829607
submission
jetole writes:
I am hoping the Ladies and Gents here on Slashdot can help. I want a single sign on architecture where the master server can be on Windows or Linux and I have yet to find such a thing. I have looked into replicating Active Directory to OpenLDAP and found that all user credentials (i.e. password hashes) do not exist in the Active Directory LDAP. I have looked for a method to have OpenLDAP replicate to Active Directory LDAP and have found that this isn't possible for user logins and as far as I can tell this won't happen with Microsoft. I am desperately seeking a way where I can have a single sign on architecture where a master can reside on either a Windows or Linux server and communicate with a master on the opposite OS and am hoping someone here knows of a way this can be done. Surely there must be some way where if I add a user to Windows then it will be replicated to Linux and vice versa?
530732
submission
jetole writes:
Well my day started out strangely. I had to go down to our data center today to run some tweaks and tests on a new iptables firewall we were installing. From the data center I can ssh into my home computer, a Comcast cable subscriber, and send test packets from there. Our office is all white listed so my home computer seemed to be optimal.
During the test I sent repeated syn packets to an allowed port at a normal rate and syn/ack were sent back. During this test I started receiving duplicate responses and within a short time I started receiving RST / end of conversation packets only. I ran a packet sniffer, tcpdump, on our end and found that we were no longer receiving any packets from my main connection and the RST packets I am seeing on my home connection are not comming from where they are supposed to but instead being spoofed by Comcast. I go out for a smoke and when I return I connect to my machine again at home. Works fine but I can no longer ssh / connect back to my firewall and again I am seeing spoofed packets returned while the firewall sees no traffic.
This is not the first time I have seen Comcast to do this. Any subscriber can run a port scan against, say Google and then no longer be able to connect to it at all for X minutes. While it is obvious that Comcast is trying to block hackers from within and outside of it's own network, these security policies DO HURT the legitimate security specialist wanting to run tests from their own filtered Internet.