Linux Blog

Finding a PC on your network

Filed under: General Linux,Linux Software — TheLinuxBlog.com at 4:31 am on Tuesday, September 4, 2007

When I’m at a remote location I sometimes need to gain access to a computer that is not accessible from the internet but is on the same network as another machine that is. I have remote SSH access into the box that is on the same network but I often don’t know the IP address for the computer that I am trying to gain access to since they are assigned via DHCP.
I have a simple solution that will locate the computer I wish to use once logged into the gateway in no time. The program needed is from our friends at insecure.org and is called nmap. It is a pretty standard tool so it should be included with your distribution. However if you do not own the Linux machine then it may not be installed or you may not have the ability to install it or have sufficient privileges to run it.
Basically what nmap does is scan the network.
The command I use to scan a whole subnet for my host is:

nmap -sP 192.168.x.x/24

The type of scan I use is a ping scan, I only determine if the host is online. If I know the DHCP pool starts from 1.1 and ends at 1.100 then I would use:

nmap -sP 192.168.1.1-100

This will yield faster scanning results since it only has to ping 100 hosts not the whole subnet.
Sometimes if the environment is a busy one (one with lots of hosts) a lot of online IP’s will be returned and its hard to identify which one your trying to connect to. I remedy this by just scanning the host range I need that only have port 22 open.

nmap 192.168.3.1-100 -sT -p22

The -sT option doesn’t require the user to be root but if you have root the -sS option is better as it gives detailed information such as the mac address which can come in handy if you happen to know what brand of network card is in the computer you are trying to log into.

This will work to find a computer on a network with Linux but it still requires you to know a little information about the PC your trying to find. If you need a better way of finding your PC’s I would recommend using static IP’s and DNS. Give it a shot if your on location somewhere and need access to your computer.

Ubuntu & Gentoo Servers compromised

Filed under: General Linux — TheLinuxBlog.com at 11:00 pm on Wednesday, August 15, 2007

The case of the Ubuntu servers being breached [wiki.ubuntu.com]
Missing security updates and system administrators not running updates on servers is a problem. I don’t know why they didn’t do any updates past Breezy. They suggest that it was because of problems with network cards and later kernels but I don’t get it. Since when do software updates for an operating system have anything to do with what kernel is running? If there is a problem with hardware support for the network card you have two choices. The first is to fix the driver yourself or pay some one to do it. The second is to replace the network card to a better supported device. Both situations could be costly but it would get the problem fixed and five of the servers wouldn’t have been taken down at the same time.
If the kernels were configured correctly, the boxes probably wouldn’t of even had to have been rebooted.
Running FTP instead of a more secure version is not so bad unless they were running accounts with higher privileges than guest or using system accounts. In which case thats just stupid.

The Gentoo Situation [bugs.gentoo.org]
Apparently there is a problem in the packages.gentoo.org script. The bugzilla article goes into deeper explanation but basically there is some pretty unsafe code which could have allowed any one to run any command. I understand that the code is old but it probably should have been audited at some point. The problem would have stuck out like a soar thumb if looked at by a python coder and they probably would have fixed it, or at least suggested a fix. The problem was found on Tuesday the 7th. All of the infra- (I assume they mean infrastructure?) guys were at a conference last week so they couldn’t work on it. It still seems that if they were at the conference until midnight on the 12th they would still have been able to put up a coming back soon placeholder on the packages site by now. Hey, if they put some pay per click ads up there maybe they will get some additional funds during the down time. I would like to see what products would be pushed thru the advertising on that one. I believe that they could have reduced the downtime by releasing the code for the packages.gentoo.org site as open source or by asking for help from developers to review and upgrade the code as needed.

Its not strange for web servers get hacked. They get hacked all the time but who’s fault is it in the open source community? I really think that there is a problem in the community when it comes to situations like this but the blame can’t be placed on any one person. I would offer any assistance I could into getting these situations resolved but its not as easy as that. There has to be a certain level of trust for those working within a project. If they gave out keys to their servers to anyone the servers probably would have been compromised a long time ago. I hope that the affected sites can pull them selfs together and get back up and running as normal. It seems that Ubuntu did not have complete down time, but the Gentoo site is still down and there is no indication of when it will be back up.