December 4, 2005

Backing up Windows machines using rsync and ssh

As all other unix tricks this is also the result of laziness and the need. I wanted to backup data on my windows laptop to a central linux/unix server. I didn't want all the features of available expensive backup solutions. Just a simple updated copy of my data on a central machine which is backed up to the tape daily. rsync is known for fast incremental transfer and was an obvious choice for the purpose.

We have a unix machine at our workplace which has a directory structure /backup/username allocated for backing up user data. rsync has a client/server architecture, where rsync client talks to an rsync daemon at the server side (This statement may not be completely true. I am not sure and don't care also. You can refer to rsync manpage for complete discussion over rsync.). rsync client can connect to rsync server directly or through other remote transport programs like rsh, ssh etc. I decided to use ssh for transport for security and simplicity.

To read further, click on any of the link below:
http://aplawrence.com/Unixart/backup_rsync.html
http://articles.manugarg.com/backup_rsync.html

I would like to hear if it was useful to you.

cheers,
`manu'
_________
Manu Garg
http://manugarg.com

Technorati tags:

November 16, 2005

Continuing disrupted file transfer: magic of dd and netcat

We had a problem last week. DBA team wanted to clone QA database from the export backup of production database. A usual activity in DBA world, I guess. Our production and qa systems are at different sites and we were facing some WAN issues resulting in very slow file transfer. Export backup consisted of one file of size 3.8 GB. Our offshore DBA started file transfer at 3 AM EDT. By 8 PM in the evening, almost 3.3 GB had been copied. I know it's a long long time. But, WAN was really slow because of some third-party issues. And just then network team started working on the issue (with no prior notification to us of course). You can imagine what would have happened after that. Yes, connection was broken and solaris 8 ftp server doesn't support 'restart'.

Knowing that ftp copies file sequentially, I was pretty much confident that there must be some way to continue with that 3.3 GB file. My acquaintance with dd and nc came to rescue. This is how I did it-

Problem: There is a file called prdcma_fullexp_200511032230.dmp.gz on amusprddb06 of size 3877579206 bytes (approx 3.8 GB). This file is getting transferred to amusqadb02 through ftp and network goes down. 3343810560 bytes (3.3GB) have been copied. How to complete this file?

Solution: nc (formal name: netcat) was the obvious choice for data transfer over network. I needed some tool to seek within the file. dd worked just fine for the purpose. After going through manpage of dd, I figured out following commands for the purpose:

At server side (amusprddb06):
dd if=prdcma_fullexp_200511032230.dmp.gz iseek=3265440 bs=1024 | ~/nc -l -p 2005


At the client side (amusqadb02):
./nc amusprddb06 2005 | dd of=prdcma_fullexp_200511032230.dmp.gz seek=3265440 bs=1024


This is how I calculated seek required:
Copied bytes=3343810560 => Copied blocks=3265440

Block size can be different too. Actually it's not required that the copied bytes be divisible by block size. For example if copied bytes were 3343810570 instead of 3343810560 (10 bytes more), I could have seeked the same number of blocks and overwritten 10 bytes. Not a big deal, right.

Here are some interesting observations from above transfer:

-dd on the server side reports 521258+1 records transferred i.e. 521258 full and 1 partial block
-dd on the client side reports 500678+42702 records transferred i.e. 500678 full and 42702 partial blocks.

Obviously, client is not getting all 1024 sized packets. Packets are being broken over the network. And interestingly (from manpage of dd)- "When dd reads from a pipe, using the ibs=X and obs=Y operands, the output will always be blocked in chunks of size Y. When bs=Z is used, the output blocks will be whatever was available to be read from the pipe at the time."

Server side shows just 1 partial block and that is because file size is not completely divisible by 1024.

Fine tuning block size (something in sync with network MSS) will really speed up. I didn't bother checking. You can give it a try.

cheers,
Manu Garg
http://www.manugarg.com
"Journey is the destination of life"

Technorati tags:

July 24, 2005

Defeating Firewalls: Sneaking Into Office Computers From Home

How-to Get Into Your Office Computer From Home (..without using VPN)
Greetings,

Ok guys. Last paper went well. Here is the new paper from me. This paper shows how easily you can ridicule the firewalls of your company.

In this paper, I discuss a technique to get into your office computer using ssh tunneling and some other cool tricks. You don't need anything much to implement this, not even an open port on the firewall. All you need from your company is the http(s) proxy which most of the companies do provide.


Here is the problem scenario - "You work with a company 'XYZ'. At office, you cannot access internet directly and you 'browse' internet using HTTP(S) proxy. Back at home, you have an internet connection. You want to access the office computer from home, but you don't have the VPN access." How do you do that? Read the paper for the solution.

Disclaimer: Please use your brain before using this technique. You can be kicked out by your employer for using it. Don't blame me.

Here are the links to the paper:

infosecwriters.com:
http://www.infosecwriters.com/text_resources/pdf/ssh_tunneling.pdf
googlepages.com:
http://articles.manugarg.com/ssh_tunneling.pdf

Let me know what you think about this paper.

cheers,
~manu
---------
Manu Garg
http://www.manugarg.com

Technorati tags:

June 29, 2005

Updates on last paper - "Sniffing in a Switched Network"

Greetings everyone,

I got some good response to my paper - "Sniffing in a switched network". Here is a little update.

It got published on infosecwriters.com and astalavista security group's website:
http://www.infosecwriters.com/texts.php?op=display&id=298
http://www.astalavista.com/index.php?section=directory&linkid=4433

Jerome Athias (of http://wired.s6n.com/files/jathias/ ) liked it and did the nice work of translating it in French. You can find it's french translation here:
Sniffing in a switched network (in French)

Thank you for the support guys! This is definitely encouraging.

---------------------------------------------------
Further Updates. Dated: Aug 2, 2005
Appeared on digg.com homepage:
http://digg.com/security/Sniffing_in_a_Switched_Network

----------------------------------------------------

Cheers,
Manu
---------
Manu Garg
http://www.manugarg.com
"Truth will set you free!"

June 13, 2005

Sniffing in a Switched Network

Many of us know that sniffing is possible in a shared i.e. non-switched ethernet environment. But only few of us know that sniffing is also possible in a switched ethernet environment. One of the reasons is that it's not that straighforward. But it's not impossible or difficult. You can use man in the middle technique like ARP spoofing to sniff in a switched environment.

This presentation is an attempt to explain how can somebody sniff in a switched ethernet using ARP spoofing. Dsniff has existed for long as a tool for various sniffing activities. But recently, tools like EttercapNG have made it easier.

Presentation:



Sniffing in a Switched Network (PDF format)
Sniffing in a Switched Network (Microsoft PPT)


Cheers,
-Manu
----------------
Manu Garg
http://www.manugarg.com
"Truth will set you free!"

Technorati tags:

Digg this; Post to del.icio.us