Matt Clemons

Configuration. !HUB:!!!ISAKMP Phase 1crypto isakmp policy 10 authentication pre-share hash md5 encr 3des group 5!!!Wildcard keycrypto isakmp key Password123 address 0.0.0.0!crypto ipsec transform-set DMVPN_TRANSFORM_SET esp-des esp-md5-hmacmode transport!!!IPSec phase 2 crypto ipsec profile DMVPN_PROFILE set transform-set DMVPN_TRANSFORM_SET!interface Tunnel0 ip address 10.255.255.5 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication Password123!!Hub is dynamic ip nhrp map multicast dynamic ip nhrp network-id Read more

SOCKS proxy over SSH for browsing HTTP/SSL. In Putty, create a connection to your favorite SSH server that has unfettered access, or at least the access you need. Setup a tunnel on some port as Dynamic. Set your browser up with a SOCKS 5 proxy. Connect to the SSH server Read more

EZVPN is a client/server VPN solution where dynamic tunnels are created.http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html In IPSec, you need to remember 3 things.WhoWhatHow Who: Who’s the endpointWhat: Proxy ACLHow: Transform set !!!!SERVER! !!Configure authentication.  Local for testing! aaa new-modelaaa authentication login local_list localaaa authorization network local_list local aaa session-id common!         username cisco password cisco!!!Create Read more

There’s a built in cheat for VPN configurations.  It can be tough to remember every step involved.  This makes it super easy. Just type vpnsetup ? from config mode, select the type and steps, and the firewall will give you example configs and all steps involved for every type of Read more

A quick howto on ZBPF.  Its not difficult, but can get really confusing when the configs start to grow.  I always try to name the entries with the easiest detail possible.  Like if it’s an http class map specifically, i name it HTTP_CLASS_MAP so it’s easy to grep. Sticking to Read more

Continuing on the bind RPZ stuff.  If you need to build a walled garden, Inetsim would be great for that.  It runs fake services and will serve up anything you ask it for.  Great for studying malware.  CentOS 7 this time. cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/netwwork-scripts/ifcfg-eth0:0 Edit eth0:0 and change the IP Read more

RPZ Specification: https://kb.isc.org/getAttach/22/AA-00512/rpz.pdf When doing lookups on hosts, my nameserver recursively resolves it.  If the response matches what is in the RPZ zone files, the nameserver will send whatever is set back to the client. This is great for low cost malicious activity blocking.   . for NXDOMAIN *. For Read more

#Kind of a funny way to accomplish this, but it’s the only way I could get pf_ring to build and actually work. #CentOS 6.6.  #Install EPEL.http://mirror.umd.edu/fedora/epel/6/i386/repoview/epel-release.html sudo yum install git swig python-devel byacc kernel-devel libtool automake make autoconf pcre-devel flex bison byacc gcc gcc-c++ zlib-devel numactl numactl-devel If you’re using Read more

CentOS 6.6 First enable passwordless SSHsshkeygen if you haven’t already cat .ssh/id_rsa.pub   Copy that to /root/.ssh/authorized_keys on the new system. Then change permissions   chmod 700 ~/.sshchmod 600 ~/.ssh/authorized_keys   #Install EPEL.http://mirror.umd.edu/fedora/epel/6/i386/repoview/epel-release.html sudo yum install cmake swig python-devel byacc kernel-devel libtool subversion automake make autoconf pcre-devel libpcap-devel libpcap flex Read more

The purpose of this post is to create a system from where network installations can occur. A remote system will boot to the network, receive IP information from a DHCP server and boot Linux from a TFTP server. The TFTP server will provide the required packages for a Linux install. Read more

All of the gui driven iso to usb programs were not working correctly for me on CentOS.  This document outlines steps to make a CentOS 6 install usb stick.    What you need: An 8GB or higher usb stick ( I like corsair voyagers )CentOS 6.6 DVD 1, 2 and Net Read more

I have 2 ASA 5510s and an IPS 4240 on the way.  I can do most of the stuff in the classes and workbooks with the gear I already have.  I’ll use rack rental for the Wifi, ISE and other stuff that requires more recent hardware or hard to get Read more

All done on Ubuntu 12 server.  Pretty much followed this guide: https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_Ubuntu12_v1 Ran into a few issues… Had to force some perl modules. cpanm Net::Abuse::Utils –force And version 1.7 of Linux::Cpuinfo wouldn’t install.  Just removed the @1.7. cpanm git://github.com/gitpan/Linux-Cpuinfo.git –force Then you have to grab this Cpuinfo.pm and place it Read more

CentOS6 again. Download the latest version of kibana from http://www.elasticsearch.org/overview/kibana/installation/cd /var/www/ wget http://www.elasticsearch.org/overview/kibana/installation/ tar zxvf kibana* rm kibana*.gz mv kibana* kibana3 Create a kibana configuration file for Apache. <VirtualHost YOURIP:80>  ServerName FQDN   DocumentRoot /var/www/kibana3  <Directory /var/www/kibana3>    Allow from all    Options -Multiviews  </Directory>   LogLevel debug  ErrorLog /var/log/httpd/error_log  CustomLog /var/log/httpd/access_log Read more

I needed to determine the average traffic seen at the internet gateway in order to scope full packet capture, Bro and flow data.Then i needed to find traffic to eliminate and gain storage retention. Mon-Fri are peak, and Sat-Sun are idle times. Export flows for a 24 hour period to Read more

All done on CentOS6 There are scripts to automate this, but I like installing everything from source to learn more about the packages. Here’s an example script along with a gui for SiLK rw commands.FlowBat Download the following source code files from the netsa CERT project home page Fixbuf, netsa-python, Read more

Logstash InstallationThe Logstash package shares the same GPG Key as Elasticsearch, and we already installed that public key, so let’s create and edit a new Yum repository file for Logstash:sudo vi /etc/yum.repos.d/logstash.repo Add the following repository configuration:[logstash-1.4]name=logstash repository for 1.4.x packagesbaseurl=http://packages.elasticsearch.org/logstash/1.4/centosgpgcheck=1gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearchenabled=1 Save and exit.Install Logstash 1.4.2 with this command:sudo yum Read more

These installs are on the latest CentOS6 as of October 2014. First we have to install PF_RING to take advantage of the performance boost and to load balance bro processes.  Bro is not multithreaded. Package Prerequisites: sudo yum install subversion cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python-devel swig Read more

Let’s say you’re using Bro, and you have this bad assed app called ELSA to search through the mountains of logs produced. You find exactly what you’re looking for but you need the payload from the stream. One option is to integrate ELSA and Moloch.  It’s super easy. edit /etc/elsa_web.conf Read more

WordPress MU uses a PHP mailer function to send email. Therefore you have to change the setting in /wp-includes/pluggable.php. Unlike regular wordpress, where you can change the setting in wp-functions.php or wp-mail.php. Edit pluggable.php // From email and name// If we don’t have a name from the input headersif ( Read more