Skip to content

Author: borja

PF_RING + intel igb + snort + DAQ on debian

In this article, I’m going to resume the steps to have a full packet capture solution with snort IDS and Intel NIC’s.

This solutions is based on Luca Deri’s software PF_RING, a new type of socket to exploit the capabilities of packet capture and snort.

We will follow these steps

  1. Download and compile PF_RING
  2. Compile the PF_RING aware network driver
  3. Compile the libpcap
  4. Download and compile DAQ
  5. Compile PF_RING DAQ module
  6. Download and compile snort agains DAQ

bypassing devmem_is_allowed with kernel probes

In this article I’m going to illustrate how to read the full content of /dev/mem on linux 3.x machines. I will bypass the function devmem_is_allowed with a kernel return probe.

The kernel probes is a kernel component designed for kernel developers to debug the system internals.It can dynamically break into any kernel routine and modify the function’s behavour. This proves had been heavily since yeah by kernel developers. RedHat has build an user interface to kprobes called SystemTap
You can find kprobes’ documentation in Documentation/kprobes.txt. You should also download the article example files kprobe.tgz

NetBSD i386 shellcoding

This article shows basic shellcoding on NetBSD/i386. I hope this won’t be the last on exploitation BSD archs.
The playground is prepared with a fresh NetBSD 5.1.2 installation, virtualized with kvm.

net# uname -a
NetBSD net 5.1.2 NetBSD 5.1.2 (GENERIC) #0: Thu Feb  2 17:22:10 UTC 2012  
builds@b6.netbsd.org:/home/builds/ab/netbsd-5-1-2-RELEASE/i386/201202021012Z-obj/home/builds/ab/netbsd-5-1-2-RELEASE/src/sys/arch/i386/compile/GENERIC i386

Reduce BTRFS on LVM (quick recipe)

This is a quick recipe on reducing a btrfs FS inside a LMV structure.

First, the will reduce the “content”, then we will operate over the “container”.

This is the algorithm:

  1. umount /path/to/fs
  2. resize2fs /dev/mapper/vol SIZE (see man resize2fs)
  3. deactivate the volume
  4. lvreduce -L nG /dev/mapper/vol
  5. resize2fs /dev/mapper/vol nG

btrfs is actually considered “experimental”, but is included since stable kernel 3.0.0. Btrfs is the answer from the GNU/Linux community to Sun Microsystems ZFS. You will find more info on wikipedia:

http://es.wikipedia.org/wiki/Btrfs
http://es.wikipedia.org/wiki/ZFS_%28sistema_de_archivos%29

Sound on pfSense 2.0.1

pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router.

I got it running inside an Alix2d2 board.

Alix2d2

Sometimes, with the help of a cron daemon and mpg123, I use this device as alarm clock. I attached a USB soundcard and loaded the proper kernel modules to get It working. Then, I installed mpg123 from the PKG repos. As last step, I added the “cron” package with the pfSense package manager.