Sunday, May 20, 2007

Batteries Not Included

I parked my car in front of USM CS's school car park. And when I plan to go back for rest, I found out my car battery sucked dry. It was my mistake somehow that the car lamp did not switched off. I phone Reza, my friend, to get me a pair of "car battery jump starter" and do this step:




Pix taken from here

Moral: Pastikan tangan anda tidak gabra semacam. Petang semalam jadi. Rupanya malam tadi pun sama jadi jugak kot,sebab pagi tadi terpaksa jump start dengan kawan aku. then aku pi minum lepas boleh start kong balik(tak charge ko?).

For the jump starter it cost me RM20 (around USD5) per pair . Well somehow fazot, as far I know got it less RM5.

Well, I just knew that my 18 months battery has dry out. So I opt to replace a new one since after what happened yesterday, it did happened again TWICE today.

I changed my Century wet batt to Yokohama. It costs me RM140 (around USD45)
You can refer here


Thursday, May 17, 2007

Snort_inline n00b

























Victor Julien
To: mnajem
Hi!

mnajem wrote:
> hi,
>
> i am relatively new to IDS and IPS stuffs.
> I am confused with
>
> snort rules, say here:
> http://www.bleedingthreats.net/bleeding-all.rules
>
> and snort_inline rules.
>
> do they have difference? i mean do snort_inline use snort's rules so
> that the iptables will drop messages got via libipq?

I think the difference is just that the snort_inline rules have the
action set to 'drop' already. The Snort rules are just using 'alert'.

> currently i'm trying to do research on improving speed of IDS/IPS
> whether on signature checking or if possible in layer 7 inspection/deep
> inspection.
>
> in addition, i also confused whether l7 netfilter do the same job of
> snort_inline on inspection packets.

The l7 matching in netfilter and also the string matching in netfilter
are very limited compared to Snort. This is because snort does many more
things with the packets before inspecting them, such as stream
reassembly, decoding, normalizing, etc. All these things are not
possible in netfilter. The advantage of the netfilter modules however,
is speed. The speed of a in-kernel matching mechanism is much higher.
The disadvantage is that it's trivial to evade detection by methods like
session splicing or tcp fragmentation and all kinds of encoding.

Hope this helps,
Victor

Tuesday, May 15, 2007


Gnuwin32/Cygwin

Saya tidak pasti bagaimana anda menggunakan Cygwin(jika ada),tetapi kadangkala katakanlah anda tidak mempunyai aplikasi tersebut di dalam cygwin,sebaliknya pada projek GNUWin32

Contohnya saya ingin mengekstrak file bersuffiks .shar (shell archive)

Aplikasi itu (shar/unshar) ada di sini:
http://gnuwin32.sourceforge.net/
http://sourceforge.net/project/shownotes.p...;group_id=23617

Yang saya ada ialah Cygwin.

Setakat pengalaman saya,anda boleh mengekstrak installer dari laman Gnuwin32 dan ia akan mengekstrak aplikasi itu ke:

C:\Program Files\GnuWin32\bin


Namun demikian, Cygwin anda tidak dapat membaca executable file tersebut kerana set arahan Cygwin berada pada:
/bin dalam cygdrive (virtual drive).

Apa yang anda boleh lakukan ialah mencipta softlink dengan arahan "ln"

ln -s /cygdrive/c/Program\ Files/GnuWin32/bin/unshar.exe /bin/unshar.exe
ln -s /cygdrive/c/Program\ Files/GnuWin32/bin/shar.exe /bin/shar.exe


Cara yang sama juga saya gunakan untuk aplikasi lain yg tiada di dalam arkib binari cygwin.
Why do you have to graduate from Grad School?





Thursday, May 10, 2007

Peking: When I'll be there again, in Summer?

Tuesday, May 08, 2007

No Scapy: It's Scruby/Scaperl

Though proof of concept, I think I like it in some way

Scruby

Scaperl
"Non Tailed" Fox


I am compiling Fox, which needed as a value added package for RubyForger, a Ruby-based packet generator

*the title was modified version of Uzumaki Naruto's sealed "Nine Tailed Fox"

Monday, May 07, 2007

Sunday, May 06, 2007

Nepenthes on Fedora Core 6 Issue

Question:

Me wrote:

Hello.

Currently I'm running nepentes 0.2.0 on Fedora Core 6 installed using RPM.

I got this message when I want to check it's status since when I scanned the localhost port it didn't mock the meant service:

[root@localhost ~]# /etc/init.d/nepenthes status
nepenthes dead but subsys locked


What subsys mean?

Answer:
try
/etc/init.d/nepenthes restart
if that doesn't get it, find the lock file in /var and delete it. then start it.
Mari Belajar Regular Expression (Regexp)

Regular expressions atau daripada sesetengah-setengah individu memberi gelar sebagai "ungkapan nalar" ialah salah satu cara untuk memudahkan pencarian aksara sasaran dengan corak/pattern tertentu.

1) Ringkasan

Secara ringkas, ia melihat syarat/pattern matching untuk sesuatu target sebelum input tersebut di"cekup" bagi dipaparkan/digunakan.

Sebagai contoh:

$ls -l |grep ^d


Di sini , arahan penyenaraian panjang digunakan untuk memaparkan kandungan direktori, dan output senarai tersebut di"cekup" menggunakan aksara "caret" yang menginginkan penyenaraian bermula dengan aksara "d"

Tujuan pengguna menggunakan arahan ini ialah untuk memaparkan direktori saja. Arahan ini mempunyai nilai yang sama dengan:

find . -maxdepth 1 -type d (yang secara default mempunyai nilai -print )

atau jika ingin memperkecilkan skop

find . -maxdepth 1 -iname "" -type d


maxdepth ialah tahap jutsu atau chakra yang diperlukan untuk mencari sasaran


2) Aksara Escape

Aksara escape iaitu "\" digunakan untuk "mencekup" aksara pattern regular expression seperti ^,$,\,. dan lain-lain.

Contohnya:

$ cat test.txt
\
$
^


$ grep "\/|\$\|\^" test.txt
\
$
^


3) Aplikasi

Banyak aplikasi yang menggunakan "regular expression" atau "regexp" sebagai nadi komponennya. Antaranya untuk pemadanan aturan pada fail konfigurasi (rule matching) dan pemeriksaan packet (packet deep inspection)


Kelajuan aplikasi yang menggunakan "regular expression" bergantung kepada bagaimana aplikasi/skrip tersebut ditulis.

Rujukan

1. PCRE - Perl Compatible Regular Expressions in Cheatsheet PDF
2. Mastering Regular Expressions [catalog]
3. Ruler: high-speed traffic classification and rewriting using regular expressions [pdf]
4. Algorithms to Accelerate Multiple Regular Expression Matching for Deep Packet Inspection [pdf]


(c) mnajem 2007, copy with author credits retained

Thursday, May 03, 2007

Random Talks

Aku tengok satu trend orang perempuan suka tulis diary. Detail. Sangat detail. Adakah ini menggambarkan sikap mereka yang teliti (baca:cerewet) ?

Sebaliknya, aku lebih suka tulis benda-benda teknikal, movie review. Dan future plan aku ialah nak belajar guna kamera DSLR supaya aku boleh snap gambar burung, gambar serangga, gambar bangunan tinggi, belajar pasal pencahayaan, touch up gambar dan lain-lain.

Costly?

Ya benar, aku rasa aku perlukan sekitar RM2,000 ke atas untuk hobi yang mahal itu.

Wait up? Hobi? Bercakap pasal hobi aku takde hobi yang menarik sangat selain layan anime-bermula dengan Naruto, Bleach. Masa study dulu beli Dragon Ball, Dragon Quest dengan Conan.

Macam membazir? Oh tidak sangat. Sebab komik-komik ni mengajar pembaca berfikir, ada unsur-unsur kemanusiaan dalam tu. So, kalau nak komplen kena la nilai dulu benda baik yang ada dalam komik bersaiz Doraemon itu. Haha.

Basketball.

Oh, aku ada beli basket ball Adidas dengan pam bola Puma haritu. Adala semangat dalam sebulan saja lepas tu aku dah tercongok depan laptop aku ni nak siapkan keje... due June 1st. Wahhhhaaa aku post sini sebab sangap dah ni..

Banyak paper downloaded dari IEEE/Science Direct- went thru one by one... itu pasal. Research ni sangat la lonely. Ko je paham apa ko buat. Camne ko deliver ko punye contribution kat orang kasi diorang nampak keje ko ni bermanfaat:
To save the mankind
Haha.... now you know the purpose of human existence.
Bukan bangun tidur, makan tidur, nak duit tipu orang, putar belit, korup kan? Kan? We work hard to gain money and life satisfaction-which you define yourself what it is. Dan nafkahkan sebahagiannya untuk tujuan Lillahi Ta'ala.

Aku ada tengok beberapa Indonesian netters compile aplikasi e-book untuk Hadith, Sirah, dan lain-lain. Tapi aku tengok orang Malaysia lebih suka update gambar2 terkini kat fotopages. Haaa tu pasal ko tengok fotopages tu berapa ribu orang Malaysia. Mengalahkan negara lain yang populasinya berkali ganda.


Wednesday, May 02, 2007

Snort_inline: Compilation Issues

After gave up with Debian since I can't resolve libdnet problem on Debian, I opt to take Fedora Core 6 with reasons:

1-Community driven
2-Less compilation (machine is Pentium 3. I just add up my own 128 SDRAM )
3-Package management

However, I regret that yum slowness which drive me upset. Everything else fine.
Funny stuff: I use Ubuntu on my laptop and when I want to use yum search facility, it leads to

#yum cache search


ROTFL

(apt-cache is for Debian variant which works almost the same with yum search. The command given above mixed)

I saw victor posted something on his blog regarding snort_inline dropped libipq dependecies horror as posted here

I checkout'ed the SVN version, compile it and and succeeded.