Jens’ BLOG

If you are using Snort as IDS you might want to take a look at pulledpork for updating an managing rules.

There is a survey about nmap.

You can also vote for your favorite security tools and you can even win something.

Sometime ago I was asked to investigate why a certain script was running so slow. The script used fwm logexport to convert a Checkpoint log file to an ASCII file.

While the script was running, network access to the server was realy slow. Having access to tcpdump or Wireshark would have shown what was happening. Unfortunately Windows doesn’t ship with such essential tools in the default install.

Reading the manual made it possible for an educated guess. There are two parameters -n and -p to disable DNS and Port resolution while converting the logfile. And guess what: Instead of a couple of hours the script only needed some minutes to finish. (The log file was about 2.000.000 lines long.

So here is the syntax used now:


fwm logexport -n -p -n -i %fwdir%\log\input -o output


Until May 1st you can participate is a survey on IPv6 support in commercial firewalls from ICANN.

I can’t wait to see the results.

I made a joke that “cisco” is the default password on most Cisco systems because they use it in theire documentation and training material. A colleague wouldn’t believe me. Than he asked me if I could check something on a customers Cisco router when he gets me a user name and password.

Guess what. cisco worked for login and enable.

For those of you who don’t know Cisco: Normally there is no default password. You can only login remotely when you configure remote access via ssh / telnet and a password. Until then you only have access to a serial console.

It’s always a problem to keep all your ACLs in a network coherent. Recently I was made aware of a small tool form google which makes managing ACLs on Cisco, Juniper and Linux much easier to handle.

Take a look at Capirca.

Some features, like IPv6 ACL support for Cisco is still missing, but it looks quite promising.

I recently reviewed a Cisco router configuration. Access via ssh was disabled and only telnet was allowed from some host. Ok, IOS only supports key authentication starting with IOS 15 but I thing that using an encrypted channel to configure and troubleshoot a router is better than clear text. And ssh is available in the standard image for quite some time.

I’ve given my usual presentation on IPv6 last Saturday @FrOSCon and there was one question nobody asked before:

“When will IPv6 be as secure as IPv4?”

IPv4? Secure? Did anyone bother to read the latest CISCO security advisory’s? From my point of view IPv6 is as secure as IPv4, maybe even more if you keep in mind that all problems with NAT are gone. Sure there will be bugs in the implementation but there are still bugs in some IPv4 implementations. Most of the problems are in applications using upper level protocols, especially HTTP apps written in PHP.