Wednesday, August 7, 2013

NATDet Log Parser



I wrote a NATDet log parser to collect data from log files. It is written in PHP, so you need to install command-line php to run it. By default, it uses PGSQL, but with a small work you can rewrite it to use mysql.

You can download it from SourceForge, the Database is ready to get data from NMap, so I'll update the script later to use that.

Link to download

Install NATdet

I haven't found any tutorials about installing NATDet yet, so I just made one, it's very simple. Here is the official NATDet site: http://elceef.itsec.pl/natdet/ , there is a little documentation about it.

So, how to install: 


1. You need to install some packages:
  • pcap
  • bison

2. Install tcpdump
http://www.tcpdump.org/

3. Install ncurses

4. Download and install NATDet
Install:

./configure
make
make install 


How to use it:


First, you should set your network interface to promisc mode, if you want it to be automated, set it:
/etc/network/interfaces

auto eth1
iface eth1 inet manual
        up ifconfig eth1 promisc up
        down ifconfig eth1 promisc down

Then:

/etc/init.d/networking restart && ifup eth0 && ifup eth1

Now, your network interface reads every packages, so you can start using natdet:

As shown in the readme:

natdet -v -i eth0 'RULES'

-v : verbose
-vv : more verbose
-i : set interface
-l : set log file
-d : run in background

- RULES : You can set up rules like in tcpdump

And now, just wait, it needs some time to find users who use NAT.

Monday, July 15, 2013

Postfix behind Iptables masquerade (NAT)


I've been working on a mail server behind iptables masquerade for some days, and it just didn't work, but I found the solution, it may help you.

If you use SMTP server behind NAT, and you get the following errors:
  • mail postfix/smtp[7854]: warning: host gmail-smtp-in.l.google.com[173.194.70.26]:25 greeted me with my own hostname mail.example.com
  • mail for gmail.com loops back to myself
you should check your iptables configuration. A proper port-forward config:



iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d PUBLICIP --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 25 -i eth0 -j DNAT --to MAILSERVERPRIVATEIP:25

(Only forward packets from port 25 to your mail server's private IP port 25, if it comes from the outside.)

You can test it on your mail server by telnetting to a foreign smtp server for example:

telnet smtp.gmail.com 25

It should show:

Trying 173.194.70.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP r54sm45040303eev.8 - gsmtp

If you see


220- mail.yourdomain.com gsmtp

you config is not good yet.

Wednesday, April 10, 2013

Cisco router Telnet Debug

On most of Cisco routers, debug informations via telnet is not enabled, so you will not see any debug information when connected via telnet.

To enable it, you need to enable virtual terminal first:
Router# terminal monitor

Next, you have to enable debugging on virtual monitor:

In privileged mode:
Router# undebug all

In configuration mode:
Router(config)# logging monitor debugging
Router(config)# logging on


To disable it:

In privileged mode:
Router# undebug all
Router# terminal no monitor

In configuration mode:
Router(config)# no logging monitor

Thursday, January 31, 2013

Counter Strike: GO Classic Competitive ,MapGroup not found'

How to solve: ,,Mapgroup not found" error in CS:GO Classic Competitive:

1.
cd steam/csgo/csgo
nano gamemodes_server.txt

2.
You should find a commented line, starting with a 2:
2//some comment

3.
Delete 2 before the commetn:
//some comment

4.
Restart server

Now it should work, it's a bug, valve somehow left a ,,2" before the line, and because of that, the server thinks, that its the end-of-file, so the map groups are not loaded.



Friday, January 18, 2013

Windows Server 2008 R2 RDP Port Change

You need to do 3 steps to enable and change RDP Port in Windows Server 2008, 2008R2, 2012. You need to do this, if you have more servers at the same IP address, behind a router.

1st step: Enable RDP in System settings. You can go there by right clicking on Computer -> Propreties. Choose Advanced System Settings from the left side menu.


2nd Step: Change RDP Port: Open the registry editor (regedit: open cmd -> regedit.exe). Select HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber . Change to decimal mode, and change the port number, then click ok.

3rd Step: Enable the new Port in the Firewall settings. Open Server Manager, Select Firewall Settings in the left menu, right click on Inbound Rouls -> New. Choose TCP, set Port number, and name it.


Thats all. After this you should restart your server, then everything should work fine. Default port for RDP is 3389 (TCP). Enjoy.