Archive for the 'safe computing' Category

SPI firewall interfering with FTP

Saturday, February 14th, 2009

I recently set up a client with an FTP account so they could access the files on their website.

Before sending him the login details, I decided to confirm that the account worked. So I tried connecting using first an FTP client (Filezilla) and then the Windows XP commandline FTP. In both cases, I was able to get in part way (i.e my login id and password were accepted) but then I could not use typical FTP functions like CD or LS. The connection would just hang.

I contacted the folks that manage our server and busted their chops and they were convinced the problem was at my end… So I started poking around. I tried disabling the ZoneAlarm firewall on my local PC. I still had problems… So then I checked the log on my recently (a few months ago) purchased D-Link DIR-655 router. And, bingo, there was a number of log messages saying that it was blocking TCP activity with my remote server. Eventually I figured out that it was the SPI firewall that was causing the problem (i.e. I temporarily disabled SPI in the router admin interface and found that FTP then worked).

I imagine one could fix this by making some change in the SPI rules but since I normally use sFTP rather than FTP (and sFTP seems to work fine with the new router) I have not made the effort to figure it out.

This D-Link DIR-655 is the first router I have owned that used both an NAT and SPI firewall. I like extra protection on principle but I don’t understand the technology well enough to grasp what extra protection SPI affords…

But any one who is:

  1. Having odd FTP problems and has
  2. Recently installed a new generation router with an SPI firewall (particularly a D-Link DIR-655)

Should suspect that SPI and FTP are not playing well together.

Dealing with Spam

Tuesday, October 31st, 2006

I am writing this with a view to advising clients who have their email hosted on my server environment but much of the discussion is relevent to anyone with an internet email address.

First some definitions:

Email Server: This is the computer out there somewhere on the internet that handles all the mail being sent to individual accounts under a given domain. For example, if you have an email account with Verizon or Comcast (i.e. yourname@verizon.net or yourname@comcast.net) then any mail sent to you is initially sent to the verizon.net or comcast.net email servers.

Email Client: Is the software mechanism that you use to access and read your email. Common email clients are Microsoft Outlook Express, Microsoft Outlook, Mozilla Thunderbird, Apple Mail, Microsoft Entourage, and Eudora. These clients just listed all run on your PC, Macintosh, or Linux machine. There are also web-based email clients such as Google GMail, Yahoo Mail, Microsoft Hotmail, Horde, SquirrelMail, and others.

So, if I were to send you an email from my office computer the steps involved would be as follows:

  1. I would compose the email on my local computer using an email client (in my case, Mozilla Thunderbird).
  2. Once I am ready to send the email (having addressed it to yourname@yourdomain.com), I would click the send button in my Thunderbird client.
  3. Thunderbird would then contact an outgoing email server (usually either an SMTP or Microsoft Exchange server) and request that the email be sent. The outgoing email server will usually require me to provide it a login and password combination. In my case, the outgoing email server could be owned by my broadband provider (Verizon), or by my hosting environment (SalemDesign.com).
  4. Assuming Thunderbird provided a valid login/password combination, the outgoing email server will upload my email. It then looks at the address yourname@yourdomain.com and sends the email off across the internet to your incoming email server. (It is a tad more complicated than that but we don’t want to get bogged down in those details.)
  5. The incoming email server associated with yourdomain.com receives the email and it will check to see if it “knows” about an email account belonging to “yourname”. If you do have a valid account on the incoming email server then the email gets stored in that account.
  6. The next time you run your email client, it will query the incoming email server and “ask” if you have any emails waiting to be read. If you do, those emails get downloaded to your email client and (usually) deleted off the incoming email server. You can then open the individual emails and read them.

One would like, of course, all these emails that get downloaded to our email clients to be ones we want to read (i.e. from friends, business associates, etc.). Unfortunately, as we all know too well, most of the email we receive is junk or worse from people trying to sell us something we don’t want or worse.

How do our email addresses get onto spammer lists?

Spambots: These are software mechanisms that “crawl” over the websites (in the same way as search engine spiders used by Google and Yahoo do) and identify and collect email addresses (basically anything that looks like blahblah@blahblah.com or .net, or .edu, etc.). Given the existence of these evil mechanisms, any time you have your email address listed on a website whether it is your own or someone else’s, then you will be getting spam.

SelfInflicted: Anytime you provide your email to someone else, they may turn around and use it to spam you or sell your address to someone else who does. So be careful who you give your email address to… Even if they are apparently legit, ask them if you have to provide your email address and ask them how they use their lists and whether they sell or provide them to third parties.

Domain Registrations: any email used as part of a domain registration is publi

Options for home and small business networking

Saturday, August 12th, 2006

Assuming you have (or are getting) a DSL or Cable broadband connection… The next question is whether you want to make that connection available to more than one computer and, if so, how.

Almost any small business will end up with multiple computers and most middleclass households have at least two computers, one for the parents and one for the kids.

If one is only connecting one computer to DSL or Cable broadband then all that is needed is a DSL or Cable modem. But the need for networking two or more computers is now so common that most broadband providers routinely offer a combined modem and router unit for no additional charge. It is the router that provides the ability to create a local area network that allows multiple computers to share a single internet/broadband connection.

In our area, the broadband providers are routinely offering a combined modem and WIFI/wired ethernet router unit although you may need to ask for the WIFI/wired router specially or they will pawn off a much less expensive wired ethernet unit.

The WIFI capability will typically support both 802.11g and the older 802.11b wireless standards. These will allow you to share the broadband connection with notebook or desktop PC’s that have the appropriate WIFI card installed in them. The speed of the WIFI connection ranges from a nominal 11mpbs (for 802.11b) to a nominal 54mbps (802.11g). In real life application this range is more like 5.5mbps to 20mbps. However, even at 5.5 mbps, this is faster than your typical broadband connection which will typically run 0.768 mbps to 1.5 mbps. So the bottleneck will not be your router or LAN connection.

The wired ethernet ports and cables will give you either 10 mbps or 100 mbps depending on which router you have and whether your computer’s NIC card supports the 100 mbps standard. Again, even the 10 mbps is so much faster than your broadband that your local network will never be the bottleneck.

802.11b/g WIFI
WIFI has the advantage that you do not need to trail wires between the router and the computer (or pull wires through the wall). But the WIFI signal does become attenuated by distance and walls/floors. For example, our WIFI router is in our second floor office. I had no problem using my notebook in the living room on the first floor but the signal dropped significantly if I took the notebook down into the basement.

Homeplug 1.0
Since I wanted to run a Linux server in the basement, I ended up getting two Home Plug 1.0 adapters that allow one to establish an ethernet connection over the house 120 volt AC wiring. I ended up getting one adapter from NetGear and the other from Belkin. In theory they should work together and I was relieved to find that they did. The claimed speed for Homeplug is about 14 mbps but in actual use it is probably about 4 mbps… Maybe a little slower than 802.11b WIFI but without, at least in my case, the distance attentuation that you get with WIFI.

I am not sure why but Homeplug has never really taken off. There are far more WIFI products and a lot more public awareness of WIFI… But, in some circumstances, Homeplug will work and WIFI will not.

So we now have a LAN with a Mac OS X desktop, a Windows XP desktop, a SUSE Linux server physically running on 802.11b wireless, Homeplug 1.0 power circuit, and wired ethernet. We have two printers (a laser printer and a multifunction printer/scanner/fax) that are also accessed from all three computers via the LAN.

Security
One needs to be aware that both WIFI and Homeplug networking have some security issues.

If you have ever used or seen someone else using a WIFI notebook at a coffeeshop or other WIFI hotspot you will have realized that there is no security and no barrier to the public accessing the network. Unless you are careful, your home network will be equally wide open. At the very least you may find that your neighbors are piggybacking on your DSL or Cable broadband connection, at the worst some local high school hacker may be stealing your identity or storing porn on your computer.

There are three basic steps to making your WIFI network more secure. First is to encrypt the connection using a 128 bit password. This is not as easy as it should be on most systems but make the effort any way.

Basically you set a password on the router and then enter the same password on each of the machines you wish to have connected via WIFI. The tricky part is that one typically enters a plain language password and the router will generate a long hexadecimal string derived from that password… And you then need to enter that long string of characters exactly into each of the WIFI computers you wish to use.

You should also tell your router to stop broadcasting its presence. If people don’t know the router is there they won’t try to hack into it. (A sophisticated attacker will detect it regardless but it may keep to local highschool kids out of your hair.)

Finally, if you really feel paranoid about your WIFI, you can restrict your network by MAC address. Each device (computer, printer, etc.) on your network will have a unique MAC address. You can enter a list of these addresses into your router and it will then only communicate with the machines on the list.

Homeplug is, in a sense, more secure because so few people use it that hackers do not look for it and are unlikely to understand it well enough to hack it. But even so, it is advisable to use the 56 bit network encryption option available for the Homeplug adapters. My understanding is that the Homeplug network signal will only be accessible as far as the nearest power transformer. In my case that is about 3 houses away.

DHCP
Dynamic Host Configuration Protocol is a router capability which automatically assigns each computer on your LAN with a temporary but unique IP address. That is what allows you to walk into a Borders Bookstore cafe and just connect your notebook to their WIFI hotspot. Turning this off and using assigned IP addresses might increase your security marginally but using a MAC list would be much more effective. In my case I turned off DHCP simply because I never could get it to work properly and disabling DHCP and assigning IP addresses was the line of least resistance.

Problems with Windows XP updates and anti-spyware

Sunday, July 16th, 2006

One of my machines runs Windows XP Home Edition. I have set it to automatically apply updates to the operating system from Microsoft.

I also have various security programs running including McAfee Antivirus and Webroot Spy Sweeper. Normally these co-exist with each other and the automatic Windows updates without too much conflict.

But on July 14th, Microsoft issued, and my machine automatically applied, a bunch of Windows updates. One in particular apparently involved implementing a BHO (Browser Helper Object) in Internet Explorer. BHO’s have legitimate purposes but they are also a known point of vulnerability for malware of various kinds. For this reason, anti-spyware tools such as Spy Sweeper have a shield that monitors for attempts to install BHO’s.

On July 14th, Spy Sweeper apparently blocked the implementation of the BHO that was part of the Windows updates. When the machine rebooted, I found that I could not reliably get a Windows Explorer window and I was totally unable to get Internet Explorer to work. I only found out that Spy Sweeper had blocked the BHO implementation by going back and looking at the Spy Sweeper log.

The lack of the Windows Explorer windows was the main problem. I primarily use Firefox for browsing although I still need IE in order to access some sites (such as windowsupdate.microsoft.com !!! 🙂

So the next question was… How do I get this problem resolved?

  • Step 1 – Temporarily disable Webroot Spy Sweeper
  • Step 2 – Revert to a Windows XP restore point prior to the July 14th Windows Updates
  • Step 3 – Re-Apply the July 14th Windows Updates
  • Step 4 – Re-enable Webroot Spy Sweeper

That seems to have got everything working properly.

This sort of thing is, unfortunately, one of the problems faced by all MS Windows users. We need all this security software (antispyware and antivirus, etc.) but we also need to have automated updates from Microsoft… And some of those updates may be mistaken by the security software for malicious attacks. One could wish that Microsoft would work with the security software vendors to try and ensure this doesn’t happen.

But, of course, Microsoft is gradually getting into the security business and we all know Microsoft does not “play nice” with competitors.