archive

a set of old projects, I was taking care of in the past. notice it’s all in Polish.

tutorials, howtos, articles

(nie)oficjalny Cisco FAQ PL

pierwszy z projektów, którego miałem zaszczyt zostać koordynatorem – nieoficjalne Cisco FAQ PL. projekt stanął, miał zamienić się w wiki… i tak na razie stoi - od 10 lat :)

korzystając jeszcze z miejsca – chciałbym podziękować wszystkim współautorom za współpracę.

Teksty o tematyce powiązanej z systemami komputerowymi – archiwalne, ale pozostawiam dla potomnych.

Techniki łączenia przełączników

  • v0.64 20/01/2004 12:25:56 HTML | PDF

tcpdump – podstawy sniffowania i analizy

  • v1.1 17/12/2003 16:44:05 HTML | PDF

Generowanie (nienajgorszych) haseł

  • v0.40 17/12/2003 16:46:06 HTML | PDF

putty i uwierzytelnianie certyfikatami

  • v1.2 2002/09/01 18:57:02 HTML

advisories

yeah… old ones. a lot of equipment had similar problems at that timeframe (2002!) and as you can probably tell, a lot of equipment still has similar problems in 2020. i was also able to remotely compromise Ericsson MD110 PABX due to multiple problems with input verification - and vendor, while friendly, choose to ignore me constantly :) anyway - old stories that some day may be published in full ;)

LG routers and switches buffer overflows on logging prompt

code and patches

they’re old. i don’t believe they’re much useful anymore, but here they are - maybe, just maybe, someone will find them educational (like for example - how not to do patches ;) ).

uRPF in FreeBSD

uRPF is a way to filter traffic using routing table by checking if source address matches interface best route. Packet will be accepted for further processing if:

  • there’s entry in routing table pointing route to packet source via the same interface packet arrived
  • there’s no specific entry, but default route still matches interface on which it was received
  • source address is not in routing table with explicit flag of RTF_REJECT or RTF_BLACKHOLE

this short patch can help fight spoofing of source IP addresses and instead of filtering statically, can automatically protect your network - and internet.

patch can be applied to:

  • ip_input.c v1.130.2.55 dated 2005/01/02 (RELENG_4)
  • ip_input.c v1.283.2.14 dated 2005/07/20 (RELENG_5)
  • ip_input.c v1.301.2.3 dated 2005/10/09 (RELENG_6)

to turn on testing set net.inet.ip.urpf to 1 or 2, and/or save it into system-wide /etc/sysctl.conf.

  • ‘1’ means uRPF strict check (there has to be entry in the routing table and default route won’t match)
  • ‘2’ means uRPF loose check (only RTF_REJECT and RTF_BLACKHOLE explicit route will cause packet to fail)

diff file to be applied by patch -p0 <ip_input.urpf.diff in /usr/src/sys/netinet:

  • patch | SHA1: e519deaae593c28f505ee2d4db075986023a20b7

Blackhole route support in Quagga bgpd on FreeBSD

patch that makes recursive next-hop entries set to Null0 properly supported by bgpd on FreeBSD systems.

  • patch | SHA1: 9aea26df2925a7d3ece0440fec72bd51545fd45e

OpenBGPd in FreeBSD

group of patches making possible to run OpenBGPd on FreeBSD (and NetBSD as well - probably). there’s already port in the FreeBSD package system that’s way newer and has support, so… ignore :)

fiction

only in polish - i won’t find time right now to translate it. you may have some luck with various translate engines, but i wouldn’t try… ;)