Your Second Chance to get at least one Gotchi!

With the message “Error: Passwords do not match, please retype.” Cacti tried to make my life horrible today, but not with me.

If you are running Cacti 0.8.7b (which is the standard version located in the Ubuntu repositories) you will be prompted with this error after editing a host using Firefox 3. The error is based on an auto complete bug within the form. There are two solutions to avoid the problem (which worked for me):

1. Before saving all the settings you have to delete (if not in use) the value in the password field of the SNMPv3 settings and than switch back to your preferred method of fetching information.
2. Apply the patch which was provided by RichardBronosky in the Cacti Forum solving the problem.

The easiest way to apply this patch is to cd to your cacti directory and:
1. THIS IS IMPORTANT. Verify the validity of the URI like this:

Code:
curl -L http://forums.cacti.net/download.php?id=14681

2. If it looks like a safe patch, then apply it directly from that URI via curl:

Code:
curl -L http://forums.cacti.net/download.php?id=14681|patch -p1 -N

I am so happy! After some clicks and crossing my fingers it is done. I updated my Linksys WRT-54G v2 with the most amazing firmware ever made

Actually I am using DD-WRT since years on my router, but now I made an upgrade to a VPN enabled version of DD-WRT which allows me to configure OpenVPN and PPTP to create a private tunnel to my home network.

My first try was PPTP because of the easy way configuring the router and my PC and it works like a charm. Now all my traffic is going directly through the PPTP tunnel to my network at home and afterwards gets routed into the internet. After this, I don’t have any problems with the proxy “provided” by etisalat to reach specific sites any more

Thanks all the people who invented these techniques and protocols!

Most implementations for using DomainKeys (or DKIM) and Sender ID are written and used on the level of the MTA to verify the authenticity of the message.

Now iconix has written a piece of software which allows the verification at end-user-level. That allows them to bring the whole process and system behind DomainKeys, DKIM, Sender IDs, SPF and so on from the MTA level to the end-user and in this case allows a broader mass to use the feature.

The tool has still some hick-hacks but its working quite well and the developers trying to fix problems as fast as possible. There are a lot of implementations available at the moment, for different mail programs as well as webmail systems.

If you wanna use one of the above features in your mail environment please don’t hesitate to ask the internet or drop me a message – especially if you are also one of these guys trying to give SPAM no chance. And most important – if you are using one of the incredible Ironport C-Series machines – setting up DomainKeys or DKIM verification is only a few clicks away

Once again Dubais global proxy catched one of my requests. It was a request to a specific IP (http://87.76.255.7/ – which is the weathermap for the amazing event The Gathering 2009).

Thanks to Karsten Iwen of Security-Planet.de who wrote a very good introduction about how to set up and configure AAA with the TACACS+ Service on Cisco IOS based devices.

The how-to is in German what is normally is really hard to find in the internet, English ones are really easy to get.

Have fun with the mentioned how-to “AAA mit TACACS+ im Cisco IOS”.

The Cisco VPN Concentrator is one of my most beloved devices from Cisco I do not understand why Cisco stopped supporting and selling this device, perhaps because they integrated most of the feature into the IOS. Nevertheless it is a dedicated device which is optimized only for VPN Connections.

After the “few clicks” experience the VPN Concentrator should allow the users of your network to access your internal network from anywhere using VPN Dial In. What most system administrators, like me, do not like – is administer another user and password database besides their Active Directory database. For this reason I collected two important sites which address this topic:

• Configuring the Cisco VPN 3000 Concentrator with MS RADIUS
• Using RADIUS Servers with VPN 3000 Products

Most important is to set the authentication profile right – like in the screenshot and don’t forget to tick “Unencrypted authentication”

The same procedure can be used for all other Cisco Devices – only difference is the configuration of the device itself.

Ich hab nun mehr als genug Zeit das ein oder ander aufzuarbeiten – so auch meine “Starred Items” aus Google Reader:

• Time-based IOS actions
  Einige gesammelte Informationen wie der EEM (Embedded Event Manager) funktioniert.
• Cisco Unleashed the Power of Virtualization …
  Auch Cisco kommt nicht um die “neue” Moder herum – Virtualisierung, was das bei Cisco heißt – gibts in diesem Artikel
• Catching a Torrent User
  Wie man vorgehen kann um Torrent User im Netzwerk aufzuspüren
• Logging und SNMP im Cisco IOS
  Logging und SNMP Informationen sind mehr als wichtig zu sammeln – wie das geht und Informationen zu den Techniken!
• Cisco Manages Power Usage with EnergyWise
  Diese grüne Welle kann auch manchmal – meiner Meinung – übertrieben werden.
• Flash-based DHCP database
  Wie eine DHCP Datenbank persistent gespeichert werden kann ist oft von großem Vorteil.
• Cisco in the Cloud
  Cloud Computing war vor kurzem eine richtige Religion und eine Modeerscheinung – es ist etwas ruhig um das Thema geworden, doch auch Cisco ist miteingestiegen.
• Port-Nummern im Cisco IOS anzeigen lassen
• Cisco IOS Exploitation Technique and Defense In Depth
  Das Jahr 2009 soll angeblich im Zeichen von IOS Exploits stehen – so haben sich einige findige Individuen auf die suche nach Security Löchern und Bugs in dem doch so sicheren IOS gemacht.