Jul 12, 2013

CDP device discovery in python

Today, I wrote a small python script to discover Ubiquiti Nanostation devices on the network using pacpy and dpkt. Since it is listening CDP packets, I guess it can also discover other kinds of devices, though not tested.

Jul 11, 2013

Limiting the active users/sessions in freeRADIUS

Here is how to limit the number of concurrent users/sessions in freeRADIUS. Let's say, you want to reject auth requests if there are already more than 50 active accounting sessions.

  1. Add the following policy in your policy.conf
  2. maximum_active_users = 50
    
    check_active_users {
        if ("%{sql: SELECT COUNT (*) FROM  radacct WHERE acctstoptime IS NULL}" >= "%{config:policy.maximum_active_users}") {
            update reply {
                 Reply-Message := "Too many users logged into the system. Please try again later."
            }
            reject
        }
    }
     
  3. Add check_active_users policy in your sites-enabled/default auth section.

  4. Test it using radclient.

  5. root @ ~ $ echo "User-Name=t1,User-Password=1234"  | radclient -x -d /etc/freeradius/ 192.168.100.108 auth testing123
    Sending Access-Request of id 124 to 192.168.100.108 port 1812
            User-Name = "t1"
            User-Password = "1234"
    rad_recv: Access-Reject packet from host 192.168.100.108 port 1812, id=124, length=84
            Reply-Message = "Too many users logged into the system. Please try again later."
    

Jun 20, 2013

Simple Data Compression Algorithms in Common Lisp

Common Lisp implementation of some data compression algorithms — Run-Length, Huffman, and Shannon–Fano Encodings — that I have written during my graduate course "Data Compression".

Internet connection sharing using iptables

Scenario ― I have several virtualbox GUEST machines, using an internal network on my PC. Now, I wanted to share host machine's internet connection to guest machines. I searched on the web how to do it using iptables. Most of the solutions seem too complex. Here is a working simple solution (found on centos documentation)

On Host Machine — type these commands in Terminal.

thura @ ~ $ sudo iptables -A FORWARD -i vboxnet0 -j ACCEPT
thura @ ~ $ sudo iptables -A FORWARD -o eth1 -j ACCEPT
thura @ ~ $ sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

That's it. Now you can access the external network of host machine from guest machines. To access Internet, you may need to edit /etc/resolve.conf in your guest machine.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8

Jun 19, 2013

if_nametoindex, if_indextoname functions for python using ctypes


I needed to use if_nametoindex, if_indextoname functions for one of my packet capturing programs. So, here is my python wrapper for those functions using ctypes.


PS: You will need this only for python2.x. Those functions are available in socket module starting since python 3.3.