Monday, December 27, 2004

How To Speed Up Firefox

Happy Christmas to ALL.

My friend gaurav pointed me to a blog putting tweaks to speed up firefox and it really works. The tweaks are as below :

1.Type about:config into the address bar and hit return.
Scroll down and look for the following entries:

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page

2. Alter the entries as follows:
Set "network.http.pipelining" to true
Set "network.http.proxy.pipelining" to true
Set "network.http.pipelining.maxrequests" to some number like 30.

This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to 0.
This value is the amount of time the browser waits before it acts on information it recieves.

Another one pointed out by gaurav is

"network.dns.disableIPv6" as true

The above tweaks were picked up from here.


Friday, December 17, 2004

Linux and HSRP or call it LINUX HSRP

Well a hello to all after a long time.

I have been getting a lot of hits from google and yahoo for the keywords linux hsrp and leading to a post on HSRP on Cisco router.

HSRP is a Cisco properitory protocol and so cannot be implemented on linux.

But the same idea can be achieved through VRRP (Virtual Router redundancy Protocol) which is described in RFC 2338.

VRRP is also used used when you have non-cisco devices like Juniper.

If you wanna know the difference between HSRP and VRRP then you can refer to one of the previos posts "What's the difference between HSRP and VRRP?"

VRRP can be implemented on a Linux box and will provide the failover in case of the active VRRP server failure.

Remember VRRP / HSRP does not provide Load balancing feature it is failover.

In Linux you need to have the vrrpd running on both the machines.

You can get the vrrpd from

Compiling is not a difficult job here.

Once done just put the vrrpd binary in the reqd path say /usr/sbin and then make changes to the /etc/rc.conf (Unix System) or /etc/rc.d/rc (Linux system) so the vrrpd loads up when the system loads.

There is no conf file for vrrpd.

Just a few switches and there you go rolling :)

On the server run :

vrrpd -i eth0 -v 50

where the description of the switches are as below :

i : the interface name to run on
v :the id of the virtual server [1-255] : ipaddr the ip address(es) of the virtual server
s : the
preemption mode and is enabled by default.

You can specify the priority too by using the p switch and the
default priority is 100

The box having the higher priority value would be active and serving requests.

Try this on a test environment before you put it into prod.

Hope this helps all


Thursday, December 16, 2004

Students uncover dozens of Unix software flaws

Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online.

The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate level course at the University of Illinois at Chicago.

The advisories regarding the flaws were dated Wednesday and can be found on the Web site of student James Longstreet. Bernstein, a professor of computer science at the university, did not immediately respond to inquiries about the vulnerabilities.

You can read more on it here.


Saturday, December 11, 2004

Employer Says No To Blogging - Blogger Quits Job

As put on

Here in Sweden there's a lot of discussion today about Johnny Munkhammars blog (most links in this post in Swedish).
It's a personal blog, but his employer The Confederation of Swedish Enterprise thinks it's a bad idea anyway. They believe his personal views could be mistaken for the organization's.

You can read the compolete post here.

Hope my employer does not mind it and i am not sure what would i do if put in his shoes. I hope i do not land in this situation.
BTW till i do not disclose the company name and any of the stuff which is properitory it should not be a issue.

What say friends your comments are most welcome.

BTW my nessus security scanner setup is complete and would be posting snips from the reports soon.

Nitin :D

Tuesday, December 07, 2004

Solaris Network Cache and Accelerator

Just came across Solaris Network Cache and Accelerator. From what i read it looks the same way that squid would run for a local http server.

Solaris NCA Architecture
Solaris NCA consists of the following components:

  • Solaris NCA technology-enabled Web server: httpd

  • Kernel module: ncakmod
    • The kernel module ncakmod maintains the cache of Web pages in system memory. It also communicates with a Web server, httpd, through a sockets interface (family type AF_NCA).

    • The kernel module also provides a logging-facility, which logs all HTTP cache hits. Solaris NCA logging writes HTTP data to the disk in binary format and provides the utility for converting binary log files to common log format (CLF).

How Does Solaris NCA Work?
In the absence of Solaris NCA, the data flows from the Network Interface Card (NIC) to the Web server through the IP and TCP layers.
Once Solaris NCA is enabled, the request flow between the client and the Web server happens as follows:

1. An HTTP request is made from the client to the Web server.
2. Packet from the client hits the Solaris NCA Packet Switch.
P4 When to use the Solaris NCA ©2002 Sun Microsystems, Inc.
3. The Solaris NCA Packet Switch looks at the port number, and decides if the incoming packet
is meant for NCA(dport=80) or IP.
4. Solaris NCA IP (which is optimized for Solaris NCA), processes the packets.
5. Solaris NCA TCP (which is optimized for Solaris NCA), looks up the connection or creates a new one, and passes the packet to the HTTP Parser.
6. The HTTP engine parses the packet, while the Cache Manager checks with the Kernel Cache to find out if it is a static request and if the page is cached.
7. If the page is in cache, the in-kernel cache Web page is returned.
8. If the page is not in cache, the request goes to the Web server to retrieve or update the page.
9. Depending on the HTTP protocol semantics used in the HTTP response, the page is cached or not, and then returned to the client. If the Pragma: No-cache header is included in the HTTP request, the page is not cached.

When to use the Solaris NCA
The Solaris NCA should run on a dedicatedWeb server. Simultaneously running large CPU- and memory-intensive processes on the same server that is running the Solaris NCA may cause problems.

Web Servers Supported
The Solaris NCA uses a sockets interface through which Web servers can communicate with minimal modifications. It works with the most popular socket-based Web servers, such as the Sunª ONE Web Server, Apache, AOL, and Zeus, without protracted modifications. These modifications include only changes in the configuration files, not source code changes.

As you know sysads and n/w ads are a lot with lot to try new stuff i am goona try this soon and try and publish the results to see what happens.

Anyone having experience on using this can post in their comments.


Monday, December 06, 2004

Microsoft Windows Update Services Public Beta Available now

Hi All,
The long awaited Microsoft patch management replacement for SUS is finally in public Beta and provides some much required features.

Patch management is one of the hottest topics today.Microsoft provided SUS v.1 which was a sort of corporate Windows Update, configurable using Group Policy or the registry. The first release was a bit buggy and was soon updated. However the tool is still a bit limited, not updating Microsoft applications nor providing any means to actually track whether computers are actually being updated.

Microsoft also provides a SMS 2003 tool that can update Office applications and has reporting features but is difficult to configure and requires a lot of attention.

Microsoft now is on its way to releasing Windows Updates Services (WUS), the successor to SUS, providing the much needed reporting features and able to update Office XP, 2003, Exchange 2003 and SQL (and MSDE) 2000. Other applications will probably be added over time.

However, you can get the beta public beta
edition here:

It also gives one overview document which you can download at


Sunday, December 05, 2004

Spam Sites Crippled by Lycos Screensaver DDoS

Just posting an update on the Lycos Screen Saver Make Love not Spam but a lill late , it seemed to taken down a few websites and the website was blocked by some backbone carriers as reported by Netcraft.

Just to update you that lycos has stopped the downloads as it came under servere criticism from various partners and security agencies.

Just posting a extract from the netcraft news website.

A distributed denial of service (DDoS) attack launched by users of Lycos
screensaver has succeeded in crippling several spammer sites, but some of the
targeted sites remain available.
While Internet users debate the ethics of
the initiative, Lycos Europe is denying
that the MakeLoveNotSpam site was hacked and
last night. An intrusion by hackers would be a serious concern for
an operation that controls an army of computers with DDoS capabilities. The site
has been unreachable today, which could be related to traffic
from Slashdot
rather than a counterattack.
Lycos Europe is offering a
"screensaver that spams the spammers," using idle computer time to attack sites
that have been blacklisted for abusive spamming practices. Monitoring of three
of the targets housed on Chinese servers shows that two of the sites, and, have been knocked offline by the attack.
A third target,, has remained largely available, with
intermittent outages.

You can get the graphs for the reponse rate of the websites at Netcraft here


New addition to the Blog - comments and trackbacks by HaloScan

Just added the trackback and comments functionality to the blog using .So now you would see 2 links to comments , one is the original one from and the other is the new one that comes with Just with some time as i gain more confidence on the system will remove the comments.

Till then pls bear with me cause i need to use the RPC enabled trackbacks rather than commenting on other websites.Please do let me know if any one knows a better tool to manage trackbacks.

Gotcha run for Coffee with my friends at the new Cafe Coffee Day Joint in the locality.

I am fan of their coffee and i am priviledge member too ;).


UK's finger print was offline

A lill stale news but just came across it and thought it was worth mentioning.

If you were a member of law enforcement in the UK recently and you wanted to verify a suspect's paw prints, you were out of luck. The entire finger print system was offline!
The article explains:

All 43 forces in England and Wales, including London's Metropolitan Police, were
affected by a software bug, which disrupted connections to the National
Automated Fingerprint Identification System (Nafis) since the early hours of
Wednesday, 24 November.
Now imagine if you will all of the electronic
services that we take for granted now in law enforcement. What if they all went
offline all at once?
Yet another good argument to make sure you have
adequate secondary systems and an incident recovery plan.
Have you recently
had a critical system or service fail? What was it, and how did you handle it?
What were the effects?


Wednesday, December 01, 2004

All Symbian 60 phone owners keep a watch on your bluetooth activity

I have switched off the bluetooth on my symbian 60 series phone after reading on the outbreak of the virus Skulls.B though there have rarely been cases of the virus in India.

Mobile phones running Symbian Ltd.'s Series 60 operating system are the target of a new strain of the Skulls Trojan horse program. The new Trojan comes with the Cabir.B worm, which, unlike the first version of the virus, can spread to other phones within reach of Bluetooth broadcasting range.
"What is harmful about Skulls.B is that it can spread to other Bluetooth-enabled phones," said Mikko Hypponen, director of antivirus research at Helsinki-based F-Secure Corp. "Skulls.A was bad in that it can wipe out all your applications, including your phone book, but it can't infect other phones."

Trojan horse programs are destructive and can modify the configuration of PCs but typically don't attempt to infect other machines, as do viruses and worms.

Although it contains programming similar to that of its predecessor, Skulls.B doesn't replace the menu icons of Series 60 phones with images of skulls that disable applications like e-mail and Short Message Service. Instead, it uses Symbian default icons, which look like jigsaw puzzle pieces, but have the same destructive result as the skulls.

For users to infect their phones with Skulls.B, however, they have to make a bit of an effort: They need to press the Skulls.B icon in the menu to activate the Trojan, according to Hypponen. A programming error prevents the virus from automatically running after installing itself on the phone, he said.

F-Secure advises users of Series 60 smart phones to set their handsets into nondiscoverable (hidden) Bluetooth mode and offers advice online about fixing infected mobile phones.

F-Secure offers online advice to fix up the phone and it is acessible at link

F_Secure has offered a removal tool kit for the virus and is in a sis installer format.

You can continue to read more on the article at


A venture by Lycos to prevent spam

I would call it the attack the attacker strategy and sometimes it works well when you need to defend yourself.

Net users are getting the chance to fight back against spam websites
Internet portal Lycos has made a screensaver that endlessly requests data from sites that sell the goods and services mentioned in spam e-mail.

Lycos hopes it will make the monthly bandwidth bills of spammers soar by keeping their servers running flat out.

The net firm estimates that if enough people sign up and download the tool, spammers could end up paying to send out terabytes of data.

Cost curve

"We've never really solved the big problem of spam which is that its so damn cheap and easy to do," said Malte Pollmann, spokesman for Lycos Europe.

"In the past we have built up the spam filtering systems for our users," he said, "but now we are going to go one step further."

"We've found a way to make it much higher cost for spammers by putting a load on their servers."

By getting thousands of people to download and use the screensaver, Lycos hopes to get spamming websites constantly running at almost full capacity.

Mr Pollmann said there was no intention to stop the spam websites working by subjecting them with too much data to cope with.

He said the screensaver had been carefully written to ensure that the amount of traffic it generated from each user did not overload the web.

"Every single user will contribute three to four megabytes per day," he said, "about one MP3 file."

But, he said, if enough people sign up spamming websites could be force to pay for gigabytes of traffic every single day.

Lycos did not want to use e-mail to fight back, said Mr Pollmann.

"That would be fighting one bad thing with another bad thing," he said.

I picked it up from the BBC news website here.

It's sort of like a flytrap for the flytrapper. What a novel idea.

Have you downloaded the screensaver? What do you think?


What's the difference between HSRP and VRRP?

In short, the answer is "Not much!" (By the way, both are even worth
the same amount of points in Scrabble.)

HSRP (Hot Standby Router Protocol) is a Cisco method of router
redundancy. VRRP (Virtual Router Redundancy Protocol) is an industry
standard that operates on multiple vendors' routers.

VRRP is spelled out in RFC 2338, which notes VRRP's similarity to both
Cisco's HSRP and to DEC's IPSTB (IP Standby Protocol). The features and
functions are very similar.

VRRP can offer HMAC-based authentication as a security feature as well
as the password-level protection that HSRP offers. HSRP will always use
authentication. If not specified, the default value is "cisco." Go

VRRP timing intervals are, by default, faster than HSRP. The priority
level and default as well as pre-empt capabilities are "virtually"
identical between the two. VRRP allows for multiple IP addresses to be
assigned at one time, where HSRP utilizes separate groups to accomplish
this. While VRRP utilizes ICMP redirects to assist in the failover
process, HSRP specifically prohibits their use.

And though HSRP was put into RFC status with RFC 2281, it never
received full adoption. Both router protocols use local-link multicast
addresses to pass information:


For a little historical background, HSRP was created in 1994 and was
published in an RFC in March 1998. VRRP got its own RFC a month later,
in April 1998.

For further information, check out:


CREDITS : Last but not the least i need to say that i picked up so detail explanation from a article by Scott Morris who is a quad CCIE and it can be read here.