Tuesday, November 24, 2009

Extra features for Log4j DailyRollingFileAppender

Log4j has some nice features and supports many appenders, but so far we never had a file appender with all features as it should be. Recently we wanted to write our own appender but before doing so we found Ryan Kimber already had the same idea and did a good job rewriting the original DailyRollingFileAppender: the CustodianDailyRollingFileAppender. On his blog he provides some info on how he updated the appender. We made some very small changes to make it completely working for us and to make sure the log file directory is created if it didn't exist.

  • make sure the directory structure to the specified log file exists

  • create a new log file for each day

  • compress log files older than today

  • remove log files older than a specified number of days

CustodianDailyRollingFileAppender.java source

Example of log4j configuration:

log4j.rootLogger=INFO, FILE
log4j.appender.FILE.layout.ConversionPattern=%d{MMM dd yyyy HH:mm:ss,SSS} [%t] %-5p %l - %m%n

Wednesday, November 18, 2009

How to choose the right WiFi channel

If you setup your wireless access point, you may want to configure it in such a way minimizing interference in your neighborhood. I found this interesting post with some tips:

  • There must be a spacing of at least 5 channels (or more) between each WiFi network in order to avoid interferences. Two WiFi networks operating on the same channel are forced to share bandwidth, as they can't "talk" simultaneously, which halves each network's bandwidth. In order to evade this effect, you need to change your access point's channel, but taking the adjacent one won't do it, as WiFi channels are arranged in an overlapping pattern, as you can see in the scheme below. The default channel of most wifi devices is channel 6, so in many cases channel 11 or higher are a good choice. Using NetStumbler one can very easily see which channels is used for each access point.

  • If all your WiFi-devices support 802.11g (the 54 MBit/s WiFi-variant), you should set your router to 802.11g-only mode, as the 802.11b-compatibility impacts on bandwidth and range even among 802.11g-devices.

  • Another possible cause of low performance may be proprietary WiFi acceleration modes like "SuperG", "MAXg", "125 High Speed Mode" or "SpeedBooster", if not all devices in your network support the very same mode, why you should disable those.

  • Also note that a lot of cordless phones in NZ operate at the 2.4 GHz band like Wifi and so most of them cause interferences WiFi, that can't be avoided by a channel change, since those phones use a very broad spectrum or perform permanent frequency hopping.

    If you own a 2.4 GHz phone, try switching it off and removing the power supply of it's base station. In case your wireless signal improves, replace your cordless phone with a new one operating at 1.8 GHz or 5.8 GHz.

  • A cheap and easy solution to extend the coverage of your WiFi environment is to place a repeater at the correct location. It will repeat the wireless signal and extend the coverage (no cables needed), without creating a new network. Many very cheap (+-10euro) wifi access points (for example my DLink DWL-G700AP) can be configured to work as a repeater instead of the default access point functionality.

  • Transmit power: In most cases, the transmit power should be set to the highest value. This maximizes range, which reduces the number of access points and cost of the system. If you're trying to increase the capacity of the network by placing access points closer together, set the power to a lower value to decease overlap and potential interference. Lower power settings also limit the wireless signals from propagating outside the physically controlled area of the facility, which improves security.

  • Service Set IDentifier (SSID): The SSID defines the name of a WLAN that users associate with. By default, the SSID is set to a common value, such as tsunami for Cisco products. In order to improve security, you should change the SSID to a non-default value to minimize unauthorized users from associating with the access point. For even better security, some access points let you disable SSID broadcasting. This keeps most client device operating systems (e.g., Windows XP) from sniffing the SSID from access point beacons and automatically associating with the access point. Someone could, however, obtain the SSID using other sniffing tools that obtain the SSID from 802.11 frames when users first associate with the access point.

  • Data rate: Most access points allow you to identify acceptable data rates. By default, 802.11b access points operate at 1, 2, 5.5, and 11Mbps data rates, depending on the quality of the link between the client device and the access point. As the link quality deteriorates, the access point will automatically throttle down to lower data rates in an attempt to maintain a connection. You can, however, exclude specific data rates. For example, you may want communications only at 11Mbps or not at all. This could be necessary to support higher bandwidth applications.

  • Beacon interval: The beacon interval is the amount of time between access point beacon transmissions. The default value for this interval is generally 10ms, that is 10 beacons sent every second. This is sufficient to support the mobility speed of users within an office environment. You can increase the beacon interval and have lower overhead on the network, but then roaming will likely suffer. It's best to leave this setting alone.

  • Request-to-send / clear-to-send (RTS / CTS): The RTS / CTS function alleviates collisions due to hidden nodes, which is when multiple stations are within range of a common access point but out of range of each other. In most cases, it's best to disable RTS / CTS, but refer to a previous tutorial for cases where RTS / CTS may be beneficial and what threshold values to use.

  • Fragmentation: Fragmentation can help reduce the amount of data needing retransmission when collisions or radio frequency (RF) interference occurs. As with RTS/ CTS, refer to a previous tutorial for cases where fragmentation may be beneficial and applicable threshold values.

Wifi security

  • The impact on the performance by using WEP or WPA really depends on the router. Underpowered old routers don't like the encryption overhead and will slow down somewhat. It is expected to be about 10-15% for either WEP or WPA on older units. In many cases, it's also affected by the speed of the client computer, especially if the WPA encryption is done in driver. Fortunately, this hasn't been the case for many years. These days, there's hardly any slowdown of using WEP or WPA on the performance. However, there's a huge difference in security between WEP and WPA.

  • A nice overview on the weakest to the strongest wireless security capacity is:

    • Considered as not safe:

      • No Security

      • Switching Off SSID: same has No Security. SSID can be easily sniffed even if it is Off

      • MAC Filtering: only to be used if nothing else is available, MAC number can be easily Spoofed

      • WEP64: Easy to "Break" by knowledgeable people

      • WEP128: A little Harder, but still easy to "Break" by knowledgeable people

    • Considered as safe:

      • WPA-PSK: Very Hard to Break

      • WPA-AES: Not functionally Breakable

      • WPA2: Not functionally Breakable

  • If you use Windows XP bellow SP3 and did not updated it, you would have to download the WPA2 patch from Microsoft.

  • The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware.

  • All devices MUST be set to the same security level using the same pass phrase. Therefore the security must be set according whatever is the best possible of one of the Wireless devices. I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP.

  • Even when using WPA2, one still has to be careful and never use the default WEP or WPA password and default SSID. Different applications exist to recover the default WEP/WPA password based on the SSID. For Alcatel / Thomson SpeedTouch router this online generator can be very easy to recover the default password based on the SSID.

Monday, November 16, 2009

Recovery tools boot USB stick

Based on Hiren's Boot CD 12 I created my personal Boot USB stick to be as complete as possible (containing more than 500 portable tools, 2,30GB). The original Hiren recovery CD contains many very useful tools to recover, tweak or patch pc's, divided into the following categories: Partition Tools, Backup Tools, Recovery Tools, Testing tools, RAM testing tools, Hard disk tools, System information tools, Master Boot Recovery tools, BIOS CMOS tools, Multimedia tools, Password tools, NTFS tools, Browser File manager tools, Other tools, Dos tools, Optimizers, Network tools, Process tools, Registry tools, Startup tools, Tweakers and Antivirus tools. A portable 'mini Windows XP' that can be run from the stick is available as well at boot time.

Many of the tools are available by booting up from the USB stick, but others need to be run into a Windows environment. These windows tools can be easily accessed by using the 'HBCDMenu.exe' tool which will be started when the cd or USB stick is started within a running Windows environment. Since the tools available within the 'HBCDMenu.exe' can be configured very easily using a 'HBCDMenu.csv' file, I created an Excel file to change the configuration an export to the csv file easier. Using this Excel it is much easier to move and rearrange the tools. Next I added all the tools I was still missing to make them available through the 'HBCDMenu.exe' tool. All tools are started using a DOS bat script and an UHARC archive. The archive is extracted in the PC's %temp% folder and started. All tools should be completely portable so no tool settings in the registry are kept after running them. I created a generic batch script to be able to run all tools in different modes: normal, just open a command window, just open an explorer windows, run the tool in Sandboxie, show online info on the tool, convert the tool into a zip file, force extraction of the uharc file. The mode is set by creating a specific file in the %temp% folder.

I keep all my personal files in a secured FreeOTFE file to make sure if I ever lose the stick no personal information can be discovered.

Besides the Hiren tools I also converted the latest BackTrack 4 bootable ISO to make it boot from a USB stick and added this into the Hiren boot screen menu. This live cd linux distribution is focused on penetration testing and perfect for quick and easy WEP cracking.

On the website of Hiren, a good explanation is provided by Hiren on how to easily convert the BootCD into a bootable USB stick using Grub4Dos. I used this 'menu.lst' as boot menu so it includes the launch of the BackTrack live environment and portable Mini Windows XP. Within an Windows environment, this 'autorun.inf' file is used to make it easier to start the 'autorun.exe' tool and other commonly used tools. To keep a backup of all my configuration, I configured a specific portable Dropbox so I can access all my tools online and keep them in sync on different locations.

The USB stick with all the extra tools requires now at least 2,29GB (I use it on a 8GB stick). I also added many of my extra tools into the CD iso file, but to keep it burnable onto a 80minute CD, some of the large tools didn't fit (office portable, tor browser, skype, toad, oracle client).

Compared to the original Hiren 10 boot cd, I've added different Windows tools. In the HBCDMenu cvs creator Excel, the complete list of all the tools are ordered in comprehensive categories. Many of these tools come from Sysinternals and Nirsoft since they provide some very useful portable little tools.

Update 25/11/2009: removed long list of personally added tools
Update 3/12/2010: update for Hiren Boot CD 12