Setting up mserver

posted onJune 27, 2000
by hitbsecnews

Whussup whussup? Hope you guys are finding my articles useful and stuff.
Anyways this time around, I thought I'd share with you some information
with regards to sharing your dial-up Internet connection with the other
systems within your LAN. This information is for users with Linux... so
if you're on Winblows, go download Wingate or some other crap that doesn't
give you an ounce of security! :)

Alright...
before we get started, here's the list of things you'll need:

1.)
A main system that's going to act as a server. On my network, this is
a Pentium II 400 machine with Red Hat 6.1 installed. I'm sure you'll be
able to get this to work with a crappy 486 box as well. It doesn't really
suck resources that badly.

2.)
A hub/router - although this isn't a neccesity, it does away with a lot
of headaches of configuring two network cards.

3.)
Masqdialer server (any version) you can grab a copy here.
I would recommend getting the latest stable release for the best results.
Here's an excerpt taken directly from the site so you can have an idea
of what this proggie does :

"The
masqdialer system is designed to provide easily accessible control of
multiple dialout modem connections to the members of a LAN using IP Masquerade
for their internet connectivity. The server utilizes standard dialing
tools to make the connection (such as pppd and chat) to make the connection
so you can easily setup the server to use your existing scripts. The system
is a client/server design, so as long as a client can be written for a
particular platform, that platform can take advantage of masqdialer's
offerings. The masqdialer daemon runs on the Linux machine, and upon an
authorized client request, carries out the user's request."

4.)
The Client - There are several clients available for Win95/98/Linux etc.
You can download the clients here.
The two clients I chose were WinMClient for my Windows systems and Gnome
Client for my Linux machine.

5.)
ipchains or ipfawdm. You'll need to provide NAT access to all or the machines
that need net access.

Before
you get started, you have to make sure that your system is already able
to connect to the net via the ifup/ifdown or chat scripts. If you don't
have your Internet access working, the installation will be doubly hard as you'll have to check more than one thing when something goes wrong.
So make sure you've got your server connection done before you go ahead
and install mserver.

To
facilitate an easy installation I chose to grab the RPM files as it does
away with the headache of reconfiguring installation scripts for a particular
environment. Once you've installed the server, all configuration settings
are done via /etc/mserver.conf. Just incase the RPM install does
not place the mserver start up script into /etc/rc.d/init.d go
ahead and do it manually.

The
configuration file is pretty well laid out and easy to understand. All
sections are well documented and you should have no problems configuring
it. Don't delete any of the sections until you've got the thing running
properly and it works without any hassle. You can then go about commenting
out or deleting unwanted sections. In my installation I changed the default
port of 222 to something else - no real reason for this... just paranoia
perhaps :) You have to keep fooling around with the command that will
check for an established connection. Otherwise you might be connected
but your clients will still show a "no-connection status".

One
nice feature I found was the authentication model which allows you to
decide who on your network will be able to manipulate the PPP interface
and other things. The mserver files can either read username/password
pairs from your /etc/shadow or /etc/passwd files although
I would not recommend transmitting usernames and passwords in clear text
across the network. Unless of course this is a home network with 2 - 3
computers. You can create a new username/password file that would be used
solely by mserver. This was you can isolate the chances of someone sniffing "real" usernames and passwords that could be used for telnet
access etc.

Install
the client software on your machines and configure each machine to use
a seperate username/password. As I mentioned earlier, this will enable
you to grant/deny access to the manipulation of the PPP connection. The
WinMClient that I am using for my Windows machine is pretty stable and
provides all the features you would need. One thing I found missing was
an I/O readout which would show the amount of traffic passing through
the interface. Well it's not really a big deal. You can tell when an Internet
connection is present by a little "traffic light" icon that
sits in the system tray. It turns green when there's a connection and
red when there isn't one.

I
managed to get the server and clients installed and running in about half
a day. Adding accounts (Internet access accounts) is a snap. Just copy
the section where your exsisting information is in the mserver.conf file
and paste it back under the "Other accounts" section. Just edit
the name as well as interface name and you're done. No problems at all.

Drawbacks

1.)
If you're planning to install and user mserver on your "main production
machine" there are a few drawbacks. Firstly, the machine has to be
on 24/7 in order to provide the service. Secondly, if you boot your production
machine into Windows 95/98 or any other operating system, none of your
machines on the network will be able to get net access.

2.)
The time delay is rather long and can take anywhere from 40 seconds to a full minute before you'll be able to get surfing. It's a little strange
to click on the connect button on a machine in another room and hear nothing!
No modem noises etc... just silence... :) If your connection failes, the
script will redial however the client will not show you the error i.e.
engaged, no answer etc. You'll get used to it though.

The
best idea to tackle drawback (1) would be to use an old 486 box and install
mserver there. This way, regardless of what OS you happen to be in on
your production machine, all the other machines on your network can still
get access. I'm sure you'll be able to pick up an old 486 for a couple
of bucks. You don't need a monitor, keyboard, mouse etc. Just the machine
and a network card.

Conclusions

All
in all, I would say that mserver is an excellent alternative to asking
your users to telnet into the machine and providing them with the ifup/ifdown
script. With mserver you can rest assured that all the users will be doing
on your box is getting net access and nothing more *wink*. Besides, considering
the fact that you're providing net access via a GUI interface your winblows
users will feel right at home. :)

If
you're truely paranoid, you can also set up tcpdump to monitor the ppp
connection. Although the amount of info generated would take forever to
sift through.

If
you have any questions or if you need help with your configuration file,
send it over to me, and
I'll take a look at it for you.

Peace.

L33tdawg.

1.)
Setting
up mserver -
L33tdawg

2.)
Lockdown
: Securing your Linux box (part 2) -
L33tdawg

3.)
Distributed
Information Gathering -
hybrid

4.)
Aureate's
watching you... -
OB-1

5.)
MPAA's
Letter to 2600.org.au -
2600.org.au

6.)
Hackmount
attack -
r00t

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes