Before nepenthes
p/s: this is using default settings with minor configuration.
—————————————————-
salax@zulfiqar:~$ nmap 192.168.2.10
Starting Nmap 4.53 ( http://insecure.org ) at 2010-01-09 00:11 MYT
Interesting ports on 192.168.2.10:
Not shown: 1711 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
631/tcp open ippNmap done: 1 IP address (1 host up) scanned in 0.075 seconds
———————————-
Firing up nepenthes:
salax@zulfiqar:~$ sudo /etc/init.d/nepenthes start
[sudo] password for salax:
Starting nepenthes: nepenthes.
——————————————————-
After nepenthes:
salax@zulfiqar:~$ nmap 192.168.2.10
Starting Nmap 4.53 ( http://insecure.org ) at 2010-01-09 00:11 MYT
Interesting ports on 192.168.2.10:
Not shown: 1690 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
42/tcp open nameserver
53/tcp open domain
80/tcp open http
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
220/tcp open imap3
443/tcp open https
445/tcp open microsoft-ds
465/tcp open smtps
631/tcp open ipp
993/tcp open imaps
995/tcp open pop3s
1023/tcp open netvenuechat
1025/tcp open NFS-or-IIS
2105/tcp open eklogin
3372/tcp open msdtc
5000/tcp open UPnP
10000/tcp open snet-sensor-mgmt
17300/tcp open kuang2Nmap done: 1 IP address (1 host up) scanned in 0.075 seconds
———————————————————————–
List open files shows as below :
salax@zulfiqar:/etc/nepenthes$ sudo lsof -i | grep nepenthes
[sudo] password for salax:
nepenthes 7246 nepenthes 6u IPv4 29655 TCP *:smtp (LISTEN)
nepenthes 7246 nepenthes 7u IPv4 29656 TCP *:pop3 (LISTEN)
nepenthes 7246 nepenthes 8u IPv4 29657 TCP *:imap2 (LISTEN)
nepenthes 7246 nepenthes 9u IPv4 29658 TCP *:imap3 (LISTEN)
nepenthes 7246 nepenthes 10u IPv4 29659 TCP *:ssmtp (LISTEN)
nepenthes 7246 nepenthes 11u IPv4 29660 TCP *:imaps (LISTEN)
nepenthes 7246 nepenthes 12u IPv4 29661 TCP *:pop3s (LISTEN)
nepenthes 7246 nepenthes 13u IPv4 29662 TCP *:2745 (LISTEN)
nepenthes 7246 nepenthes 14u IPv4 29663 TCP *:6129 (LISTEN)
nepenthes 7246 nepenthes 15u IPv4 29664 TCP *:loc-srv (LISTEN)
nepenthes 7246 nepenthes 16u IPv4 29665 TCP *:microsoft-ds (LISTEN)
nepenthes 7246 nepenthes 17u IPv4 29666 TCP *:1025 (LISTEN)
nepenthes 7246 nepenthes 18u IPv4 29667 TCP *:ftp (LISTEN)
nepenthes 7246 nepenthes 19u IPv4 29668 TCP *:https (LISTEN)
nepenthes 7246 nepenthes 20u IPv4 29669 TCP *:17300 (LISTEN)
nepenthes 7246 nepenthes 21u IPv4 29670 TCP *:2103 (LISTEN)
nepenthes 7246 nepenthes 22u IPv4 29671 TCP *:eklogin (LISTEN)
nepenthes 7246 nepenthes 23u IPv4 29672 TCP *:2107 (LISTEN)
nepenthes 7246 nepenthes 24u IPv4 29673 TCP *:3372 (LISTEN)
nepenthes 7246 nepenthes 25u IPv4 29674 UDP *:ms-sql-m
nepenthes 7246 nepenthes 26u IPv4 29675 TCP *:3127 (LISTEN)
nepenthes 7246 nepenthes 27u IPv4 29676 TCP *:netbios-ssn (LISTEN)
nepenthes 7246 nepenthes 28u IPv4 29677 TCP *:3140 (LISTEN)
nepenthes 7246 nepenthes 29u IPv4 29678 TCP *:5554 (LISTEN)
nepenthes 7246 nepenthes 30u IPv4 29679 TCP *:1023 (LISTEN)
nepenthes 7246 nepenthes 31u IPv4 29680 TCP *:27347 (LISTEN)
nepenthes 7246 nepenthes 32u IPv4 29681 TCP *:5000 (LISTEN)
nepenthes 7246 nepenthes 33u IPv4 29682 TCP *:webmin (LISTEN)
nepenthes 7246 nepenthes 34u IPv4 29683 TCP *:nameserver (LISTEN)
nepenthes 7246 nepenthes 35u IPv4 29684 TCP *:www (LISTEN)
nepenthes 7246 nepenthes 36u IPv4 29685 TCP *:10002 (LISTEN)
——————————————————————-
Take a look in /var/log/nepenthes/logged_downloads:
salax@zulfiqar:/var/log/nepenthes$ cat logged_downloads
[2010-01-08T03:21:15] 60.48.72.2 -> 192.168.2.10 link://60.48.72.2:11965/qcxYEw==
[2010-01-08T03:23:37] 60.48.98.64 -> 192.168.2.10 ftp://a:a@60.48.98.64:11460/Win15763.exe
[2010-01-08T22:27:49] 60.47.49.168 -> 192.168.2.10 link://60.47.49.168:29913/GDAo+A==
[2010-01-09T21:59:29] 60.48.196.174 -> 192.168.2.10 ftp://1:1@0.0.0.0:5895/wint.exe
[2010-01-09T22:20:08] 60.167.120.190 -> 192.168.2.10 ftp://1:1@60.167.120.190:9495/ssms.exe
[2010-01-09T22:26:00] 60.56.171.98 -> 192.168.2.10 tftp://0.0.0.0/ssms.exe
[2010-01-09T22:31:08] 60.47.211.135 -> 192.168.2.10 link://60.47.211.135:57271/46juBw==
[2010-01-09T22:54:40] 60.48.196.174 -> 192.168.2.10 ftp://1:1@0.0.0.0:5895/wint.exe
[2010-01-09T23:20:02] 60.48.206.249 -> 192.168.2.10 ftp://1:1@60.48.206.249:31018/wingate32.exe
[2010-01-09T23:23:05] 60.53.58.190 -> 192.168.2.10 ftp://1:1@0.0.0.0:15639/WinSec.exe
[2010-01-09T23:42:31] 60.48.206.249 -> 192.168.2.10 link://60.48.206.249:50408/EWYNew==
[2010-01-10T11:48:14] 60.44.18.223 -> 192.168.2.10 blink://60.44.18.223:40579/GLJK+A==
[2010-01-10T12:10:59] 60.48.192.35 -> 192.168.2.10 blink://60.48.192.35:42750/GIAo+A==
[2010-01-10T12:21:05] 60.48.192.35 -> 192.168.2.10 blink://60.48.192.35:33106/GIAo+A==
[2010-01-10T12:22:13] 69.207.61.212 -> 192.168.2.10 http://74.77.18.116:4662/x.exe
[2010-01-10T12:31:20] 60.48.192.35 -> 192.168.2.10 blink://60.48.192.35:41373/GIAo+A==
[2010-01-10T13:13:55] 60.42.119.172 -> 192.168.2.10 blink://60.42.119.172:29703/mPKeAQ==
[2010-01-10T13:15:21] 60.43.40.208 -> 192.168.2.10 link://60.43.40.208:46158/OHwf/g==
[2010-01-11T00:36:28] 60.48.103.18 -> 192.168.2.10 ftp://1:1@60.48.103.18:62984/wingate32.exe
[2010-01-11T00:42:24] 60.36.30.127 -> 192.168.2.10 ftp://1:1@0.0.0.0:45513/ssms.exe
[2010-01-11T00:51:16] 60.48.221.25 -> 192.168.2.10 ftp://1:1@60.48.221.25:40959/wingate32.exe
[2010-01-11T00:56:31] 60.48.103.18 -> 192.168.2.10 ftp://1:1@60.48.103.18:62984/wingate32.exe
[2010-01-11T20:10:07] 60.48.245.153 -> 192.168.2.10 link://60.48.245.153:64395/EGYNAw==
[2010-01-11T20:15:19] 60.48.245.153 -> 192.168.2.10 ftp://1:1@0.0.0.0:44154/wingate32.exe
[2010-01-11T20:18:03] 60.249.204.192 -> 192.168.2.10 tftp://0.0.0.0/ssms.exe
[2010-01-11T20:24:11] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T21:22:43] 60.48.70.175 -> 192.168.2.10 ftp://x:x@60.48.70.175:27517/hqghumea.dll
[2010-01-11T21:37:35] 60.41.138.161 -> 192.168.2.10 link://60.41.138.161:35057/4/idCA==
[2010-01-11T21:51:23] 60.48.70.175 -> 192.168.2.10 ftp://x:x@60.48.70.175:27517/hqghumea.dll
[2010-01-11T21:51:35] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T22:00:17] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T22:10:43] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:24841/0
[2010-01-11T22:10:43] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:24841/0
[2010-01-11T22:14:19] 60.48.70.175 -> 192.168.2.10 ftp://x:x@60.48.70.175:27517/hqghumea.dll
[2010-01-11T22:16:52] 60.48.103.192 -> 192.168.2.10 ftp://1:1@60.48.103.192:28894/wingate32.exe
[2010-01-11T22:17:08] 60.48.103.192 -> 192.168.2.10 ftp://1:1@60.48.103.192:28894/wingate32.exe
[2010-01-11T22:17:41] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T22:27:00] 60.42.243.214 -> 192.168.2.10 link://60.42.243.214:48588/+RnAEQ==
[2010-01-11T22:35:05] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T22:52:24] 60.48.103.192 -> 192.168.2.10 ftp://1:1@60.48.103.192:28894/wingate32.exe
[2010-01-11T22:52:29] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T22:54:18] 60.48.103.192 -> 192.168.2.10 ftp://1:1@60.48.103.192:28894/wingate32.exe
[2010-01-11T23:01:11] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T23:07:43] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:13110/0
[2010-01-11T23:07:46] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:6464/0
[2010-01-11T23:15:04] 60.48.70.250 -> 192.168.2.10 ftp://1:1@60.48.70.250:23241/WinSec.exe
[2010-01-11T23:17:46] 60.48.70.175 -> 192.168.2.10 ftp://x:x@60.48.70.175:27517/hqghumea.dll
[2010-01-11T23:17:55] 60.48.103.192 -> 192.168.2.10 ftp://1:1@60.48.103.192:28894/wingate32.exe
[2010-01-11T23:18:34] 60.48.76.255 -> 192.168.2.10 link://60.48.76.255:51319/TzxtYQ==
[2010-01-11T23:21:10] 60.48.70.175 -> 192.168.2.10 ftp://x:x@60.48.70.175:27517/hqghumea.dll
[2010-01-13T03:19:57] 60.48.98.181 -> 192.168.2.10 ftp://a:a@0.0.0.0:3987/igxdfdfds.com
[2010-01-13T03:27:39] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T03:28:57] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T03:30:20] 60.48.216.206 -> 192.168.2.10 ftp://1:1@60.48.216.206:59898/wingate32.exe
[2010-01-13T03:32:24] 60.48.98.181 -> 192.168.2.10 ftp://a:a@60.48.98.181:4078/Win15763.exe
[2010-01-13T03:37:06] 60.48.98.181 -> 192.168.2.10 ftp://a:a@60.48.98.181:4078/Win15763.exe
[2010-01-13T03:37:54] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T03:40:13] 60.48.98.181 -> 192.168.2.10 ftp://1:1@0.0.0.0:12506/wingate32.exe
[2010-01-13T03:43:58] 60.48.98.181 -> 192.168.2.10 ftp://1:1@0.0.0.0:12506/wingate32.exe
[2010-01-13T03:50:13] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T03:50:21] 60.48.216.206 -> 192.168.2.10 ftp://1:1@60.48.216.206:59898/wingate32.exe
[2010-01-13T03:54:50] 60.48.216.206 -> 192.168.2.10 ftp://1:1@60.48.216.206:59898/wingate32.exe
[2010-01-13T04:02:31] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T04:59:55] 60.48.216.206 -> 192.168.2.10 ftp://1:1@60.48.216.206:59898/wingate32.exe
[2010-01-13T05:07:36] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T05:34:57] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T05:48:38] 60.42.253.163 -> 192.168.2.10 link://60.42.253.163:54497/+BkAgw==
[2010-01-13T05:50:41] 60.48.89.89 -> 192.168.2.10 ftp://1:1@60.48.89.89:59451/wingate32.exe
[2010-01-13T05:57:08] 60.48.89.89 -> 192.168.2.10 tftp://60.48.89.89/runwin32.exe
[2010-01-13T05:57:30] 60.48.89.89 -> 192.168.2.10 ftp://1:1@60.48.89.89:59451/wingate32.exe
[2010-01-13T06:26:55] 60.48.189.130 -> 192.168.2.10 ftp://1:1@0.0.0.0:45506/wingate32.exe
[2010-01-13T06:27:07] 60.48.89.89 -> 192.168.2.10 tftp://0.0.0.0/runwin32.exe
[2010-01-13T06:27:30] 60.48.89.89 -> 192.168.2.10 ftp://1:1@0.0.0.0:59451/wingate32.exe
[2010-01-15T22:13:10] 124.12.75.2 -> 192.168.2.10 tftp://124.12.75.2/ssms.exe
—————————————————————————————
Take a look also in /var/log/nepenthes/logged_submissions :
salax@zulfiqar:/var/log/nepenthes$ cat logged_submissions
[2010-01-08T22:28:05] 60.47.49.168 -> 192.168.2.10 link://60.47.49.168:29913/GDAo+A== a881dd13336137c7c0a346a0e95a28cb
[2010-01-09T22:26:53] 60.56.171.98 -> 192.168.2.10 tftp://60.56.171.98:69/ssms.exe 98eb0fdadf8a403c013a8b1882ec986d
[2010-01-09T23:42:44] 60.48.206.249 -> 192.168.2.10 link://60.48.206.249:50408/EWYNew== f6a0747f321da6905d7f117b1a0491bc
[2010-01-10T11:48:15] 60.44.18.223 -> 192.168.2.10 blink://60.44.18.223:40579/GLJK+A== cf39a0e99513d242b516facffcf0149a
[2010-01-10T12:11:16] 60.48.192.35 -> 192.168.2.10 blink://60.48.192.35:42750/GIAo+A== fd0a67fb35667fabc7cba1be174a66a0
[2010-01-10T12:21:12] 60.48.192.35 -> 192.168.2.10 blink://60.48.192.35:33106/GIAo+A== fd0a67fb35667fabc7cba1be174a66a0
[2010-01-10T12:31:35] 60.48.192.35 -> 192.168.2.10 blink://60.48.192.35:41373/GIAo+A== fd0a67fb35667fabc7cba1be174a66a0
[2010-01-10T13:13:56] 60.42.119.172 -> 192.168.2.10 blink://60.42.119.172:29703/mPKeAQ== 6560050cb210e159c9cfb5a50fe6dd63
[2010-01-10T13:15:38] 60.43.40.208 -> 192.168.2.10 link://60.43.40.208:46158/OHwf/g== 714c1bf115fe97b19a4556d40de2fec1
[2010-01-11T20:18:48] 60.249.204.192 -> 192.168.2.10 tftp://60.249.204.192:69/ssms.exe fd28c5e1c38caa35bf5e1987e6167f4c
[2010-01-11T22:10:46] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:4921 7dc73bfa4d78284155dd5101991eeb34
[2010-01-11T22:10:46] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:4923 7dc73bfa4d78284155dd5101991eeb34
[2010-01-11T23:07:46] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:4735 7dc73bfa4d78284155dd5101991eeb34
[2010-01-11T23:07:48] 60.48.103.192 -> 192.168.2.10 creceive://60.48.103.192:3297 7dc73bfa4d78284155dd5101991eeb34
[2010-01-13T06:22:38] 60.48.89.89 -> 192.168.2.10 tftp://60.48.89.89/runwin32.exe 1eb2ae9acb444fd275f4ff1d55f4a54c
[2010-01-15T22:14:52] 124.12.75.2 -> 192.168.2.10 tftp://124.12.75.2/ssms.exe 1f8a826b2ae94daa78f6542ad4ef173b
—————————————————————————————————————-
I looked into binaries files stored:
salax@zulfiqar:/var/lib/nepenthes/binaries$ ls
1eb2ae9acb444fd275f4ff1d55f4a54c 714c1bf115fe97b19a4556d40de2fec1 a881dd13336137c7c0a346a0e95a28cb fd0a67fb35667fabc7cba1be174a66a0
1f8a826b2ae94daa78f6542ad4ef173b 7dc73bfa4d78284155dd5101991eeb34 cf39a0e99513d242b516facffcf0149a fd28c5e1c38caa35bf5e1987e6167f4c
6560050cb210e159c9cfb5a50fe6dd63 98eb0fdadf8a403c013a8b1882ec986d f6a0747f321da6905d7f117b1a0491bc
——————————————————————————————
And i’ve got lots from hexdump :
salax@zulfiqar:/var/lib/nepenthes/hexdumps$ ls
03040d7e4a4b43a51e16e23e8db372cc.bin
03b7c83b1097ec2103457238292d2c64.bin
047508ec910bbdd22bbd5b57735653cc.bin
0970bdd79407182c9b4528ea09482766.bin
0b246cefe406d265e33336b5614f03b8.bin
0bdbf63d3280cc4148dc431ee8ff9e67.bin
0cfc77783bc087dfdbc93eb848434785.bin
0e260b4030f9e03af889964cf08f1c31.bin
2b3ae3f7588a4f5598c35ccf85c57038.bin
2bed2846c40be4d0b54bd8e6570f5d65.bin
f9dc4a724a268dc50f599d91414a25a8.bin
2f25328714f52ceeb150474f9bd41ca3.bin
fc5752c2b644cf41132beac523653d6f.bin
32389a3b6d15c6b658c8c0ad0869e617.bin
33103e04b2b192f40a1a78091bb7fe5a.bin
fff4bb5b930ca56719bea26e22152165.bin
34557adc8990ee198c75a6446916f9fc.bin
——8<------------------------------------8<---------------------cutted-----8<
————————————————————————————————————————
Then, scanning using ClamAV:
salax@zulfiqar:/var/lib/nepenthes$ clamscan binaries/
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON’T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
binaries/fd0a67fb35667fabc7cba1be174a66a0: OK
binaries/cf39a0e99513d242b516facffcf0149a: OK
binaries/714c1bf115fe97b19a4556d40de2fec1: W32.Virut.sa FOUND
binaries/7dc73bfa4d78284155dd5101991eeb34: Trojan.SdBot-730 FOUND
binaries/1f8a826b2ae94daa78f6542ad4ef173b: Trojan.SdBot-4763 FOUND
binaries/fd28c5e1c38caa35bf5e1987e6167f4c: Trojan.SdBot-4763 FOUND
binaries/f6a0747f321da6905d7f117b1a0491bc: OK
binaries/98eb0fdadf8a403c013a8b1882ec986d: Trojan.SdBot-4763 FOUND
binaries/a881dd13336137c7c0a346a0e95a28cb: W32.Virut-17 FOUND
binaries/1eb2ae9acb444fd275f4ff1d55f4a54c: OK
binaries/6560050cb210e159c9cfb5a50fe6dd63: OK
binaries/df51e3310ef609e908a6b487a28ac068: Trojan.SdBot-4763 FOUND———– SCAN SUMMARY ———–
Known viruses: 572978
Engine version: 0.94.2
Scanned directories: 1
Scanned files: 12
Infected files: 7
Data scanned: 1.30 MB
Time: 2.564 sec (0 m 2 s)
to be continued….lot’s to learn here 
and also for dionae………
Hi,
I’ve changed from nginx to stunnel for my webserver.. while issuing “apt-get remove nginx”, i’ve got these error :
Removing nginx …
Stopping nginx: invoke-rc.d: initscript nginx, action “stop” failed.
dpkg: error processing nginx (–remove):
subprocess pre-removal script returned error exit status 1
Errors were encountered while processing:
nginx
E: Sub-process /usr/bin/dpkg returned an error code (1)
to handle this, simply edited nginx script :
sudo nano /etc/init.d/nginx
and add ‘exit 0′ like below, after that save it :
#! /bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFOPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#add exit 0 below:
exit 0
DAEMON=/usr/sbin/nginx
Then, issue :
sudo apt-get remove nginx -yf
This will enable us to uninstall it :
The following packages will be REMOVED:
nginx
0 upgraded, 0 newly installed, 1 to remove and 73 not upgraded.
After this operation, 676kB disk space will be freed.
(Reading database … 19412 files and directories currently installed.)
Removing nginx …
source : http://www.peterbe.com/plog/how-to-uninstall-nginx-with-apt
: http://www.digitalsanctum.com/2007/11/07/uninstalling-nginx-via-apt-get-stopping-nginx-invoke-rcd-initscript-nginx-action-stop-failed/
Hi, today i’ve learned new thing regarding vmware esxi 4.
If we open the Vmware vSphere client, go to Home -> Inventory -> HOST (Vmware esxi 4 host) -> Configuration -> Networking, by default the network is set up in Virtual Switch : vSwitch0. There we can see our network adapter card (e.g vmnic1) attached with the network.
So here’s my problem statement,
I have one network using ip 192.x.x.x and another network using 10.x.x.x .. My esxi 4 machine is configured with IP 192.x.x.x. IP 192.x.x.x is segregate with IP 10.x.x.x. Which means both IP can’t “see” each other.
In the esxi, there are bundles of virtual machine running, and I want to set 1 virtual machine (ubuntu) that host a web server to be accessed via both network (192.x.x.x and 10.x.x.x).
Method,
To do this, I set up additional LAN cable to be attached with another physical adapters/network card (e.g vmnic2).
Then, in vSphere client, go to Add networking -> Virtual Machine -> Create a virtual switch and choose your second network interface. The output is as follow..
Then next step is add another virtual network interface to the virtual machine. go to Edit settings and add another network adapter and choose Network connection -> network label.
Finally, fire up the virtual machine, you will see new network card added (eth0, eth1). eth0 is for 192.x.x.x, eth1 for 10.x.x.x. Issue ifconfig -a | more
Make sure to check the mac address of eth1 with vmimage in the vSphere client. If it is match, we are good to go..
greetz yomuds, hafiz, athlon crazy
Yes, I’ve heard of it..And, what should we do as a Muslim?
Each day we are reminded
and each day we say
there’s not much that we can do
it seems so far away
So we live our lives in silence
pretending not to hear
the voices of our people
The cry is so so clear
Why do we stand by spectating
while our brothers cry jihad?
We are bound by one conviction:
we believe in Allah
Chorus:
Have you heard of Kosova, of Afghanistan?
Have you heard of Palestine [2nd chorus: Bosnia]
of Chechan?
Have you heard of all these people
persecuted in their land?
Do you know that all these people are dying for Islam?
Have you heard, have you heard
have you heard?
Each day is like another
Nothing seems to change
Today he’ll lose his brother
Tomorrow will be the same
Yet his faith makes him stronger
he’s come so so far
The pain in his heart is eased
by his love for Allah
O I envy you my brother
in adversity you pray
You know that heaven awaits you
at the end of this day
Chorus
Trying to configure openvpn server and client via my home network thru internet
openvpn server is put in dynamic public ip, via router, in DMZ..
openvpn client is set up in another host and try to connect to openvpn server.
seems to have some misconfiguration, tls handshake failed.. need to look for this.. but not right now.. its 3 a.m. n need to go for work tomorrow..
*kepala dah mengantok ;p
Server
————————————————————————————————-
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: MULTI: multi_create_instance called
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 Re-using SSL/TLS context
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 LZO compression initialized
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 Local Options hash (VER=V4): ‘360696c5′
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 Expected Remote Options hash (VER=V4): ‘13a273ba’
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 TLS: Initial packet from 60.48.182.229:55803, sid=2f7af594 d7dd6de1
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:55803 Replay-window backtrack occurred [1]
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:56525 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:56525 TLS Error: TLS handshake failed
Jan 8 03:08:36 zulfiqar ovpn-server[8984]: 60.48.182.229:56525 SIGUSR1[soft,tls-error] received, client-instance restarting
Jan 8 03:08:38 zulfiqar ovpn-server[8984]: 60.48.182.229:60028 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 8 03:08:38 zulfiqar ovpn-server[8984]: 60.48.182.229:60028 TLS Error: TLS handshake failed
Jan 8 03:08:38 zulfiqar ovpn-server[8984]: 60.48.182.229:60028 SIGUSR1[soft,tls-error] received, client-instance restarting
————————————————
Client
Fri Jan 8 03:10:48 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=MS/ST=CA/L=KL/O=Salax/CN=Salax_CA/emailAddress=salasm86[at]gmail.com
Fri Jan 8 03:10:48 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jan 8 03:10:48 2010 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 8 03:10:48 2010 TLS Error: TLS handshake failed
Fri Jan 8 03:10:48 2010 TCP/UDP: Closing socket
Fri Jan 8 03:10:48 2010 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 8 03:10:48 2010 Restart pause, 2 second(s)
Fri Jan 8 03:10:50 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jan 8 03:10:50 2010 Re-using SSL/TLS context
Fri Jan 8 03:10:50 2010 LZO compression initialized
Fri Jan 8 03:10:50 2010 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Jan 8 03:10:50 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 8 03:10:50 2010 Local Options hash (VER=V4): ‘13a273ba’
Fri Jan 8 03:10:50 2010 Expected Remote Options hash (VER=V4): ‘360696c5′
Fri Jan 8 03:10:50 2010 Socket Buffers: R=[112640->131072] S=[112640->131072]
Fri Jan 8 03:10:50 2010 UDPv4 link local: [undef]
Fri Jan 8 03:10:50 2010 UDPv4 link remote: 60.48.182.229:1194
Fri Jan 8 03:10:50 2010 TLS: Initial packet from 60.48.182.229:1194, sid=5a38586b cca57bee
Fri Jan 8 03:10:50 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=MS/ST=CA/L=KL/O=Salax/CN=Salax_CA/emailAddress=salasm86[at]gmail.com
Fri Jan 8 03:10:50 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jan 8 03:10:50 2010 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 8 03:10:50 2010 TLS Error: TLS handshake failed
Fri Jan 8 03:10:50 2010 TCP/UDP: Closing socket
Fri Jan 8 03:10:50 2010 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 8 03:10:50 2010 Restart pause, 2 second(s)
Fuhh.. lots of dusts inside the box :-p
Somehow, I feel the need to clean up my pc. It’s been a while, I think it is about a year.. huh
Open up my toolbox and start to clean.. yah
Hope to make it every 2-3 months… happy cleaning 
salawank is Digg proof thanks to caching by WP Super Cache