VPN is great for working from home or working remotely, however the VPN remote access in Windows XP (or maybe vista) will switch all traffic trough the VPN connection once VPN connection established, that sometimes create some trouble: Internet surf will be much slower, some corporate network setting may not allow access to Internet so normal Internet surf may not work.

This problem can be easily solved by config the route table by yourself. To get a help of “route” simply type “route”:

C:> route

To make things simple, you can dump the route table before connect to VPN:

C:>route print

And dump it again after VPN connection established, from the two route table, you will find out the differents. Here is an example after VPN established:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    172.19.xxx.xx   172.19.xxx.xx       1
          0.0.0.0          0.0.0.0    192.168.1.126    192.168.1.19       21

… … 

Please notice the first two lines, the metric number will decide the priority of the route selection. (smaller is higer priority)

My only VPN usage is connect to my working computer and using remote desktop, and I have no other requirement to connect to other computers inside the VPN directly. What I did is, add a new route entry for my working PC and make all other destination go through my home router:

c:> route add  65.xx.xxx.xx mask 255.255.255.255 172.19.xxx.xx 

c:> route change 0.0.0.0 mask 0.0.0.0 192.168.1.126

65.xx.xx.xx is my working PC IP address, 172.19.xxx.xx is the default gateway of the VPN connection, 192.168.1.126 is my home router local address.

It can be done by a BAT script:

rasdial /disconnect
rasdial “My VPN Connection” “MYDOMAIN\myusername” *
route add  65.xx.xxx.xx mask 255.255.255.255 172.19.xxx.xx  

route change 0.0.0.0 mask 0.0.0.0 192.168.1.126

It’s always easy to change the route table as you wish to make the online line much easier, enjoying VPN without having to break the normal Intenet connection.

Popularity: 18% [?]

Share This

SSH is very powerful, but it could be a big headache for corporate IT guys, if someone open an reverse ssh tunnel from inside a network then it could be a nightmare for the security.

Just found a post explain how to use SSH to create a reverse tunnel, it could be very useful in some case but also could be a terrible nightmare for information safety.

Using SSH to create a local Socks server  to get rid of China Great Firewall has been used widely for people in China.

Popularity: 15% [?]

Share This

I spent some time on XSS (Cross Site Scripting) Vulnerabilities  scan and problem solving last month, here is some links when I used, if I have time I will write more on this topic.

A detail presentation on how a google desktop’s security hole was used by XSS to perform a “perfect attack”: http://download.watchfire.com/googledesktopdemo/index.htm

A good slides explain what’s XSS and how it attack in action: http://www.sven.de/xsss/wth_xsss_slides.pdf

XSS explained and free scan service: http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Scripts for XSS hack (don’t use it do bad things…): http://ha.ckers.org/xss.html

Step by step hack a site with XSS (don’t use it do bad things, again…): http://ha.ckers.org/deathby1000cuts/

A very good article: http://www.milw0rm.com/papers/162

Popularity: 11% [?]

Share This