CAPTCHA firewall bypass / port knocking portal

Couple of my clients’ sites were being probed by botnets.   It was the usual:

  • Common vulnerabilities probes
  • Password guessing attacks

It didn’t warrant putting them behind a firewall, but I also didn’t like the idea of having it open to relentless automated 24×7 scanning. The sites were extranet type of sites, not really public, but not private either.  I scratched my head a bit trying to figure out how I could improve security without inconveniencing users.  What I came up with is this method:

  1. Any access to the website is blocked by a “captive portal” like page
  2. When the user provides the portal what’s being asked for (in this case correct answer to CAPTCHA) the firewall opens an exception to their IP and the user is redirected onward to the site they were looking for.

Is this secure against a determined hacker?  Definitely not.  Solving the CAPTCHA takes only 3 seconds and they’re in through the first layer of defense.   That’s why it’s critical that this is treated as an extra (thin) layer of defense and not as the only layer.

Is this secure against 99% off all attacks out there? (worm / botnet attacks on autopilot): Definitely

How is it implemented?

  • PHP page shows the portal page
  • If CAPTCHA is correct, IP is collected from $_SERVER[“REMOTE_ADDR”], sanitized and saved in a file that keeps track of allowed IPs
  • PHP  page then triggers a shell script that updates iptables with the following entry:
    iptables -t nat -A PREROUTING -p tcp --dport 80 -s $AllowedIP -d $YourIP -j DNAT --to-destination $TargetIP:80

How can this be improved?

Nothing says that access is given with a simple CAPTCHA, there could be full authentication that takes pace before firewall is opened.  Furthermore it could close shortly after access is given disallowing any fresh TCP connections.   Think of it as authenticated port knocking.

security proxy

 

You’ve probably seen a page like this if you’ve stumbled across CloudFlare protected site when using Tor.  I don’t know what internal mechanism they use, but I imagine it’s very similar.

 

API Monitors

When reversing applications it’s useful to see what’s happening under the hood.   Up until now I’ve either had to bring out OllyDbg and dive into assembly or rely on a high level tool like Systernals Process Monitor.   I’m fond of strace on Linux, but when I searched for “strace for Windows” resulted in tools that were not very reliable.   That was couple of years ago.

Today I stumbled on these two API monitors that do exactly what I need on Windows:

 

IPv6 for the impatient

I always wanted to get my feet wet with IPv6.   The problem is that my ISP doesn’t support it.   Today I found out that I don’t need to wait until they get their act together, I can get onto IPv6 imediatelly by using a tunnel from Hurricane Electric.

  • It’s free
  • You get /48 prefix of publicly routed IPv6 IPs.  (1208925819614629174706176 addressees)  I still don’t know what I will do with that many 🙂
  • Can dual stack.  IPv4 and IPv6 side by side on a single router.  You don’t need to shut down or disrupt IPv4.    You do not need to quit IPv4 cold turkey.  In fact, I had only two machines on my network dual stacked, happily coexisting with their IPv4 counterparts.
  • Not that hard to setup if you have a router that plays nice (most do)

I got it up and running in under an hour.   It was fun.  When I switched to purely IPv6 mode, it reminded me of the 90’s when every site that actually worked was  a cause for celebration.

To be honest, after a day or so, I actually ended up turning it off.  The trouble was that even though I was running dual stack, everything liked to default to IPv6 first and IPv4 second.   That’s good in theory, but in practice, I feel IPv6 is just not ready if you want 100% smooth experience.

I’ll try again in a year or so since I can see IPv6 adoption is exploding.

 

Visualizing Complex Files

Inspired by a very interesting TED talk by Chris Domas, I decided to make my own tool that did the same thing.

Download the binary (.NET compatible)

Download the source code

As you can tell from the source code,  the mechanism is very easy:

  1. Split file into bytes
  2. Loop through the bytes (currentByte and previousByte)
  3. X axis is 0 – 255 (currentByte)
  4. Y axis is 0 – 255 (previousbyte)
  5. Plot intersections of X and Y

The technical name for this is digraph.  Doing this in 3D or 4D would require a very similar process.

Below are screenshots of some of the files that I visualized.

text

Note how everything is in the upper left corner.  That’s because bulk of plain text is ASCII bytes 32 (space) to 126 (~)

exe

 

Some similarities to a text file in terms of well defined patterns except that binary file won’t be restricted to below byte 127.

jpeg

Notice the shades of gray.

 

random

 

This was about 32 MB file.  If I had a bigger file that was even more random I would expect the entire screen to fill white.   Any pattern visible here is a tale tale to a lack of randomness (or a small sample)

 

 

Pingb: Bandwidth Measuring

Ever needed to get an estimate of a link’s bandwidth and all you have is shell access to one of the end points?

Normally you would need access to both endpoints and run something like iperf across the link.   That’s the proper way, but it takes a lot of time to setup (poke holes through firewalls etc).   If you don’t want to go through that hassle and just need a quick estimate, you can use pingb.

Pingb estimates the bandwidth by measuring the difference between ICMP echo requests of different sizes.

 

WordMesh movie script associations

Today I had WordMesh read the scripts to approx 700 movies. I was hoping to get it to understand simple concepts such as “What, where, how, why”. I got partial success. Here are the results:

query:”what” result: ”happened, doing, matter, wrong”
query:”who” result: “knows”
query:”where” result: “going”
query:”why” result: “wonder,reason,aren’t,didn’t,crying”
query:”how” result: “many,much,long”
From the previous trials with books, I knew that the program would pick up on common themes. The results didn’t come as a big surprise, considering these are mostly typical holywood. Here is a taste:

query “gun” result “machine,drop,put,shoot,fire”
query “killed man” result “himself,almost”
query “killed woman” result “poor,wife”
query “run” result “away, fast, quick, hide, along”
query “good” result “luck, evening, bye, news, idea, pretty, sounds”
query “evil” result “Dr., eye, born, power, plan, lord, master, force, totally”
I especially like the evil results from above. Exactly what comes to my mind when someone asks “What comes to mind when you think of evil?” (in reference to holywood movies).

Next step is to increase the number of movie scripts so that I have even more meaningful results.

Dance Pad Walking Controller

After playing Step Mania I realized that my pad might be useful for more than just dancing.  Gaming is such a sedentary activity so why not use the dance pad to actually walk in a game using your own two legs.  My first attempt was adapting the game Exult.  This is how you can make it work:

  • Get your dance pad ready
  • Install AutoHotKey
  • Launch my controller script using AutoHotKey
  • Launch Exult
  • Place the dance pad in a diagonally in front of your computer, Up arrow facing in the NW direction, right arrow facing in the NE direction

  • To walk stand on two arrows at a time and just press one at a time … NW-NE makes avatar walk N. NE-SE walk E … etc. It’s pretty natural after a while. …. basically left-right-left-right just like walking. Of course walking east and west is more of a front-back-front-back kind of an affair, but feels pretty good too.
  • You will soon realize that you don’t have a mouse and keyboard handy. I handled this problem by mapping the start button on the mat to combat toggle and the O button to inventory.
  • For mouse movement I just grabbed a hard writing pad and used it as my mouse pad. It worked pretty well, you can organize your inventory pretty efficiently and if your legs get too tired you can cheat and walk with the mouse.
  • If you have problems it’s probably because of the joystick mapping

Have fun 🙂 … I already finished Trinsic and walked to Britain to pick up my supplies from Lord British. But then I thought I could walk to vesper to pick up the Golden Akhn that Lord British said I could borrow … and the slime got Iolo and then me in the swamp … I should have ran 🙂 … left-right-left-right

Let me know how you like it … it’s definitely a work in progress. One thing that’s especially annoying is controlling walking speed so that in the future the faster you walk the faster your avatar walks.

If you like this, you may like Step Maze