25 May 2009

JSP/servlet authentication

You can define authentication in the web.xml deployment descriptor of a web application.

  1. Define roles
    User definition is web container dependent. 
  2. Define protected resources
    Take care:
    • Is only guaranteed for cookie based sessions
    • Does not apply to forward and include
  3. Define authentication method
    The authentication form is supposed to have a POST action called j_security_check and j_username and j_password input fields.
    Other HTTP authentication methods are
    • BASIC: clear text password (base64 encoded)
    • DIGEST: hashed password (works in Firefox and IE 7+)
    • CLIENT-CERT: mutual certified SSL

3 May 2009

routing components / Solaris 10

  • Commands
    • route: manage routing table
    • netstat -rn: view routing table
    • routeadm: enable/disable routing services
    • svcadm: enable/disable routing services (in addition to routeadm from Solaris 10 8/7)
      • route
      • ipv4-forwarding
    • traceroute: test and show route to system
  • Daemons
    • /usr/sbin/in.routed
      • RIPv1
      • RIPv2
      • RDISC
  • Files
    • /etc/defaultrouter: default route for static routing
    • /etc/gateways: in.routed configuration file
    • /etc/routing.conf: routeadm persistent state. From Solaris 10 8/7 this information moves to SMF.
    • /etc/inet/static.routes: route command persistent state (subject to change)

IPMP components / Solaris 10

  • Commands
    • ifconfig: configure interfaces
    • if_mpadm: change interface state
      • -d detach
      • -r reattach
  • Daemons (SMF network/initial)
    • /usr/lib/inet/in.mpathd
      • -a alert to syslog daemon.error (undocumented)
  • Files
    • /etc/default/mpathd: boot time defaults
    • /etc/hostname.interface: per interface configuration file for ifconfig

1 May 2009

solaris stealth sniffing

A network interface that is sniffing the network is in promiscuous mode: it accepts packets that are not destined for its ethernet address.
You can try to detect a promiscuous interface by tricking it into replying to a packet that is not sent to its ethernet address (e.g. a malformed packet).

In Solaris you can make all such attempts fail by bringing the interface down.

# ifconfig bge0 down
# snoop -d bge0

Still you can sniff on that interface!

Ethernet Media

  • 10Base5: 10 mm diameter (thick)

  • 10Base2: 5 mm diameter (thin), BNC (Bayonet Neill-Concelman) connector

  • 10BASE-T: twisted pair, 2 mm diameter, RJ45 plug
    • UTP (unshielded twisted pair)

    • STP (shielded twisted pair)

    • S/UTP (shielded calbe with UTP wires)

  • thin /thick /twisted pair sockets

  • 1000BASE-X: Fibre optic