posted
28/11/09
By Fredrik "DXter" Jonsson
I have now been running all my networks at home through a DIR-600 that has been acting as my edge firewall for a couple of weeks now. Everything has been running very smooth and without any problems at all. I have never had a need to reboot the device for any reason at all, but I had to turn it off for two weeks ago for a short time since my girlfriend and I were changing power cables in the living room. 
And since I preconfigured the device before I replaced my good, old WRT54GL, the affecting downtime was only about 1-2 minutes.
The flash processes of the devices was also very easy since there is a device specific DD-WRT image that you upload through the web GUI just like upgrading the original firmware with a newer version. During the flash process, I was quite surprised by a cool feature that I noticed.
Usually when you change the firmware of a device from the vendors firmware to a homebrew version, like DD-WRT, you really want to erase the previous configuration. Otherwise you can really mess up your device if DD-WRT tries to parse or load the configuration that is created by the previous firmware. This is usually done by doing a factory reset of the device or by clearing out the NVRAM with the command: “erase nvram & reboot” in a console through Telnet/SSH/Serial. But with the device specific image for DIR-600, the NVRAM is cleared during the flash process and I already have a “clean” device the first time it boots.
The first thing I noticed was the absence of VLAN support. 
Notice that there is no VLAN tab under Setup.
Due to this, I had to redesign my network a little bit. I usually use VLAN’s to separate my networks in different segments. But now since I didn’t have VLAN configuration available in my edge firewall, I had to use iptables between my networks to secure them from each other. The benefit of using VLAN’s instead of a firewall is that there is no firewall between the networks that can be exploited. But since this is on my inside, I guess that it is good enough (for now). 
I was very confused by the absence of the VLAN tab. If I look at my NAS (that i also running DD-WRT) I can clearly see the VLAN tab under Setup.
My WRT-600N is running DD-WRT with VLAN support. (Yes, I am a true master of paint. )
This was very strange to me, but I accepted the sad fact that there was no VLAN support in DIR-600. Time passed, but some days ago I wanted to investigate the thing a little bit more. I started by checking the URL to the VLAN configuration of the my NAS device, which is http://192.168.85.253/Vlan.asp. It was a long shot, but I decided to try what happens if I try to load the Vlan.asp page on my DIR-600 using it’s IP instead of my NAS-device. The result is this:
It was a great surprise to see the “hidden” VLAN configuration in DIR-600. Please note that VLAN tab is still missing!
I haven’t tried the VLAN settings yet (since of my reconfiguration, but I will try it soon), but I think that we can assume that they are working. So what is my final conclusion of my little experiment? Well, I must say that I am happy to confirm to you that with the DD-WRT firmware on the DIR-600, I have a wonderful D-Link router. (And if you are curious enough, you can actually have VLAN support as well. ) And since D-Link now provides home brewers with SDK’s for their products, I think that they understand that other people are apparently better than they are in building firmware’s for their own devices. It has been a really fun trip with the DIR-600, but right now I really miss my dear WRT54GL that is hiding in my closet that will come back into service any day now.
Is anyone interesting in buying a used DIR-600 that is loaded with DD-WRT? It is actually a D-Link router that absolutely rocks! 
// Fredrik “DXter” Jonsson
posted
26/11/09
By Fredrik "DXter" Jonsson
When I was young, Coca Cola was “the energy drink” for us geeks with its high amount of caffeine and sugar.
When I was in high school, me and friends (who were also geeks) came in contact with Jolt Cola due to its much higher amount of caffeine.
Last year I discovered the Ubuntu Cola which has been my default choice since then (if it is available). Much because the fair trade but also since I am also a part time Linux guy.
Now I recently discovered this: http://www.drinkcocaine.com/ A new drink with three times more caffeine than Jolt Cola!
To be honest, I don’t think that this is so healthy regarding the extreme amount of caffeine in this drink!
However, it would be fun to go down to my local supermarket and see the faces on the staff when I ask them:
“Excuse me. Where is the Cocaine?”
// Fredrik “DXter” Jonsson
posted
23/11/09
By Fredrik Wall
I got an excel file last week with names of the users at
a customer and we needed to get some information from the AD.
In this blog post I will show a similar thing with only a few made up users.
I needed to:
- Make new account names for all users
- List all users existing AD accounts
(In next blog post)
- New AD account names
I got a excel sheet with some users.
And I need to populate the New Account field with new user names.
The new account names will be first two letters in first name and
first two letters in the last name plus the Employee number.
Example:
frwa666999
In this case I save the Excel sheet as a unicode text file because
of the use of åäö in Sweden.
The text file will look like this now:
It’s a plain text file with TAB delimiter.
So we let PowerShell import it as an CSV file with the `t that is TAB delimiter.
$userInfo = Import-Csv "c:\scripts\users\users.txt" -Delimiter `t
If we make PowerShell print this information to the screen.
$userInfo = Import-Csv "c:\scripts\users\users.txt" -Delimiter `t
$userInfo
Then we get:
Name : Svensson Nils
Employe number : 995423
Business Unit : Sales
New Account :
Old Account :
Home Directory :
Name : Bengtsson Klas
Employe number : 996721
Business Unit : IT
New Account :
Old Account :
Home Directory :
Name : Östergren Jenny
Employe number : 998832
Business Unit : HR
New Account :
Old Account :
Home Directory :
Now we want to change åäö to aao and we will not want upper characters.
foreach ($user in $UserInfo) {
$user = $user.Name -creplace(‘å‘,‘a‘) -creplace(‘Å‘,‘A‘) -creplace(‘ä‘,‘a‘) -creplace(‘Ä‘,‘A‘) -creplace(‘ö‘,‘o‘) -creplace(‘Ö‘,‘O‘)
$user.ToLower()
}
We will go thru every line and look into the Name property that holds the names we want.
This time we will get:
svensson nils
bengtsson klas
ostergren jenny
And now we need to take the two first letters from the first name and
the first two letters from the last name.
$userName = $userName.Split(" ")
$firstName = $userName[1]
$firstName = $firstName.Substring(0,2)
$lastName = $userName[0]
$lastName = $lastname.Substring(0,2)
First we split up last name and first name.
Then we take the two first letters from the first name and
the first two letters from the last name.
Now It’s time to take the employee number and then we are finished.
So here is the script:
$userInfo = Import-Csv "c:\scripts\users\users.txt" -Delimiter `t
foreach ($user in $UserInfo) {
$userName = $user.Name -creplace('å','a') -creplace('Å','A') -creplace('ä','a') -creplace('Ä','A') -creplace('ö','o') -creplace('Ö','O')
$userName = $userName.ToLower()
$userName = $userName.Split(" ")
$firstName = $userName[1]
$firstName = $firstName.Substring(0,2)
$lastName = $userName[0]
$lastName = $lastname.Substring(0,2)
$employeenr = $user."Employee number"
$firstName + $lastName + $employeenr
}
The output will now be:
nisv995423
klbe996721
jeos998832
Technorati Tags:
PowerShell,
CSV,
AD
posted
22/11/09
By Fredrik "DXter" Jonsson
For some time now, I have been involved in a very big task for one of my customers, which is moving a complete data center to another location. Since point of sales are using this data center for their daily operations, down time is critical and no downtime is accepted during business hours. As one step in our efforts to make this operation as smooth as possible, we are right now consolidating and migrating so many systems as possible to a virtual environment, so as little hardware as possible is being moved on the date when we move the stuff, to be able to decrease the downtime to a minimum.
However, when you cut down your hardware to like 20% of what you had before (without adjusting the cooling system), you will realize one day when you enter the server room that it is ICE COLD!!!
I am now wishing for a cooling system that is just as dynamic and self adjusting as the virtualization solution is.
Yes, that Eskimo in the server room is me.
// Fredrik “DXter” Jonsson
posted
17/11/09
By Fredrik Wall
Office 2010 beta 2, first public beta now at TechNet and MSDN.
posted
17/11/09
By Fredrik "DXter" Jonsson
D-Link will release a new access point called DAP-1360 in December. Nothing mind-blowing about that, all hardware vendors release new products now and then. The cool thing with DAP-1360 is that it is running Linux (i.e GPL firmware) and D-Link is also providing a SDK (on request) for home brewers to be able to make their own firmware’s for it.
Personally, I guess that there will be ports of OpenWRT and DD-WRT for this unit in a very near future. The only ting I actually miss in the specifications (ftp://ftp.dlink.eu/datasheets/DAP-1360.pdf) for the device is support for Power over Ethernet, but I guess that you can’t have everything sometimes.
I really salute D-Link for this initiative and I hope that we will see a D-Link box with the same wonderful hardware (and firmware support) as Linksys WRT54GL!
DAP-1360, an alternative for WRT54GL in the near future?
// Fredrik “DXter” Jonsson
posted
15/11/09
By Fredrik "DXter" Jonsson
One of the most common question regarding root certificate distribution in an internal IT-infrastructure is:
“How do we install it to our mobile devices?”
Active Directory is very good to automatically provide our domain members with the root certificate for our internal PKI structure (and if you have a two tier PKI, you use group policies). But our mobile devices, such as cell phones or PDA’s, do NOT get it automatically since they are usually not members of the domain and therefore does not get the necessary group policies applied.
I have a cell phone with Windows Mobile 6.1 that I am very satisfied with. However, even if I am fully capable of installing our root certificate on my cell phone, I still want to deploy our root certificate in a good and easy way, since not everybody are as geeky as I am, or know which exact store the certificate should be installed in.
To be able to create a CAB file that install our root certificate for our mobile devices, first we need to create a XML file called _setup.xml and fill it with the following content using notepad or your favorite text editor:
<wap-provisioningdoc>
<characteristic type="CertificateStore">
<characteristic type="ROOT">
<characteristic type="#THUMBPRINT">
<parm name="EncodedCertificate" value="#THEROOTCERTIFICATEASBASE64"/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
This XML file basically needs two inputs; the root certificates thumbprint and our root certificate in a text form encoded with Base64.
Since I am really in love with the certificate management that is provided by PowerShell, I use PowerShell to get the thumbprint of our root certificate with the command: Get-ChildItem cert:\CurrentUser\Root
In this example, I use the root certificate for ASCI, the company were I am employed.
I replace the #THUMBPRINT with the actual thumbprint of our root certificate, which results in:
<wap-provisioningdoc>
<characteristic type="CertificateStore">
<characteristic type="ROOT">
<characteristic type="8651A074F15E0198B78DF13FEF230F8CFE253685">
<parm name="EncodedCertificate" value="#THEROOTCERTIFICATEASBASE64"/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Next, we need our root certificate in a Base64 format, to be able to include it as a clean text string.
We open up certmgr.msc, go to Trusted Root Certification Authorities. We right click on the certificate and choose All Tasks –> Export.
In the screen where we can specify which format we want our root certificate, we choose Base64.
After we have specified the path to our exported root certificate. We can actually open it with notepad (if the certificate is encoded according to Base64) which looks like this:
We remove the —–BEGIN CERTIFICATE—– and the —–END CERTIFICATE—– rows, and copy all the remaining text into our XML file, resulting in this:
<wap-provisioningdoc>
<characteristic type="CertificateStore">
<characteristic type="ROOT">
<characteristic type="8651A074F15E0198B78DF13FEF230F8CFE253685">
<parm name="EncodedCertificate" value="MIIDdTCCAl2gAwIBAgIQNc11bx1dq75MSUDtFDuvFjANBgkqhkiG9w0BAQUFADBB
MRIwEAYKCZImiZPyLGQBGRYCc2UxFDASBgoJkiaJk/IsZAEZFgRhc2NpMRUwEwYD
VQQDEwxBU0NJIFJvb3QgQ0EwHhcNMDkwNTA0MTA0MzQ0WhcNMTQwNTA0MTA1MzQz
WjBBMRIwEAYKCZImiZPyLGQBGRYCc2UxFDASBgoJkiaJk/IsZAEZFgRhc2NpMRUw
EwYDVQQDEwxBU0NJIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDgKb9MZEJKZisxCMjnOggIksagv31att2JjVOLOoZt5oT1MxXiZ8WKDITS
otcH4JSINns5DDQ4COlbD/xx0awtxu21STeAvUQTJbVNatcO+viT5AOtVZjvo2v9
zPoXRIHSY7Zv2HBL0GQOQYKbc+4I+z92ywbkelV1AcOi3mUzzZNCgOYfsSsrgTJI
Ecp1H2FwXO0l6IfuA5W1QcwwMs7U1jI0kslVpfgY7oPsGlvwKtwDmbDy7s0bO4/n
ETx/aqyIdT5BlSiKfH1wtn0yFshrhEFpBxjfrZs2yL02rMbfuUzIflat3SCrRMx+
Z8v12rcKi1V1Xc2NbruxolRJlMtdAgMBAAGjaTBnMBMGCSsGAQQBgjcUAgQGHgQA
QwBBMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTb
nl2wQWvWZ7nz+LkbDbcTTAQnAjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQUFAAOCAQEAKB7O99qiVqXPl9bzDz0Ha9ryYC+pG6t0ujkvU/bM/dlHyeeVEUNU
JcdBMlFasp+IlLsnGJobjOhfSJBCYzUW8dckEi2NslmkxnIoM7iyOFUqJI7URP09
/v9U0s/e89NFCSuWqd49eu/s04szUDc3larZFLdbpTOvfBY3zgnpqBXjk5rREpOb
BnWxWLepjQp9lYpavegOKkxIWbrqV3e5QL6RSi02ynzwivRjf8vAxa0y9QZJEci5
LMhi6TX5Wv8bnLjfgFsTD4LOa36×6NBokQibMYm7zPds72BjnTs9VuQQv1qcobJK
noUAm3DFF+hzpT8F+xFHt6IJG2cGMQHl9Q=="/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Save the XML file somewhere, I saved it on my desktop. Then we run the following command to create a CAB file from our XML:
makecab _setup.xml /L . root_ca.cab
Now we have our root certificate as a CAB file, which we can distribute as any other software package for our mobile devices. Of course, this package can also be installed just like any other “software” with a simple one click installation on the device.
// Fredrik “DXter” Jonsson
posted
09/11/09
By Fredrik Wall
Microsoft released
Microsoft Baseline Security Analyzer 2.1.1 last week.
It can be downloaded here.
Technorati Tags:
MBSA,
Security
posted
09/11/09
By Fredrik Wall
At last!
Microsoft released Windows Management Framework for
Windows XP, Windows Server 2003, Windows Vista and
Windows Server 2008.
This means that we get Windows PowerShell 2.0 for Windows XP
and Windows Server 2003 too.
More information and the downloads can be found here.
