How to Access Network When Everything Else is Blocked

Posted on in Categories Download of the day, Howto, Links, Linux, Linux desktop, Networking, OS X, Troubleshooting, Ubuntu Linux, Wireless networking last updated December 17, 2007

There is a program called Ping Tunnel to send TCP traffic over ICMP. From the project home page:

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:

Setting: You’re on the go, and stumble across an open wireless network. The network gives you an IP address, but won’t let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.

Absolutely fantastic — it Just Works. Download ping tunnel here.

Security Tip: Find Out Current Working Directory Of A Process Running on Linux/Unix

Posted on in Categories CentOS, Howto, Linux, Monitoring, RedHat/Fedora Linux, Security, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated February 1, 2014

For security reason you may need to find out current working directory of a process. You can obtained this information by visiting /proc/pid/cwd directory or using the pwdx command. The pwdx command reports the current working directory of a process or processes.

Find out DNS Server Version With DNS Server Fingeprinting tool

Posted on in Categories Debian Linux, FreeBSD, Howto, Linux, Networking, Security, Sys admin, Tip of the day, UNIX last updated September 29, 2007

By hiding out DNS server version number you can improve server security. fpdns is a program that remotely determines DNS server versions. It does this by sending a series of borderline DNS queries which are compared against a table of responses and server versions. (just like nmap command’s remote OS detection facility).

A nameserver basically responds to a query. Interoperability is an obvious requirement here. The standard protocol behavior of different DNS implementations is expected to be the same.

Install fpdns

Debian / Ubuntu user, enter the following command:
$ sudo apt-get install fpdns
FreeBSD user, either use ports or binary package:
$ pkg_add -v -r fpdns
Alternatively grab source code from official web site.

Howto remotely determine DNS server version

To determine DNS server version for domain, enter:
$ fpdns -D

fingerprint (, bboy MyDNS   
fingerprint (, bboy MyDNS 

You can easily find out if recursion enabled or not:
$ fpdns

fingerprint (, ISC BIND 9.2.3rc1 -- 9.4.0a0 [recursion enabled]  

To read list of servers from key board, enter:
$ fpdns -
fingerprint (, ISC BIND 9.2.3rc1 -- 9.4.0a0 [recursion enabled]
fingerprint (, ISC BIND 9.2.3rc1 -- 9.4.0a0
fingerprint (, ISC BIND 8.3.0-RC1 -- 8.4.4
fingerprint (, ISC BIND 8.3.0-RC1 -- 8.4.4 

Further readings

=> Read fpdns man page.

Shred tip: Securely remove multiple files so no one can recover file again

Posted on in Categories File system, FreeBSD, Linux, Security, Shell scripting, Sys admin, Tips last updated July 30, 2007

Shred utility overwrites a file to hide its contents, and optionally delete it if needed. The idea is pretty simple as it overwrites the specified FILE(s) repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. By default file is overwritten 25 times. I’ve seen cases where law enforcement agencies had successfully recovered data from 5 year old *not so* working hard disk as evidence. Also when you move your rented server you should consider running file shredding; otherwise new owner can get data including passwords.

Shred a single file

Securely delete a file called /home/vivek/login.txt:
$ shred -u ~/login.txt

You can add a final overwrite with zeros to hide shredding:
$ shred -u -x ~/login.txt


  • -u : Remove file after overwriting
  • -x : Add a zero to hide shredding
  • -n NUM : Overwrite NUM times instead of the default 25

Shred a multiple files

Let us say you have 100 subdirectories and just wanted to get rid of all files:
$ find -t f . -exec shred -u '{}' \;

If you have 1000s of files consider a running job in background using nohup – (execute commands after you exit from a shell prompt over ssh session):
$ nohup find -t f /var/www/ -exec shred -n30 -u '{}' \; &

Shred drawbacks

  • Shred doesn’t go well with log-structured or journaled file systems, such as JFS, ReiserFS, XFS, Ext3, etc.
  • Compressed file systems
  • RAID-based file systems
  • NETApps (Network Appliance’s) NFS server

So how do I wipe on journaling file systems?

There is no simple solution. I’ve tried different techniques.

You can store sensitive data on ext2 or fat32 file system and easily delete files. According to shred man page:

In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount).

Someone suggested to use disk encryption to store data that needs to be wiped.

Run shred on entire partition:
# shred -n 30 -vz /dev/hdb2

On remote computer, use nohup:
# nohup shred -n 30 -vz /dev/sdb1 &

shred: /dev/sdb1: pass 1/26 (random)...
shred: /dev/sdb1: pass 1/26 (random)...1013MiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...1014MiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...1.9GiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...2.0GiB/234GiB 0%
shred: /dev/sdb1: pass 1/26 (random)...3.0GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...3.1GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...4.0GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...4.1GiB/234GiB 1%
shred: /dev/sdb1: pass 1/26 (random)...5.0GiB/234GiB 2%
shred: /dev/sdb1: pass 1/26 (random)...5.1GiB/234GiB 2%
shred: /dev/sdb1: pass 1/26 (random)...6.1GiB/234GiB 2%

And finally you can always destroy hard disk physically, perhaps through a hard drive in hot melting metal ;)

If you just need to securely wipes the hard disks use dban.

Do you use any other utility for file shredding or file wiping? Do you have a better solution for file wiping on journaling file systems? Please share your experience in the comments!

Can someone steal my PHP script without hacking server?

Posted on in Categories Apache, Howto, lighttpd, Linux distribution, Networking, php, Security, Tips, Troubleshooting last updated August 12, 2007

Adarsh asks:

Can someone steal my PHP code or program without hacking my Linux box? Can someone snoop script over plain HTTP session?

Short answer is no. PHP is server side thingy.

However a misconfigured webserver can easily give out php file to all end users. You need to make sure that mod_php / mod_fastcgi loaded and correct MIME type is setup. To avoid such problem always test your server before moving to production environment. Most Linux distro configures both Apache and PHP out of box.

How do I stop downloading php source code?

The first step should be stopping a webserver.
# /etc/init.d/httpd stop
# /etc/init.d/lighttpd stop

If you are using Lighttpd…

Next bind webserver to for testing purpose. Open lighttpd websever config file and bind server address to
# vi /etc/lighttpd/lighttpd.conf
Bind to localhost/
server.bind = ""
Start lighttpd:
# /etc/init.d/lighttpd start
Now follow these instructions to configure php as fastcgi module. Now test your configuration using url PHP should work on server. If not working, refer to server log file.

If you are using Apache…

Open httpd.conf file and bind apache to
# vi httpd.conf
The Listen directive instructs Apache to listen to more than one IP address or port; by default it responds to requests on all IP interfaces, but only on the port given by the Port directive.
Start apache:
# /etc/init.d/httpd start
Now make sure php is installed use apt-get or rpm command to verify the same:
# rpm -qa | grep -i php
# dpkg --list | grep -i php
If PHP is not installed just follow these instructions to install PHP. Next make sure httpd.conf or php.conf has following directives:
LoadModule php4_module modules/
AddType application/x-httpd-php .php

Note: the path may differ in your setup. Now restart httpd:
# /etc/init.d/httpd restart
A sample php code:

<?php   phpinfo(); ?>

Finally when php started to work properly, make sure you bind back a server IP address from to public IP address.

Another option is keep your source code out of webroot and server all php requests from php application server using mod_proxy and multiple back-end servers.