Porsche Boxster Alternator Replacement 

Filed under: Boxster, Technical on Tuesday, October 11th, 2011 by Brian | No Comments

БогородицаThe alternator died on the Boxster so I decided to tackle this project myself.  I have never done a major repair to any of my cars, but figured I’d give the alternator replacement a try.  All of the articles on the internet and in my tech manual made it look pretty easy, so what the hell?

I decided to document the project via a video, so here it is:

Here are the links to the references:
http://bit.ly/oUWGHp
http://amzn.to/nfNmtg

PTY allocation request failed 

Filed under: Technical on Friday, July 29th, 2011 by Brian | No Comments

иконографияикониMy hosting provider, Razor Servers, recently moved hosted centers from the 401 North Broad St location in Philadelphia to a building right next door.  As part of my VM move to the new location, I was no longer able to SSH into the device.  I got this strange error about PTY allocation request failed.  In addition, the SPAMD process was not running on the box.  I tried to re-install SpamAssassin, I tried to re-install Exim and I even tried a complete upgrade of cPanel.  No go.  I thought the two might be related so a Googling I went…

After a good long while of Googling the problem, I found this site with my exact error message.  Via the web console, I checked to see if /dev/ptmx existed, it didn’t.  I ran the command as noted on the page:

sbin/MAKEDEV -d /dev ptmx

Restarted the ssh daemon:

service sshd restart

And, presto, I was able to SSH back into my box.  No idea why that file would disappear after a VM move, but it is all fixed now.

How to configure a Checkpoint UTM device without using the GUI 

Filed under: Checkpoint, Technical on Friday, March 18th, 2011 by Brian | No Comments

There is an annoying aspect of configuring a Checkpoint UTM appliance, you are forced to enter the web based GUI to do some basic config before using the command line interface (CLI) to complete the install.  If you try to use the CLI before using the GUI, you receive the following message:

Welcome to VPN-1 UTM Appliance

You can not use the ‘sysconfig’ and ‘cpconfig’ utilities until you successfully complete the First Time Wizard in the Administration web GUI.

Press Enter to continue…

If you run the following command, this message is not displayed and you can use the CLI for the full config:

touch /opt/spwm/conf/wizard_accepted

How to configure DNS NAT or DNS Doctoring on Checkpoint FW-1 

Filed under: Technical on Monday, December 13th, 2010 by Brian | No Comments

In some topologies, it is required to DNS reply traffic from a DNS server so that the querying host will think that a certain DNS entry (example smtp.company.com) is resolvable to a different IP address than the one written in the database of the DNS server.

Procedure:
The feature has a global on/off switch, in the objects_5_.C file, called fw_dns_xlation (by default set to false). When it is set to true, the regular NAT Rule Base is used to determine how to change the DNS packets.
The regular NAT rules used to NAT the internal servers will suffice. There is no need to define special NAT rules in addition to the regular ones defined.

To enable the fw_dns_xlation property, perform on the SmartCenter server:

  1. Close all SmartConsole clients connected to the SmartCenter server.
  2. Open the GuiDBedit utility and and connect to the SmartCenter server.
  3. Find the fw_dns_xlation property.
  4. Change the value of this property to true. Click OK.
  5. Select File -> Save All.
  6. Open the SmartDashboard and re-install the Security Policy on the Security gateway.

From this point on, the Security gateway will NAT the DNS data, according to the NAT Rule Base.
You must also enable the DNS protocol protection for UDP in the IPS (formerly, SmartDefense). To enable this protection:

For the Security Gateway R70:

  1. Open the IPS tab in the SmartDashboard.
  2. Go to the Protections -> By Protocol -> Application Intelligence -> DNS view.
  3. Open the ‘DNS – General Settings’ Protection Details.
  4. Click Edit.
  5. Verify that either the ‘UDP only’ or ‘Both TCP and UDP’ checkbox is selected.

For all other versions:

  1. Open the SmartDefense tab in the SmartDashboard.
  2. Go to the Application Intelligence -> DNS -> Protocol Enforcement view.
  3. Verify that the ‘UDP protocol enforcement’ checkbox is selected.

Limitations:

  1. The manual rules for network objects or Automatic NAT Static rules for host objects must be used. This feature does not work with Automatic NAT Static rules of network objects.
  2. Traffic will be modified based on the destination address of the NAT rules without considering the source of the traffic.
  3. The feature does not work for a DNS zone transfer (used to synchronize DNS databases between to internal DNS servers).
  4. The feature does not work for DNS queries over TCP.
  5. The Security gateway must be between the querying host and the DNS server.
  6. On Security Gateway R70, DNS traffic cannot be accelerated when using this feature.

Note:
If the “NAT for DNS payload” option is enabled and the “UDP DNS protocol enforcement” protection is disabled on at least one of SmartDefense/IPS profiles, the Security Policy installation will succeed but the following warning will appear:
“You enabled NAT on DNS payload, please make sure that DNS UDP protocol enforcement defense is enabled on the desired gateway.”

Displaying Pre-Shared Key on a Cisco ASA 55X0 Device 

Filed under: Technical on Monday, November 29th, 2010 by Brian | Comments Off

???????I recently had the task of moving four Cisco ASA 5540 devices from one location to another.  The big headache I found was that no one remembered the Pre-Shared Keys for the tunnel groups.  A simply show running-config shows only **** for the PSKs.  A bit of digging on the Cisco site resulted in the following command:

more system:running-config

This will show all hidden entries in the running config as clear text.

« Previous Entries