Sunday, February 24, 2008
2 Programmers on a Highway
Two computer programmers are driving on a Highway. They switch on the radio and there is a warning: Please note that a car is driving on highway 75 against the traffic. The programmer near the driver looks at him and says: One? There are hundreds of them.
A CD Player
While shopping for my first CD player, I was able to decipher most of the technicalese on the promotional signs. One designation had me puzzled, though, so I called over a salesperson and asked, "What does 'hybrid pulse D/A converter' mean?" "That means", he said, "that this machine will read the digital information that is encoded on CDs and convert it into an audio signal - that is, into music." "In other words this CD player plays CDs." "Exactly."
An Airliner
At a recent software engineering management course in the US, the participants were given an awkward question to answer. "If you had just boarded an airliner and discovered that your team of programmers had been responsible for the flight control software how many of you would disembark immediately?"
Among the ensuing forest of raised hands, only one man sat motionless. When asked what he would do, he replied that he would be quite content to stay onboard.
With his team's software, he said, the plane was unlikely to even taxi as far as the runway, let alone take off.
Among the ensuing forest of raised hands, only one man sat motionless. When asked what he would do, he replied that he would be quite content to stay onboard.
With his team's software, he said, the plane was unlikely to even taxi as far as the runway, let alone take off.
An artist, a lawyer, and a computer scientist
An artist, a lawyer, and a computer scientist are discussing the merits of a mistress. The artist tells of the passion, the thrill which comes with the risk of being discovered. The lawyer warns of the difficulties. It can lead to guilt, divorce, bankruptcy. Not worth it. Too many problems. The computer scientist says "It's the best thing that's ever happened to me. My wife thinks I'm with my mistress. My mistress thinks I'm home with my wife, and I can spend all night on the computer!"
Apple Computers
I heard this story on the news sometime ago.
Apple had a new computer under development. Their project name for it was "Carl Sagan" (I don't know why).
When the real Carl Sagan learned about this, he was upset. He demanded that Apple stop using his name, even for their private, internal projects.
Apple agreed. They changed the name of the project to "Butthead Astronomer".
Apple had a new computer under development. Their project name for it was "Carl Sagan" (I don't know why).
When the real Carl Sagan learned about this, he was upset. He demanded that Apple stop using his name, even for their private, internal projects.
Apple agreed. They changed the name of the project to "Butthead Astronomer".
Troubleshoot startup problems with Bootlog
Windows 98 provides many tools to help troubleshoot startup problems. One of these is the Bootlog.txt file. This text file logs all the startup actions of Windows, along with a note of their success or failure.
To create the log, press [Ctrl] or [F8] at the Windows startup message to bring up the Startup menu, and select Logged (it's usually the second menu option). Windows will start in normal mode, but it also creates a text file in the root of the Windows drive called Bootlog.txt.
The Bootlog.txt file logs each attempted driver load. Here's an example that shows both a success and a failure.
[00021F22] Loading Vxd = ndis.vxd[00021F22] LoadSuccess = ndis.vxd[00021F22] Loading Vxd = ndis2sup.vxd[00021F35] LoadFailed = ndis2sup.vxd
This allows you to see the network components of Windows that aren't loading correctly, which helps you iron out system problems.
#Source: http://articles.techrepublic.com.com/5100-6346_11-5109400.html?tag=rbxccnbtr1
To create the log, press [Ctrl] or [F8] at the Windows startup message to bring up the Startup menu, and select Logged (it's usually the second menu option). Windows will start in normal mode, but it also creates a text file in the root of the Windows drive called Bootlog.txt.
The Bootlog.txt file logs each attempted driver load. Here's an example that shows both a success and a failure.
[00021F22] Loading Vxd = ndis.vxd[00021F22] LoadSuccess = ndis.vxd[00021F22] Loading Vxd = ndis2sup.vxd[00021F35] LoadFailed = ndis2sup.vxd
This allows you to see the network components of Windows that aren't loading correctly, which helps you iron out system problems.
#Source: http://articles.techrepublic.com.com/5100-6346_11-5109400.html?tag=rbxccnbtr1
Track down services running under Svchost.exe with Windows XP's TaskList
When you're troubleshooting Windows XP problems, one of the tools you likely use is the Windows Task Manager. By design, Task Manager provides detailed information about the programs and processes that are running on a system.
When you first launch Task Manager (by pressing [Ctrl][Alt][Delete] and clicking the Task Manager button), it opens to the Applications tab, which shows you a list of all of the currently running applications. However, switching to the Processes tab shows that there are many more processes running than there are applications.
One of the processes that you'll find in this list is Svchost.exe. In fact, you'll likely see several Svchost.exe processes listed.
Svchost.exe is a generic host process name for services run from dynamic link libraries (DLLs). If you want to quickly uncover which services are running under each of the Svchost.exe processes, you can use a command-line utility called TaskList, along with one of its special parameters.
Follow these steps:
Open a command prompt.
Type tasklist /svc, and press [Enter].
#Source: http://articles.techrepublic.com.com/5100-6346_11-5288926.html?tag=rbxccnbtr1
When you first launch Task Manager (by pressing [Ctrl][Alt][Delete] and clicking the Task Manager button), it opens to the Applications tab, which shows you a list of all of the currently running applications. However, switching to the Processes tab shows that there are many more processes running than there are applications.
One of the processes that you'll find in this list is Svchost.exe. In fact, you'll likely see several Svchost.exe processes listed.
Svchost.exe is a generic host process name for services run from dynamic link libraries (DLLs). If you want to quickly uncover which services are running under each of the Svchost.exe processes, you can use a command-line utility called TaskList, along with one of its special parameters.
Follow these steps:
Open a command prompt.
Type tasklist /svc, and press [Enter].
#Source: http://articles.techrepublic.com.com/5100-6346_11-5288926.html?tag=rbxccnbtr1
Identify Windows XP processes in Task Manager
When you're troubleshooting a problem in Windows XP, you may turn to Task Manager, which is designed to provide detailed information about the programs and processes running on a system. But when you access the Processes tab, you'll probably see that there are many more processes running than programs.
Some of the processes are easy to identify, especially if they represent an application (e.g., the notepad.exe process corresponds to Notepad). However, other processes, such as svchost.exe or services.exe, are not as easy to identify.
Svchost.exe is a generic host process name for services run from dynamic-link libraries (DLLs). You'll also see a process titled services.exe, which hosts several essential Windows operating system services. You can learn more about specific services that are running as svchost.exe or services.exe processes by using the Services tool. Here's how:
Go to Control Panel Administrative Tools, and double-click Services.
In the Services tool, click on the Status column header to sort the services so those that are started are at the top of the list.
Double-click on one of the services and check the Path To Executable text box.
If the Path To Executable text box lists svchost.exe or services.exe, you've identified a specific service that is associated with a running process. To learn more about the service, you can check the Description panel on the Extended panel of the Services tool.
#Source: http://articles.techrepublic.com.com/5100-10877_11-6103841.html?tag=rbxccnbtr1
Some of the processes are easy to identify, especially if they represent an application (e.g., the notepad.exe process corresponds to Notepad). However, other processes, such as svchost.exe or services.exe, are not as easy to identify.
Svchost.exe is a generic host process name for services run from dynamic-link libraries (DLLs). You'll also see a process titled services.exe, which hosts several essential Windows operating system services. You can learn more about specific services that are running as svchost.exe or services.exe processes by using the Services tool. Here's how:
Go to Control Panel Administrative Tools, and double-click Services.
In the Services tool, click on the Status column header to sort the services so those that are started are at the top of the list.
Double-click on one of the services and check the Path To Executable text box.
If the Path To Executable text box lists svchost.exe or services.exe, you've identified a specific service that is associated with a running process. To learn more about the service, you can check the Description panel on the Extended panel of the Services tool.
#Source: http://articles.techrepublic.com.com/5100-10877_11-6103841.html?tag=rbxccnbtr1
Tech Tip: Track down non-operating system services with Windows XP
When you're troubleshooting a problem in Windows XP, it can be useful to know which services are running. While most of the services running on a Windows XP system relate to the operating system, this is not the case for all of them.
You can use the Services tool, which you can launch via Control Panel's Administrative Tools, to view the running services. But if you use this tool, you must be able to recognize which services relate to the operating system and which do not.
However, there's a little-known feature in the System Configuration Utility that can quickly identify non-operating system services for you.
Follow these steps:
Press [Windows]R to open the Run dialog box.
In the Open text box, type msconfig, and click OK.
When the System Configuration Utility launches, select the Services tab.
At the bottom of the Services tab, select the Hide All Microsoft Services check box.
The System Configuration Utility will then display only non-Microsoft services that are running. Deselect the check box to return to the full list.
#source: http://articles.techrepublic.com.com/5100-6346_11-5288928.html?tag=rbxccnbtr1
You can use the Services tool, which you can launch via Control Panel's Administrative Tools, to view the running services. But if you use this tool, you must be able to recognize which services relate to the operating system and which do not.
However, there's a little-known feature in the System Configuration Utility that can quickly identify non-operating system services for you.
Follow these steps:
Press [Windows]R to open the Run dialog box.
In the Open text box, type msconfig, and click OK.
When the System Configuration Utility launches, select the Services tab.
At the bottom of the Services tab, select the Hide All Microsoft Services check box.
The System Configuration Utility will then display only non-Microsoft services that are running. Deselect the check box to return to the full list.
#source: http://articles.techrepublic.com.com/5100-6346_11-5288928.html?tag=rbxccnbtr1
Control unwanted traffic on your Cisco router with CAR
Committed access rate (CAR) — or “rate limiting” — is a method for managing unwanted traffic on your network and making sure it doesn’t affect important traffic. For example, if someone is downloading a lot of Web traffic from a Web site, he or she could preclude necessary traffic from getting through — and potentially make the production servers inaccessible over the network. Let’s discuss how you can use CAR to prevent such an event.
You can only use CAR with IP traffic — it doesn’t work for non-IP traffic. To use CAR, you must enable CEF on your routers. (For more information, check out “Get better performance with Cisco Express Forwarding (CEF).“)
Essentially, CAR controls the bandwidth of a certain type of traffic, and an access control list (ACL) defines which traffic it controls. Once you’ve created the ACL, you can set CAR to enforce a bandwidth rate on that traffic in either an INBOUND or OUTBOUND direction, according to the interface on which you applied CAR.
CAR can be very useful as a basic QoS function. For example, let’s say you have a production application at a remote location across a 128-Kb WAN connection. The application works fine until, one day, a new employee gets a PC, a Web browser, and Internet access.
When in use, that single Web browser slows down the entire remote production network by downloading Web pages and documents over the 128-Kb connection. So how can you prevent the Web browsing from taking over the WAN connection and slowing down the production application?
There are many QoS functions on a Cisco router, and there are many third-party applications and appliances that can help solve this problem. However, the simplest solution to this problem costs nothing — and only takes about two minutes to implement using the Cisco IOS and CAR.
Using CAR requires two simple steps:
1. Create an ACL to define the traffic you want to rate limit.
2. Use the rate-limit command, referencing the ACL on your interface closest to the source of the traffic, referencing the proper direction, and referencing the proper bandwidth amounts.
To return to our example, let’s say you have a headquarters location that provides the Internet access for this single PC across the WAN. Even if browsing the Web is a necessary business function, it’s negatively affecting the performance of the production application on the remote network.
Let’s look at how you can control this Web traffic. First, define the traffic you want to rate limit on the headquarters’ router. Here’s an example:HQ-Router(config)# access-list 120 permit tcp any eq www host 10.200.200.200
In this example, the remote PC has an IP address of 10.200.200.200. So, we’re saying that the source server could be any Web server serving Web pages on port 80.
Next, use the rate-limit command on the interface. Here’s an example:HQ-Router(config)# interface Serial0/0HQ-Router(config-if)# rate-limit output access-group 120 50000 10000 20000 conform-action transmit exceed-action drop
This applies the rate limit to the interface, referencing ACL 120. We applied it in the outbound direction because we applied it on the headquarters router (not the remote router). That’s because we want to prevent unwanted Web traffic from going across the WAN to the remote site — we don’t want to wait until the traffic arrives there before slowing it down.
50000, 10000, 20000 represents the normal bits per second (bps) for this traffic (i.e., 50000 bps or about 50 Kb), the normal burst size for the traffic (i.e., 10000 or about 10 Kb), and the maximum burst size for the traffic (i.e., 20000 or about 20 Kb). The traffic must conform to these numbers in order for the router to transmit it (as specified by conform-action transmit). If the traffic exceeds those bandwidth settings, the router will drop it (as specified by exceed-action drop).
Configuring these settings on the headquarters’ router on the Serial0/0 interface (i.e., the interface that goes to the remote location) limits the extraneous Web traffic to consuming less than 50 Kb of the 128-Kb circuit used for the production application.
While you can use CAR in a variety of situations, keep in mind that CAR only limits what you tell it to limit with the ACL. In addition, the CAR bandwidth settings you reference limit all traffic referenced in the ACL.
For more information, see Cisco’s rate-limit command documentation, Cisco’s Configuring Committed Access Rate documentation, and Cisco’s “Using CAR During DOS Attacks.”
You can only use CAR with IP traffic — it doesn’t work for non-IP traffic. To use CAR, you must enable CEF on your routers. (For more information, check out “Get better performance with Cisco Express Forwarding (CEF).“)
Essentially, CAR controls the bandwidth of a certain type of traffic, and an access control list (ACL) defines which traffic it controls. Once you’ve created the ACL, you can set CAR to enforce a bandwidth rate on that traffic in either an INBOUND or OUTBOUND direction, according to the interface on which you applied CAR.
CAR can be very useful as a basic QoS function. For example, let’s say you have a production application at a remote location across a 128-Kb WAN connection. The application works fine until, one day, a new employee gets a PC, a Web browser, and Internet access.
When in use, that single Web browser slows down the entire remote production network by downloading Web pages and documents over the 128-Kb connection. So how can you prevent the Web browsing from taking over the WAN connection and slowing down the production application?
There are many QoS functions on a Cisco router, and there are many third-party applications and appliances that can help solve this problem. However, the simplest solution to this problem costs nothing — and only takes about two minutes to implement using the Cisco IOS and CAR.
Using CAR requires two simple steps:
1. Create an ACL to define the traffic you want to rate limit.
2. Use the rate-limit command, referencing the ACL on your interface closest to the source of the traffic, referencing the proper direction, and referencing the proper bandwidth amounts.
To return to our example, let’s say you have a headquarters location that provides the Internet access for this single PC across the WAN. Even if browsing the Web is a necessary business function, it’s negatively affecting the performance of the production application on the remote network.
Let’s look at how you can control this Web traffic. First, define the traffic you want to rate limit on the headquarters’ router. Here’s an example:HQ-Router(config)# access-list 120 permit tcp any eq www host 10.200.200.200
In this example, the remote PC has an IP address of 10.200.200.200. So, we’re saying that the source server could be any Web server serving Web pages on port 80.
Next, use the rate-limit command on the interface. Here’s an example:HQ-Router(config)# interface Serial0/0HQ-Router(config-if)# rate-limit output access-group 120 50000 10000 20000 conform-action transmit exceed-action drop
This applies the rate limit to the interface, referencing ACL 120. We applied it in the outbound direction because we applied it on the headquarters router (not the remote router). That’s because we want to prevent unwanted Web traffic from going across the WAN to the remote site — we don’t want to wait until the traffic arrives there before slowing it down.
50000, 10000, 20000 represents the normal bits per second (bps) for this traffic (i.e., 50000 bps or about 50 Kb), the normal burst size for the traffic (i.e., 10000 or about 10 Kb), and the maximum burst size for the traffic (i.e., 20000 or about 20 Kb). The traffic must conform to these numbers in order for the router to transmit it (as specified by conform-action transmit). If the traffic exceeds those bandwidth settings, the router will drop it (as specified by exceed-action drop).
Configuring these settings on the headquarters’ router on the Serial0/0 interface (i.e., the interface that goes to the remote location) limits the extraneous Web traffic to consuming less than 50 Kb of the 128-Kb circuit used for the production application.
While you can use CAR in a variety of situations, keep in mind that CAR only limits what you tell it to limit with the ACL. In addition, the CAR bandwidth settings you reference limit all traffic referenced in the ACL.
For more information, see Cisco’s rate-limit command documentation, Cisco’s Configuring Committed Access Rate documentation, and Cisco’s “Using CAR During DOS Attacks.”
#Source: http://blogs.techrepublic.com.com/networking/?p=444&tag=nl.e115
Use OpenSSH as a secure Web proxy
Making sure your computers are secure is, in some respects, a full-time job. It gets even more complicated when you have to worry about wireless security too.
An important concern for travelers who use wireless networks in their travels — whether they are using the wireless access point at a coffee shop, in an airport, or at the hotel where they spend their nights on a business trip — is the fact that they never really know how secure that network is, unless they know it is not secure at all. That’s the usual case for coffee shop wireless networks: Because they are open to everyone, you simply cannot trust them. If they weren’t open to everyone, they would not be worth anything, after all.
The only sane way to address the matter of security on a laptop when you are on a public wireless access point is to be very selective about what resources you are willing to access through that network — and how you access them. For the most part, this means you should avoid doing things such as logging into your bank’s Web site, making purchases online, and otherwise sending sensitive data over this foreign network. Even when the Web site in question uses encryption for session login, that does not necessarily mean that you are not subject to some kind of man-in-the-middle attack or other trickery that would not be as easy from a network you control.
There are ways to protect yourself, however, so that you can access online resources that require sensitive data to be sent back and forth over the connection. One is to use a secure, transparent proxy. Web proxies of any sort can be very difficult for the average user to set up and configure properly, but they can also be incredibly simple, if you have no need for anything more than an encrypted connection to a transparent proxy and use the right tools. Luckily, “the right tools” in this case are very easy to come by.
The following assumes you are going to use a Linux, BSD UNIX, or commercial UNIX system at home as your proxy server. It also assumes you have a persistent Internet connection at home, usually via a typical broadband Internet account through your local DSL or cable ISP.
Server access
The first step to setting up access to your transparent proxy server is to configure the firewall on your home network to forward an SSH port to the computer you will use as your transparent proxy. You do have a firewall at home to provide secure access, right? If you don’t, you should stop reading this right now and fix that fact. Connecting a home computer directly to the Internet without a separate firewall device of some sort is a monumentally bad idea.
The process of configuring your home firewall for port forwarding varies wildly from one firewall setup to the next. Most consumer-grade router/firewall devices of the sort you can get at Best Buy or Circuit City (or even Wal-Mart) provide functionality for port forwarding, and it is usually easy enough to figure out on your own. If you run your own Linux or BSD UNIX-based firewall on some old hardware you had lying around, you probably know how to set this up yourself.
We will assume that you have configured your Internet-facing firewall to accept SSH connections on port 2200 and forward them to port 22 on a UNIX-like system on your internal network. It’s best if you do not use your firewall itself as the proxy server — though it is possible (and, for that matter, easy). Make sure you secure SSH against common brute-force password cracking attacks on your proxy server.
You must also make sure that your server has HTTP access to the Internet through the firewall. This usually consists of nothing more complex than making sure you do not configure your firewall to block that access from computers in your network.
Finally, you must ensure you know the IP address you can use to connect to your home network from some outside network. This might be tricky, depending on your ISP. For those service providers that assign a relatively stable IP address, you just need to find out what the IP address is and make sure you do not lose it. You might save it in a text file on your laptop. To find out the IP address, the most obvious method is to visit any of a large number of Web sites that exist specifically for the purpose of telling you your own IP address. Two examples are ip-address.com and whatismyipaddress.com.
If your ISP changes your IP address regularly, you might need to take more drastic measures. A number of services exist that provide DNS resolution to dynamic IP addresses so that, for instance, you can point a domain name at a Web server you have at home even if your home IP address changes regularly. This is one possible solution to the problem — and perhaps the easiest.
A client for these services needs to be installed on a computer at home to inform the service’s DNS servers when the IP address changes. The ez-ipupdate client is available from both FreeBSD and Debian GNU/Linux software archives for quick and easy installation, and it works with a dozen or so different services that provide DNS resolution to dynamic IP addresses.
Encrypted proxy connection
The rest of the process of using an encrypted connection to a Web proxy at home is done on the client machine — presumably, your laptop — and it is not difficult at all with an average install of a UNIX-like operating system such as Debian GNU/Linux or FreeBSD. We will assume you are using such an operating system for now.
If you are using a dynamic DNS resolution service, you would replace the IP address in the following example with the domain name you are using instead. In the example, we will assume that you have the stable home IP address of 25.10.101.250 for the sake of convenience. Creating your encrypted proxy connection involves entering a command such as this: $ ssh -D 8080 -p 2200 username@25.10.101.250
The “username” part should be replaced with the name of a normal user account on the proxy server at home. This command creates a local transparent proxy on port 8080 that then forwards all traffic it receives to 25.10.101.250 on port 2200.
The last thing you have to do to make everything work is tell your Web browser application to use port 8080 on the local system for all connections. In Firefox, for instance, you would open up the Preferences dialog box, select the Advanced tab, then select the Network tab, and finally click the Settings button to configure your connection. Make sure the Manual Proxy Configuration: radio button is selected. Enter localhost in the SOCKS Host: field and 8080 in the corresponding Port: field.
If for some reason it doesn’t work with “SOCKS v5,” try switching to “SOCKS v4.”
That’s all there is to it.
Source: http://blogs.techrepublic.com.com/security/?p=408&tag=nl.e036
An important concern for travelers who use wireless networks in their travels — whether they are using the wireless access point at a coffee shop, in an airport, or at the hotel where they spend their nights on a business trip — is the fact that they never really know how secure that network is, unless they know it is not secure at all. That’s the usual case for coffee shop wireless networks: Because they are open to everyone, you simply cannot trust them. If they weren’t open to everyone, they would not be worth anything, after all.
The only sane way to address the matter of security on a laptop when you are on a public wireless access point is to be very selective about what resources you are willing to access through that network — and how you access them. For the most part, this means you should avoid doing things such as logging into your bank’s Web site, making purchases online, and otherwise sending sensitive data over this foreign network. Even when the Web site in question uses encryption for session login, that does not necessarily mean that you are not subject to some kind of man-in-the-middle attack or other trickery that would not be as easy from a network you control.
There are ways to protect yourself, however, so that you can access online resources that require sensitive data to be sent back and forth over the connection. One is to use a secure, transparent proxy. Web proxies of any sort can be very difficult for the average user to set up and configure properly, but they can also be incredibly simple, if you have no need for anything more than an encrypted connection to a transparent proxy and use the right tools. Luckily, “the right tools” in this case are very easy to come by.
The following assumes you are going to use a Linux, BSD UNIX, or commercial UNIX system at home as your proxy server. It also assumes you have a persistent Internet connection at home, usually via a typical broadband Internet account through your local DSL or cable ISP.
Server access
The first step to setting up access to your transparent proxy server is to configure the firewall on your home network to forward an SSH port to the computer you will use as your transparent proxy. You do have a firewall at home to provide secure access, right? If you don’t, you should stop reading this right now and fix that fact. Connecting a home computer directly to the Internet without a separate firewall device of some sort is a monumentally bad idea.
The process of configuring your home firewall for port forwarding varies wildly from one firewall setup to the next. Most consumer-grade router/firewall devices of the sort you can get at Best Buy or Circuit City (or even Wal-Mart) provide functionality for port forwarding, and it is usually easy enough to figure out on your own. If you run your own Linux or BSD UNIX-based firewall on some old hardware you had lying around, you probably know how to set this up yourself.
We will assume that you have configured your Internet-facing firewall to accept SSH connections on port 2200 and forward them to port 22 on a UNIX-like system on your internal network. It’s best if you do not use your firewall itself as the proxy server — though it is possible (and, for that matter, easy). Make sure you secure SSH against common brute-force password cracking attacks on your proxy server.
You must also make sure that your server has HTTP access to the Internet through the firewall. This usually consists of nothing more complex than making sure you do not configure your firewall to block that access from computers in your network.
Finally, you must ensure you know the IP address you can use to connect to your home network from some outside network. This might be tricky, depending on your ISP. For those service providers that assign a relatively stable IP address, you just need to find out what the IP address is and make sure you do not lose it. You might save it in a text file on your laptop. To find out the IP address, the most obvious method is to visit any of a large number of Web sites that exist specifically for the purpose of telling you your own IP address. Two examples are ip-address.com and whatismyipaddress.com.
If your ISP changes your IP address regularly, you might need to take more drastic measures. A number of services exist that provide DNS resolution to dynamic IP addresses so that, for instance, you can point a domain name at a Web server you have at home even if your home IP address changes regularly. This is one possible solution to the problem — and perhaps the easiest.
A client for these services needs to be installed on a computer at home to inform the service’s DNS servers when the IP address changes. The ez-ipupdate client is available from both FreeBSD and Debian GNU/Linux software archives for quick and easy installation, and it works with a dozen or so different services that provide DNS resolution to dynamic IP addresses.
Encrypted proxy connection
The rest of the process of using an encrypted connection to a Web proxy at home is done on the client machine — presumably, your laptop — and it is not difficult at all with an average install of a UNIX-like operating system such as Debian GNU/Linux or FreeBSD. We will assume you are using such an operating system for now.
If you are using a dynamic DNS resolution service, you would replace the IP address in the following example with the domain name you are using instead. In the example, we will assume that you have the stable home IP address of 25.10.101.250 for the sake of convenience. Creating your encrypted proxy connection involves entering a command such as this: $ ssh -D 8080 -p 2200 username@25.10.101.250
The “username” part should be replaced with the name of a normal user account on the proxy server at home. This command creates a local transparent proxy on port 8080 that then forwards all traffic it receives to 25.10.101.250 on port 2200.
The last thing you have to do to make everything work is tell your Web browser application to use port 8080 on the local system for all connections. In Firefox, for instance, you would open up the Preferences dialog box, select the Advanced tab, then select the Network tab, and finally click the Settings button to configure your connection. Make sure the Manual Proxy Configuration: radio button is selected. Enter localhost in the SOCKS Host: field and 8080 in the corresponding Port: field.
If for some reason it doesn’t work with “SOCKS v5,” try switching to “SOCKS v4.”
That’s all there is to it.
Source: http://blogs.techrepublic.com.com/security/?p=408&tag=nl.e036
Subscribe to:
Posts (Atom)
Posts
