Today’s post will serve as a sort of show notes for the Linux Basix podcast that I will be a guest on tonight.
Discussion Links:
- SET v0.7 aka “Swagger Wagon” new release, I did a blog posting on the 14th highlighting SET, and I am mentioning it here again because I think it worth taking a look at this program. For anyone not familiar with the Social-Engineer Toolkit (SET), it’s specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. The group also had a Social Engineering Capture the Flag competition at”Defcon 18″ and the have finally release the full report http://www.social-engineer.org/resources/sectf/Social-Engineer_CTF_Report.pdf
- A report was published detailing the exploits of a former Google engineer who allegedly used his internal clearances to access private Gmail and GTalk accounts so that he could spy on and harass people, including four minors, read more over at http://techcrunch.com/2010/09/14/google-engineer-spying-fired/. Now this brings me back to a similar point I made a while back, we have to stop putting all our truth in the cloud-base services because we never know if or how much the are violating our privacy.
- Second time’s a charm “Linux Kernel 0-day bug”, on the 16th I did a quick new bulletin post highlighting a serious Linux vulnerability. The vulnerability was found in a component of the operating system that translates values from 64 bits to 32 bits (and vice versa) was fixed once before – in 2007 with the release of kernel version 2.6.22.7. But several months later, developers inadvertently rolled back the change, once again leaving the OS open to attacks that allow unprivileged users to gain full root access, Read the complete article over at The Register..
- Is Stuxnet the ‘best’ malware ever? Even though this is not Linux related issue, I know a lot of us fix our friends and family computers and its always good to keep-up on new malware threads. The Stuxnet worm is a “groundbreaking” piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals. They work for the two security companies that discovered that Stuxnet exploited not just one zero-day Windows bug but four — an unprecedented number for a single piece of malware, read full article over at computerworld.com.
- Tunneling SSH over HTTP(S), Not much to talk about this one but I think it’s pretty cool and you should give it a try, I know I will. –> http://dag.wieers.com/howto/ssh-http-tunneling/
Tech Segment: Building your test lab
During this segment I i will be discussing what I have been up too for the last few days and thats rebuilding my home network so I can have more that just a laptop to perform my various testing.
Equipment used in lab:
- HP DL 380 G4 server with 6 drives (2X75, 4X150) with ESXi installed.
- Cisco 3500 switch
- Cisco 2621 router
- Verizon FIOS Wifi router.
- PFsense FW
OS currently installed:
- FreeBSD
- Ubuntu server
- Snorby IDS
Router config:
RT01#sh run
Building configuration…Current configuration : 1202 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RT01
!
enable secret 5 10g1n///
enable password 7 10g1n///
!
ip subnet-zero
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.29.19.1 255.255.255.0
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 10.29.20.1 255.255.255.0
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 10.29.21.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description Transit-to-FW
ip address 172.1.1.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
!
router rip
version 2
network 172.0.0.0
network 10.29.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.1.1.1
no ip http server
!
line con 0
password 7 10g1n///
login
line aux 0
line vty 0 2
password 7 10g1n///
login
line vty 3 4
password 7 10g1n///
login
!
end
Switch Config:
SW01#sh run
Building configuration…Current configuration:
!
! No configuration change since last restart
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log datetime msec
service password-encryption
!
hostname SW01
!
enable password 7 10g1n///
!
username infolookup password 7 10g1n///
!
ip subnet-zero
no ip domain-lookup
!
interface FastEthernet0/1
description Uplink-to-Verizon
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/2
description Firewall-OUT-interface
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/3
description Firewall Inside-Transit
switchport access vlan 11
!
interface FastEthernet0/4
description Link to Router – Fa0/1
duplex full
switchport access vlan 11
!
interface FastEthernet0/5
!
interface FastEthernet0/18
!
interface FastEthernet0/19
switchport access vlan 30
spanning-tree portfast
!
interface FastEthernet0/20
description Inside-workstation
switchport access vlan 40
spanning-tree portfast
!
interface FastEthernet0/33
description ESX Host
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport trunk allowed vlan 1,30,40,50,1002-1005
switchport mode trunk
!
interface FastEthernet0/34
!
interface FastEthernet0/35
description ESXi Host-Mgmnt
duplex full
speed 100
switchport access vlan 40
spanning-tree portfast
!
interface FastEthernet0/36
!
interface FastEthernet0/48
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport trunk allowed vlan 1,30,40,50,1002-1005
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN30
ip address 10.29.19.10 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN100
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 10.29.19.1
!
line con 0
exec-timeout 0 0
password 7 10g1n///
login local
transport input none
stopbits 1
line vty 0 4
password 7 10g1n///
login local
line vty 5 15
no login
!
ntp clock-period 11259018
ntp server 153.16.4.130
end
PFsense Config:
- Configured port forwarding, you can do this via the interface or be editing /config/config.xml
- Forward to my FreeBSD box
- Configured my dynamic DNS host (free of course)
- Forward my VMware ESX connection over SSH
- Configured Snort to send logs to Snorby
Links:
Securitybasix 