Archive for April 28th, 2010

How to resolve network issues with Java 6 JRE on Debian / Java proxy spawn on Debian sid not working by default – A Small tip on running WebScarab and Paros local Proxy on Debian’s Java

Wednesday, April 28th, 2010

In an attempt to use Paros Proxy and WebScarab on Debian I faced a shitty issues with Java’s Networking.

Neither of the forementioned Security Applications’s Local Proxy to be spawned by the Java server won’t work.

I assured my self there is nothing running on the ports 8080 on which the two Java applications attempted to run their local proxy server.
Being sure that nothing is listening on the 8080 port. I suspected that there is something wrong with Debian’s Java networking.
A quick search in Google pointed me to the Debian.Net’s forums where the issue was described as serious proxy error after updates .

The error that was returned by the ParosProxy Server on my Desktop Debian can be reviewed below:

hipo@noah:~/paros$ /usr/lib/jvm/java-6-sun-1.6.0.17/jre/bin/java -jar paros.jar
file:/home/hipo/paros/paros.jar
file:/home/hipo/paros/paros.jar
java.net.SocketException: Invalid argument
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:365)
at java.net.ServerSocket.bind(ServerSocket.java:319)
at java.net.ServerSocket.<init>(ServerSocket.java:185)
at org.parosproxy.paros.core.proxy.ProxyServer.createServerSocket(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyServer.startServer(Unknown Source)
at org.parosproxy.paros.control.Proxy.startServer(Unknown Source)
at org.parosproxy.paros.control.Control.init(Unknown Source)
at org.parosproxy.paros.control.Control.<init>(Unknown Source)
at org.parosproxy.paros.control.Control.initSingletonWithView(Unknown Source)
at org.parosproxy.paros.Paros.runGUI(Unknown Source)
at org.parosproxy.paros.Paros.run(Unknown Source)
at org.parosproxy.paros.Paros.main(Unknown Source)

All a man can grasp from the Error is that there is something wrong with running the Paros Proxy server.
So far so good since the last release of Paros Proxy originates back to the year 2006 and it’s not really supported this days at first I thought this could be causing the error.
By the way the paros proxy is available via the debian packaging system. So I use the packaged version of paros to install the Debian packaged version of Paros Proxy issue the cmd:

root@noah:~# apt-get install paros

In that manner of thoughts I decided to try out the newer more modern HTTP and HTTPS Security Analysing Application WebScarab

I followed the start up instructions on WebScarab’s Website in order to run the application.
It was really simple. All I had to do is download the webscarab-current.zip which of the time of writting this post is webscarab-20100414-0036 and then launch the Java Debian Virtual machine.

However though my hopes that WebScarab’s local Proxy server will be running fine I was unpleasently suprised by the error which shown below:

hipo@noah:~/webscarab-20100414-0036$ java -jar webscarab.jar
Help set not found
11:43:36 main(Proxy.parseListenerConfig): No proxies configured!?
11:43:39 Proxy(Proxy.run): Unable to start listener 127.0.0.1:8008
Ain’t pretty heh?! … Even nasty !

However I was lucky to find the solution in some 20 minutes, so hopefully it took you less to find this post.

The solution to the above Proxy Spawn Error with Paros and Webscarab on Debian Lenny’s Java 6 Sun Server is really simple and it comes to this:

1. edit /etc/sysctl.d/bindv6only.conf and change the value

net.ipv6.bindv6only = 1
# to
net.ipv6.bindv6only = 0

2. Restart procps

root@noah:/home/hipo/webscarab-20100414-0036# invoke-rc.d procps restart

Now launch once again either Paros Proxy or Webscarab, the Local Proxy Server by each of them will bind to either port 8008 (WebScarab) or port 8008 (Paros Proxy).

Tags: , , , , , , , , , ,
Posted in System Administration | 3 Comments »

Protecting Debian Lenny against Slowloris Denial of Service attack with mod_antiloris

Wednesday, April 28th, 2010

I’ve written in my previous posts some possible ways to protect against slowloris on Debian with the mod_qos module.
For more on mod_qos see here

This solution to the denial of service attack against which probably at least 40 percents of the Apache webservers online are still vulnerable is not really applicable on 64 bit Debian GNU Linux.
I installed the mod-qos on a Debian Linux running an amd64 bit kernel and used the Apache server with this module for just a few days on a newly configured productive Linux server running mostly some PHP applications based on top of Zend Framework .
At first all looked fine, the mod-qos was up and running and defending the Apache Webserver from the nasty slowloris DoS attack, however at a certain point.
The PHP application developers reported that Apache is crashing while executing some of the PHP codes developed by the programmers team.
After quick examination of the Apache error logs I realized the Apache crashes are caused by misbehaving behavior of the mod-qos module.

Realizing that mod_qos is creating the Apache segfaults on the amd64 architecture I abandoned the idea of using it and after a some time spend in researching what can I use as a substitute to protect against the Slowloris DoS attack I found the mod_antiloris.
Mod_antiloris is a tiny Apache module dedicated only as a work around (fix) for Apache against the Slowloris denial of service.

Though the package is officially included as a package for Debian Sid and is in the testing/unstable Debian repositories.
It’s still not available via official Debian repositories in Lenny, neither through Debian Lenny backports.

Therefore the only way to install this In my humble view compulsory module to guarantee some security against modern Denial of Service Attacks, you will need to compile the module from source.
So here is how to install the mod_antiloris module on Debian Lenny via source:

1. Download and untar (unarchive) the mod_antiloris

debian-server:~# wget ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/mod_antiloris-0.4.tar.bz2
debian-server:~# tar -jxvvf mod_antiloris-0.4.tar.bz2
debian-server:~# cd mod_antiloris-0.4/

2. Install necessery header files and Apache development programs necessery for the compilation of mod_antiloris

debian-server:~# apt-get install gcc apache2-threaded-dev

3. Compile the mod_antiloris module

debian-server:~# /usr/bin/apxs2 -i -c mod_antiloris.c

4. Create necessery configuration files and Enable the mod_antiloris module in Apache

debian-server:~# echo "LoadModule antiloris_module /usr/lib/apache2/modules/mod_antiloris.so" > /etc/apache2/mods-available/antiloris.load
debian-server:~# a2enmod antiloris
Enabling module antiloris.
Run '/etc/init.d/apache2 restart' to activate new configuration!

5. Restart the Apache WebServer

debian-server~:~# /etc/init.d/apache2 restart

6. Use the slowloris.pl Denial of Service tool to ensure yourself Apache is Secured by mod_antiloris and no longer vulnerable to the slowloris attack

debian-server:~# perl slowloris.pl -dns yourdomainname.com -port 80 -timeout 1 -num 200 -cache

Open an SSH connection to some free shell with a a text browser lynx or links or some other Linux system you have access to or use some proxy to test if your WebServer is responding while the above attack is taking action.
In case if after the test your webserver opens normally your hosted webpages then congrats you’re secure!
You can sleep well at night with less worries about Denial of Service attacks 🙂

Tags:
Posted in Linux, System Administration | 1 Comment »