Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Solaris->Fedora6 unidirectional problem

from [Pål Baltzersen] Network Security [Permanent Link]
Subject: Re: Solaris->Fedora6 unidirectional problem
Date: Fri, 25 May 2007 13:33:21 +0200 
Daniel Anderson wrote:

Three things to check:


Thanks for the ideas.


1.  Look for collisions on the network ports (we're looking for symptoms
of a mis-matched duplex on your network)


solbox1# netstat -ni -I skge0
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
skge0 1500 10.0.0.0      10.0.0.1       1640325 0     3560947 0     0      0

fc6box1# netstat -ni
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR 
Flg
eth0       1500   0  7400218      1      0      0  4314345      0      0      0 
BMRU
lo        16436   0   161876      0      0      0   161876      0      0      0 
LRU

These two are connected by a crossover cable (the singe RX-ERR is old)


2.  Run a 'netstat -an | grep SENT' on both ends during the 10 minute
wait (maybe in minute 1 or 2)


No *SENT* only ESTABLISHED:

ssh -X 10.0.0.30

sol (client):
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q    State
10.0.0.1.35651       10.0.0.30.22         18480   6995 49640      0 ESTABLISHED
(vanishes immediately at timeout. I didn't (manage to) see any sort of WAIT)

fc6 (server):
Proto Recv-Q Send-Q Local Address               Foreign Address             
State
tcp        0      0 10.0.0.30:22                10.0.0.1:35651              
ESTABLISHED
(stays at least 30 min after the timeout)

Note the "6995" (Send-Q) at the client side. I get this repeatedly whith ssh -X 
10.0.0.30,
but the interactive 'ssh -x 10.0.0.30' sessions (like the one i use to do 
netstat on fc6)
have a 0 there. Does that ring any bell?

I have only default tcp-stack settings. Should I play with Solaris ndd | 
/etc/system ?


3.  Name resolution (IP to name and name to IP) on both ends, do them
each a couple times, make sure you are seeing what you expect


No problems; symetric 1:1 name<=>addr, client&server and no timeouts. The 
Solaris box is
the nameserver. Even tried bombarding:
# repeat 20 host 10.0.0.30

The other solaris/FC6 network has a similar config, but not identical, although 
I
configured both and most likely have configuered them with the same error, if I 
could
figure it out -- or someone could figure it out for me :)

This solbox has nge on the Internet-side (waist of GE, but any way) and skge0 
on the
inside (skge0 hasn't been bulletproof, giving sporadic PCI-errors that only 
reboot fixes)
The other (more remote) has nge0 on both sides, and has been stable (with the 
exception of
this problem), and has a cheap soho GE-switch on the inside.
All FC6 boxes have identical HW with 100T e100 eth0.
The Solarisboxes are "headless" 24*7 home-server (NFS/ZFS,SAMBA,FW/GW) while 
FC6 are desktops.
I've moved big files like DVD-images over NFS at the expected speed of ~80Mbps.

-- 
Med vennlig hilsen / Regards
Basefarm AS
Pål Baltzersen

Attachment: pb.vcf
Description: Vcard

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SSH tunnel question., Leif Ericksen
Next by Date:  Re: SSH tunnel question., Dan_Mitton
Previous by Thread:  Solaris->Fedora6 unidirectional problem, PÃl Baltzersen
Next by Thread:  OpenSSH vs. SSH.COM Key Management, Dan Reidy
Indexes:  [Date] [Thread] [Top] [All Lists]