Feldman.org

Heel, Spammers, Heel!

Sorry, Charlie� Only nice people are supposed to leave comments. The 1240 blog-spam comments that accumulated whilst Stacy and I were having our fourth child simply had to go. I'm sure that there is someone out there somewhere that wants to buy Cialis, but ... not here.

For now, until life calms down a little (new job, new city, new home, new baby - you get the picture), comments will be left off. Please email me at jf@feldman.org if you have anything to say; I'll share reasonable comments in the blog entry itself for now.

At some point, I'll re-enable comments to either filter out the meanies or to perform user verification. Sadly, won't have time to geek around with this site for a while. It's all for a good cause, though. :-)

I cheerfully admit to using a flamethrower to get rid of those guys, so I may have broken some links in the process. If you can't find something, let me know, and I'll try to help out.

Articles, Articles...

Wow, it's been a while since I've updated this site. Bad Jonathan!

Here are my thoughts about Intellectual Property in this country as it affects information technology. I am mostly pretty libertarian in my viewpoints, but it seems to me that there is a time for government to step in and act as carbon rods in what can be a runaway nuclear reactor of corporate greed.

Also, this column was pretty controversial. I was certainly one to shout about the necessity of desktop lockdown back in in 2001 (and even prior to that, come to think of it!)

One reader wrote that making decisions about lockdown (versus unilateral policy) was a sure-fire way to cause litigation. Certainly, if your decision methodology is arbitrary and not bona-fide occupational qualification-based! That's why you need to enlist business managers in this process, I would think.

At any rate, see what you think. :-)

Patch Management -- Secure Enterprise

Here's an article I wrote for Secure Enterprise Magazine. Patch management is a wonderful thing, but it's my contention that PM is simply one part of good desktop management. See if you agree.

Network Computing Articles

Here are the latest articles I've written for Network Computing for your reading pleasure. As usual, throw comments or cookies my way. ;)

The Microsoft Settlements: Do They Really Matter to IT Managers?

Trojan Terror: Targeted SMTP attacks, what to do about 'em.

Enjoy!

Looking for DHCPME?

I keep getting requests for the old DHCPME.EXE program, so I thought I'd take a minute and explain that you don't need it.

In a nutshell, DHCPME is not necessary for machines that have WScript or VBScript. I only wrote it (many years ago) because the platforms that I was updating didn't have scripting tools available.

Check out this Microsoft Knowledge Base Article for a good way to enable DHCP on your machines, Windows 95 and above.

Enjoy!

Updated SMTP Penetration Risks paper

I've added some more ways of blocking SMTP attacks, with a little help from my friends. :-)

Again, any constructive criticism, etc, is most welcome.

SMTP Penetration Risks PDF

SMTP Penetration Risks Paper Available

Greetings and good day to you!

I thought I would share a paper that I wrote on some of the risks of combining pills and alcohol... no, wait, I mean the risks of combining SMTP spoofing with HTML. It's totally sick and crazy how it is relatively easy to send malicious HTML into most organizations' email boxes -- which ultimately translates into a penetration risk.

Included in the paper is some code that I wrote to test these ideas in a proof-of-concept using consenting targets. The results were kinda scary.

Any and all feedback would be lovely. I basically wrote this at first for my own benefit, just to gnaw on the ideas a bit, then shared it with some engineers that I work with. Now I'm looking for someone to either (1) tell me that I'm on crack to think that this is a risk, or (2) share ideas on how to mitigate this risk further, or (3) correct errors in this paper.

(I've updated it in this entry, so download it from there, please.)

Memorial Day Weekend At Last!

Ahhh... Memorial Day. Just family, friends, brews... and technology.

I'm doing a bunch of stuff that I've been putting off forever. Lots of servers ripped apart, I'm trying to recover some info off of an old hard drive for a friend, etc. I'm checking out "R-Studio" from the good folks at RTT. So far, it actually looks like they know what they're doing! ;-)

Some quick thoughts, while I'm thinking them.

If you missed "Secure World Expo" in Atlanta, too bad! It was actually a pretty decent show. Check it out next year, or in another venue.

I've been chatting back and forth with Luca Deri, bon vivant and NTop author extraordinare. He's put some of the functionality of my appgraf script directly into the NTop binary itself, for those of you who don't want to deal with my kludgy script, and/or don't want to run an Apache instance on your server. Naturally, this involves a fairly recent source code checkout and compile.

Have a safe & happy Memorial Day. Me, I find the holiday somewhat sobering, so I sometimes think we ought not party as much as we do ... but, then again, those that fell did so that we might cook out and drink beer in peace and freedom. A virtual moment of silence, if you please, and of thanks.

Thanks, all of you.

Holy Cow, Maggie! (Maggie Award)

Wow!

At the recent Maggie awards, crazy judges gave my "IT Agenda" series of articles the "Best Series of Articles/Trade" award. (March 5 and July 10 seem to have been the pieces that sent 'em over the edge.)

Pretty sweet!

Mana does fall from heaven every now and again!

Free Wake On Lan Wakeup Utility

[Stephen] wrote:
> Is there a tool, preferably free, that I can use to wake up WOL computers?

Sure! Check out Donald Becker's ether-wake. There are about a gazillion places you can find this -- but the canonical place is Scyld Software's site.

It compiles just fine on RH Linux. As for Windows...

]]> Sadly, there are problems under Cygwin. The compile complains that "linux.h" is not found -- uh, yeah. That's because it isn't there. :-)

Worse, "SOCK_PACKET" is undefined under Cygwin. A quick glance in /usr/include finds that SOCK_PACKET is undefined, even in net.h or cygwin.h.
(The Cygwin site says that "SOCK_PACKET" simply isn't supported under windows.)

But, take heart. You can use the Perl module Net::Wake. This does work under Cygwin (haven't tested under ActiveState Perl). You can install it from CPAN by saying:
perl -MCPAN -e "install Net::Wake"

Then, you should be able to type:
perl -MNet::Wake -e "Net::Wake::by_udp (undef,'00:00:87:A0:8A:D2')"

9/13/2004 Note. Some links here might not work anymore. Sad, but true. I've removed one that someone pointed out.

For perhaps more current information, you might try the Wake-On-Lan mini-howto.

NTop Tested at Large ISP Peer

Steve Paine, ISP-guy, tells the tale of NTop running with RRD and NetFlow at an ISP with 10,000 internal customers. Good reading if you're interested as to NTop scaling. Long and the short of it is, "it works if you configure it right, it crashes if you try to keep track of every host on the Internet." :-)

This appears via the NTop mailing list

Using NTop with Cisco-NetFlow as a Data Source

Burton Strauss, NTop champion and mailing list guardian, has posted my imaginatively-titled document, "NTop, NetFlow, and Cisco Routers" to the NTop project page.

Enjoy. Throw cookies or commentary my way!

Good "WiFi" article at NWC

Dave Molta did a nice job with his treatment of the state of wireless security. If you're responsible for deploying WiFi, check it out!

NTop Appgraf contrib script now available

I dig NTop -- it's a really swanky open source network monitoring tool. And if you want per-application bandwidth utilization, it's perfect. Add the fact that you can turn on RRD, the Round Robin Database, and presto-- long term application utilization trends! I mean, who DOESN'T want to know how much of their expensive WAN pipe is occupied by P2P versus actual work being done!! :-)

Only problem was, getting to that data was somewhat of a pain in the butt. So I wrote a simple little hack of a script to make it easy. Here's an example of the graphs it makes:

]]> How to install appgraf to an existing NTop installation

1. Make sure that NTop is working at your site, and collecting RRD data.

2. Download & unpack the script.

3. Make sure that Apache is running on the NTop machine

4. Create a directory for the script to live in, for example, "ntopweb". Make sure that .cgi is allowed in this directory. In general, make sure that you have the following line:
AddHandler cgi-script .cgi
in your httpd.conf

5. Create a symbolic link called "ntd" in that directory that points to /rrd/interfaces//. For example, this might be /usr/share/ntop/rrd/interfaces/NetFlow-device/ for some folks.

6. Make sure that this subdirectory has appropriate permissions so that your web server can READ it!

7. Locate RRD on your system, and copy the rrdcgi binary to the top directory (in our example, the "ntopweb" directory).

8. Go ahead and cross your fingers and run the script!

Enjoy... Any questions, give me a shout and I'll try to help out. If you improve it, I'd love to know about that too. :)

--Jonathan

Old tools ARE available

[NONAME] wrote:
>Are the tools that used to be on this site still available?

Just want to answer this one publicly.

If for some strange reason, you've come here looking for tools that I wrote long, long, long ago (dhcpme, dialer, etc.) just drop me a note and I'll be more than happy to help out. Forgive me my spring cleaning! :-)