Author: Christopher

Posted on

WarVOX 1.0.1 – A Telephony Analysis & War Dialing Suite

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the audio from each call and does not use a modem directly. This allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

WarVOX requires no telephony hardware and is massively scalable (and completely anonymous) by leveraging Internet-based VoIP providers. A single instance of WarVOX on a 1 mbit broadband connection, with a typical VoIP account, can scan over 1,000 numbers per hour. The speed of WarVOX is limited only by downstream bandwidth (64k per 711u channel) and the limitations of the VoIP service. Using four providers with over 80 concurrent lines we have been able to scan entire 10,000 number prefixes within 90 minutes! Continue reading “WarVOX 1.0.1 – A Telephony Analysis & War Dialing Suite”

Posted on

nTOP on Untangle 6.2

I’ve had several people email me regarding information on configuring nTop on Untangle version 6.x (0,1,2).

nTop is a network traffic probe that shows the network usage, similar to what the popular “top” Linux command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

nTop users can use a a web browser (e.g. Firefox) to browse through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of:

  • a web interface
  • limited configuration and administration via the web interface
  • reduced CPU and memory usage (they vary according to network size and traffic)

make ntop easy to use and suitable for monitoring various kind of networks.

In an effort to encourage use of the Untangle forums, I’ve posted a online how to at: http://forums.untangle.com. Please post comments and feedback on the Untangle thread.

Posted on

Country IP Blocking

Country IP Blocks provides an online, search able internet protocol (IP) address database with the ability to export specific country level IP blocks into CIDR, Netmask, IP Range, .htaccess deny, .htaccess allow, Decimal/CIDR and Hex/CIDR formatted files. These files can then be used in cojunction with server (e.g. Apache, Microsoft IIS) and network security devices (e.g. Cisco, Juniper, TippingPoint, Untangle) to create access control lists to block access to networks and systems from specific countries.

Whilst I don’t advocate blocking entire countries, there are known IP address blocks used by spammers, crackers and other Internet filth which may need to be blocked from some websites and systems.

The American Registry for Internet Numbers (ARIN) and the Asia Pacific Network Information Centre (APNIC) manage the majority of Internet routed IP addresses allocations for IP v4 and maintain online allocation databases which are made available to Internet service providers. The Country IP database is updated with this information at least once every 24 hours which means accurate global network data is provided.

In terms of Country IP Blocks site, I specifically like the ability to export IP lists into common access control list formats such as HTACCESS. A simple example Continue reading “Country IP Blocking”

Posted on

MTR – The Network Diagnostic Swiss Army Knief

MTR, a Linux shell command, combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.

When MTR starts, it investigates the network connection between the host MTR runs on and HOSTNAME (e.g. www.google.com), by sending packets with purposly low TTLs. It continues to send packets with low TTL’s, noting the response time of the transit routers. This allows MTR to print the response percentage and response times of the internet route to the remote host. A sudden increase in packetloss or response time is often an indication of a problematic or saturated link.

Compared to mixing and matching ping and traceroute commands, MTR is a true network diagnostic swiss army knief. For those bound to Windows destkops, Microsofts command link “pathping” is similar to MTR but lacks the real time tracing and statistical data.

MTR Example:

[shell] Continue reading “MTR – The Network Diagnostic Swiss Army Knief”

Posted on

z Shell!

For those new to the Linux world and taking their first steps into SHELLS, two helpful downloads are available:

1. The One Page Linux Manual is available here.

2. Linux Command Reference is available here.

Both of these documents are dated but provide a solid outline of common shell commands including such functions as creating directores, ziping files, configuring network interfaces, mounting devices and search functions. These are a must for any Linux enthusiast!

Do you know of any other online one pager Linux command PDF’s?