You are here

Risharde's Blog

Juniper vs Checkpoint Vs Fortigate

For the techies at heart, found a nice comparison table which seems to be recently added (2013) of some popular hardware firewalls

It seems the fortigate is in a different league altogether so aside from that device, I'm wondering which one really is better between the Juniper and the Checkpoint. In terms of ease of set up, I'd assume is the Juniper because it has a built in GUI to manage it but as you can see, it can handle only about half the amount of sessions as a checkpoint. I don't want to talk at the top of my head but I think for me, I'd make an intelligent guess that the checkpoint would be more valuable in the long run against concurrent attacks if it can handle twice the amount of sessions than the Juniper. On the downside, it doesn't come with a built in GUI so it means you'll have to use an external app. In any event, this can also be seen as an upside since it might be less likely to be attacked via the GUI and/or be less vulnerable to 0-day exploits.

Upgraded to CENTOS 6 - 64bit

Finally made the switch to CENTOS 6 - 64 BIT
Many of you might be wondering what's the difference between 32-bit an 64-bit operating systems. It all boils down to how values are stored in 32-bit versus 64-bit. For example, on a 32-bit machine, the number 1 might be represented as 00000000 00000000 00000000 00000001. I put spaces in between so its easier to read but in total: 32 numbers (which must be either 1 or 0 since its in bit format). So a 64-bit representation might then be 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001 (64-bit format). Now this also corresponds to memory addressing and this is why 64-bit machines have a much higher memory addressing limit compared to 32-bit machines. As far as I can tell, a 32-bit OS can use up to 4GB of RAM properly while a 64-bit can use alot more than 4 GB (even more than 8GB). This also means that files for databases can be much larger than 2GB in size if you're on a 64-bit machine and thus is the major reason why companies and IT have been moving over to 64-bit architecture.

Download youtube videos to your computer

So someone was asking me about download youtube videos and / or audio from youtube videos. Since I had the time, I did a quick search on google and found that there's a simple application to get this done. Be it, you will have to copy the youtube url to the application, its still free and fairly easy to use.

You can get Free Youtube Download via
It is also available via CNET's Website
AVG 2014 reported that it was virus free

Memcached on CENTOS 6

Okay, thought it was hard but it is pretty easy

yum install memcached

nano /etc/sysconfig/memcached
and make sure the following (tweak as you see fit)

Now save

Then start up memcache using
service memcache start

Then let memcache automatically startup on boot
chkconfig memcache on

Now install php support
yum install pecl
yum install php-pecl-memcached


Rsync Problems on CENTOS 6 Minimal

rsync: Failed to exec ssh: No such file or directory (2)
rsync error: error in IPC code (code 14) at pipe.c(84) [sender=3.0.6]
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]

To solve the issue, you need to install openssh-clients package
To do this type:
yum install openssh-clients

Good luck!

Missing SYSVOL Policies fix

Okay so Ishwar and I were having some issues with group policies not being updates. We looked at the AD controllers and noticed that a lot of the policy folders were missing and there was no one on the internet that could fix it without saying that the AD would need to be reinstalled. Well Ishwar had a good idea and it worked. He reinstalled the GPO manager by first uninstalling it and installing it back. It recreated the policies and saved us a lot of problems!

Good luck!

Installing SquidView on Centos 6

I was having a lot of problems with ncurses when trying to compile squidview on Centos 6. Well, apparently there's an easy fix after I did some research.
You need 2 main packages to get squidview to install.

Run the following
yum install gcc-c++ ncurses-static

After which you do the normal compile commands as follows:

Good luck!

SCP: bash: command not found on CENTOS

If you've installed CENTOS 6.4 minimal like I have, you might experience this problem. When you try to scp a file from one server to the next or vice versa and encounter this issue, you need to install the openssh-clients package.

To do this, run the following command
yum install openssh-clients

After the install, try to scp the file back and you'll see that it should work now

Good luck!

Extreme Networks InterVLAN Routing and DHCP Relay configuration

Previously, I brought you the idea of interVLAN routing on CISCO. Less is said about Extreme Networks but today I actually worked with a Summit 450 switch and it was fairly easy as well. The commands are a bit different but overall it wasn't anything too hard. Since I can't remember all the commands off hand, I'll just try to talk about what I remember

Firstly, configuring a vlan goes like
configure vlan "VLAN2" add ports 1 - 24 untagged
configure vlan "VLAN2" ip-address

configure vlan "VLAN3" add ports 25 - 48 untagged
configure vlan "VLAN3" ip-address

Enable routing:
enable ipforwarding "VLAN2"
enable ipforwarding "VLAN3"

DHCP Relay goes something like this:
enable bootprelay
configure bootprelay add #This points to your superscope DHCP Server
#Also make sure to create route so DHCP knows which gateway to pass through to send back the information

Don't want DHCP relay? Instead you can do DHCP server on the switch itself using something like this
enable dhcp

Sorry, some of the commands may be wrong because I'm trying to remember from memory with only 1 day experience

CISCO InterVLAN Layer 3 switch to switch routing

This has always been a challenge for me since I never did the CCNA courses or other practical courses. However, I have realized that most people who do the tutorials on the internet and even official cisco documentation is either extremely poor or too technical to understand the basics so here goes with my explanation which I have tested.

Why would you want VLANS (Virtual LANS)?
Well for me, it basically comes down to "broadcast domains". Essentially, this just means that you don't want a flat network because flat networks have too much broadcast data such as DHCP and so forth. This essentially affects the way your ip schema works because its hard to assign an ip to a specific building (however this is not the only reason but this was my reason). Anyways. so let's say you having a building called Building A and you want the computers in that building to have a specific ip scheme such as 10.0.2.x / and then you have a building B which needs to have 10.0.3.x / Essentially, you would want to assign VLANS so that the traffic stays within each building (this of course is just my example, since VLANS can be used at multiple locations - I'm just making it simple).

Why would you want InterVLAN Routing?
So in order for building A to be able to talk to Building B, intervlan switch to switch routing would need to occur (or is the easiest solution for off site metro-E infrastructure) because the communication would happen at the Layer 3 (IP layer) instead of Layer 2 which isn't very smart to route traffic. So now, the switch at Building A would be set to a different ip scheme, like example / on VLAN 100 while Building B's switch would be / on VLAN 100. This allows the 2 switches to communicate via VLAN 100. So you would then enable ip routing to ensure that Building A on VLAN2 can go through VLAN100 to reach Building B on VLAN3. This is referred to as intervlan routing but includes switch-to-switch configuration. This is apparently different from trunking - don't ask me why per say. Also, in order for computers on in building 1 (VLAN 2) to be able to know how to get to Building 3 (VLAN 3), the switch at building 1 would have to have a route to the switch at building 2. For example, if it the destination is therefore 10.0.3.x which means it has to go to building 2, then the switch would have a record as such with the gateway of building 2's switch which is and vice versa must happen at switch 2 to complete the "cycle" for duplex communication. If you put a route on one switch and don't put it on the other switch, then only simplex communication will occur in which case pings won't work etc.

This ended up being complicated but read it through a few times

Pushing active directory updates to clients

So technically speaking, pushing updates from Active Directory group policies don't exist. The group policy has an interval which can be set low which allows computers to refresh / update its policies but this can cause potential problems of network congestion and high load on your active directory server. The good news is that there's another trick which works but with more eficiency.

The solution is using a third party application called SysInternals Suite (I believe it is now owned by MS)
You can download it from
Extract it into a directory such as C:\sysinternals
Now you'll need to get to a command prompt (HINT: Run -> cmd.exe)
In the command prompt type each line and press enter as follows:
cd C:\sysinternals
PsExec.exe \\COMPUTER1 gpupdate /force

The above command essentially tells the remote computer "COMPUTER1" to execute gpupdate /force
gpupdate /force basically makes the computer refresh its group policy by pulling it from the active directory
If you are successful, you'll see a response like

Updating Policy...
User Policy update has completed successfully.
Computer Policy update has completed successfully.
gpupdate exited on COMPUTER1 with error code 0.

With a little scripting, you'd be able to do this command on multiple computers

Good luck!

What people don't understand about the search engine

I've gotten 2 requests so far for the removal of "personal information" from the search engine. The problem is that this information is available via other public means. I don't know if the people that request the removal understand that this information is available to the public and that is how I got the information. In any event, I have removed the information because I am not interested in invading someone's privacy which they have already published anyway. The intention of the search engine is to make it easy for someone to search for your contact via the internet instead of having to turn pages to find it - that was all, period. I hope everyone understands that the systems are designed are not here to violate their privacy and to cause problems. I am more interested in research of the systems I build with respect to performance and design.

Women and Spanish Fly

Today I was having an adult conversation with someone who mentioned that 'Spanish Fly' is some sort of over the counter drug that you can get from pharmacies. He said there are stronger ones as well but this one only requires 2-3 drops in food or beverage which would essentially make a female aroused (what to have sex). He was not actually encouraging me to do this and the conversation only came up as we spoke about the young people in the society of Trinidad and Tobago. He said people could put it in KFC and give a female for free and that is how they could get drugged. He said its not the same as a date-rape drug in the sense that this one causes the female to want to have sex which is different from the date rape drug.

I began thinking to myself, how dangerous and stupid this product is. Firstly, I need to warn women that very rarely are anything in this life free, especially for women. You might wonder why I say this and I'll try my best to justify as long as you understand that I'm not chauvinistic nor do I have issues with women per say. The problem is that men are visually stimulated which means that you might already be handing him goods even though you don't realize it (just by simply having on "skimpy" clothes or showing too much skin for example). Coupled by the fact that I have met more people who drink alcohol versus those who haven't in Trinidad and Tobago, I'd say the chance of ingesting this substance or similar substances will be high due to how the "bar scene" can be where people offer women drinks for free and so forth. Even the liming scenarios raises a woman's chance of being caught. But of course, wisdom as you know is not our strong point here in Trinidad and Tobago.

I'm just warning women to be aware of the dangers. I know they'll still end up pregnant etc but at least I've done my duty.

Home remedies for boils

So I'm not exactly certain I have one but I do have an unusual large "pimple" on my face... I don't know if the correct term is actually a boil but I went to the pharmacy asking if there was any thing they could give me for it. The pharmacist didn't have a clue other than the Boilex plasters. From my experience, the Boilex plasters actually make the "boil" spread and run away from it. So I declined the offer in which he responded that he doesn't know. I thus started my quest for searching for something.

I came across a website with a few home remedies which I thought I'd share with you guys

Basically, I'm trying the first one at the moment which is to use corn meal and boiling water. Mix them into a thick paste and put it over the boil and cover it with a cloth. Instead of the cloth, I decided to use some cotton wool and tape and just taped it on. Do this every 1 to 2 hours and see if it helps. Well I hope it works. I'll have to go through the list and try something else if this doesn't work but this was actually the easiest one.