Netcraft - Web Server Signatures help

[voidmain]

quote:Originally posted by ThePreacher:
By the way Id like to reprint this tutorial on my website with your permission and giving you the proper credit of course.

Only if it works of course.  

[preacher]

Void main here is an update.I did everything you said to do in your instructions, and everything went right until

[root@badconnections SPECS]# rpmbuild -bb apache.spec
rpmbuild: error while loading shared libraries: librpmbuild-4.0.3.so: cannot open shared object file: No such file or directory

[voidmain]

Is Mandrake broken?  That file is part of the "rpm" RPM in RedHat. I've also seen it included in "librpmbuild" but it doesn't appear that RPM exists for Mandrake. Maybe you should try installing the other packages from your Mandrake CD that start with "rpm*". I'll do some searching on the Mandrake web site.

[preacher]

I did a little searching and it seems "librpmbuild-4.0.4.so" is what is installed on my computer. Why is rpmbuild looking for the older libraries?

[voidmain]

I don't know, looks like your RPM dependencies are hosed on your "rpm" packages. This could happen if only one of the few rpm packages got upgraded without the other dependent packages being upgraded, causing rpm to be broken. If not, that would mean Mandrake itself is broken, which really wouldn't surprise me as I've already seen it with the kernel versions vs the kernel-headers that are included on the 9.0 CD.

Maybe the old syntax will work. Try "rpm -bb apache.spec" rather than "rpmbuild -bb apache.spec".

If not try linking the 4.0.4 library to 4.0.3 by:
# ln -s /usr/lib/librpmbuild-4.0.4.so /usr/lib/librpmbuild-4.0.3.so

If that doesn't work (and even if it does) give me the output of "rpm -qa | grep rpm" and I'll see if I can see any broken dependencies.

[ December 04, 2002: Message edited by: void main ]

[voidmain]

quote:Originally posted by X11 / BOB: l33t h4x0r:
Now thats funny, how did you do it?

I was just thinking. I believe it may be fairly easy to spoof the netcraft uptime chart using iptables/ippersonality. Maybe that will be my next conquest. I think it would be pretty cool if I could get my system to show up as a Sega Dreamcast with about 12 years of uptime.  

[preacher]

quote:Originally posted by void main:


I was just thinking. I believe it may be fairly easy to spoof the netcraft uptime chart using iptables/ippersonality. Maybe that will be my next conquest. I think it would be pretty cool if I could get my system to show up as a Sega Dreamcast with about 12 years of uptime.    

This is a funny idea, spoofing the uptime, how exactly does Netcraft find a system's uptime?

[voidmain]

quote:Originally posted by ThePreacher:


This is a funny idea, spoofing the uptime, how exactly does Netcraft find a system's uptime?

I would imagine they do it in a similar way to the way nmap determines it, via TCP timestamps. I just spent the last hour or so going through ippersonality and I couldn't figure out a way of effecting nmap results via the configuration files and I don't believe it is possible without hacking it. But I'm not proficient enough with TCP at this low of a level. Might have to do some more research.

On another note, did you get my last message regarding your Apache hack?

[Master of Reality]

did you have to recompile the kernel to use ippersonality?

[voidmain]

Yes, you actually have to do a little more than that. I downloaded the 2.4.20 kernel source, applied the ippersonality kernel patch (there is a patch for 2.4.20 on sourceforge). Then I did a make config and turned on a couple of other necessary options like connection tracking (the options are listed in the README or INSTALL included with the ippersonality tar.gz package). Then compiled and installed the kernel.

Now that's not the end of it. You also have to patch "iptables". I downloaded the 1.2.7a source for iptables and applied the ippersonality patch for iptables, then modified the Makefile so iptables would install to the same directories that my distro has it already installed in. There was one more thing that needed to be done in the iptables source for 1.2.7a. There is a label/define that needs to be changed in several places in the source because it was changed in the new kernel source. This was easily done with a perl command that I found in one of the ippersonality message list archives. Then I did a "make" and "make install".

Then to masquerade as another OS you have to run a couple of iptables commands along with a configuration file of the  operating system you want to masquerade as and you are done.

This sounds like a lot but if you are interested I could do another step by step instruction and put it in my RedHat tips section. I think if I did that it wouldn't be hard for anyone to follow. I also wrote my own script to make it easy to change what OS you are masquerading as and call it from the /etc/init.d/iptables service script. Basically once installed all you have to do is comment out one line and uncomment another to change which OS you want to masquerade as. I started last night writing my own config file for a Cray supercomputer but fell asleep from exhaustion.     Maybe this evening I will work on it some more. Shouldn't take too long to create.

[ December 05, 2002: Message edited by: void main ]

[Master of Reality]

putting it in your tips section isnt a bad idea. I might try it on my slackware box, but i have quite a bit of work to do on that box so i can use it as my server.

[preacher]

quote:Originally posted by void main:


I would imagine they do it in a similar way to the way nmap determines it, via TCP timestamps. I just spent the last hour or so going through ippersonality and I couldn't figure out a way of effecting nmap results via the configuration files and I don't believe it is possible without hacking it. But I'm not proficient enough with TCP at this low of a level. Might have to do some more research.

On another note, did you get my last message regarding your Apache hack?

I did try what you suggested with the exact same result as before. What Im gonna try is using my other linux box to do this, then tranferring the modified apache-1.3.26-6.1mdk through the network. Ill fill you in when I get this finished.

[voidmain]

Heh, now I'm running Solaris 8. Or so Netcraft thinks:

Void on Netcraft

[ December 06, 2002: Message edited by: void main ]

[voidmain]

And it won't be long now before Netcraft is showing my supposed "Solaris 8" machine with around 350 days of uptime:

nmap:

Code: [Select]

I can now change my uptime to anything I want (below 497 days because of the 2.4 kernel uptime limitation). And I can do it on the fly without having to reboot. Here's the uptime command:

Code: [Select]

It was easy as adding two lines of code to one of the kernel source files which creates a proc file "/proc/sys/kernel/jiffies". "jiffies" is the counter variable that the kernel uses to keep track of how long the kernel has been running and all other applications indirectly key off of that variable (even the TCP/IP timestamps). So basically you can set the variable to anything you want on the fly by doing something like:

# echo "3000000000" > /proc/sys/kernel/jiffies

which will set your uptime to about 347 days. Obviously there are some ramifications of mucking with this somewhere along the line. The only thing I have noticed so far is if you set it to a high value like above the system stops responding for a period of time and then seems to get its wits back after about a minute. So if you try something similar I just want to warn you that something disasterous could happen.

If you feel adventerous and want to try it on an old machine then I have created a patch for the 2.4.20 kernel source. Put the following code in a file called "/usr/src/jiffies.patch":

Code: [Select]

Then assuming your 2.4.20 kernel source is in "/usr/src/linux" type:

# cd /usr/src/linux
# patch -p1 < ../jiffies.patch

Now make and install your new kernel and you should find a /proc/sys/kernel/jiffies variable that you can modify by my earlier instructions.

I didn't completely figure this out on my own. I happen to run across this:

http://www.zevv.nl/jiffies/

However, the patch on that page is obviously not for the 2.4.20 kernel, I figured out what they did in the patch and made the same modification to the 2.4.20 kernel source and created my own patch.

[edit]
NOTE: I just found out a few important commands appear to not work if you set this too high. It seems I can set it to 3000000000 (347 days) without any problems but I'm not quite sure why when I had it set to 3500000000 400+ days it made a couple of commands hang.

It seems that under certain conditions commands like "top" and "sleep"  will just hang. Any script that contains the "sleep" command will more or less just hang until you kill it. But going back and setting it to 3000000000 seemed to wake things up and everythign starts running fine from that point on. Maybe at this point I should just say the behavior is erratic and your mileage may vary. Let me know if you come up with the secret answer...
[/edit]

[ December 07, 2002: Message edited by: void main ]

[voidmain]

Weee, look at it climb:

By IP
voidmain.kicks-ass.net
   

[ December 09, 2002: Message edited by: void main ]