November 2003 Archives

X-Pro IP SoftPhone

By Babak Farrokhi on November 26, 2003 2:52 AM | | Comments (1)

x-lite.jpg
A must have, for people who can not afford buying CISCO 7960 IP Phones.

Xten has developed X-Pro and X-Lite softphone products, which are full featured H.323/SIP phones for Windows and Mac.

X-Lite is the free version of X-Pro with limited feature set.
I use X-Lite as IP Phone on my laptop, before getting a shiny new Cisco 7960 handset.

Current project is to making it work with Asterisk.

More details coming soon...

Blocking P2P traffic

By Babak Farrokhi on November 26, 2003 2:33 AM | | Comments (51) | TrackBacks (1)
After web traffic, P2P consumes big amount of your invaluable bandwidth.
Once you block in, you will findout how much of your bandwidth was being wasted by P2P programs.

I managed to put up a simple access list (in FreeBSD ipfw format, but you can convert it to your favorite format easily) to block this sort of traffic, and the result was acceptable.

My /etc/ipfw.conf: 
# kazaa - fasttrack clones
add deny tcp from any to any 1214
add deny udp from any to any 1214

# edonkey and clones
add deny tcp from any to any 4661-4672
add deny udp from any to any 4661-4672

# winmx and napster
add deny tcp from any to any 6257
add deny udp from any to any 6257
add deny tcp from any to any 6699
add deny udp from any to any 6699

# bittorrent
add deny tcp from any to any 6881-6889
add deny udp from any to any 6881-6889

# gnutella
add deny tcp from any to any 6346
add deny udp from any to any 6346

After applying above restriction, I saw a 10% drop on our traffic.

I was trying some hours to find a comprehensive list of known P2P protocols and their TCP/UDP ports, but I couldn't. I guess no one has tried to make one yet.
I am thinking of making this list here, on my website, which would be very useful for network admins.
That would be a list of P2P protocols and their associated applications, as well as their Layer 4-7 information, to make them easier to control or block. It is a basic idea, and needs to be cooked well.

I would be happy to see your helpful comments on this subject.

Dumb defaults

By Babak Farrokhi on November 22, 2003 6:22 PM | | Comments (1)

NWFusion:

Network World calls on Cisco and other security vendors to fix default settings that leave users vulnerable to attack.
How secure is a system that accepts passwords sent in the clear? Just as worrisome, how many network managers will remember to disable these defaults?
They are right. Many security devices come with dumb defaults. Telnet access or plain text HTTP authentication.

Read this article here.

W32.Swen

By Babak Farrokhi on November 20, 2003 2:29 PM |

It's a worm. A very wide-spread worm. And one of my mailservers is rejecting at least 50 copies of this worm everyday.
Now Chris Cemper has the same problem.

How often do you really scan your computer for viruses? How often do you update your antivirus definition database? How many of you have even installed an Antivirus on your windows pc?

Google Censorship

By Babak Farrokhi on November 17, 2003 4:14 PM | | Comments (3) | TrackBacks (1)

I bet Jeremy Zawodny will like this one: Google Censorship
I discovered it while trying to search "kazaalite" in Google. Try it yourself.
The result is interesting. They alter the search result, due to a DMCA complaint!

Yahoo! is not involved in this censorship business yet. Maybe its the time to switch.

SORBS is NOT fading out

By Babak Farrokhi on November 15, 2003 11:25 AM |

Good news is that Matthew Sullivan of SORBS has posted a comment to one of my previous posts about SORBS and stated that SORBS is still alive and "is not going away anytime soon".
In fact, I have SORBS in my RBL check, and it is working just fine.

Thank you SORBS!

Sun Java Desktop System

By Babak Farrokhi on November 11, 2003 5:31 PM |

Sun enters i386 desktop market with its new toy: Sun Java Desktop System (previously known as Project Mad Hatter).

In a galance (my take from brief explanations and screenshots), it is a linux with Gnome and stuff. Of course a Sun theme is applied! Mozilla Suit + Evolution is in place for internet users, as well as StarOffice which claims to be MS Office replacement.
Sun is also planning to replace linux with Solaris in mid 2004.

Product homepage is available here.

Virtual Hosting on FreeBSD

By Babak Farrokhi on November 10, 2003 10:46 PM | | Comments (4)

I am looking for a web based control panel solution for Virtual web hosting on FreeBSD servers. I am planning to use Postfix as MTA and apache 1.3 as web server, as well as MySQL and PHP.
The server is up and configures, and I am playing with standard solutions like cPanel and Ensim. But none of them is what I really need. Even worse, I did not find any OpenSource and free solution.
I am thinking of making one for my specific need, but I still believe there should be a complete, reliable and free solution out there to make life easier.

p.s. No clue at HotScripts.com either.

IPFW Bug

By Babak Farrokhi on November 10, 2003 10:16 PM | | Comments (1)

I was struggling with this bug for a while, untill I suddently figured out that removing IPFW2 from make.conf and KERNEL config addresses this issue. This has not been solved since late august, and seems like no one is interested in fixing this bug. :-(

update: Fixed the link.

Spell Checker for Cisco IOS

By Babak Farrokhi on November 5, 2003 10:29 PM | | TrackBacks (1)
Working overtime on a complex issue, I found this interesting spelling error in cisco IOS:
CORE(config)#int ser2/2
CORE(config-if)#random-detect ?
  dscp-based  Enable dscp based WRED on an inteface
  prec-based  Enable prec based WRED on an interface
Note the "interface" spelling :-)

Maybe I have had to leave earlier.

IPv4 address space - Not so critical issue

By Babak Farrokhi on November 3, 2003 12:24 AM | | Comments (1)

RIPE Reports:

Based on today’s total global allocation rate of approximately 4.25 blocks per year in 2002, or 5.5 blocks in 2001, and the remaining pool of 91 blocks held by IANA, it is unrealistic to assume that there is an imminent shortage in the IPv4 address space. Even allowing for a dramatic increase in address consumption rates, it is highly probable that IPv4 address space will last well beyond the two years predicted by some.

Given the fact that migrating to IPv6 is a real pain for many networks (Lack of software, hardware and knowledge), I think many providers will stick with old IPv4 for a long time, and IPv4 will remain as main internet protocol while IPv6 operates as a secondary protocol for modern devices and applications.

I bet we won't have a good global IPv6 deployment before 2007.

Office 2003 - Second Episode

By Babak Farrokhi on November 2, 2003 9:25 PM | | Comments (2)

I am loving Office 2003 more and more:

- Outlook 2003 might be slower than Outlook 2000, but is it a fair comparison?

- When you set Outlook 2003 to minimize to tray, it just occupies less than 2 megs of memory.

- "Search Folders" is an excellent feature. You can setup a dynamic folder to show you only mails bigger than 5 megs, or mails with attachements, or mails with red flags.

- When you receive an email in outlook and it is minimized, it pops up a semi-transparent window on bottom-right corner of screen (above system tray) that shows message subject. Clicking on this window, opens up received mail.

- Junk mail folder catches almost 80% of spam.

- It does not load images in HTML messages, if they are from an external website. Loading an image inside HTML message works like a read-receipt for many spammers.

I really had no more time to explore new features of Office 2003, since I was playing with UNIX boxes and network equipment all the day.

« October 2003 | Main Index | Archives | December 2003 »