In the Backtrack menu under Information Gathering > Network Analysis > SMB Analysis there is a menu item named smbclient which should actually be named smbclient.py. While the smbclient.py script does actually use smbclient it provides a different interface, commands, no switches, etc. making it fairly different than smbclient itself. While both smbclient and smbclient.py are supposed to provide the same end results they don’t because smbclient.py is extremely buggy so I will be writing an article on each so there is no confusion.
Earlier while analyzing a Linux server it was pointed out to me that the Apache logs were filling up with constant connections requesting domains that were not configured on the server. To me it looked as if a load balancer somewhere was misconfigured and sending traffic to our IP address by mistake but I needed to open a ticket with the colocation provider to have them look into the issue further since the network in this case is not something I have any control over. Below is a quick Linux command that will output a list of IP addresses making port 80 connections to your server.
Recently while working on some node or instance automation using RightScale I needed to have some extra iptables rules created automatically when a new node booted. Initially I was just trying to do this via iptables commands which I note below but it would never work. After digging through the logs I realized that the iptables commands created by RightScale for the ServerTemplate I was using flushed iptables at the very end of the boot process and thus wiped out the iptables entries created by the RightScript I had created. To accomplish permanent iptables entries for a RackSpace node via RightScale you need to output the iptables command to a file in the location where the boot process picks them up after flushing the current ruleset. Below I describe my first attempt followed by the correct way to have iptables entries picked up by RightScale.
I remember being so happy about 0trace when I started to write some Backtrack related articles because even though 0trace is fairly simple it is really useful to locate the full path to devices you are investigating. In the article below I will explain the necessary 0trace input from the command line, what needs to be done to complete a successful trace to a target using 0trace, and provide some example of devices in front of and behind a firewall blocking ICMP or traceroute requests.
Not sure if Fortinet makes it impossible to find the FortiClient SSL VPN application for Mac OSX on purpose or not but it appears to be free for the simple client version so I wanted to provide a location to download the client easily. On Windows you can bring up Internet Explorer and make a SSL VPN connection easily but since IE is not available on OSX it is necessary to have the stand alone FortiClient SSL VPN application. Be careful if you are going to download the Fortinet FortiClient elsewhere as if it is anything other than the simple SSL VPN client it is really bloated.