MultiMail - SMTP Stress Testing Tool

For a while I was looking for an email stress tool which could help me sending hundreds of emails to a single mail server with designated properties like a specific subject, body or attachment.
MultiMail is a free SMTP stress tool:
CodeProject: MultiMail 2.0 - Freeware SMTP stress testing tool. Free source code and programming help

Subpixel Rendering and ClearType

Subpixel rendering is a technology which makes the texts on your computer display screen appear more clear. The first thing I loved about IE7 when it first came out was the difference between the appearance of texts on IE7 and Firefox and I wished I could have the same text quality on Firefox until I found the solution when my IE7 started crashing again and again a couple of days ago and I had to make a complete move to Firefox!
ClearType is the Microsoft implementation of subpixel rendering technology and it is "turned off" in Windows XP, by default. it can be turned on though. On Vista Computers it is turned on by default.
ClearType can be "turned on" at OS or Application Level. In the case of IE7 and Microsoft Office 2007 it is turned on at the application level but to enjoy reading texts in other applications like firefox in windows XP it must be turned on at the OS level by downloading The "ClearType Tuner" from the following Link:
http://www.microsoft.com/typography/ClearTypePowerToy.mspx
Click on the following image to see the difference:
More information on ClearType:
ClearType - Wikipedia, the free encyclopedia

Dig DNS Lookup in Windows!

Every System Administrator dealing with DNS administration knows the power of "dig" command-line tool in Linux/Unix environment. But there are times when an administrator needs to monitor and troubleshoot DNS from a Windows station and she would then realizes the deprivation!
The good news is that many Linux/Unix tools have been ported to windows (Check my post about Windows IPFW) and one of them is the "dig" utility.

The windows version of "dig" can be downloaded and installed from here: http://members.shaw.ca/nicholas.fong/dig/


For those who are new to "dig" the following link helps:
Dig Howto: http://www.madboa.com/geek/dig/

A great Free IE7 add-on

IE7Pro is a free IE7 add-on which brings a lot of great features to your browsing.
The followings are the features I like the most about IE7Pro:
Search Bar: This makes IE7 search like Firefox which brings up a search bar and you can run live lookups.
Tab History: Keeps a history of all opened tabs and I can easily browse from this list
Tab Recovery: If for any reason IE7 closes unexpectedly and I have had a couple of opened tabs it will show me the list of opened tabs the next time I run IE7.
Save Session: if I save a session by loading it the next time it will open all tabs I had open at time the I saved the session. (Very useful and time saving)
Save Pages as Images: This is really wonderful! I can save a whole page in .PNG format and it works very quick.
Page Auto Refresh: This way I can set an interval on each tab which IE7 will automatically reload the page!
Auto-scroll: Once enabled it will scroll down a page automatically with a tunable speed.

Exchange Server 2007 Component Architecture

Microsoft changed the Exchange Server architecture dramatically in its 2007 edition and instead of just a Back-End and Front-End role there are five different roles; Hub-Transport, Edge-Transport, Mailbox, Client Access and Unified Messaging.

Download Microsoft Exchange Server 2007 Component Architecture Diagram From Here:
Microsoft Exchange Server 2007 Component Architecture

GFI Endpoint Security

For those who are very concerned over host security in terms of information theft or malicious code infections through CD/DVD, USB Storages,Tape Devices, Serial and Parallell ports, Printers, etc. GFI Endpoint will be the solution.
It works in a client/Server manner which the Endpoint Server controls hosts by deploying an agent to every desired host. (GFI also provides its agent in .msi file which is very good for large Active Directory Deployments.)
Endpoint makes it possible to block or put restrictions on each device type (Read-Only or Full-Access) based on users or groups and provides great reporting on all events.
If someone has Full-Access permission over any kind of available devices it will log all applications which were used and the filenames which were transfered or printed.
If you are wondering how to block access to USB and CD drives try GFI Endpoint.
For more info check GFI EndpointSecurity Here!

Exchange Server Event ID:505

Yesterday I was called in by a customer to resolve a mount issue on a Microsoft Exchange Server 2003 database. This one was new to me and easy to resolve!
I could see "Event ID: 505" in application logs saying:

Information Store (2028) An attempt to open the compressed file "drive:\Exchsrvr\MDBDATA\priv1.edb" for read / write access failed because it could not be converted to a normal file. The open file operation will fail with error -4005 (0xfffff05b). To prevent this error in the future you can manually decompress the file and change the compression state of the containing folder to uncompressed. Writing to this file when it is compressed is not supported."

Exchange server 2000 service pack 3 and later versions can not open databases which are compressed with NTFS compression feature. So the only resolution would be to uncompress the folder holding exchange server databases. for me this worked nice but Microsoft also recommends running an offline defragmentation (eseutil /d "database location") before mounting the database.
For more info check this:
Database does not mount, and you receive error 0xfffff05b after you apply SP3 to Exchange 2000

Perl and Regular Expressions

I have been drawn into an exciting area called "Perl scripting!". It is a great fun and until I started studying Perl I didn't know how much I was lost in system and network administration!
Currently, what I mostly need to do with Perl is text processing.
In my first project I needed to telnet into a Fortigate firewall, send a couple of commands, fetch the output, process and reorder the output which was the main purpose of the job and store it in a file and trigger an action if specific pattern observed in the output.
All these required complex text processing which could not have been accomplished without "Regular Expressions".
The following are the references I found very useful for me to get a grasp on "Regular Expressions" in Perl.

Regular expressions in Perl
Perl regular expressions tutorial
Steve Litt's Perls of Wisdom: Perl Regular Expression

Windows Installation Over Network!

I don't like these kind of things but I had to figure out how to boot a PC with a blank hard disk, create partitions for OS installation, format them and then start windows XP installation over network, which needs all the required drivers for TCP/IP support in MS-DOS only environment.
MS-DOS boot disk with TCP/IP networking enabled can be obtained for free at:
Universal TCP/IP Network Bootdisk
If your hard disk is not formatted you can aquire standard MS-DOS boot disks from here which comes with FDISK and FORMAT commands:
Free Boot Disks

After creating partitions and formatting them with the standard MS-DOS boot disk the Universal TCP/IP network bootdisk (Supports both static and DHCP configuration) helps creating and connecting to a network drive which holds the installation files.

Problems Cheer Me Up!!!

I love troubleshooting and fixing complex problems or those problems others couldn't fix! I tend to chase problems and when I find the source of the problem and the fix I feel like a tank full of fuel! Everytime it feels like it is the happiest moment I have ever had in my life!
What a boring life it would be, if there were no problems to fix!

Fighting Spam with Barracuda Spam Firewall

It's been a couple of weeks since I started working on a dedicated solution to fight incoming spam and I did some study on the history and mechanisms available to block spam and which methods are efficient for an Internet Data Center. I was thinking of implementing Spamassassin using Qmail as MTA, but our company policy has changed and now I am considering an Anti-spam Appliance. There are many appliances available and most of them have other security features like Firewalling, Virus scanning and DoS protection.
Spam Firewall from Barracuda Networks seems a great option to me with different mechanisms including Bayesian and great control over what should be considered spam and non-spam (ham) and provides a good visibility to what is happening on the box by its statistics. Its control panel has got a lot of screens which might bring complexity but it also gives great control and make any policy enforcement possible!
I am really impressed with the administration options and I like to get my hands on it!
Spam Firewall is actually a Linux platform running spamassassin in its core.

Free Windows TFTP and Syslog server!

It might sound crazy but I got a Cisco PIX firewall at home (PIX 501) and my internet traffic is running through it with a PPPoE connection and I have configured it to accept remote VPN connections as well in case I need to access my data at home while at work.
I was looking for a free and light TFTP server to backup my PIX configuration regularly and I found exactly what I was looking for at http://tftpd32.jounin.net/. tftpd32 is not just a TFTP server but also a DHCP and Syslog server as well. The next question was running TFTP as a service which I found the answer here: HOW TO install Windows tftpd as service.

Access is Denied: c0070005

I was called in by a customer to look into a problem they had been experiencing for a long time. On their Active Directory Domain Controller, when the administrator user logs in it receives an "Access is Denied" dialogue box with "Win32" facility and "ID no: c0070005" as bellow in "Active Directory Users and Computers" by right-clicking on every object:


Another symptom was that the administrator user could not run Exchange Server System Manager. But a user with administrator privilege did not get any of these errors.
There are a lot of causes and resolutions mention on different forums, Microsoft official support website and blogs but finally I found one matching and resolving my problem Here!
The problem was that someone or some process had added Administrator user account to the "Guests" and "Domain Guests" group! I suspect that an application or process did this modification and not a user!

Exinda Networks WAN Optimizer Applicance!

We are providing Internet bandwidth to different organizations and individuals and provide a variety of services over that bandwidth like Web, Email, and Voice. Customers can select from a category of services with different pricing matching their bandwidth or quality requirements and we need to make sure customer are receiving what they have signed with us.
Some are receiving Dedicated Bandwidth and some Shared Bandwidth and no matter in which of these two categories they fall, they expect good quality on delay sensitive services like Voice and Conferencing traffics which needs to be guaranteed. These policies can be imposed on DSLAMs and Routers close to the customer but not every detail can be addressed on Routers and DSLAMs besides it makes sense to have an appliance standing on top of the network hierarchy as a single point of policy enforcement.
Many vendors provide appliances which are called WAN Accelerators or Optimizers and they all optimize or accelerate traffic by features such as Compression, Caching, Changing TCP headers and enforcing QoS.
I have one of these appliances from "Exinda Networks" in my network for evaluation. It provides reporting through statistics and graphs and it does it really great! There are a variety of different report categories available such as Realtime, Applications, Hosts, Subnets, Conversations, and Application Statistics and in each category it is possible to get more detailed into a specific traffic type. All these reports help build up a network traffic profile and then develop and enforce proper optimizer policies to meet the concerns, criteria, and requirements.

How to Implement Source Routing With Linux

As mentioned in my previous post I got an Internet gateway which is a Linux box and I have two Internet connections connected to that server. One is a 2Mbps Leased-Line and the other a 1Mbps wireless connection. I want hosts from specific subnets have their Internet traffic directed to the wireless Internet connection while others go through the Leased-Line link.

This is easily done with Linux and iproute2 suit which is installed by default on Fedora.

By default all routes are stored in a table called "main" and by issuing the following command the routes stored inside this table can be displayed:

• ip route list table main
  

The results are exactly that same as just running the "route" command.

Any queries coming to this server for routing decisions will be looked up in the "main" table unless mentioned otherwise. But how is this possible?

It is also possible to define a new routing tables and have different routing entries inside the new defined table and apply rules so that traffic from specific sources are directed to this new table for route look up!

First:

we need to create a new table which easily handled by adding the name at the end of /etc/iproute2/rt_table. It may look like this:

10 wireless-link

Second:

New routes should be added to this table:

• ip route add 192.168.120.0/24 via 192.168.10.1 table wireless-link
• ip route add default via 80.120.99.12 table wireless-link (This defines the default route for "wireless-link" routing table)
• ip route list table wireless-link (This will display routes added to wireless-link)

Third:

Route rules must define when requests must be looked up in the "wireless-link" table!

• ip rule add from 192.168.120.0/24 table wireless
• ip rule list (display ip rules)

From now on, every traffic coming from 192.168.120.0/24 will be leaded to wireless-link table so its default route will be 80.120.99.12 while traffic from other sources will be still lookup routes in the "main" table which has its own default route (Leased-Line).

To undo ip rules and routes the following syntax must be followed:

• ip rule del from 192.168.120.0/24 table wireless
• ip route del default via 80.120.99.12 table wireless-link

Route Policy With Linux

In one of our premises I have two firewalls; A Linux iptable and a Microsoft ISA Server.
I got two Internet connections, each connected to one firewall and the plan is to remove the ISA server and add the Internet connection (currently servicing ISA server users) to the Linux box which makes two internet connections on the same server. I got around 20 VLANs and I want to split Internet traffic between these two connections based on the source address. This can easily be done by iproute2 suite. I have not done this before but I am studying it and it seems easy and straightforward. I will post more on this later.

Hardening Linux: Service Shutdown!

I am developing a security guide to provide recommendation to harden a Linux box after a base installation. One of the basic steps to harden a Linux box is to evaluate all Services and shutdown anything that is not necessary for the operation of the operating system and services it offers to its clients. Shutting down Services provides the following benefits:

• Decreases boot up process resulting in higher uptime
• Less system resources are consumed which increase the overall performance of server
• Removes / reduces the risk of any Service vulnerability or abuse

To accomplish this you should know about the functions of each and every Service. There are different documents available to explain this. Here I have found something that helped me a lot because my document is based on Redhat I have found this matching my requirements the best:
Understanding Your Redhat Enterprise Linux Daemons

Application Layer Monitoring

It's been some time since I set up "ManageEngine Applications Manager" to monitor our services availability and health status. Like many popular monitoring applications it provides SNMP (Monitoring resources like CPU, Memory, Network Interfaces, Disks) and ICMP (Monitoring Layer 3 availability) monitoring but it goes beyond that by sending application specific probes to make sure different applications and services are available and healthy. A variety of application and services are supported like:

• POP3 and SMTP
• Web Server monitoring: This includes IIS and Apache with the ability to perform URL Monitoring
• Database Monitoring: DB2, MS-SQL, MySQL, Oracle
• Microsoft .NET / Tomcat / JBoss / WebSphere Monitoing

For the complete list click here.
The top reason I choose ManageEngine was the ability to monitor URLs. We are hosting around 200 web sites and it happens that a single URL goes down while the web server itself is healthy and no sign of service fault can be recognized.
Currently I am using MS-SQL, MySQL, Apache and IIS monitors and I really like the outputs, Reports and Graphs. The GUI provides quick overall view and quick access to monitors and reports.
Another great thing is the SLA management feature which lets us defining different SLA levels and assign them to monitor groups and report when a monitoring group has violated SLA Agreement.
It is really crucial to have a complete logging and monitoring solution functioning up to the application layer. There are a lot of application layer monitoring systems available; Commercial and Free. Many vendors are now including this level of monitoring into their network monitoring products.
To learn more on Different Monitoring tools just visit: http://www.monitortools.com/

Aimlessness is a vice

"Until thought is linked with purpose there is no intelligent accomplishment... Aimlessness is a vice ... They who have no central purpose in their life fall an easy prey to petty worries, fears, troubles, and self-pityings, all of which are indications of weakness, which lead, just as surely as deliberately planned sins (though by a different route), to failure, unhappiness, and loss, for weakness cannot persist in a power-evolving universe. "

As a Man Thinketh, James Allen

Develop These IT Skills!

10 Skills an IT professional should be thinking about developing to keep on top of things in the tech world in the next five years:

1. Voice Over IP


2. Unified Communications


3. Hybrid Networks


4. Wireless Technology


5. Remote User Support


6. Mobile User Support


7. Software As a Service


8. Virtualization


9. IPv6


10. Security

Download the full text in pdf format here:
http://downloads.techrepublic.com.com/abstract.aspx?docid=305505&tag=nl.e108

Project Management and Leadership

I have always had a special interest in management topics specially Project Management. TechRepublic is one of the greatest sources available for IT Project Managers. It is not intended to be for professional project managers but helps IT specialist to improve their project management skills and visions. Here is a quick topic I found interesting on their latest newsletter:

Exhibit leadership on challenging projects

The Best Practices For Network Security In 2007

I got many Draft posts in blogger and when I feel like posting something new and I got nothing in mind I just go and review my drafts and today I came across a topic highlighting Best practices for network security in 2007.
In this topic 7 practices are mentioned in order of importance:

1. Roll out corporate security policies
2. Deliver corporate security awareness and training
3. Run frequent information security self-assessments
4. Perform regulatory compliance self-assessments
5. Deploy corporate-wide encryption
6. Value, protect, track and manage all corporate assets
7. Test business continuity and disaster recovery planning

For the complete article click bellow. If you interested in security from the management perspective don't miss the link. You will find lots of interesting links to valuable resources you can not find in one place.

Computerworld - The best practices for network security in 2007

Started CCSP Path with SNPA

After a relatively long time I took the 642-522 exam known as "Securing Networks with PIX and ASA - SNPA" today and passed smoothly. I could achieve this by studying Cisco Press SNPA official certification study guide and hands on experience on cisco PIX devices.
SND is the next stop...

A Complimentary to PHP-Syslog-NG

Its been a long time since I ran my php-syslog-ng server and I did a tough job to monitor, troubleshoot and make improvements to the logging system so that it makes more sense and acts more effectively. Since I was dealing with more than 150 devices sending their log messages down to my syslog-ng server a top task was to filter all unnecessary logs which is only possible with Syslog-ng and this great feature helped a lot to block thousands of logs.

Current statistics show around 400,000 logs per month which is great improvement against the over 5,000,000 logs from the very early months and I hope with stricter monitoring on redundant logs this number can still be reduced.

I am thinking of a Complimentary GUI to my PHP-Syslog-NG interface presenting analytical reports and I have already documented the requirements and asked a PHP developer in. I like it to provide a lot of different statistical reports and charts so that I can easily track and address issues.

How To Set Up A Linux Syslog Server

Any network administrator in charge of a few network devices would like to keep a record of the events on these devices like:

• who logged into devices (or tried to connect to network devices)
• when does he/she try to login
• what did she/he do after login
• what changes and events have been announced on the device (like interface status change)

And lots of other information that might give a clue about a policy violation or tracking a series of events that led to a network disruption incident.
What I am talking about is to have a simple SYSLOG server in place to collect all log messages to a central location.
If you need to setup a quick and easy syslog server just follow the link bellow. It is meant for Debian but will work on almost all Linux distributions :
Linux Syslog Server - How To Set Up A Debian Linux Syslog Server

Linux Traffic Control, DNS ALG issue , and Service Monitoring

I am busy with a couple of interesting stuff that keeps me away from posting here.
First,
I am working on a linux box which is an internet gateway and controls traffic using iptable and at same time it acts as the inter VLAN router for around 10 VLANs using 802.1Q. I am trying to run some sort of QoS to put traffic control on every VLAN for their internet usage. And with Linux this will be easily done with a tool called TC.
I have expressed that before but it is worth to mention again that with linux we will get tons of outstanding networking features that gives us full control on our network and what is running behind the scene on the wires! I am really impressed!!!
Second,
My firewall is not handling DNS ALG as expected so it has brought us some disturbance. Everything is fine with outside to inside regular DNS queries but when a DNS query for PTR record comes in, DNS ALG does not translate the IP address in the response payload while it does so when it comes to Forward queries. According to RFC 2694 this should work unless our Firewall is not RFC compliant. I am documenting the issue regarding RFC to send it over to our Firewall Vendor.
Third,
I was studying available service monitoring tools to monitor our IDC services and servers and nearly reached to the conclusion to implement "ManageEngine Applications Monitror" and I already have a pilot server in place. I will post on it later.

Monitoring in a Data Center

I was thinking what we need to consider for a thorough monitoring strategy in an IT environment like a Data Center. There are various areas that should be monitored to meet High Availability. Monitoring can be categorized as follow:

• Physical Access
• Environmental Parameters
• Hardwares
• Bandwidth Usage
• Server Connectivity
• Server Resources Usage
• Service Availability
• Traffic Analyzing
• Log Analyzing

For each monitoring category there are many tools available both commercial and free (Mainly Open Source) that can be obtained and implemented. Some tools might cover more than one of the above categories and some just limited to a single category.
Having all of these monitoring services and procedures in place might be too expensive for some organizations and based on priorities and needs one or some of the above might be picked up.
I will post more about monitoring later.

RFC 4732 - Internet DoS Consideration

I came across RFC 4732 which is titled as "Internet Denial-of-Service Consideration". In the abstract it says "The aim (of this document) is to encourage protocol designers and network engineers towards designs that are more robust".
This is an appetizing topic for every network administrator.

Internet Denial-of-Service Considerations

The Challenges of a Firewall Administrator

A firewall administrator must have a good understanding of the applications and the way they work behind the scenes. Some protocols are unruly in their communication pattern and some put layer 3 and layer 4 addressing in payload which adds another twist to the problem. at last, sometimes the direction which the protocol is initiated is unclear!
When working with firewalls to provide access to services and applications the following must be considered carefully :

1. Some protocols are untruly in their communication (FTP)
   
2. Some put addressing in payload (FTP, SIP, PPTP)
   
3. Some confuse us about the direction of the communication (SNMP, SNMPTrap)

So anyone who is in complete charge of a firewall needs to know how the communication of protocols happens.
Do we need an inbound or outbound connection? (Where will the traffic be initiated?)
Is it TCP or UDP or do we need to put a protocol number?
Do we also need to handle address translation in payload?

All this brings up a great challenge to a firewall administrator which makes him to get to know applications and protocols well enough to tackle the problems.

Changes in Exchange Server 2007

Here is a list of things that were considered a requirement or limitation in exchange 2003 but we can say "NO" to, in exchange 2007:

• Installing SMTP and NNTP services prior to exchange 2007 installation not required anymore.
• No need to run ForestPrep and DomainPrep manually. Exchange 2007 installation will handle this automatically.
• OWA users don't need to have Microsoft Word, Excel, Powerpoint and even PDF reader installed to view attachment of these sort. The new OWA will convert them to HTML.
• You don't need a VPN tunnel if you have received a link to a file share or sharepoint service via OWA. The LinkAccess retrieves the document.
• If clients are running Outlook 2007 there is no need to worry about the configuration. Exchange Server 2007 automatically discovers the client and configures its Outlook profile upon log in.
• No need to consider Exchange Routing Groups anymore. The exchange routing topology is simplified and is build on existing Active Directory Sites.
• No "Recipient Update Service" anymore!
• No "Front-end" and "Back-end" servers! In the new modular architecture things are different and the "Edge-Transport" role takes the position of front-end which is also more secure. An outstanding security relief is that "Edge-Transport" does not need to be joined to the domain! I like this very much.
  
• There is no "Recipient Policies" in exchange 2007. Instead we have "Accepted Domains" and "Email Address Policy". Changes to recipients apply in real-time now.
  
• In Exchange 2003, Journaling was possible at the mail-box level but Exchange 2007 has gone beyond that and journaling can be accomplished per-database, per-user, per-distribution group and also it can be narrowed to internal or external emails.
• No "Storage" size limit on Exchange 2007 Standard Edition (75GB on Exchange 2003+SP2)
• Global Address List browsing is possible in OWA 2007 like it is in Microsoft Outlook (We could only search GAL in OWA 2003)

Well, there are more cool stuff in Exchange 2007 and this list just points out the facts that I was interested in so it is incomplete because my knowledge on new features in Exchange 2007 is not thorough.
I will try to add more lines to this list upon progress in my findings.

When Things are Predictable!

When all services run as expected for a while and all implementations go as the documentations said, I get really bored! I like things acting different and unexpected. I love it, and I am sure Many Sys/Net Admins love it too ;-)

How to Add Persistant Static Routes in Linux

At times, when I work on my linux box I forget about the configuration file game and expect some tasks to be completed just by putting some commands in the line!
This is the second time that I forget adding my static routes to the config file and wake up after my server needs a reboot and things start going wrong afterwards!
The easy way, which works in any distribution is to simply add routes in /etc/rc.local but this is not welcomed by many professionals:
route add -net 192.168.125.0 netmask 255.255.255.0 gw 192.168.110.1
route add -net 192.168.145.0 netmask 255.255.255.0 gw 192.168.110.1

But to do it properly in Redhat and Fedora distributions we have to create a configuration file for each interface. For example, for all routes that need to go out from "eth1" a config file named "route-eth1" must be created in "/etc/sysconfig/network-scripts/route-eth1" containing the following:
(I will take the above route as example)

GATEWAY0=192.168.110.1
NETMASK0=255.255.255.0
ADDRESS0=192.168.125.0

GATEWAY1=192.168.110.1
NETMASK1=255.255.255.0
ADDRESS1=192.168.145.0

So if there are different interfaces that correspond to different routes we should expect config files like "route-eth0", "route-eth1","route-eth2" in "/etc/sysconfig/network-scripts/"

MySQL table crashed again on Syslog server!

A couple of days ago we were having a downtime so I had to shutdown all my servers including Syslog server which is a php-syslog-ng server, as mentioned in my previous posts. But after it came back online no logs were collected anymore and by closer examination I found out that the "logs" table in MySQL has been marked as crashed and automatic repair didn't help either(Through mysqld log files and "check table [tablename]" through mysql client).
I used "myisamchk" tool which is used to check and repair MyISAM tables as follow:
[root@logcollector]# myisamchk -rf logs.MYI (tried the quick mode first but not helpful)
It took eight hours to check and fix the indexes!
This was the second time that my syslog-ng server went down for about 2 days because of a failure in MySQL table. The first time a sudden and unexpected shutdown brought about the table crash but this time was different. I am doubting that mysqld couldn't shutdown its databases safely and that might be because there are more than 150 devices sending their messages to this server. Checking my past rotated syslog databases I see that each month I have a database of 15 to 20 GB in size. I am thinking of some way to split my database into different parts to make it easier to handle.

Firewalling Windows Servers with IPFW

For some time I spent thinking of an IPTable like firewall for host protection on windows servers and I didn't know whether there is one available until I gave it a try and surprisingly found WIPFW. I find it very cool to have a unix based firewall on my windows boxes!
WIPFW is the Windows version of FreeBSD IPFW firewal and It can be used on any version of windows, starting with windows 2000.
It gives a lot of flexibility in the way rules can be applied to different sort of traffic and it can also keep track of the states of packets as well. There are a lot of great features that comes with it and it can be checked through its online documentation. Any IPTable administrator can figure it out quickly.

Some missing features in its current release(0.2.8) are as follow:

• Unable to change packet contents
• No traffic shaping capabilities
• Does not support SNAT and DNAT

Check here for documentation and product download:
WIPFW: Windows Operable Version of BSD IPFW

Check also here for more info on WIPFW:
Jameser's Tech Tips: Stateful Packet Filter for Windows

Learn more about the original IPFW:
ONLamp - BSD Firewalls: IPFW
IPFW How-To

GRE Tunnel Problem

I have got two GRE tunnels from NOC to two remote sites and since I set these tunnels up, I got problem with one of the management softwares. It happens that it stops responding and generates "Time Out" messages when it is left idle for about 10 minutes and after 2 or 3 unsuccessful tries it comes back to life. All other connections (RDP, FTP, SSH) through these tunnels function smoothly at any given time but our NGN department engineers are getting annoyed once a customer calls, since they need to send their commands a couple of times until their software responds!
One GRE tunnel is setup between two Huawei Eudemon firewalls and another between a Huawei Access Router and an Eudemon firewall.
My studies show that this behaviour is due to over sized packets as a result of added tunneling headers.
I will be posting more on this issue once any progress made.

Got problem with Linux memory usage?

If you are coming from the windows world you might wonder about a lot of things while taking your walk into Linux world, as I did. One of the odd things is the way that Linux handles memory. Once a Linux server is up for a while you can notice that the system has eaten up all the available memory, and doesn't let a bit of it go free and you might wonder why you have left less than 10MB of free memory out of 1GB using the "Top" command!
First time I noticed this, it was on a Fedora core 5 with Apache and MySQL so I thought it is a database server thing that also happens on MS-SQL servers but got surprised when I came across the same issue on a different server with the same OS acting as an Internet Gateway, also handling the Inter-VLAN routing for 6 VLANs with small number of clients in each one.
The point is that unless your server is not using its swap space, it is OK. To find out how much memory is actually available, use the "free" command and look at the "-/+ buffers/cache" row.
To figure out how Linux handles memory and relieve the confusion, check the following link:
Linux Memory Management

What's new in Outlook Web Access 2007

This flash presentation from Microsoft gets you through the new features of Outlook Web Access(OWA) in Exchange Server 2007. Microsoft is making it possible to do away with Outlook software with these great improvements. Now, everything can be done by OWA as easy as the standalone software. I really love these guys at Microsoft!
Do not miss this:
Microsoft Exchange Outlook Web Access

Microsoft FTP Service Default Behavior!

On Microsoft FTP server when there is a folder named after the logged in user in the defined FTP root folder then once the user has logged in, it jumps to that folder automatically. This is what I knew from some time ago but some days ago I made a new discovery! When there is no relevant folder to the logged in user, Microsoft FTP service does not give up easily and looks to see whether it can find a folder named "default" and jumps to that directory if it is located in the FTP root folder! I am not happy with these undocumented behaviors and I couldn't find any answer on how to change these defaults.

Response Splitting and Cross Site Scripting Attacks?

I was doing some study on "HTTP Response Splitting" and "Cross Site Scripting (css/xss)" and found some great articles which is worth sharing it:

• Divide and Conquer; HTTP Response Splitting, Web Cache Poisoning Attacks and Related Topics
• What is HTTP Response Splitting?
• What is Cross Site Scripting (css/xss) ?

Syslog Message Header Format

Finally I fixed my problem with huawei syslog messages! Actually I found a work around to it on my Syslog-NG server. There is a bad_hostname("regexp") directive in syslog-ng configuration file which can be used to ignore wrong hostnames extracted from syslog header messages if specified, and the cool thing is that you can use regular expresions to specify a range of hostnames matching your criteria. Once a bad_hostname matched syslog-ng will look into the IP header instead for the source address and places this address as the hostname.

But to realize what exactly the problem was I decided to take a close look into RFC 3164. Section 4.1.2 says:

• The HEADER contains two fields called the TIMESTAMP and the HOSTNAME.
• The TIMESTAMP field is the local time and is in the format of "Mmm dd hh:mm:ss" (without the quote marks)
• A single space character MUST follow the TIMESTAMP field
• The HOSTNAME field will contain only the hostname, the IPv4 address, or the IPv6 address of the originator of the message. The preferred value is the hostname
• Example: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8

It has firmly defined how a syslog message format should be and to see how Huawei is complying with this format I have captured traffic from huawei routers and switches with tcpdump:
>Oct 28 16:15:03 2006 SHZ-C2H-Router IFNET/5/UPDOWN:S[|syslog]

OK! instead of the HOSTNAME stgraight after the TIMESTAMP I see "2006" which is the YYYY part of the current date on huawei devices!
Anyway, as soon as the bad_hostname directive is there no need to bother for this kind of problem!