Wednesday, August 29, 2007

DNS and ISA Server

A shout out to my friend Velan Ramalinggam, thanks for your help today :)

We just got back from a customer's site and they had a complain that after enabling ISA server proxy forwarding option through routing, the ISA server became a crawl. Although direct, the access is pretty acceptable.

After some initial diagnosis, we found that the DNS was not forwarding to external DNS servers correctly. We fixed it by changing to a valid external DNS forwarding server and everything seem to worked pretty well.

So in conclusion, we noticed that the ISA had rules that refer to websites (names). There were around 20 such rules. By enabling such rules, for example, block the website, the ISA server would then need to resolve this name to IP and evaluate the rule whether it is a match or otherwise. Since the DNS didn't resolve the names in those rules had to wait for a timeout then moved on to another rule and so forth. This caused a significant delay in evaluating those rules before it reaches the rule that allows people to browse when there's a no-match. One would think, well, since i am forwarding packets through a proxy "in front" of the ISA why would you need such DNS resolution (especially to an external DNS)? Well, this is by design and in some versions of ISA server, we can disable this lookup feature provided if we do not have rules that have names (external names particularly) and we forward ISA's web requests to a forward proxy.

Remember though, internal name resolution must work correctly especially if you use Active Directory and have internal/intranet websites.

Please note that you need name resolution to internet sites if you do not have a forward proxy configuration. In cases where you do forward to a forward proxy and you do not have names in your rules, you could wish to disable name resolution on the ISA server for external sites. An article from MS talks about this but this is for ISA 2004, not sure if ISA 2000 (which was what my customer had) has a way to do this or not!...

Tuesday, August 21, 2007

Go figure

We bumped into this piece right after lunch. Figure out what's wrong with it!!!...

bart would say...aye carambe!

Download MP3s via Google Search

I start with a disclaimer: I do not advocate piracy nor support it. Whatever you learn from this and how you apply it to your benefit/misfit is completely beyond the purpose of this article. Be responsible for your actions or inactions :P

OK. Sigh of relief. Now lets start.

A day ago, a friend (see Frank's Blog) sent an email about how one can get files directly using google's advance search techniques. This applies to movies, documents or virtually any file that google may have inside it's crawled database. How this search works. Lets see the contexts or slap this line inside google's search tab:

-inurl:htm -inurl:html intitle:"index of" mp3 "ziggy marley"

The exact same line above will return sites that have MP3 extensions that contain the words "ziggy" & "marley". The "-inurl:htm and -inurl:html" tells google to look for the extensions within HTML documents only (you could also add -inurl:asp or -inurl:aspx). These are pages that google crawls which can also include text or PDFs or whatever that's text or alike.

Now, the intitle: switch searches documents that match the HTML tag TITLE. In the above example, "index of" is a typical directory browsing format which in normal cases are file repositories using HTTP. If you for instance, upload a bunch of files inside a website and do not specify a "start page" or restrict browsing access to that directory, your webserver will automatically or dynamically return a html or htm document listing all files in that directory in unix style.

So, to translate the above query into english would be something like this. Hey google, search for mp3s containing words ziggy and marley within html or htm documents which have a title of "index of" or a directory browsing format.

Now, use only your imagination to figure out what more you can do with this.

For guided google's advance searching, go to or for help on switches using standard searches go to

Happy fishing.

Monday, August 20, 2007

Firewall Considerations


When purchasing a firewall long time ago, there weren't many things to consider as it was really the lame ole' packet and stateful filtering the few vendors boast about. Fine, that was then but these days, things seem more complex than just to say "i want that one" (ala Little Britain). Organizations need to ensure that the first unit of defense, normally the firewall, be equipped with enough firepower to thwart intelligent attacks and "noises" that come from the internet, particularly.

So, here, i try to discuss the basis of enquiry when purchasing firewalls by breaking down the methods into the soft and hard factors. Soft factors are quite tricky sometimes as its mostly subjective or open to further discussion. So, here's some of the things you should run in your heads when considering a firewall solution;

The soft(er) factors
  1. Management - Consider solutions that you are familiar with. There's no patch for human error. Nonetheless, this shouldn't be the reason for a compromise in quality.
  2. Scalability - Will the solution be able to cater for your business needs in say, 5 years?
  3. Support - Firewalls will have holes, these holes must be patch. Is there a guarantee from the manufacturer of full support for up to n-number of years that you wish to keep the unit. How about SLA from these providers? Any formal training/certification provided?
  4. Policy - Does the firewall govern and works with your current IT policy and/or a corporate policy? Will it eventually help to achieve governance and compliance?
  5. The $$$ factor - There's firewalls that cost virtually nothing to those which will have your arm and leg. I personally don't believe anything is free. In IT, free comes with a non obvious price tag on it. In reality, this particular factor determines play the ultimatum decision for the rest of the factors.
  6. Company direction - What is the type of vendor you are buying from, their proposal (and product) and business direction
Now, we talk about the more obvious choices, reasons and features that you will need to consider when purchasing a firewall
  1. Type - Hardware or Software. I don't wish to discuss which is "better". Have your own opinion, justify it and live with it
  2. Speed - Throughput vs network speeds. No. of concurrent connections/users/devices
  3. High availability, cluster, cold standby - Do you guarantee SLA for users? If so, how..
  4. Built-in AntiDOS/IDS/IPS/Antivirus/Content Filtering (e.g. web filtering, antispam, antimalware) - Should the firewall include this? Take overheads into consideration when turning on such features
  5. VPN (and sslvpn) - Do you need this? If so, again, consider performance factors
  6. Forward/Reverse proxy - Should the firewall provide application layer filtering including reverse publishing of web servers or forward proxy functions?
  7. Logging/Reporting/Accounting - Do you need extensive reporting/accounting? Do you wish to correlate with an existing tool?
  8. Protocol support - Do you need any specialized routing protocols such as BGP/OSPF/VLAN other protocols such as Authentication protocols (multi factor authentication), content vectoring/rendering
  9. Integration with existing firewalls/systems - Is there a supported configuration when using this particular firewall? Is such even needed?
  10. Others - E.g. requirements for policy governance e.g cipher strength, supported internet standards etc go get urself a firewall :)


Friday, August 17, 2007

PDF and ECard Spam

Hi there, bet most of you are wondering why's your mom (who's perhaps computer illiterate btw) sends an e-greeting for an occasion that has nothing to do with you (e.g. Indonesia's national day, today!). Well, the answer is simple, they're just SCAMS!.

Recently, i've received and done some research on two types of spam that walked right pass my antispam goofy gateway protection and my local email client antispam protection. One comes as an e-greeting with an IP address with a link claiming origin of credible sources such as There's also PDF documents that comes sailing smoothly through my (now what i believe to be a seriously goofy gateway product) antispam solution.

One quick way is to see the sender. If it's unknown, don't bother opening. If the links are dotted notations (IP addresses) don't open. They are phishing scams!. As for the PDF, feel free to read em' if you've got ridiculous time (like i have now writing this) but don't click anything within these PDFs.

Be safe .

Happy weekend

Top 5 reasons why you shouldn't connect to an open wireless (WiFi specifically) connection

When you connect to, umph, say, Starbucks's wireless networks and similar, you connect without even providing a username or password (some of these applies to web based authentication) think about these;

  1. 1. It's open, therefore there's NO encryption, everyone (can) see your traffic
  2. 2. Others can impersonate you! and do stuff you wouldn't (or would, but not in public, haha)
  3. 3. Anyone could easily impersonate the access point and become the gateway. Which mean, everything passes through his/her computer before reaching another destination
  4. 4. Your own computer can be easily exposed to unauthorized access (or attempts) since almost ANYONE can connect, which mean, the good and bad guys!
  5. 5. And finally, It's designed to be insecure! or the implementors have no clue what so ever. So, don't even expect any security on it.
Stay secure, opt for secure APs (at a minimum), if you do not have a choice, they ensure that you access only SSL, TLS or VPN type of accesses to ensure you create an encrypted tunnel between you and the destination. Wikipedia TLS or SSL for more information.

Stay secure

Wednesday, August 15, 2007

Accessing paid tech knowledgebase (for free!!!)

Its really frustrating sometimes that these communities like expert-exchange, event-id charge for a community response. I think it should be free! Anyway, i found a nasty way to access some of these information for free.

How to?
Firstly, you would probably do a search engine for a said problem, then, most likely these "paid" websites would pop up in your searches, great, but when you access, they ask to sign up and sign up requires $$$. Well, try this now, GOOGLE'S CACHED pages. Do the same search based on the keywords on that particular website/page then most likely that actual page may appear in google. Now, instead of clicking what you would normally click in google, click the CACHED link below. And viola! the page is free for you to read.

Note that the cache may be outdated, this is for cheapskates like me but if you like their service, subscribe lah...

Only your imagination is limited to whatmore you can do with it... :)