System7 » networking

Free IPv6 /48 prefix via tunneling over the existing IPv4 Internet

Mon, 18 Apr 2011 15:55:57 +0000

(I thought this posting was relevant now as ?APNIC just assigned their last block of i

Hurricane Electric offers a free IPv6 tunneling service if you would like to begin using and or experimenting with the next generation internet protocol.

One you’re up and running check out Cool IPv6 Stuff.

The End of IPv4 FAQ

Tue, 01 Feb 2011 18:18:17 +0000

The Internet Storm Center blog has a great writeup of q+a regarding hitting the limit of IPv4 address space.

3 – A lot of IPv4 space is still unused. Why don’t we use it more effectively?

The problem is not just that we are running out of addresses, even though that is the killer issue here. Assigning addresses more effectively would mean that assignments would become smaller and routing tables would become more complex. In order to make this work, we would have to essentially “renumber” the internet, and still be out of addresses at some point.

6 – So I can just wait and do nothing?

No. What you should do tomorrow (maybe today?) is setup a test lab to familiarize yourself with IPv6. It is easy to get going. Ask your ISP if they support it (or when), or setup a tunnel with a free tunnel provider like Hurricane Electric [2] or Sixxs [3] (there are others). You need a plan on how to deal with it. Even if you don’t need IPv6, maybe your business partners start using it and you need to connect to them via IPv6.

Read the entire post here.

Preventing future internet traffic misroutes….

Mon, 10 Jan 2011 14:29:22 +0000

Remember back in April of 2010 when for 18 minutes internet traffic was mistakenly misrouted through China’s state run telecom agency? According to this H article, the European internet registry (RIPE) who manages assignment of IP addresses along with AfriNIC, LACNIC and APNIC have implemented a PKI certificate based solution to confirm the legitimacy of internet traffic routes.

Unfortunately, ARIN who manages the internet registry for North America will not be ready to deploy this technology until Q2 of 2011. Better late than never…

do you know where your pr0n is?

Fri, 21 May 2010 18:17:16 +0000

In 2008, Data Loss Prevention (DLP) was becoming the latest trend, hype, buzzword. This slowed down in 2009 as with most technology because of everyone tightening their belt (purse strings). I’ve been wondering how long it was going to take for an open source DLP solution to take off. Please correct me if I’m wrong but it appears opendlp may be the first on the scene. While still in its infancy (at a minor 0.2.1 release) it already has a web front end and a deployable agent for clients (monitoring data at rest). It supports regular expressions which should make it flexible. Without a WYSIWYG policy builder like you’re getting with off the shelf products you’re sacrificing ease of use vs. power and flexibility.

So far I’ve only used a pilot of Symantec’s (formerly Vontu) DLP product for my employer. I had a blast testing it out on the network especially because of its flesh tone filter (if flesh_tone_filter then email me pr0n). It’s a shame we may not see flesh tone filtering in opendlp any time soon; isn’t knowing where the pr0n is more important than the company’s lifeblood, intellectual property?

Podcast about ICANN, root dns servers, Chinese domination and more!

Sun, 18 Apr 2010 16:13:07 +0000

I try to catch the weekly NPR Technology podcast. This week there’s an interesting segment about ICANN, VeriSign and their root nameservers, as well as China’s desire to wrestle control of the internet. You can get the podcast here: http://podcastdownload.npr.org/anon.npr-podcasts/podcast/1019/126006147/npr_126006147.mp3

*You need to advance to 5:00minutes into the podcast for this segment (unless you want to listen about Cuban bloggers)

Pay to have your neighbor’s wireless cracked

Mon, 18 Jan 2010 14:24:52 +0000

I just found this article about a new service run by Moxie Marlinspike (from sslsniff fame). He has created WPA Cracker which uses the cloud (his 100 cpu quad processor cluster) to crack WPA and WPA2 (PSK only) handshake captures. So for $17 and the handshake capture you should have your password with 20 minutes.

Related: Using airodump-ng to capture the authentication handshake.

Secure your machine…Whitelist

Tue, 08 Dec 2009 11:12:31 +0000

I previously talked about a blacklisting method to reduce the number of ssh brute force attempts against your machine. When you follow a blacklisting methodology, in theory, it could never end which is why people are screaming ‘whitelist’ today. If you’re not ready to deny all and not absolutely sure of which IP you’ll be riding in on (back to home base) then you may want to take a look at the options below…

Most brute forcing today usually comes from Asia or Eastern Europe — blocking continents (if you can get away with it) is great practice. Below are some links where you can copy & paste problematic IP ranges into your .htaccess or hosts.deny file….

Apache .htaccess block format

Country IP Blocks – choose a country and select the output in many formats (CIDR, hosts.deny, etc)

Sourcefire (Snort) Network Security Seminar

Thu, 02 Jul 2009 16:56:37 +0000

Last week I attended a seminar by Sourcefire. Their CTO, Martin Roesch, was the speaker. The topic was “Your Network Security Isn’t Good Enough Anymore“. This seminar was ultimately a sly sales pitch for Snort, their IDS product. Roesch talked about how there are several equal quality IDS products available now — there is much less market differentiation between them.

Two problems:

1) No one is taking the time to properly configure / tune the IDS for the environment it’s placed in —> meaning thousands of events with many false positives.

2) The IDS events being generated are not monitored —> the average breach to compromise time is down to minutes in some cases meaning you don’t have time to wait.

The next generation Snort intends to solve both of the problems above. Their calling their new version “Adaptive IPS” which features their real time network awareness (RNA) technology. This RNA module constantly surveys your network taking inventory of OSes, services, protocols, and potential vulnerabilities that exist. The RNA module then pushes configuration changes to Snort — auto tuning the IDS for your network! I haven’t tried RNA myself but Roesch claimed several customers seeing a 90+% reduction in the number of IDS generated events. With this dramatic reduction in events to monitor it should mean no excuses to not monitor your network.

Now, if Sourcefire can create a module that will monitor and act on events we won’t need NoCs anymore….

Great “defeating the firewall” article

Sat, 13 Jun 2009 17:22:41 +0000

I stumbled across an excellent article on freenode #security. Does your employer use content filtering? Are you sick of being restricted when using free wifi hotspots? How about a hotel charging for wifi?

The article talks about methods to circumvent all of the above scenarios. I actually do the most vanilla technique to overcome my employer’s web filter: dynamic ssh tunneling back to a server I have running at home.

Read it here: http://blog.sebastien.raveau.name/2009/06/internet-by-all-means.html

DD-WRT and wireless observations

Wed, 03 Jun 2009 13:18:36 +0000

I installed DD-WRT over the weekend following this tutorial. This is something I wish I would have done a lot sooner because of the additional features DD provides. Unfortunately I have a v8 WRT54g which only has 2mb of flash memory. This limited me to only being able to run the stripped down “micro” version. DD supports syslog but the micro version does not log firewall events. I was hoping to pass these to my IDS. Hopefully I can figure out a way to use iptables to replicate a span or tap port.

I tweaked the TX Power using DD. Be warned you can overheat your router if you try to crank this up too high. The biggest signal boost I was raising my access point 2′. Try to keep your AP elevated as much as possible. See my image below….