Sunday, August 27, 2017

Group Managed Service Accounts

  • Supported from Server 2012
    • MSA's support started from Server 2008 R2.
  • Supports running scheduled tasks as well as services.
  • Has 120 characters long password.
  • The password is automatically reset every 30 days by default.
  • MSA is local to the machine while gMSA is global (domain wide) and shared with multiple machines in the same domain.
    • gMSA's Passwords are managed at Key Distribution Service (KDS) on Windows Server 2012 DCs.
  • AD schema needs to be upgraded to 2012.
    • No forest or functional level requirement.
Reference

Sunday, July 12, 2015

Windows batch: Counting a number of lines

> find /c /v ""  is equivalent to  $ wc -l

Example: Number of half open ports in Windows and Linux
> netstat -na | find -i "syn_received" | find /c /v ""
# netstat -na | grep -i "syn_recv" | wc -l 

Saturday, October 18, 2014

Basics of SSL/TLS.

The following helps you grab a high level overview of SSL/TLS.

Understanding SSL/TLS
https://computing.ece.vt.edu/~jkh/Understanding_SSL_TLS.pdf

Simple Math to remember
Assume e, d, n are properly chosen,
c = m^e mod n
m = c^d mod n

Where
c = cypher text
m = message
e = 65537 (in most implementation)
d = private key
n = public key

Friday, November 1, 2013

Cisco: Reflecting the Change of Router-ID

It's rate to change the OSPF router ID but nice to know how to change a configured router ID.

OSPF's router ID is chosen based on the following criteria:

  1. Manually configured Router ID
  2. The highest IPv4 address on a loopback interface
  3. The highest IPv4 address on an active (up/up) interface

The router ID is elected when the ospf process starts. Once elected, a manual intervention in the OSPF process is necessary to reflect the change of the router ID. A text book says you need to issue "# clear ip ospf process" after changing the router ID, but in some cases, the command is not sufficient.

When explicitly configured with "(config-router)# router-id ROUTER_ID", "# clear ip ospf process" will work for you.

When implicitly configured with "a loopback interface" or "an active interface", you need to "#reload" the router to make the change effective.

Tuesday, October 22, 2013

TTL for BGP packets

By default, an eBGP message has IP TTL of 1. When neighbors do not have a common network, or an eBGP router uses its loopback interface as an update source, the TTL value needs to be adjusted.
(config-router)# bgp neighbor IP_ADDR ebgp-multihop TTL_VALUE
In contrast, iBGP message has TTL of 255, and there is no need for extra configuration when using a loopback interface as an update source.
eBGP OPEN Message

iBGP OPEN Message

Monday, October 21, 2013

Mac OS X: Path to 802.11 utility command

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport

"/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport" will display the usage.
Usage: airport <interface> <verb> <options>
<interface>
If an interface is not specified, airport will use the first AirPort interface on the system.
<verb is one of the following:
prefs If specified with no key value pairs, displays a subset of AirPort preferences for
the specified interface.
Preferences may be configured using key=value syntax. Keys and possible values are specified below.
Boolean settings may be configured using 'YES' and 'NO'.
DisconnectOnLogout (Boolean)
JoinMode (String)
Automatic
Preferred
Ranked
Recent
Strongest
JoinModeFallback (String)
Prompt
JoinOpen
KeepLooking
DoNothing
RememberRecentNetworks (Boolean)
RequireAdmin (Boolean)
RequireAdminIBSS (Boolean)
RequireAdminNetworkChange (Boolean)
RequireAdminPowerToggle (Boolean)
WoWEnabled (Boolean)
logger Monitor the driver's logging facility.
sniff If a channel number is specified, airportd will attempt to configure the interface
to use that channel before it begins sniffing 802.11 frames. Captures files are saved to /tmp.
Requires super user privileges.
debug Enable debug logging. A debug log setting may be enabled by prefixing it with a '+', and disabled
by prefixing it with a '-'.
AirPort Userland Debug Flags
DriverDiscovery
DriverEvent
Info
SystemConfiguration
UserEvent
PreferredNetworks
AutoJoin
IPC
Scan
802.1x
Assoc
Keychain
RSNAuth
WoW
P2P
Roam
BTCoex
AllUserland - Enable/Disable all userland debug flags
AirPort Driver Common Flags
DriverInfo
DriverError
DriverWPA
DriverScan
AllDriver - Enable/Disable all driver debug flags
AirPort Driver Vendor Flags
VendorAssoc
VendorConnection
AllVendor - Enable/Disable all vendor debug flags
AirPort Global Flags
LogFile - Save all AirPort logs to /var/log/wifi.log
<options> is one of the following:
No options currently defined.
Examples:
Configuring preferences (requires admin privileges)
sudo airport en1 prefs JoinMode=Preferred RememberRecentNetworks=NO RequireAdmin=YES
Sniffing on channel 1:
airport en1 sniff 1

LEGACY COMMANDS:
Supported arguments:
 -c[<arg>] --channel=[<arg>]    Set arbitrary channel on the card
 -z        --disassociate       Disassociate from any network
 -I        --getinfo            Print current wireless status, e.g. signal info, BSSID, port type etc.
 -s[<arg>] --scan=[<arg>]       Perform a wireless broadcast scan.
  Will perform a directed scan if the optional <arg> is provided
 -x        --xml                Print info as XML
 -P        --psk                Create PSK from specified pass phrase and SSID.
  The following additional arguments must be specified with this command:
                                  --password=<arg>  Specify a WPA password
                                  --ssid=<arg>      Specify SSID when creating a PSK
 -h        --help               Show this help