A Little Less Unsafe (Closing Telnet)

I use this port to play a little bit with the router, since it has a configuration board accessible. But, most of the time, I don’t use it and I don’t want anyone else to remotely use it, either.

We’re going to set a rule for the firewall to close communication in any direction on port 23. (telnet).

First, is the firewall enabled ?

sudo ufw status

If it’s not enabled, enable it :)

sudo ufw enable

Then:

sudo ufw deny in 23
sudo ufw deny out 23

sudo ufw deny in 21
sudo ufw deny out 21

sudo ufw deny in 1723
sudo ufw deny out 1723

If you scan your machine now, you won’t find anyone listening on these ports.

Moreover, I used “deny”. You could have used “reject”, but “reject” tells someone probing that you are denying traffic, whereas “deny” just ignores requests.

To limit the attempts (maximum is 6 in 30 seconds), useful to make it less easier to dictionary attacks.

Advertisements

Down The Road of Fake Flash Drives

This is great. I needed to transfer some files from my brother’s computer to mine. He runs Windows XP, I have a dual boot (XP and Ubuntu) but I booted with Ubuntu, and there’s no way I’m going to use Samba right now to allow file sharing between the two machines (Ubuntu & XP). Plus the files are too large to transfer over the network had I booted with XP.

I don’t want to upload them so I picked a flash drive (flash disk, thumb drive, pendrive, you name it) .. I plugged it and … nothing.

I picked another flash drive, plugged it and … Nothing. I know for fact that the USB port works fine (because I plugged another thing that works).

So the problem must lie in those flash drives… Which is probably the reason why they were sitting there…

So, knowing that some stuff just doesn’t work properly on Windows and does work fine on stuff with an X at the end of their name.. I plug the flash drive in my machine (running Ubuntu) .. Nothing.. I plug the other one, and then … Nothing.

Something is shady.

Now here’s the interesting stuff…

One of the flash drives is a ADATA C906, black color, 4GB. The other is a Kingston DataTraveler 1GB.

The Kingston picture is almost identical to the flash drive I have in hand, except that the one I’m holding has the Kingston logo on it..

So … In order to explain this, one must know what VID/PID is. Well, before you hit Ctrl+K and search for it in your Google bar .. VID stands for Vendor ID, and PID stands for Product ID.

Say I’m a manufacturer. The USB organization issues me a unique number, VID. When I build a new USB device, this device has its own drivers. I issue a PID for this new model so it’s fully identified with the pair VID:PID and when someone plugs it in a computer, this computer “knows” which driver to load, a driver that is unique to that Model from that Manufacturer…

So each USB device has a pair VID:PID.

I have another flash drive, which is an ADATA C802

Why I’m telling you this ?

Okay, let’s open the Terminal. (Ctrl+Alt+T)

The following command:

lsusb

gives this:

jugurtha@Jugurtha-Box:~$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 018: ID 125f:c82a A-DATA Technology Co., Ltd.

Here’s a screenshot if you prefer:

Notice the last line:

Bus 001 Device 018: ID 125f:c82a A-DATA Technology Co., Ltd.

The VID:PID is 125f:C82a. You can clearly see A-DATA Technology Co. , Ltd..

Chances are, this thing is genuine. I said “chances are”.

Let’s plug in the Kingston DataTraveler which doesn’t work.. And unplug mine, the one which works.

jugurtha@Jugurtha-Box:~$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 026: ID 2000:2008

Hmmm ? Interesting.

Let’s unplug that, and plug the other A-DATA..

jugurtha@Jugurtha-Box:~$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 019: ID 048d:1167 Integrated Technology Express, Inc.

This doesn’t make sense. It ‘should’ talk about A-DATA. But it doesn’t. Plus it doesn’t work.

A quick search on Google on 048d:1167 and 2000:2008 brings a great deal of awesomeness: Fake Flash Drives. These things are known and documented.

I opened the Kingston (because it does open without breaking, unlinke the A-DATA which is “welded”)

It contains a 12MHz quartz (oscillator). The memory reference has been erased, but it’s just one block.

The controller is a MXT6208A (Google returns lots of results about it. It seems known in those circles) .. The whole reference is, for memo:

MXT6208A 428021 09HT0901

Now .. The interesting stuff..

Apparently, there are a bunch of guys who repair this kind of devices..

One website is often referred to : http://flashboot.ru/

It’s in Russian, so Google Translate will come in handy.

Another good one is http://fixfakeflash.wordpress.com/

There is this one too: http://www.myblog.bloggybloggy.com/category/fake-usb-key/

So, key stuff: VID:PID 2000:2008, Controller Reference MXT6208A and the other 428021 09HT0901 to know exactly what to use.

Here’s someone detailing the operation:

I’ll try to do this on my brother’s computer and will report back…

Unfortunately, I spent some hours with that. These devices I think is beyond repair as even the proper tools failed. There were many errors. The devices were detected.

With the A-DATA drive, I had an error of “Too many bad blocks” and a size of 0.

With the other one, I had a “Make flash” and then an error 337,68 or something.

Anyway, maybe I’ll try some other time .. I must mention that I’m also interested in sniffing packets from USB ports .. That’s how I learned about the VID:PID thing in the first place.

Any comment, suggestion, advice .. Feel free.

Ubuntu: Read Only File System Error

I had this error which made it impossible for me to do anything:

I tried to change the “fstab” file, but I couldn’t, because I had this error.

sudo didn’t work, because I had this error.

I couldn’t use “make” to compile code I’m writing.

I tried booting in recovery mode, and chosing “drop root” .. But I had this error.

Solution:

When you turn your computer on, in the “grub” menu .. Chose “Previous Linux versions”.. Then chose the oldest one in recovery mode…

So for example, you’d find something like this:

Release 3.0.0-16
Release 3.0.0-16 recovery mode
Release 3.0.0-12
Release 3.0.0-12 recovery mode.


Chose the last one, Release 3.0.0-12 recovery mode

Then chose “Drop root” .. Then use the following command:

fsck -As

And chose yes to everything.

After it’s done, reboot normally. Perform an update:

sudo apt-get update

Perform an upgrade:

sudo apt-get upgrade

You’re done.

By the way, Ubuntu 12.04 has just came out a couple of days ago. It’s an LTS version (Long Term Support).

Change Boot Order & Disable Boot Disk Check on Ubuntu

Here’s a quick post.

I have a dual boot machine (Ubuntu 11.10 & XP SP3) .

How to change the default system which the machine boots on ?

When you’re on Ubuntu, Ctrl+Alt+T   (Open the Terminal)

Type the following:

sudo pico /etc/default/grub

You will be prompted for your password, enter it and hit Return.

You find a line called GRUB_DEFAULT=

And there’s a number after that. Change that number and you’ll change which system will boot.

For example, on the Grub boot manager, I have Ubuntu in the first position (0) and Windows XP on the 6th position (5) ..

In my case, this line is GRUB_DEFAULT=0 and Ubuntu boots up.

I don’t want the menu to be displayed for too long, so I have GRUB_TIMEOUT=1 .. This waits only 1 second before it boots.

After you change, you hit Ctrl+X to Exit.

It asks you if you want to save, press Y.

And then press Return/Enter.

Then this command:

sudo update-grub

You’re done.

Now for the disk check: This annoyed me, a lot .. So a little visit to fstab.

Look for a line like this

UUID=0de1480d-1b57-4dd3-9457-4cf899ef6817 / ext2 errors=remount-ro 0 0

The last 0 of the line means it won’t launch the disk check, this was set to 1 and I changed it to skip the test.

Do the same as for the grub (Ctrl+X, Y, Enter) and no need for updating it. On reboot, it won’t check your disk.

That’s it.

How To Share Your Internet Connection on VirtualBox: Ubuntu Guest on a Windows XP Host

This was very frustrating for me. Really frustrating. I searched on different fora but nothing worked.

First, you need to have some sort of benchmark. For me, it was being able to connect to the Speedtouch modem (Gateway). If you can’t even connect to the modem, there is a problem.

To know the IP address of your gateway on Windows, execute a “tracert google.com” in the command prompt, and it will be the first IP on the list. Or “ipconfig /all” and search for it. Most likely 192.168.1.254.

Here is the configuration which worked for me.

On the left panel of VirtualBox, click on “Settings”. Then “Network”.

You will find a drop box called “Attached to”, chose “Bridged Adapter”..

Just below, you will find “Name”. For me, it was “Intel(R) PRO/100 VE Network Connection”. Chose “Allow All” in “Promiscuous mode” and check “Cable connected”. And then OK.

It doesn’t matter if your guest box is running or not. If it’s not, launch it. If it is, go to the upper right corner of your screen, you will find two arrows.

Click on that icon, and then click on “Connection Information”.

Do it again and click on “Edit Connections”.

Click on whatever connection is offering itself to you, usually it is “Auto  Ethernet” or “Wired Connection 1” or “eth0”. Double-click on it, or click on it, and then click on “Edit”.

Click on the “IPv4 Settings” tab.

In “Method”, chose “Manual” instead of “Automatic (DHCP)”

In “Netmask”, enter “255.255.255.0”. (Without the quotes)

In “Address”, chose an IP address. For example “192.168.1.25” (Without the quotes).

In the “DNS servers” tab, you will enter a list of IP addresses separated by commas. For example, you can enter 208.67.222.222,208.67.220.220  (Which are two of the OpenDNS IP addresses). You can add more if you wish. I added two others that are proper to my ISP. Don’t forget to separate IPs with commas.

You will have something like this

Click on “Save” and close the other window. Click on the two arrows and then click on the name of your connection. This should disconnect you and reconnect you.

You should be done. Open a browser and try Google.com. If it doesn’t work, try your Gateway’s IP address. If this doesn’t work, you probably got it wrong or your cable is disconencted OR you can go to VirtualBox, click “File” then “Preferences”, “Network” and tinker with the parameters there.

If there’s still a problem, feel free to comment here and we can work things out.