alexedwards

# Change these variables as necessary.
MAIN_PACKAGE_PATH := ./cmd/example
BINARY_NAME := example

# ==================================================================================== #
# HELPERS
# ==================================================================================== #

## help: print this help message
.PHONY: help

gmurdocca

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

LordGhostX

package main

import (
	"crypto/sha256"
	"encoding/json"
	"fmt"
	"strconv"
	"strings"
	"time"
)

nrdmn

vsock notes

about vsocks

Vsocks are a means of providing socket communication (either stream or datagram) directly between VMs and their host operating system. The host and each VM have a 32 bit CID (Context IDentifier) and may connect or bind to a 32 bit port number. Ports < 1024 are privileged ports.

• Vsock communication between VMs does not seem to work.
• Only one vsock device per VM is supported.

fbaierl

No, you are not allowed to change the copyright notice. Indeed, the license text states pretty clearly:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

But you are allowed to add a copyright notice.

If you want to keep the MIT license, which is what I would advise you to do, you only need to add a single line to the license file, before or after Copyright (c) 2012 Some Name with your own copyright notice. The final LICENSE file will look like this:

The MIT License (MIT)

gbraad

.:53 {
    log
    errors
    
    #bind 127.0.0.1

    proxy . /etc/resolv.conf

    template IN A {
      match "^(?P<a>[0-9]*)[.](?P<b>[0-9]*)[.](?P<c>[0-9]*)[.](?P<d>[0-9]*)[.](xip.io|nip.io|local|dev)[.]$"

mcastelino

The netfilter hooks in the kernel and where they hook in the packet flow

The figure below calls out

• The netfilter hooks
• The order of table traversal

mpneuried

# import config.
# You can change the default config with `make cnf="config_special.env" build`
cnf ?= config.env
include $(cnf)
export $(shell sed 's/=.*//' $(cnf))

# import deploy config
# You can change the default deploy config with `make cnf="deploy_special.env" release`
dpl ?= deploy.env
include $(dpl)

zachbrowne

#!/bin/bash
iatest=$(expr index "$-" i)

#######################################################
# SOURCED ALIAS'S AND SCRIPTS BY zachbrowne.me
#######################################################

# Source global definitions
if [ -f /etc/bashrc ]; then
	 . /etc/bashrc

kost

#!/bin/sh
set -x
set -e
#
# Docker build calls this script to harden the image during build.
#
# NOTE: To build on CircleCI, you must take care to keep the `find`
# command out of the /proc filesystem to avoid errors like:
#
#    find: /proc/tty/driver: Permission denied