StvOR!

HOWTO recover deleted files on an ext3 file system by Carlo Wood via LWN

quote:

The tool that I wrote assumes a spike of recently deleted files (shortly before the last unmount). It does NOT deal with a corrupted file system, only with accidently but cleanly deleted files.

Tool doesn’t recover in place so it only needs read access to file system (it does NOT work on live file system), so this could be used for forensics as well.

Howto also includes detailed overview of ext3 file system, this is probably next best thing to looking at the source code of ext3 fs directly. Worth a read even if you haven’t had any accidents with rm :)

Of course if Carlo Wood had more recent backups of his work it would make his life a lot easier, but we wouldn’t have this nice guide and useful tool as a result.

Why would you want to change your MAC ?

Several reasons:

• Some ISP’s lock their cable/ADSL modems to single MAC address ( usually your router), if for some reason you need to connect some other machine to that modem you need to change MAC address on that machine.

• Security and privacy. Each ethernet and WiFi card has its own MAC, that can sometimes be traced back to you. By changing your MAC you can prevent that.

NOTE: While most ethernet ( all ?) support changing MAC, there are some WiFi cards that do not.

NOTE: In the following text I have used eth0 as an example of network interface. Replace it with the interface of the card whose MAC you want to change.

To list all interfaces: sudo ifconfig -a

There are several ways to change your MAC.

General Linux

Works on most Linux boxes.

First we bring down the interface:

ifconfig eth0 down

then we change the MAC:

ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx

and we bring back the interface (static):

    ifconfig eth0 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255
    ifconfig eth0 up
    route add default gw 192.168.0.1 eth0

or with dhcp:

/sbin/dhcpdc eth0

Ubuntu

On Ubuntu the procedure is dependant on weather you use NetworkManger or not.

Without NetworkManeger

First edit /etc/network/interfaces and change:

    auto eth0
    iface eth0 inet dhcp

into:

    auto eth0
    iface eth0 inet dhcp
        hwaddress ether xx:xx:xx:xx:xx:xx

After making above changes you need to restart networking with:

    sudo /etc/init.d/networking restart

With NetworkManeger

Create new file /etc/network/if-pre-up.d/macchange

#! /bin/sh

# $IFACE - provided by NetworkManeger 
/sbin/ifconfig $IFACE hw ether xx:xx:xx:xx:xx:xx

# If we use macchanger from http://www.alobbs.com/macchanger/
/usr/bin/macchanger -e $IFACE

After saving the above file we make it executable:

    sudo chmod +x  /etc/network/if-pre-up.d/macchange

And thats it. NetworkManeger will call our script each time before it brings up the interface.

Random MAC’s

Macchanger can be used to generate random MAC’s.

Insted of using ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx you can use macchanger

Example:

    macchanger -m xx:xx:xx:xx:xx:xx eth0

Random MAC example:

    #Random MAC of the same kind (wifi, ethernet)
    macchanger -a eth0
    #Random MAC from same manufacturer 
    macchanger -e eth0
    #Fully random MAC
    macchanger -r eth0

It’s old news that nessus is going cloesd source for two reasons

• Virtually nobody has ever contributed anything to improve the scanning _engine_ over the last 6 years. I’m not talking about shoe-horning DB support in nessusd, but really to contribute things which make the scans faster, or Nessus more powerful.

• A number of companies are _using_ the source code against us, by selling or renting appliances, thus exploiting a loophole in the GPL. So in that regard, we have been fueling our own competition and we want to put an end to that.

The nessus will (or so they say) continue to bee free as in “free beer”. I have somewhat mixed feelings about that. I can understand why they dont want to support opensource nessus, but i am afraid that more and more additions will not be free. Not to mention that its harder to trust closed source security tool. So I guess I am not the only one thinking that since, there are two (active) projects, GNessus and Porz-Wahen that will pick up the existing GPL code and develop it further. I am not sure, wheather authors, intend to join forces or not, or even if they are aware of eachother. Aditional takes on this:

• Fyodor of nmap fame
• Single-company free software
• Is Open Source Nessus Closing Its Source?
• Nessus security tool closes its source
• Nessus3 Will Not be Released Under the GPL
• Nessus creator challenging the community
• Nessus 3.0 to abandon GPL licensing

PS: There are some other projects, but it seems thees two are most pupular. (Segusius, gpl nessus plugins .)