Tuesday, June 21, 2022

More Vi Tips

Found "Vi Tips for Developers" while jumping around inside the System Administrator's Webring.

Update: this post was flagged (in June 2022) as violating Blogger's content policy (relating to Malware and Viruses). The above content has not been changed. Only this last statement has been added. Please note that the above post does not relate to Malware or Virsues.

Sendmail compiling for the no-server crowd

For anyone who only wants a box to e-mail it's own logs (and not run a server) and that's still trying to figure out how to get the newest version of Sendmail to run without the "Connection refused by 127.0.0.1" error:

   Edit /etc/mail/submit.cf so that the DS line contains the FQDN to your upstream mail server.

   Example: DSmail.myisp.com

You'll also need to set root:smmsp permissions on /var/spool/mqueue.

Hope this saves someone else some time (it took a bit of reading on my part).

Update: this post was flagged (in June 2022) as violating Blogger's content policy (relating to Malware and Viruses). The above content has not been changed. Only this last statement has been added. Please note that the above post does not relate to Malware or Virsues.

Google

Yikes! I fell into this one while cleaning out the spam filters in the comment section. Seems that someone was spamming google1.com. It turns out that that's a legitimate domain, owned by Google. Having it show up in comment spam probably means that it's a test message. The interesting part is if you type "whois google" (with or without the trailing ".com"). You get the following return:
  • GOOGLE.XDNICE.NET
  • GOOGLE.WAIKOOL.COM
  • GOOGLE.TRENDYMP3.NET
  • GOOGLE.TCONV.NET
  • GOOGLE.SKGPUBLISHING.COM
  • GOOGLE.SITNIK.NET
  • GOOGLE.RU286.COM
  • GOOGLE.RU
  • GOOGLE.PAASEI.NET
  • GOOGLE.MOLDOR.COM
  • GOOGLE.MELBOURNEIT.COM.AU
  • GOOGLE.MARS.ORDERBOX-DNS.COM
  • GOOGLE.MADE-IN-NB.COM
  • GOOGLE.IFREEBSD.COM
  • GOOGLE.IE
  • GOOGLE.FUTUREWORKSONLINE.COM
  • GOOGLE.FR
  • GOOGLE.FI
  • GOOGLE.ES
  • GOOGLE.EARTH.ORDERBOX-DNS.COM
  • GOOGLE.DE
  • GOOGLE.CYGRATIS.BE
  • GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
  • GOOGLE.COM.VN
  • GOOGLE.COM.UA
  • GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
  • GOOGLE.COM.PLZ.GIVE.A.PR8.TO.AUDIOTRACKER.NET
  • GOOGLE.COM.MX
  • GOOGLE.COM.IS.POWERED.BY.MIKLEFEDOROV.COM
  • GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
  • GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM
  • GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
  • GOOGLE.COM.BR
  • GOOGLE.COM.AU
  • GOOGLE.COLORSEE.COM
  • GOOGLE.CO.UK
  • GOOGLE.CO.JP
  • GOOGLE.CNIELIVE.COM
  • GOOGLE.CL
  • GOOGLE.CHENNAIEXPRESS.COM
  • GOOGLE.CH
  • GOOGLE.CANT.SET.THEIR.SERVERS.TO.GENERATE.THE.TRAFFIC.LIKE.CRAWLINGCLOUT.COM
  • GOOGLE.CA
  • GOOGLE.ADRIANP.NET
  • GOOGLE.8LEGS.NET
  • GOOGLE.51-HELP.COM
  • GOOGLE.NET
  • GOOGLE.COM

While some of those are legitimate, many are not. I wonder how much trouble Google has defending their trademark.

Update: this post was flagged (in June 2022) as violating Blogger's content policy (relating to Malware and Viruses). The above content has not been changed. Only this last statement has been added. Please note that the above post does not relate to Malware or Virsues.

Google Maps

For my own reference: pointed to by Furrygoat article, how to add annotations to Google Maps (I've added links to other odd stuff that you can do with Google Maps):

There's hundreds, if not thousands of other examples. I've just run out of time to continue digging up these links.

Update: this post was flagged (in June 2022) as violating Blogger's content policy (relating to Malware and Viruses). The above content has not been changed. Only this last statement has been added. Please note that the above post does not relate to Malware or Virsues.

Building honeyd

Following isn't really a howto for getting honeyd up and running but it should help. I'm posting it here as I plan on rebuilding my home system and want to keep track of how it did it. I'll blog the process here just in case anyone else wants to follow my breadcrumbs. Please note that setting up urpmi for network downloads, using CPAN, and compiling code are beyond the scope of this document. (Hint: For the external urpmi setup, Google for "easy urpmi" and look for the Penguin Liberation Front!)

The various code packages below are either installed via urpmi (if the package is available) or built from source code. Remember to run "ldconfig" between library installs! The URL's for all of the below was available either in the comments made by "configure" or on the honeyd site itself.

Process:
1) installed byacc, (which is required by flex) (via urpmi)
2) installed flex (which is required by libpcap)
3) installed bison (which is required by libpcap) (via urpmi)
4) installed libpcap (which is required by honeyd)
5) installed libdnet (which is required by honeyd) (see honeyd site)
6) installed libevent (which is required by honeyd) (see honeyd site)
7) installed honeyd
8) added IP address to interface via:
ifconfig eth0:1 192.168.123.10 netmask 255.255.255.255 broadcast 192.168.123.255

9) installed Mail::Sendmail from CPAN (for the smtp.pl script). Please note: had to force the install as it was hanging on a "send" test. (Note:fix later.)
10) installed Net::DNS from CPAN (for the smtp.pl script).
11) installed arpd
12) wrote a simple start-up script consisting of:
#!/bin/sh
killall honeyd
killall arpd
arpd -i eth0:1 192.168.123.10
ifconfig eth0:1 inet 192.168.123.10 netmask 255.255.255.0 broadcast 192.168.123.255
honeyd -l log.honeyd -f honeyd.conf -i eth0:1 192.168.123.10

13) ran ./run-honyd (the start-up script above)


Comments:
1) The libevent site has some links to some other interesting projects.

Update: this post was flagged (in June 2022) as violating Blogger's content policy (relating to Malware and Viruses). The above content has not been changed. Only this last statement has been added. Please note that the above post does not relate to Malware or Virsues.

A new algorithm

I'm thinking that it's time to get off of Google services. I just received a number of emails from Google, announcing that five of my posts (from as far back as 2004) have been unpublished because they were related to malware and viruses. The titles of those posts:

  • More VI Tips - this was just a pointer to someone else's web site, which no longer exists
  • Sendmail compiling for the no-server crowd - explains what you need to edit before compiling the sendmail.conf file
  • Google - this was basic research on someone who was spamming my comment section
  • Google Maps - provided links to sites that explained how to add annotations to Google Maps
  • Building honeyd - discussed some of the problems that I'd experienced while attemtping to compile a honeypot (a defensive tool)

The short version: none of these posts discussed malware or viruses. If these flags were implemented manually, HR needs to take a look at the resume of whomever flagged these posts. If it was an algorithm (more likely), Google needs to disable that algorithm and review the logic employed in it.

I don't know about anything nowadays, but we learned in the early 00's that keyword searches have a high false positive rate. My favorite example: blocking the Virginia educational system because the url has "virgin" in it (yeah, that was a $17B project that did that).

In short, I'll fight this once. The more likely event will be that I move the blog off of Google and onto a less buggy platform.