A Digital Wanderer in a Connected World
An Example of network simulation using NS
NS-3 Appears to have a staggeringly steep learning curve so I hope these posts help out someone else (or me, when i forget all this in a month).
Running off a virtualised Ubuntu 9.10 system, the prerequisites I installed were all the ones listed here. (And i removed some out of date packages)
sudo apt-get install bison bzr dia doxygen flex g++ gcc gdb graphviz imagemagick libgoocanvas-dev libgtk2.0-0 libgtk2.0-dev libsqlite3-dev libxml2 libxml2-dev mercurial python python-dev python-kiwi python-pygoocanvas python-pygraphviz sqlite sqlite3 tcpdump texi2html texinfo texlive texlive-extra-utils texlive-generic-extra texlive-generic-recommended texlive-latex-extra valgrind
That will take a while to install so go get coffee.
Once thats all finished, grab the source using Mercurial (it was installed in the command above). For tidyness, I do all of this under ~/src (If this was a multi-user system I would suggest working under /usr/src and performing the relevant steps as root or under sudo)
If you havent used Mercurial before, check my post on the subject.
$ hg clone http://code.nsnam.org/ns-3-allinone destination directory: ns-3.7 requesting all changes adding changesets adding manifests adding file changes added 31 changesets with 45 changes to 7 files updating working directory 7 files updated, 0 files merged, 0 files removed, 0 files unresolved
Thats the easy bit done, what you’ve downloaded is basically the instructions for downloading everything else about NS-3, all in python scripts.
The download.py script also allows the inclusion (-r) of NS’s regression testing framework so we’re sure that everything works.
For safety I am not using the dev branch;
$ ./download.py -n ns-3.7 -r ns-3.7-ref-traces
And that will output a whole pile of stuff that isnt too salient. Unless you’re really bored…
After which there is a python script that looks after the actual build process, so fire it off with a simple;
$ ./build.py
And, again, lots of waiting (seriously, get coffee, on my VM it took just under 15 minutes) and lots of output.
It is not made clear on the project wiki but this script also fires off the python http://code.nsnam.org/ns-3-allinone destination directory: ns-3.7 requesting all changes adding changesets adding manifests adding file changes added 31 changesets with 45 changes to 7 files updating working directory 7 files updated, 0 files merged, 0 files removed, 0 files unresolved
Thats the easy bit done, what you’ve downloaded is basically the instructions for downloading everything else about NS-3, all in python scripts.
The download.py script also allows the inclusion (-r) of NS’s regression testing framework so we’re sure that everything works.
For safety I am not using the dev branch;
$ ./download.py -n ns-3.7 -r ns-3.7-ref-traces
And that will output a whole pile of stuff that isnt too salient. Unless you’re really bored…
After which there is a python script that looks after the actual build process, so fire it off with a simple;
$ ./build.py
And, again, lots of waiting (seriously, get coffee, on my VM it took just under 15 minutes) and lots of output.
It is not made clear on the project wiki but this script also fires off the python WAF script so its a complete end to end builder. What isn’t included in the build script is the (very tidy) automated regression test suite, so just for completeness…
$ cd ns-3.7 $./test.py [...] 104 of 104 tests passed (104 passed, 0 skipped, 0 failed, 0 crashed, 0 valgrind errors)
I hadn’t used Mercurial before so I thought it might be a good idea to leave a reminder for me and anyone else who comes across it…
For tidyness, I do all of my dev-stuff (Subversion, Mercurial, CVS, Git etc) under ~/src and only take root privileges when its needed; any good makefile should relocate the necessary files for you at the ‘make install’ or equivalent point.
To start off, you should add some form of identification to your ~/.hgrc file
$ cat ~/.hgrc [ui] username = User Name
Now you can connect to <HOSTNAME> and grab a clone of <PROJECT> for you to work on
$ hg clone http://<HOSTNAME>/repo/<PROJECT> $ cd <PROJECT>
Now you can work away, but if you add any files, remember before you commit back to the server to add the new files into the project manifest;
$ hg add <ADDFILES>
Once you’ve made your changes, commit and push them back to the host with an appropriate comment.
$ hg commit -m 'I added <ADDFILES> to extend/fix/etc' $ hg push
If you dont want to make any changes, but you’ve clones a project (say to install something…) and 6 months later you want to update it, you don’t have to delete and recreate the directory;
$ hg pull http://<HOSTNAME>/repo/<PROJECT> pulling from http://<HOSTNAME>/repo/<PROJECT> [...] $ hg update X files updated, X files merged, X files removed, X files unresolved
Of course, this assumed you haven’t been tinkering with the code, in which case update will generally override your changes and reproduce whatever is currently sitting on the project server. If you want to merge, do so!
$ hg merge
For more interesting commands such as
hg log; hg status
and more, consult the man pages… of if you’re looking for serious detail, check out ‘The Definitive Guide’ by fellow island-man, Bryan O’Sullivan
So, say you have a long list of instruction (like multiple apt-get install lines) and you want to eliminate common words?
Easiest way to do it is (assuming you have all of the instrustions in “list.txt”)
[FYI the '\' character indicates a continuation of a single line ]
cat list.txt\
| tr ‘ ‘ ‘\n’ \ #Expands all space characters to new lines
| sort | uniq \ #sorts each line, and then eliminates duplicates
| tr ‘\n’ ” #turns all the new-lines into spaces
Depending on the actual content, it may be necessary to remove specific entries, (such as apt-get or sudo). Thats an exercise for the reader.
I had been looking at this years Google Summer Of Code google group and saw the list of organisations that are getting involved. While i was alooking at it, I knew i didn’t want to even consider the big boys (I’m looking at you, Debian, Drupal, KDE, Apache, X.Org, etc), they’re too big to get my teeth into, and I’m currently in the throws of ‘WHAT THE HELL AM I GOING TO DO MY FINAL YEAR PROJECT ON!!! ‘ (For any Americans, that means ‘dissertation’).
My university is big into networking etc, so I had a look at the NS-3 Network Simulator, which currently sits at slightly less that 2 million lines of code, and is vaguinly within my realm of interest so I’m going to see a) if i can get it to work and play with it for a bit and b) if i can contribute anything to the project and parlay that into a final year project, and I’ll be documenting whatever progress I get on this blog.
I doubt that I’ll apply to GSOC as I don’t think I’d be able to give the required time committment over the summer. 
Anyway, Next blog post will be a start into the installation and configuration of NS-3 on my virtualised Ubuntu setup.
So I have a piece of coursework for a CS module I’m taking at Queen’s University Belfast and one of the focal points of it is the recent RockYou! SQL-injection breach that released 32million passwords into the internet, and I thought I’d have a closer look at that list.
I ‘acquired’ the password list from your regular neighbourhood tracker, and thought I could walk through the process of getting a probability-sorted password dictionary.
(The ‘-S 2048K’ memory restriction on the ’sort’ program is to avoid Dreamhost locking out my process for being over-memory)
tar -xvzf UserAccount-passwords.tgz
Having a look at the head of the resultant ‘UserAccount-passwords.txt’ file shows:
$ head UserAccount-passwords.txtpasswordmekster11mekster11mekster11progr4smkhas8950emilio1holiday2caitlin1purblanca
32million entries in arbitrary order arn’t really that useful, so I sorted them alphabetically first (-d)
sort -d -S 2048K UserAccount-passwords.txt -o UserAccount-passwords.sorted.txt
And getting a head again gave a whole pile of blank lines, so to get rid of them use this handy sed expression
$ sed ‘/^$/d’ UserAccount-passwords.sorted.txt > UserAccount-passwords.sorted.unblanked.txt
So our first ten passwords are now:
$ head UserAccount-passwords.sorted.unblanked.txt
!
!!!!
!!!!!
!!!!!
!!!!!
!!!!!
!!!!!
!!!!!
!!!!!
!!!!!
uniq -cd UserAccount-passwords.sorted.unblanked.txt UserAccount-passwords.uniq.txt
The -d flag means that we only want to know about entries that appear at least twice, and the -c means we only want one line for each password and a count for how often it appears (This reduced the number of lines in the list from 32,603,048 non-blank entries to 2,459,759), giving a first ten of:
$head UserAccount-passwords.uniq.txt
12 !!!!!
67 !!!!!!
3 !!!!!!!
3 !!!!!!!!
8 !!!!!!!!!!
2 !!!”"”£££
2 !!!$$$
2 !!!???
2 !!!@@@
2 !!”"££
Still sorted alphabetically, so sort reverse-numerically to get most popular entries at the top.
sort -nr -S 2048K UserAccount-passwords.uniq.txt -o UserAccount-passwords.uniq.sorted.txt
Giving our top 20 most popular passwords (sorry guys, but this is really depressing)
$ head -20 UserAccount-passwords.uniq.sorted.txt
290729 123456
79076 12345
76789 123456789
59462 password
49952 iloveyou
33291 princess
21725 1234567
20901 rockyou
20553 12345678
16648 abc123
16227 nicole
15308 daniel
15163 babygirl
14726 monkey
14331 lovely
14103 jessica
13984 654321
13981 michael
13488 ashley
13456 qwerty
While working on an IDS Solution for a client, I came across Untangle, and I loved it so much that I pulled out an old box and loaded it up as my office firewall.
One thing that is lacking, from my perspective (at least in the ‘free’ edition) is the firewall interface; Untangle uses an IpTables based firewall, but doesn’t replicate the usual INPUT FOWARD OUTPUT rulebase. I think that in 90% of usecases for Untangle, this isnt a problem, but I found it a little bit alien to have portfowarding hidden in the Networking config pane, and firewall separatly.
Anyway, It’s been a few years since I cared that much about firewalls, and came up against a few issues of simply not remembering what ports to open up in which direction; Untangle’s firewall ships with a default-pass configuration, which is fairly pointless from a security stance.
To make matters more confusing, I set up Untangle in a transparent configuration so that I wouldnt have to reconfigure my office IP addresses to a new subnet, and so avoid dealing with the portforwarding twice (external router, and internal firewall).
So, with that in mind, I set up the following rule.
Allow any > any from 192.168.1.1/24 to 192.168.1.1/24
And that dealt with any internal traffic, but still logged the traffic in the unlikely event anything local is compromised.
Anyway, biggest issue I came across was what traffic to allow out from the Internal network, So I’m leaving myself a list for next time… (Lots of mail ones because I use thunderbird)
DNS – port 53
SSH – port 22
FTP – port 21
HTTP – port 80, 8080
HTTPS – port 443
POP3 – port 110
IMAP – port 143
SMTP – port 25
Secure SMTP (SSMTP) – port 465
Secure IMAP (IMAP4-SSL) – port 585
IMAP4 over SSL (IMAPS) – port 993
Secure POP3 (SSL-POP) – port 995
So each of those rules are, “Allow Internal > External:<ports>”, going the other way is a bad idea!!!
– I’m definitly going to be lookin into this (and yes I’m prepared for the headache-inducing math it will accrue) cus I have an idea about an RF implementation…
Copyright © 2010 Of Penguins & Coffee All rights reserved. Theme by Laptop Geek.
