Tuesday, February 14, 2012

Xmission - DNS (Restricting Recursive Lookups)


Today Xmission restricted recursive lookups for non Xmission network users. Essentially this broke DNS resolution for many individuals that I know.  The solution is to simply change the DNS servers from 198.60.22.2, 198.60.22.22 to the DNS servers supplied by your ISP or one of the following; 
  • Google (8.8.8.8 and 8.8.4.4)
  • OpenDNS (208.67.222.222, 208.67.220.220)
  • DNSAdvantage (156.154.70.1, 156.154.71.1)

After contacting Xmission multiple times, it became apparent that they weren't interested in explaining what their rationale was for this change. They only indicated that it was in response to a "back end issue" that they were trying to resolve.  This opens up speculation as to what may have been the cause, primarily a DDOS or Cache poisoning attack.

Technical Q&A
What is DNS?
DNS stands for Domain Name System. DNS servers are a critical part of the network infrastructure and the Internet at large. These servers contain information pertaining to every host on the Internet, and are the mechanism that allows information on the Internet to be available when you enter a URL in your Web browser.  An example of recursive DNS is when someone who subscribes to an ISP (e.g. Comcast) configures their computer to use the Xmission DNS servers rather than their ISPs DNS serves to access the Internet.
What is DNS Recursion?
DNS recursion is when the DNS server does not know the IP address of an Internet name but queries other DNS servers to look up the name. 
What security risks are involved in Recursive DNS?
  • DDoS attacks. Name servers can be used as distributed denial of service (DDoS) attack amplifiers (the attacker sends a small spoofed UDP name service query to an open name server, forging the victim's IP address; the open name server then returns a large "answer" to the forged IP address even though the victim didn't actually make the DNS query in the first place). If this is done on an ongoing basis with a large number of open name servers, it can flood the victim's IP address with responses from thousands (or tens of thousands) of name servers, thereby exhausting the victim's available network bandwidth).  Attacks of this sort can result in multi-Gbps flow volumes.
  • Cache poisoning attacks. Attackers can generate spoofed traffic to open recursive DNS servers that can result in so-called "cache poisoning" attacks, whereby vulnerable caching name servers can be made to return bogus results for a user's name service queries.
In a nutshell: The attacker "primes" the caching name server to respond to queries with an IP address of his/her choice, rather than the real/normal IP address for that site. The innocent victim asks the caching name server for the IP address of a site of interest, such as the IP address of their bank's Website. If the domain name of that site happens to be one that the attacker has poisoned, the victim is automatically and transparently misdirected to a Website of the attacker's choice rather than to their bank's real Web page, and confidential data can then be stolen (some refer to this type of attack as "pharming").
A variant of this attack uses cache poisoning to redirect queries for popular sites (such as google.com or hotmail.com) to a site that contains a virus or other malware. If your caching name server has been poisoned, when you try to visit one of these popular sites you can unknowingly be redirected to another site that stealthily tries to infect your PC with malware.

Saturday, January 28, 2012

mount error(12): Cannot allocate memory

Do you have the following situation:
  • You’ve got a share on Windows (XP, Vista, 7) that you’re trying to access from a Linux system, in this case Ubuntu.
  • Mounted through /etc/fstab or directly through the command line.
  • Initially, it works great, but then loses the mountpoint – you’ll go to, say, /mnt/server/mountpoint but there are no directory contents. “mount” shows the path as still mounted.
  • umount’ing the directory and then trying to remount it provides this gem of a message:
    mount error(12): Cannot allocate memory
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Of course, since you’re probably a reasonable system administrator, you go and check the memory allotment. top looks fine and nothing else on the system is complaining.
The solution, kindly provided by Alan LaMielle’s blog, gives a registry fix on the Windows side of things. In case that link ever breaks, here is the summary of what needs to happen on the Windows system:
  • In HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, set the LargeSystemCache key to 1 (hex).
  • In HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, set the Size key to 3 (hex).’
  • Restart the “Server” service and its dependencies (on my Windows 7 box, these were “Computer Browser” and “Homegroup Listener”, and I had to restart the service twice for the dependencies to also come back up.) Alternatively you can just restart the Windows system as you’re probably due for a large set of updates anyway.
Then re-run the mount command (for entries defined in /etc/fstab, use sudo mount -a) and your shares should be restored to their former glory.

Sunday, January 8, 2012

VirtualBox installation on CentOS 5.6

Headless Virtualbox 4.1.8 install and setup on CentOs 5.6 Host

Create a user account
# groupadd vbox_admin (whatever user you would like here)
 
# useradd -d /home/vbox_admin -m -g admin -s /bin/bash vbox_admin


Enable the RPMforge repository as the dkms package (Dynamic Kernel Module Support Framework). It isn't available in the official CentOS 5.6 repositories.

# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

# cd /usr/local/src

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

# rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Install additional dependencies
# yum groupinstall 'Development Tools'

# yum groupinstall 'Development Libraries'

# yum install SDL kernel-devel kernel-headers dkms

 Verify your Kernel version
# uname -r

Example:
# uname -r
2.6.18-238.19.1.el5 

And now the architecture

# uname -m

Verify the headers located at /usr/src/kernels.

Create a symbolic link if necessary to resolve otherwise VirtualBox will fail when it attempts to build the kernel modules and can't find the necessary directory.

Example:
# ln -s 2.6.18-274.12.1.el5-x86_64 `uname -r`-`uname -m`

Download and register the VirtualBox public rpm key.
# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc

# rpm --import oracle_vbox.asc

# rm -f oracle_vbox.asc

Enable the repository
# cd /etc/yum.repos.d/

# wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

Install VirtualBox Software
# yum install VirtualBox-4.1

Should complete with the following or something similar

Running Transaction
  Installing     : VirtualBox-4.0                        1/1

Creating group 'vboxusers'. VM users must be member of that group!


No precompiled module for this kernel found -- trying to build one. Messages

emitted during module compilation will be logged to /var/log/vbox-install.log.

Stopping VirtualBox kernel modules [  OK  ]

Uninstalling old VirtualBox DKMS kernel modules [  OK  ]
Trying to register the VirtualBox kernel modules using DKMS [  OK  ]
Starting VirtualBox kernel modules [  OK  ]

Installed:

  VirtualBox-4.1-4.1.8_75467_rhel5-1.i386

Complete!

If you get an error on kernel modules go back and verify the kernel headers and symlink. 

Download and install the Extension pack associated with the installed version of VirtualBox.  This is required in order to run the system headless as it will establish the remote desktop session.

# wget http://download.virtualbox.org/virtualbox/4.1.8/Oracle_VM_VirtualBox_Extension_Pack-4.1.8.vbox-extpack 

Sudo or as root... 
# VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.1.8-75467.vbox-extpack

Note:  There is extensive documentation at virtualbox.org on the configuration and setting of all parameters including the use of multiple remote desktop sessions.  https://www.virtualbox.org/manual/

Add the user that will be running VirtualBox

# /usr/sbin/usermod -G vboxusers vbox_admin 
 
Command line -  Creating a VM (Windows 2003 Server, 3G, 200GB)

I wanted to use the mounted CD but found that problematic.  I'm sure there is a solution but for the the time being, I created an iso located at /home/vbox_admin/iso

# dd if=/dev/cdrom of=/home/vbox_admin/2003.iso

Become the vbox_admin user.

Review Options
# VBoxManage --help

# VBoxManage createvm --name "2003 Server" --register

#  VBoxManage modifyvm "2003 Server" --memory 3072 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0

#  VBoxManage createhd --filename 2003_Server.vdi --size 200000

#  VBoxManage storagectl "2003 Server" --name "IDE Controller" --add ide

#  VBoxManage storageattach "2003 Server" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium 2003_Server.vdi

#  VBoxManage storageattach "2003 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/vbox_admin/iso/2003.iso

Just for good measure...
# VBoxManage modifyvm "2003 Server" --vrde on

Review your VM's settings 
# VBoxManage showvminfo "2003 Server"

2003 Server
Guest OS:        Other/Unknown
UUID:            ******-*****-*********-*****
Config file:     /home/vbox/VirtualBox VMs/2003 Server/2003 Server.vbox
Snapshot folder: /home/vbox/VirtualBox VMs/2003 Server/Snapshots
Log folder:      /home/vbox/VirtualBox VMs/2003 Server/Logs
Hardware UUID:   *******-*******-********-****
Memory size:     3072MB
Page Fusion:     off
VRAM size:       8MB
CPU exec cap:    100%
HPET:            off
Chipset:         piix3
Firmware:        BIOS
Number of CPUs:  1
Synthetic Cpu:   off
CPUID overrides: None
Boot menu mode:  message and menu
Boot Device (1): DVD
Boot Device (2): DVD
Boot Device (3): HardDisk
Boot Device (4): Not Assigned
ACPI:            on
IOAPIC:          off
PAE:             on
Time offset:     0 ms
RTC:             local time
Hardw. virt.ext: on
Hardw. virt.ext exclusive: on
Nested Paging:   on
Large Pages:     off
VT-x VPID:       on
State:           running (since 2012-01-08T06:37:19.857000000)
Monitor count:   1
3D Acceleration: off
2D Video Acceleration: off
Teleporter Enabled: off
Teleporter Port: 0
Teleporter Address:
Teleporter Password:
Storage Controller Name (0):            IDE Controller
Storage Controller Type (0):            PIIX4
Storage Controller Instance Number (0): 0
Storage Controller Max Port Count (0):  2
Storage Controller Port Count (0):      2
Storage Controller Bootable (0):        on
IDE Controller (0, 0): /home/vbox/VirtualBox VMs/2003 Server/2003_server.vdi (UUID: )
IDE Controller (1, 0): /home/vbox/iso/2003_server.iso (UUID:)
NIC 1:           MAC: 080027431395, Attachment: Bridged Interface 'br0', Cable connected: on, Trace: off (file: none), Type: Am79C973, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny
NIC 2:           disabled
NIC 3:           disabled
NIC 4:           disabled
NIC 5:           disabled
NIC 6:           disabled
NIC 7:           disabled
NIC 8:           disabled
Pointing Device: PS/2 Mouse
Keyboard Device: PS/2 Keyboard
UART 1:          disabled
UART 2:          disabled
Audio:           disabled
Clipboard Mode:  Bidirectional
Video mode:      1024x768x32
VRDE:            enabled (Address 0.0.0.0, Ports 3389, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE port:       3389
Video redirection: disabled
VRDE property: TCP/Ports  = "3389"
VRDE property: TCP/Address =
VRDE property: VideoChannel/Enabled =
VRDE property: VideoChannel/Quality =
VRDE property: VideoChannel/DownscaleProtection =
VRDE property: Client/DisableDisplay =
VRDE property: Client/DisableInput =
VRDE property: Client/DisableAudio =
VRDE property: Client/DisableUSB =
VRDE property: Client/DisableClipboard =
VRDE property: Client/DisableUpstreamAudio =
VRDE property: H3DRedirect/Enabled =
VRDE property: Security/Method =
VRDE property: Security/ServerCertificate =
VRDE property: Security/ServerPrivateKey =
VRDE property: Security/CACertificate =
USB:             disabled

USB Device Filters: 
Available remote USB devices: 
Currently Attached USB Devices: 
Shared folders: 

VRDE Connection:    not active
Clients so far:     0

Guest:

Configured memory balloon size:      0 MB
OS type:                             Other
Additions run level:                 0

Guest Facilities:
No active facilities.

Start the VM (Headless)

VBoxHeadless --startvm "Ubuntu 11.04 Server"

$ Oracle VM VirtualBox Headless Interface 4.1.8
(C) 2008-2011 Oracle Corporation
All rights reserved.

VRDE server is listening on port 3389.

 
You can now manage the VM from most remote desktop clients.  I used Remote Desktop Connection from my MacBook which worked but mouse control was somewhat problematic while completing the initial server setup.  

As soon as I was able to enable remote desktop within the Virtual Machine itself and connect directly it functioned normally.

Additional commands to control the VM Headless found @ http://www.virtualbox.org/manual/ch07.html#vboxheadless

Basic Controls
# VBoxManage controlvm "2003 Server" poweroff|reset|pause

_______________________________________________