PyLoris: A Python implementation of Slowloris

I came across a wonderful idea on Hack a Day recently: a Denial of Service attack that overwhelms only the service under attack. After reading through RSnake's two writeups, I decided to take a swing at the code. Thus PyLoris was born.

And where does this come from?

Do you know where this came from:

"All of you are finished. You shall forever kneel in my shadow, and forever live your life in this cursed land. You will never enjoy seeing the sun rise with joy. You will never enjoy seeing the relief of watching the sun set. You will now live in darkness and die in darkness. Miserable clods, weep in your misfortune. Despair will become your bread, and death will become your peace."


Matasano Port Forwarding Interceptor

Do you ever find yourself in a protocol sniffing situation where you wish you had the ability to sneak a peak at a TCP stream as it happens? Do you find Wireshark--while certainly a powerful and robust tool--too clunky for quick protocol analysis? Do you have a need to intercept, pause, modify, and resend TCP streams? If so, the folks from Matasano have released the perfect tool for you!

Introducing the Matasano Port Forwarding Interceptor! Simply run the tool from a command line and it builds you a lightweight proxy, allowing you to read, record, pause, intercept, and modify a TCP conversation mid-stream. The tool is simple to use; you picking your remote and local addresses and ports, the tool will bring up two windows--one for viewing and halting traffic, one for editing local and remote traffic. The tool is really simple to use, easy to understand, and it gets the job done.

You can read the full introduction to the tool from Matasano's website:

A Simple Extension to the Python CSV Object

One of the side effects of working with database driven software is that you eventually find yourself needing to pull in large amounts of information from old and terrible systems. When talking to your counterparts on the other side of the line (the inter-company line, that is), you will invariably be told that you will only receive your data in one of a few straight forward formats. What follows is a small extension to Python's CSV object which streamlines the process of coding these data transformations.

Network RAID Storage: Proof of Concept

I recently discovered a post on Hack a Day linking to a proof of concept how-to on setting up a software RAID on FTP servers. While the guide is a simple approach to running a network based RAID 5 configuration, a number of tools the original developer used are less than optimal. First, the set up requires both Windows and Linux, meaning you will either need two physical machines, or a virtualized machine in your configuration. The second, and larger problem is that it is restricted to RAID 5 and FTP servers. This article is my attempt to alleviate both of these issues.

Security: Perceived Risk versus Potential Damage

All too often, while running the PHP forum on The Scripts, I see students working who are completely ignorant of the security concerns prevalent with the systems that they build. Worse, when alerted to the potential dangers associated with poor programming practices, these coders let loose a variety of excuses why their application doesn't need to implement a security policy. Ranging from "this is a low traffic/internal site" to "I'm doing this as a project for school, so security really isn't an issue." In my eyes all explanations are equally irrelevant. As leaders of the forums, my colleagues and I daily battle assertions about the validity of these concerns.

Daemonizing a Python Script

As my knowledge of Python continues to grow, I find myself using it more in my own systems. This is one of my more useful snippets of code; it allows a Python script to continue running as a daemon even if you log out or your session gets disconnected. A nice side effect of this is that the process is immediately run in the background, returning the user to a command prompt instantly.

I originally picked up the code to run a Python script as a daemon from the Python Cookbook on the ActiveState Programmer Network.

Turning on PHP Debugging and Error Messages

Debugging messages are a powerful tool; however, many production systems (and test systems for that matter) have them disabled by default. If your PHP script is crashing horribly and you are not getting any runtime error messages, it is likely that this is the case for you.

You can initiate PHP debugging messages for the server by changing the display_errors and error_level settings in php.ini. Unfortunately, this is not the best situation in a production system.