Shouldn’tthis and this get more news coverage? US Commerce Department computers (specifically a bureau responsible for export licenses) is under cyber attack from hackers based in China. The Bureau in question is the Bureau of Industry and Security…. which handles “U.S. exports which have both commercial and military applications”…. They’ve been targetted by various rootkits among other malwares and in early September were forced to cut off internet access (yes that’s around a MONTH ago).
Tag: LAN
-
Freenx on Ubuntu (Dapper Drake)
NX server and client is a GREAT remote X approach that can tunnel over fairly narrow links well and does phenomenally well over a LAN. I frequently use NX in place of VNC when working with Linux based systems because the performance seems much better and the client has a nice way to choose from preset sessions. (You can also do individual applications, etc…) One of the benefits over X tunneling is the compression…. Anyway, I’ve gone through setting this up several times on various ubuntu 6.06 installs and thought I’d go ahead and document this on the web page so I didn’t have to keep hunting links each time….
-
IPtables magic, or… Blocking Aggressive Outbound Traffic with IPtables
Blocking Aggressive Outbound Traffic with IPtables.
For starters, I’ve tested this on a test system that started out with NO iptables rules, and then moved on to an IPCop install (the vmware download from vmwarez.com…)
I’ve detailed previously one dilemma that I had with regard to my own cable connection which made me question how one could SAFELY host a wireless access point (in the clear) for guest web browsing, without allowing a wireless user to port scan the outside world/aggressively spread viruses/etc. Traditional firewall setups are typically oriented towards protecting the internal network. This post is an attempt to give an explanation of how to implement the idea put forth in this post.
-
Intelliadmin – free disable usb storage tool
For Windows system administrators that have sweated over the perils of usb drives and memory sticks…. Intelliadmin has a tool for you. It’s a small utility that will allow to remotely disable usb drives over the LAN. It won’t affect usb mice/keyboards – just usb storage. So, if your network security policy doesn’t like USB storage you can easily use this to make sure those devices don’t work on plugin.
-
Network Security – Arp spoofing
So…. what is arp spoofing (poisoning)…. and what are it’s implications? ARP spoofing involves tricking a machine into thinking that you’re machine is, yet another. Let’s put this in IP address terms. Let’s say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are given another network address – say 192.168.0.250…. Arp spoofing would tell 192.168.0.150 that OUR network adapter is the place to send information destined for 192.168.0.1, (and we could also tell 192.168.0.1 that WE are the rightful recipient of data sent to 192.168.0.150). These is done by offering up our MAC address as the legitimate desitination to each machine through a crafted ARP response.
-
Network security – how safe is your network? Looking at ARP
A while back I did a network security series and one of the points that I mentioned was that it’s important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I’m about to start a serious look at something that makes this knowledge essential and that may have some rethinking whether or not it’s wise to run an open wireless access point on the same network as their traditional LAN.
-
Metasploit
I had hoped to do an article on metasploit in the not too distant future, but not as early as tonight…. However, I’ve made a couple of references to it in previous posts which, well, it would be nice if I’d already given a bit of information about metasploit in general. For starters, metasploit is considered a “framework” for exploit modules and payload modules. Much like real weapons, knives, guns…. there are good uses and there are bad uses. It can be used by a network/security auditor to check for vulnerable systems. It could also be used by a cracker to exploit systems remotely. There’s a fine line.
-
The D-Link DWL-800AP+ as a wireless repeater to extend wireless range – Part 3
So, now that I was “in” the DWL-800AP+ it was time to see if I could set it up as a repeater. I visited the “wireless” tab of the web based configuration and chose Repeater mode instead of AP mode and saw that I would need the Mac address of the access point that I wanted to “repeat” signal from. In this case it’s the old Linksys WAP11 v. 1.1 So, I opened up a console and (as root) did an arpping 192.168.0.250 (the ip address of my Linksys AP). Got the reply back and typed it in.
-
Network Security guide for the home or small business network – Part 19 – What about when you’re not on your home network?
When you’re not at your home network is probably one of those times you should be more on your guard. Wireless access points are very common and a greatly useful thing, but there are some steps you should take to protect yourself, your pc and the data stored there. First it’s worth having a personal firewall for just this type of situation. You obviously can’t make use of a second hardware firewall when hooking up to a wireless LAN. (Although I would think that a small “wireless bridge” adapter of a wireless device to a wired ethernet port MIGHT be able to serve that function. It depends on how it’s implemented.)
-
Small Ethernet Print Server
The Hawking Technology Print Server (HPS1P) is a nice little parallel port to ethernet print server that can be configured to make a single printer available to multiple machines on a LAN (local area network). It supports a number of different protocols and can be configured through a web interface, or with a Windows based control application. There are disadvantages with hooking a printer up to a pc to share over a network. First, the pc that shares the printer has to be up and reliable. Second, that pc has to be in a convenient location to the printer.