
pwdLockout: FALSE
pwdLockoutDuration: 1920
pwdMaxAge: 7516800
pwdMaxFailure: 4
pwdMinLength: 6
pwdMustChange: TRUE
pwdSafeModify: FALSE
— snip default.ldif —

— snip peruser.ldif —
dn: cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=noexpire,ou=PasswordPolicy,dc=patrick-preuss,dc=de
— snip peruser.ldif —

Computer

Krb5 und LDAP

October 23, 2008 patrick.preuss Leave a comment

http://www.ibm.com/developerworks/db2/library/techarticle/dm-0809govindarajan/

kadmin.local: modpol -maxlife 180days -minlife 1hours -minlength 6 -minclasses 2 -history 10 default

http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/multiple_principals.html

Computer

MIT Kerberos change password

October 22, 2008 patrick.preuss Leave a comment

kadmin.local -q ‘cpw -pw somethingsecert rt01krb5’

Computer, LDAP

mDNS und OpenLDAP

October 22, 2008 patrick.preuss Leave a comment

Zur Zeit schein der slapd noch keine API zu avahi zu haben.
Also doch ein wenig Handarbeit:-)

Mein Docu.

Computer, LDAP, Security

Kerberos und LDAP II

October 22, 2008 patrick.preuss Leave a comment

Normalerweise werden die Kerberos Attribute unter “cn=Kerberos,…” gespeichert.
Es ist möglich diese unter der “ou=People,….” in einem Account zu speichern.

The worst day diving is better than the best day working:-)