tag:blogger.com,1999:blog-12345598776034296412024-03-13T10:19:57.224+09:00MEMO_MEMO_MEMOUnknownnoreply@blogger.comBlogger371125tag:blogger.com,1999:blog-1234559877603429641.post-75405859078564882622017-08-27T19:03:00.003+09:002017-08-27T19:13:54.930+09:00Group Managed Service Accounts
Supported from Server 2012
MSA's support started from Server 2008 R2.
Supports running scheduled tasks as well as services.
Has 120 characters long password.
The password is automatically reset every 30 days by default.
MSA is local to the machine while gMSA is global (domain wide) and shared with multiple machines in the same domain.
gMSA's Passwords are managed at Key Distribution Service (Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-48881478022700067582015-07-12T00:11:00.000+09:002019-07-19T01:22:42.092+09:00Windows batch: Counting a number of lines
> find /c /v "" is equivalent to $ wc -l
Example: Number of half open ports in Windows and Linux
> netstat -na | find -i "syn_received" | find /c /v ""
# netstat -na | grep -i "syn_recv" | wc -l
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-76846537711355995132014-10-18T15:10:00.002+09:002016-06-18T00:55:26.415+09:00Basics of SSL/TLS.The following helps you grab a high level overview of SSL/TLS.
Understanding SSL/TLS
https://computing.ece.vt.edu/~jkh/Understanding_SSL_TLS.pdf
Simple Math to remember
Assume e, d, n are properly chosen,
c = m^e mod n
m = c^d mod n
Where
c = cypher text
m = message
e = 65537 (in most implementation)
d = private key
n = public key
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-39838014330449476992013-11-01T20:30:00.001+09:002014-02-11T07:12:36.292+09:00Cisco: Reflecting the Change of Router-IDIt's rate to change the OSPF router ID but nice to know how to change a configured router ID.
OSPF's router ID is chosen based on the following criteria:
Manually configured Router ID
The highest IPv4 address on a loopback interface
The highest IPv4 address on an active (up/up) interface
The router ID is elected when the ospf process starts. Once elected, a manual intervention in the OSPF Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-69518840562369429562013-10-22T19:21:00.000+09:002013-10-22T19:21:00.075+09:00TTL for BGP packetsBy default, an eBGP message has IP TTL of 1. When neighbors do not have a common network, or an eBGP router uses its loopback interface as an update source, the TTL value needs to be adjusted.
(config-router)# bgp neighbor IP_ADDR ebgp-multihop TTL_VALUE
In contrast, iBGP message has TTL of 255, and there is no need for extra configuration when using a loopback interface as an update source.
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-44308909593354899362013-10-21T15:14:00.000+09:002013-10-24T01:44:21.731+09:00Mac OS X: Path to 802.11 utility command
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport
"/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport" will display the usage.
Usage: airport <interface> <verb> <options>
<interface>
If an interface is not specified, airport will use the first AirPort interface on the system.
<verb is one of the Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-91558029905851683402013-10-18T14:53:00.000+09:002013-10-18T14:53:00.226+09:00Link: Cisco official design guideDesign zone for security by Cisco
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-75163389756974092482013-10-17T14:36:00.000+09:002013-10-17T14:36:00.019+09:00Cisco IOS key bindingsCisco IOS implements UNIX shell like key bindings. The following is what I often use. Once you get used to it, C-a or C-b is going to be your headache when connecting to a cisco device with GNU screen or a window multiplexer (e.g. tmux, byobu), ;)
GENERAL
TAB key
Completes a partially typed CLI command
?
Displays help
C-p, Up arrow, C-n, Down arrow
Displays your previous command (Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-4262795982135713752013-10-16T14:08:00.000+09:002013-10-16T14:08:00.825+09:00Windows version /etc/services%systemroot%\system32\drivers\etc\services
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-57552293302747842462013-10-15T14:03:00.000+09:002013-10-15T14:03:00.492+09:00strncpy and null terminationstrncpy does not put \n if the length fits its destination array. Needs to assure the string is null terminated in some way.
Ref:
http://www.thinkage.ca/english/gcos/expl/c/lib/strncp.html
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-86874173391785991422013-10-13T13:45:00.000+09:002013-10-13T13:45:00.313+09:00Link: HTML5 Input Code Snippetshttp://html5pattern.com/
Note: Don't trust what the user sent, and validate the input at the server side AGAIN. The client side process should be for reducing the response time. It's pretty easy to send arbitrary input value with an application such as WebScarab.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-27442142831216105602013-10-12T13:39:00.000+09:002013-10-12T13:39:01.338+09:00HTML and CSS ValidatorHTML
http://validator.w3.org/#validate_by_upload
CSS
http://jigsaw.w3.org/css-validator/#validate_by_upload
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-19765972026603727392013-10-03T11:23:00.001+09:002013-10-03T11:23:26.372+09:00GNS3: GNS3 does not allow IOS reload commandNeed to use reload in GNS3 instead.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-67509342610710373062013-09-02T21:17:00.005+09:002013-09-02T21:29:19.616+09:00OWASP ESAPI encoder libraryESAPI is a library for user input cleansing for a web application. ESAPI encoder sanitizes user input so that the input can be safely displayed on a user's browser. ESAPI is a great help preventing code injection (inc. SQL injection) and XSS.
OWASP ESAPI (OWASP Enterprise Security API)
https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
ESAPI supports
- Java, .NET, Python, Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-43592843500853150802013-08-29T01:28:00.005+09:002013-09-11T15:27:58.074+09:00Vim: Converting tabs into spaces`set expandtab` option automatically converts tabs into spaces. However, the command does not affect the tabs existed before the option is set.
To convert such tabs into spaces, issue :retab
Ref:
Converting tabs to spaces
http://vim.wikia.com/wiki/Converting_tabs_to_spacesUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-47757622953483063072013-08-19T15:13:00.000+09:002013-09-23T12:45:31.814+09:00GNS3 bug: %OSPF-4-ERRRCV: Received invalid packet: Bad ChecksumSYMPTOM:
I've got an error when testing a simple OSPF network with GNS3 0.8.4-RC4.
%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum from X.X.X.X, INTERFACE_ID
WORKAROUND:
1. Open topology.net from an editor
2. Change "Sparsemem = True" to "Sparsemem = False"
NOTE
The problem seems to be fixed on dynamips-0.2.10. GNS3 0.8.5 and Dynamips-0.2.10 with sparsemem option does not cause a problem.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-1234559877603429641.post-8424304940471154122013-08-17T00:54:00.002+09:002013-08-17T13:32:33.314+09:00Failure of injecting default route to EIGRP with "ip default-network"
"ip default-network" command seems not inject a default route. The behavior looks different from what is written on Wendell Odon's CCNP book.
"ip default-network" creates a default route on a router from which the "default-network" command is issued. However, other routers learns only a candidate default route (They have no default route set.).
"ip default-network" command needs to be issued Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-1234559877603429641.post-64746348949609607452013-07-08T21:59:00.002+09:002013-07-18T11:14:01.736+09:00EtherChannel "on" mode can cause a bridging loop.I thought EtherChannel's "on" mode was a good thing, in which no opportunity for unexpected malfunction, but it's not true.
Misconfigured EtherChannel can form a bridging loop, and STP EtherChannel Misconfig Guard cannot stop all bridging loops scenarios. It's recommended to use PAgP or LACP's negotiation (use "desirable non-silent" or "active") for inter-switch connections and prevent Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-90139495633165779812013-06-14T23:31:00.001+09:002013-06-14T23:31:25.710+09:00Small tips on bashFamous tips but I didn't know before.
1. Oh, I forgot to type sudo and got permission error...
Type
$ sudo !!
Here, !! refers to the previous command issued.
2. I don't wanna type that lengthy command or arguments or whatever again...
Type first several letters of the command and hit ^r (Control - r). If the completed command is not what you want, type ^r again and again until you get what Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-89485917540312801372013-06-02T00:30:00.000+09:002013-07-02T21:23:20.249+09:00Updated: Installing wireshark & GNS3 & QEMU on Ubuntu 12.04 x86 64 on VMware Fusion 5The following procedure installs the latest GNS3 and QEMU as of June 2, 2013.
# The procedure for a physical Ubuntu box should be the same as the following.
Environment
HW: rMBP Mid 2012
OS: OS X 10.8.2
VMware Fusion: 5.0.2
VM OS: Ubuntu 12.04 x86 64
1. Wireshark installation
Installing the wireshark package
$ sudo apt-get update
$ sudo apt-get upgrade -y
$ sudo apt-get install wireshark
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-296456336604885692013-05-31T09:52:00.001+09:002013-05-31T09:52:40.950+09:00Solarized, Uniform Color SchemeI've switched my vim's color scheme from oceandeep to solarized. Oceandeep is an eye-friendy dark color scheme great for people who prefer not to be distracted by highlighted text. However, it makes you feel a bit awkward when you launch vim from a console because it supports only gvim. I got hungry for "uniformity", and solarized came in.
Solarized - Precision colors for machines and Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-76972707527032333512013-05-19T14:31:00.000+09:002013-06-07T12:03:49.425+09:00How to upgrade IOS version/feature set on Cisco 3560Assumption
1. The switch to be updated is in a factory default configuration.
2. IP address of the switch is 10.240.0.2/24.
3. IP address of the tftp/scp server is 10.240.0.3/24.
4. User name for scp server is switchadmin.
5. The feature set will be upgraded from ipbase to ipservice.
6. The switch will be updated to c3560-ipservicesk9-mz.122-55.SE7.bin.
7. The switch does not require a web Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-24196641196811425772013-05-18T13:00:00.000+09:002013-05-18T13:00:03.164+09:00How to use UC-SGT on Mac OS X Mountain Lion 10.8.2 (15' rMBP 2012)It's been ages since a serial port disappeared from a laptop PC. Nevertheless, network devices requires a serial connection as a our-of-band connection. I grabbed a USB serial adapter UC-SGT, but my laptop (15' rMBP 2012, Mountain Lion) needed a trick to recognize it.
Download a driver from a prolific's websitehttp://prolificusa.com/pl-2303hx-drivers/
Install the driver following Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-34612443773639368232013-05-17T08:00:00.000+09:002013-05-19T09:56:23.787+09:00How to transfer files from/to cisco devicesThere are several options for transferring files to a cisco device. Tftp is a traditional way. Scp is also supported by IOS from 12.3(2)T, 12.2(14)S (encryption needs to be supported by the feature set). If no in-band connection is available, xmodem will become an option for it.
scp
Pro: Transfered files are encrypted
Con: Not supported by all platforms, in-band connection is necessary
tftp
ProUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-1234559877603429641.post-26096981239094139042013-05-16T02:06:00.000+09:002013-05-16T02:06:00.291+09:00How to enable native tftpd on Mac OS X Mountain Lion 10.8.2I needed to tftp server to update IOS images for switches in my home lab. Mac OS X has its native tftp daemon and will do for the purpose.
To launch tftpd,
$ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist
# Default tftp root directory, in which data files are stored, is /private/tftpboot/
To check tftp is up and running,
$ lsof -i:69
To stop tftpd
$ sudo launchctl unload /Unknownnoreply@blogger.com0