This is a work in progress. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!There are only 3 default privilege levels on a cisco device. 0 – no access1 – user15 – enable There are a few differences between Radius and Tacacs. One is command authorization. With Radius, you can grant privlege levels. With Tacacs you can grant Read more…
Trunk two VLANs to the sensing interface of the IPS. Hosts in vlan 10 and 20 are in the same subnet, and the IPS bridges. SW1:interface FastEthernet0/1 description R1 switchport access vlan 20 switchport mode access!interface FastEthernet0/10 description PC1 switchport access vlan 10 switchport mode access!interface FastEthernet0/11 description Trunk_To_IPS switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20 switchport mode Read more…
Configuration. !HUB:!!!ISAKMP Phase 1crypto isakmp policy 10 authentication pre-share hash md5 encr 3des group 5!!!Wildcard keycrypto isakmp key Password123 address 0.0.0.0!crypto ipsec transform-set DMVPN_TRANSFORM_SET esp-des esp-md5-hmacmode transport!!!IPSec phase 2 crypto ipsec profile DMVPN_PROFILE set transform-set DMVPN_TRANSFORM_SET!interface Tunnel0 ip address 10.255.255.5 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication Password123!!Hub is dynamic ip nhrp map multicast dynamic ip nhrp network-id Read more…
SOCKS proxy over SSH for browsing HTTP/SSL. In Putty, create a connection to your favorite SSH server that has unfettered access, or at least the access you need. Setup a tunnel on some port as Dynamic. Set your browser up with a SOCKS 5 proxy. Connect to the SSH server Read more…
EZVPN is a client/server VPN solution where dynamic tunnels are created.http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html In IPSec, you need to remember 3 things.WhoWhatHow Who: Who’s the endpointWhat: Proxy ACLHow: Transform set !!!!SERVER! !!Configure authentication. Local for testing! aaa new-modelaaa authentication login local_list localaaa authorization network local_list local aaa session-id common! username cisco password cisco!!!Create Read more…
There’s a built in cheat for VPN configurations. It can be tough to remember every step involved. This makes it super easy. Just type vpnsetup ? from config mode, select the type and steps, and the firewall will give you example configs and all steps involved for every type of Read more…
A quick howto on ZBPF. Its not difficult, but can get really confusing when the configs start to grow. I always try to name the entries with the easiest detail possible. Like if it’s an http class map specifically, i name it HTTP_CLASS_MAP so it’s easy to grep. Sticking to Read more…
Continuing on the bind RPZ stuff. If you need to build a walled garden, Inetsim would be great for that. It runs fake services and will serve up anything you ask it for. Great for studying malware. CentOS 7 this time. cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/netwwork-scripts/ifcfg-eth0:0 Edit eth0:0 and change the IP Read more…
RPZ Specification: https://kb.isc.org/getAttach/22/AA-00512/rpz.pdf When doing lookups on hosts, my nameserver recursively resolves it. If the response matches what is in the RPZ zone files, the nameserver will send whatever is set back to the client. This is great for low cost malicious activity blocking. . for NXDOMAIN *. For Read more…
#Kind of a funny way to accomplish this, but it’s the only way I could get pf_ring to build and actually work. #CentOS 6.6. #Install EPEL.http://mirror.umd.edu/fedora/epel/6/i386/repoview/epel-release.html sudo yum install git swig python-devel byacc kernel-devel libtool automake make autoconf pcre-devel flex bison byacc gcc gcc-c++ zlib-devel numactl numactl-devel If you’re using Read more…