Wednesday, March 14, 2007

Mac OS X 10.4.9 fixes Cisco VPN client and ipfw

But, they don't mention it in their "About the Mac OS X 10.4.9 Update (delta)" page. I bring it up because this is an issue that I've been dealing with for the year and a half that I've had my 12" PowerBook G4. Everytime I connected to the VPN at work using the Cisco VPN client, I suddenly couldn't browse the web, check e-mail, etc. After digging around some logs, I found that TCP fragments were being blocked by the Mac OS X firewall (ipfw) according to /var/log/ipfw.log. The following command fix things.

sudo ipfw add 05000 allow tcp from any to any frag

So, a week ago, one of our network engineers came to Jordan who sent him on to me about a problem a big Apple user on campus was having with the VPN. I was inserted into the conversation and told them about my "fix" for the problem. At some point in the thread after discussing how normal end users could never do this, an Apple e-mail address was CC'ed.

A week later, 10.4.9 is released. I reboot this morning after the update and connected to the VPN about 15 mins ago. As I was typing the the "fix," Mac Mail alerts me that I have new mail. Huh? How did it work? I didn't put the "fix" in as a permanent rule. Let's check the ipfw rules...

02065 allow tcp from any to any frag


How nice of them to fix the problem. I checked Apple's support site to see if it was mentioned in the update...of course not! Just another silent fix from Apple. Thanks fellas!

Thursday, March 01, 2007

VMware: Record and Replay

About 3 hours before the event, I heard that VMware was going to be on-campus to recruit students. Big deal. IBM's ISS stopped by at our SIT meeting last week. Well, actually it was a big deal...and no, not because of the free pizza and soda, although I'm sure that's the only reason a fourth of the students were there. No, I was there because they were giving away free VMware Workstation licenses. You might say that VMware Server and Player are free, but they are missing some of the seriously bad@ss functionality that Workstation possesses.

For example, multiple snapshots. I REALLY wish the free server version supported this feature. I use VMware server a lot both for UF and freelance work. My Stack-o-Hack currently has four machines with Ubuntu 6.10 Server and VMware Server...but I digress.

So, at the meeting, the guy presenting talked about a new feature being released in VMware Workstation 6. It is called Record and Replay. What does it do? You hit the RECORD button and it records EVERYTHING about your virtual machine until you stop it. Of course, it takes up lots of space but it record CPU registers, memory and freaking network traffic! How wicked is that? Vulnerability researchers and exploit writers rejoice!

Take a look at the blog entry from VMware.

And, for you Intel Mac users that are testing VMware Fusion and are annoyed that snapshots are not officially supported, don't worry. Beta 2 next week will have it supported with pretty little "Take Snapshot" and "Revert to Snapshot" buttons. I saw it on a 17" Mac Book Pro that one of VMware employees had. I knew Jordan would be so excited about it, I took a picture with my phone and sent it to him!