What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

Unix Edition

Mar. 14th, 2000 Part Two

.... .- .--. .--. -.-- .... .- -.-. -.- . .-. -.. .. --. . ... -
See the Happy Hacker web site at http://www.happyhacker.org
Firewall gives you problems? Try http://happyhacker.org
.... .- .--. .--. -.-- .... .- -.-. -.- . .-. -.. .. --. . ... -

***********************************************************************
*** Perl 101 Lesson 7
***********************************************************************

Ok, in the past few weeks, we've covered some basic operations... but there's
been one thing (well, several actually, but one main thing)... we have no way
to take in input. So, as most of you probabaly know right now, there exists a
concept in Unix called STDIN. STanDard INput is the place where all input goes
to, whether it's from the keyboard, or from a pipe (as in cat file | more ...
more reads from STDIN). In perl, you can use <STDIN> as a sort of variable. By
typing:

$var = <STDIN>;

the next complete line of text (all characters up to and including the
newline) will be store in $var. This is where chomp comes in handy, you can
then run chomp($var) to cut off the newline. You can combine those into one
statement, and just write:

chomp($var=<STDIN>);

Now, our program can listen, but, of course, the program needs be able to talk
(unless you're writing a program to substitute for you when your
parents/spouse/children are whining/yelling/talking and you don't want to
listen). So, as we saw, you can use the print command. Print takes a string
(well, actually, it can take a series of variables, but let's stick to one for
now) and displays them to STDOUT (almost always your screen, unless you do
something like "program.pl > file". So, for example, you can type

print("Hi");
print("Hi $name");
or even print "Hello";

The parentheses are optional. Personally, I always use them, as a carryover
from C (and most other languages in which print (or printf) is a function. I'd
advise you use them, because in some cases, they are required the get the
_intended_ output. Perl will never choke if you leave them off, but sometimes
it won't work the way you want, either.

Before you use a variable, it has a value, called undef (for UNDEFined). If
you try to treat it as a number, it'll act like 0, and if you try to use it as
a string, it will have a null value (empty string = ""). <STDIN> also can
contain an undef if reaches the end of input before a newline (either an EOF
in a file or a CTRL-D from the keyboard). You can use the defined command to
test for an undef, but we'll let that wait for a while. For now, assume your
users give enough input. (Note: this is a very bad practice, but it also makes
no sense to overload a tiny program designed to teached concepts with hundred
of lines of overhead for the purpose of illegal value checking.)

***********************************************************************
*** IP Masquarading, part 1
***********************************************************************

Mini help/tutorial/explanation on IP masquerading.

First of all, Hi, I'm Nicolas. That's mostly what you need to know about me.
I'll try to explain all you a little bit of Ip masquerading first, and if it
goes well then I'll write the advanced part of the ip Masq stuff. (Note:
English is not my native language, so I apologize for grammar and spelling
mistakes :-) ).

What is IP masquerading anyway?
How does it works?
What do you need?
Why or who would want it?
Prepearing your system

 

- What is IP masquerading anyway?

To understand how IP masqeurading works you should know a little bit of how
TCP/IP works. Although in this digest I saw some time ago a TCP/IP tutorial,
I'll explain a little bit without getting really inside of it. When you
connect to your ISP (dial up), or if you have a Cable Modem connection or any
24 hour connection, your provider assings you a unique IP adress. It is unique
both to the provider as well as to the whole Internet, or at least it should
be. This is done by assigning the ISP a range of available IP's to give to
connecting users. Why must it be unique? Whenever you try to browse a web
page, telnet somewhere, or whatever you do on-line, the connection works like
this:

1. Your computer sends specific info (saying who she is) to the destination
computer, so the info will return to someone.
2. The computer that receives your call sends back the info you asked for to
the adress your computer said she was. (Why this? Because this way, you can't
impersonate other computers for the purpose of running attacks, but I won't
get into that on this tutorial)
3. So, if your computer is who she said she was, she'll start receiving the
info she asked for, and whenever she gets something she'll say "Thanks, I got
part 1/5", send me the 2nd, and so on.

So, if there weren't unique IP's for every computer online, you might receive
info you didn't ask for, or worse, you won't get what you asked for. Now, for
IP masq... let's say you have one computer connected to both the internet and
a local network. You can use that computer as a gateway to connect local
networked computers to the internet.

 

- How does it works?

Well, let's keep using the examples,

Computer A is connected to the internet and to a Network. Computer B is
connected to the network, but doesn't have a modem to connect to the internet.
So, computer B asks computer A to ask computer C (which is any computer on the
internet) something. So, Computer C will send to computer A the info that B
wanted, and A will send it to B. C will never know that that info was going to
B instead of A, and it doesn't really cares.

 

- What do you need?

You need 2 or more computers connected by a network. One of these must be
connected to the internet (or at least be able to). In windows, you can run
some modem sharing or proxy programs that will do this, but in Linux, all
you'll need a 2.2.x kernel or higher, and some time to play with the linux
box.

 

- Why or who would want it?

Lest's say you have a cable modem conection. You have a really super high
bandwidth for just one person, unless of course, you are planning to download
every program available. Or else, you have a 56k modem connection but all that
you do is ICQ, IRC, IM, YIM, download mail, and browse pages. And what you
want to do is get the other computers in (for eg) your home network, or your
small office network, to be connected to the internet and be able to do such
things. This means less money, and less time connected to the internet. For
example, if you have a home network, you can put 2 computers on line, insted
of just one, so your kids and you, or your wife and you, or any combination
you'd like, can surf at the same time, instead of waiting to the other to
disconnect. Save money, save fights, and you can have your own firewall if you
want.

- Preparing your system

2.1 Preparing your system

I am assuming that you have a computer with Linux OS installed on it and that
you have configured your internet account. In addition, you need to know some
Linux basics like compiling your own kernel. This part is only valid if you
have a 2.2.x kernel, because masquerading went through some changes lately. If
you do not have a 2.2.x kernel running, I suggest you upgrade, because older
kernels might contain bugs, might not support your newest hardware and make
your system vulnerable to attacks. You can get the latest kernel from
ftp.kernel.org (I will explain the kernel basics here briefly)

Do as follows

mv mykernel.tar.gz /usr/src/
cd /usr/src
rm linux (removes the symbolic link to your old sources)
tar -zxvf mykernel.tar.gz
(your kernel is now being extracted default in the directory linux)
cd linux
make menuconfig (menuconfig for text based, and xconfig under x-windows)
You'll have to allow all the following

=> Prompt for development and or incomplete code / drivers
=>Enable loadable module support
=>Networking support
=>Network firewalls
=>TCP/IP Networking
=>IP:forwarding/gatewaying
=>IP:firewalling
=>IP:masquerading
=>IP:ipportfw masq support
=>IP:ipautofw masq support
=>IP:ICMP masquerading
=>IP:always defragment
=>Dummy net driver support
=>IP:ip fwmark masq-forwarding support

Note that the above options are required for ip masquerading so you still need
other codes in your kernel. When you are finished you will be prompted to save
changes. The following commands do the actual compiling and may take a from
10 - 40 minutes and will show many characters which you may not understand on
your screen, don't worry it is normal.

make dep
make clean
make bzImage
cp /usr/src/linux/arch/i386/boot/bzImage /boot/kernel
make modules
make modules_install

At this point you should edit your /etc/lilo.conf file. You should add
something like

image=/boot/kernel
label=masqkernel
root=/dev/hdax (replace this by your root filesystem, harddisk, partition, ..)
read-only

This makes your boot manager find your new kernel at boot. So if your see the
lilo prompt the next time you should type masqkernel

Next, run lilo

lilo
>>added linux-2.2.5-15 *
>>added dos
>>added masqkernel

Now you should edit your /etc/rc.d/rc.local file so the modules needed are
automatically loaded at boot
.
.
/sbin/depmode -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
.
.

These modules are needed for ftp, real audio and irc. There is only one thing
to do besides rebooting and that is enabling your IPV4 forwarding.

/proc/sys/net/ip_forward(ing)

Now you should reboot your system with your newly made kernel, and see if
everything boots properly. If not, you should retry the above steps, until you
have a properly working kernel.

 

- Running your masquerade

When you finish with your kernell all you have to do is connect to the
internet and do as folows

ipchains -P forward DENY
ipchains -A forward -s 10.0.0.0/4 -j MASQ

In order for this to work on your local network the only thing you have to
adjust is the -s parameter. 10.0.0.0 is your network address and the 4 is the
highest ip number that is masqueraded. Your server should work now.

[Editor: As I understand it, 10.0.0.0 is the number for your network, not for
any host. The 4 is because it's a class A. If you are on the class C fake ip
addresses (192.168.x.x), use /16).]

- Configuring clients

If the network works then there isn't much to do, just set the gateway value
to the Network IP of your computer connected to the internet, by typing route
add -net 0.0.0.0 gw <gateway machine>.

 

- Testing

Ping someone outside the network, try to browse something, telnet, whatever,
just try it as if it was a modem connection.

Done, you have the basis of using IP masquerading, and if you tried it, you
also have your own connection using one line with several computers. On the
next delivery, if there will be any, I'll try to cover:
- IP Masquerading problems
- Firewall using your ip masquerade
- Dial on demand connections
- ICQ on IP masq
- FAQ
- MISC

[Editor: Next week, we should have the next installment, on the above topics.]

.... .- .--. .--. -.-- .... .- -.-. -.- . .-. -.. .. --. . ... -

This is a list devoted to *legal* hacking! If anyone plans to use any
information in this Digest or at our Web site to commit crime, go away! We
like to put computer criminals behind bars where they belong!

 

 © 2013 Happy Hacker All rights reserved.