The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘Internet protocol suite’ Category

« Previous Entries
Next Entries »

IP over Avian Carriers

Posted by jpluimers on 2019/02/21

From the geek fun department: [WayBackIP over Avian Carriers – Wikipedia.

I learned through this slightly after the fight to keep HTTP status code 418 (I’m a teapot) which is part of RFC2324 released on April 1st, 1998.

The IP over Avian Carriers is part of three RFCs, all released on April 1st in various years:

–jeroen

via: Http-statuscode ‘I’m a teapot’ is voorlopig veilig – IT Pro – .Geeks – Tweakers

Posted in Communications Development, Development, Fun, Geeky, HTTP, Internet protocol suite, Software Development, TCP | Leave a Comment »

Accessing storage (NAS) over the Internet via FTP | FRITZ!Box 7490 | AVM International

Posted by jpluimers on 2019/02/13

Of course you don’t want this. So by the time you read this, the connection has been closed.

For testing some Internet of Shit stuff from a client that cannot do SFTP, I needed a temporary FTP accessible connection.

These links helped:

TL;DR:

  1. Preparing the USB stick:
    1. Ensure the USB disk is FAT/FAT32/NTFS
    2. Create a directory in the root of the USB disk for the FTP user (for now: FtpDirectory)
    3. Insert the USB disk in the Fritz!Box
  2. Logon to the Fritz!Box web UI
    1. Configure a user for FTP:
      1. In the menu, go to System, then FRITZ!Box Users
      2. Click Add user
      3. Name the user (for now: MyFtpUser)
      4. Ensure that user *only* has a checkmark for `Access to NAS contents`
      5. Click the button Add directory
      6. In the popup click Select folder
      7. Choose the FtpDirectory you just made
      8. Click OK
      9. Ensure the read and write checkboxes are enabled
      10. Click OK
    2. Configure the USB stick for FPT access
      1. In the menu, go to Home Network, then USB Devices
      2. Observe if the device is visible and has the correct file system (if not: ask AVM)
      3. In the menu, go to Internet, then Permit Access
      4. Click on the FRITZ!Box Services
      5. Ensure there is a checkmark at Internet access to your storage media via FTP/FTPS enabled
      6. At TCP Port for FTP/FTPS, fill in 21 (many IoT devices cannot use a different port)
      7. Ensure there is *no* checkmark at Allow only secure FTP connections (FTPS)
      8. Make a note of the value after FTP address (something like ftp://example.org:21`)
      9. Click Apply
  3. Test

–jeroen

Posted in Communications Development, Development, Fritz!, Fritz!Box, FTP, Internet protocol suite, IoT Internet of Things, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »

‪Dear #lazyweb, can anyone point me to a modern email server setup (just emai…

Posted by jpluimers on 2019/02/01

Summary from [WayBack]‪ Dear #lazyweb, can anyone point me to a modern email server setup (just email) with letsencrypt, some spam filter, multi domain preferably on RHEL/Cent… – Jan Wildeboer – Google+

  • many SMTP servers on the interwebs do not have proper TLS setups, so do not require remote SMTP servers to deliver email with a proper certificate
  • delivering mail via SMTP using STARTTLS with a proper certificate yourself is a good step forward
  • postfix
  • dovecot
  • greylisting (although in practice it does not make much of a difference any more)
  • fail2ban
  • dnsbl (often called rbl)
  • spamassasin
  • rspamd (supports SPF, DKIM and many others)
  • letsencrypt automation can be tough, so here is a small wrapper: [WayBack] GitHub – DrGlitchMX/update-letsencrypt: Tiny script for updating “Let’s Encrypt!” certificates from cron
  • it helps having letsencrypt and the mail server to be on one machine:
    • multidomain let’s encrypt cert that has my webserver name and the mailserver in the Subject Alternative Names field. As both are on the same machine certbot can automatically update it and I just point Postfix and Dovecot to the LE files.
  • Hans-Martin Mosner SMTP as-is is just not suitable for the kind of decentralized mail that you would prefer. You need some mechanism to determine which mail senders to trust and which not. Cryptography is suitable at the MUA level and should be used much more, but at the MTA level, TLS for privacy and SPF(bleh) or DKIM(meh) for sender domain authentication are basically your only weapons -much too weak. The PGP web of trust must be considered a failed experiment – who of your mail contacts uses PGP properly or at all? Ironically the only secure messaging solutions for the masses are centralized.

Things to do:

  • find a proper multi-MX fallback setup guide for postfix

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, postfix, Power User, SMTP | Leave a Comment »

Passwordless SSH

Posted by jpluimers on 2019/01/22

Note: if the system you SSH from is ever compromised, then assume the passwordless targets are also compromised!

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP, Tumbleweed | Leave a Comment »

Tools for TCP tunnels over HTTP/HTTPS

Posted by jpluimers on 2019/01/16

With the advent of WebSockets, it looks like TCP tunnels over HTTP/HTTPS are gaining more ground and I need to put some research time in them.

Some old to new links:

CONNECT requests are not supported by many HTTP proxies, especially in larger organisations, so chisel and crowbar have a much bigger chance there.

And of course there is SoftEtherVPN/SoftEtherVPN: A Free Cross-platform Multi-protocol VPN Software. * For support, troubleshooting and feature requests we have http://www.vpnusers.com/. For critical vulnerability please email us. (mail address is on the header.).

However, that is a VPN solution which is much broader than just a single TCP tunnel. You can so similar things with OpenVPN, but over HTTP/HTTPS, also requires CONNECT:

SoftEtherVPN seems to be more versatile though. I blogged about that before, but back then didn’t have needs for it yet. VPN over HTTPS: Ultimate Powerful VPN Connectivity – SoftEther VPN Project.

–jeroen

via: [WayBackVPN through only http – Server Fault answer by [WayBack] neutrinus

Posted in Communications Development, Development, HTTP, https, Internet protocol suite, Network-and-equipment, OpenVPN, Power User, TCP, VPN, WebSockets, Windows-Http-Proxy | Leave a Comment »

Need to put some research in Google Calendar support for EXRULE and EXDATE

Posted by jpluimers on 2019/01/15

Though the Google Calendar UI does not support EXRULE and EXDATE to exclude certain slots (via dates or rules) from recurring events.

The API supports them: [WayBackGoogle Calendar API, RRULE and EXDATE – Stack Overflow

–jeroen

Posted in Communications Development, Development, Google, GoogleCalendar, HTTP, Internet protocol suite, Power User, REST, TCP | Leave a Comment »

Testing SMTP from the console on Linux, BSD and Mac OS: swaks and smtp-cli Perl script clients

Posted by jpluimers on 2019/01/03

Testing SMTP using telnet is tedious as you have to remember the commands and responses in the SMTP protocol. It gets even harder when doing SMTP AUTH, as then you have to base encode a bunch of strings [WayBackHow to Test SMTP AUTH using Telnet [Wiki] | NDCHost

Luckily there is a Perl script swaks: [WayBackSwaks – Swiss Army Knife for SMTP which does ESMTP and LMTP as well as TLS.

The funny thing is that the repository at jetmore/swaks: Swaks – Swiss Army Knife for SMTP only has the readme, but the not the script which you can get from [WayBack] swaks.pl.

Despite that, most Linux distributions have an installation package.

[WayBackswaks for OpenSuse is in the [WayBacknetwork repository, so for Tumbleweed (actually: Factory) on Raspberry Pi you need to perform this:

zypper addrepo http://download.opensuse.org/repositories/network/openSUSE_Factory_ARM/network.repo
zypper refresh
zypper install swaks

On Mac OS X it is even easier: if you have the homebrew package manager installed, you just install the [WayBackswaks formula using the [WayBack] swaks.rb script:

brew install swaks

Note there is also the smtp-cli Perl script which I mentioned before at Fake/Mock SMTP servers and services for use during development, which also does TLS, but few environments have ready built packages for them. If you still want to try it out:

For SMTP AUTH:

swaks -tls --to jeroen.wiert.me@pluimers.com --from jeroen.wiert.me@pluimers.com --server smtp.xs4all.nl --auth-user username

Which prompts for the password, then outputs like this:

=== Trying smtp.xs4all.nl:25...
=== Connected to smtp.xs4all.nl.
<- 220 smtp-cloud3.xs4all.net ESMTP ESMTP server ready -> EHLO rmbpro1tbjwp
<-  250-smtp-cloud3.xs4all.net hello [188.206.68.219], pleased to meet you
<-  250-HELP
<-  250-AUTH LOGIN PLAIN
<-  250-SIZE 157286400
<-  250-8BITMIME
<-  250-STARTTLS
<- 250 OK -> STARTTLS
<- 220 Ready to start TLS === TLS started with cipher TLSv1:DHE-RSA-AES256-SHA:256 === TLS no local certificate set === TLS peer DN="/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.xs4all.nl" ~> EHLO rmbpro1tbjwp
<~  250-smtp-cloud3.xs4all.net hello [188.206.68.219], pleased to meet you
<~  250-HELP
<~  250-AUTH LOGIN PLAIN
<~  250-SIZE 157286400
<~  250-8BITMIME
<~ 250 OK ~> AUTH LOGIN
<~ 334 ############ ~> anA=
<~ 334 ############ ~> ############################
<~ 235 ... authentication succeeded ~> MAIL FROM:<jeroen.wiert.me@pluimers.com>
<~  250 <jeroen.wiert.me@pluimers.com> sender ok
 ~> RCPT TO:<jeroen.wiert.me@pluimers.com>
<~  250 <jeroen.wiert.me@pluimers.com> recipient ok
 ~> DATA
<~ 354 enter mail, end with "." on a line by itself ~> Date: Wed, 19 Jul 2017 09:09:57 +0200
 ~> To: jeroen.wiert.me@pluimers.com
 ~> From: jeroen.wiert.me@pluimers.com
 ~> Subject: test Wed, 19 Jul 2017 09:09:57 +0200
 ~> Message-Id: <20170719090957.052207@rmbpro1tbjwp>
 ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
 ~> 
 ~> This is a test mailing
 ~> 
 ~> .
<~ 250 smtp-cloud3.xs4all.net accepted mail mXA71v00C4jr6ac01XA9Bo for delivery ~> QUIT
<~  221 smtp-cloud3.xs4all.net ESMTP closing connection
=== Connection closed with remote host.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Hardware Development, Internet protocol suite, Linux, openSuSE, Power User, Raspberry Pi, SMTP, SuSE Linux, Tumbleweed | Leave a Comment »

How to Setup Chroot SFTP in Linux (Allow Only SFTP, not SSH)

Posted by jpluimers on 2018/12/24

If you want to setup an account on your system that will be used only to transfer files (and not to ssh to the system), you should setup SFTP Chroot Jail.

This explains how: [WayBack] How to Setup Chroot SFTP in Linux (Allow Only SFTP, not SSH)

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, SFTP, SSH, TCP | Leave a Comment »

on my research list: autossh

Posted by jpluimers on 2018/12/12

Having mainly used ssh as a means to connect to a shell on remote machines and occasionally a manual port forward.

I never noticed autossh where you can automate the ssh logon process to keep permanent port forwards up and running. Cool!

It’s on my research list now, as this will be useful probably sooner than later:

My initial impression is that autossh is a wrapper around the regular ssh client that allows reconnection upon communication failures.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, SSH, TCP | Leave a Comment »

Load testing a web server on Windows using the ApacheBench benchmark tool from Apache

Posted by jpluimers on 2018/11/08

Based on:

  1. Download the most recent x64 Apache binaries for Windows from [WayBackApache VC15 binaries and modules download (at the time of writing: https://www.apachelounge.com/download/VC15/binaries/httpd-2.4.34-win64-VC15.zip )
  2. Extract recursively to D:\bin
  3. Run the UltrawareController locally
  4. Run D:\bin\httpd-2.4.34-win64-VC15\Apache24\bin\ab.exe -n 1000 -c 10 http://localhost:8000/foo

This will run the ab Apache benchmark tool with 1000 connections using 10 threads all doing the same http GET request at http://localhost:8000/foo

If you want to test TLS (https) connections, then you need to use the abs tool in the same directory as the ab tool supports http-only (when you still try, you get the message SSL not compiled in; no https support as explained in [WayBack] Add https support to Apache Bench on Windows – Stack Overflow).

Download location via [WayBack] windows – Is there any link to download ab Apache benchmark – Stack Overflow:

There are many more command-line parameters documented at [WayBack] ab – Apache HTTP server benchmarking tool – Apache HTTP Server Version 2.4, this is the summary:

Synopsis

ab [ -A auth-username:password ] [ -b windowsize ] [ -B local-address ] [ -c concurrency ] [ -Ccookie-name=value ] [ -d ] [ -e csv-file ] [ -f protocol ] [ -g gnuplot-file ] [ -h ] [ -Hcustom-header ] [ -i ] [ -k ] [ -l ] [ -m HTTP-method ] [ -n requests ] [ -p POST-file ] [ -Pproxy-auth-username:password ] [ -q ] [ -r ] [ -s timeout ] [ -S ] [ -t timelimit ] [ -Tcontent-type ] [ -u PUT-file ] [ -v verbosity] [ -V ] [ -w ] [ -x <table>-attributes ] [ -Xproxy[:port] ] [ -y <tr>-attributes ] [ -z <td>-attributes ] [ -Z ciphersuite ] [http[s]://]hostname[:port]/path

Via: [WayBack] apache – ab load testing – Stack Overflow

jeroen

Posted in Communications Development, Development, HTML, HTTP, Internet protocol suite, Software Development, Web Development | Leave a Comment »

« Previous Entries
Next Entries »