Network

Quicksearch

Links

Open All | Close All

Blog Administration

Open login screen

Syndicate This Blog

RSS 0.91 feed

RSS 1.0 feed

RSS 2.0 feed

ATOM 0.3 feed

ATOM 1.0 feed

RSS 2.0 Comments

How to summarize your network traffic

Friday, June 22. 2007

In case you want to create firewall rules and don't know what type of traffic you have in your network, you will need to find out by sniffing it off the wire. This article outlines a very basic, but also very easy method to summarise your network traffic by looking at the TCP SYN ACK packets. Obviously, this doesn't catch everything you might have in your network, but if you need more, you can easily adapt this method to fit to your requirements.

Posted by Stefan Kraatz in Network, Unix at 13:46 | Comments (0) | Trackbacks (0)

Happy Birthday

Friday, May 18. 2007

A while ago, I installed an OpenBSD gateway router for accessing a private network via a single IP address, which inspired me to write this article. Today, this router is up and running flawlessly for 100 days. This is, in my mind, worth noticing. Thanks to the OpenBSD team for providing me with such a decent operating system, that makes my life as a networker so much easier.

# uname -a
OpenBSD gateway 4.0 GENERIC#625 sparc
# uptime
12:07PM up 100 days, 23:07, 1 user, load averages: 0.13, 0.10, 0.08

Posted by Stefan Kraatz in Network, Unix at 12:14 | Comments (0) | Trackbacks (0)

getting ip calculation right

Tuesday, March 6. 2007

This is a nice article, explaining the fundamental calculations needed, when dealing with ip addresses and subnets.

Posted by Stefan Kraatz in Network at 15:01 | Comments (0) | Trackbacks (0)

Packet Crafting for Firewall & IDS Audits

Wednesday, February 21. 2007

This article is a very nice introduction to hping and it's use for testing firewall rules and intrusion detection. I would recommend reading it to anybody, with interest in this topic.

Article Part 1
Article Part 2

Posted by Stefan Kraatz in Network, Unix at 13:58 | Comments (0) | Trackbacks (0)

using SSH for loads of cool stuff

Tuesday, February 6. 2007

I have written a small article on SSH, that will be more and more expanded when I have time, or learn something new. Check it out here
Updated:
I have amended the article with a picture for illustration purpose and put in some additional notes.

Posted by The Kungfu Hacker in Network, Unix at 14:04 | Comments (0) | Trackbacks (0)

manage your pf firewall

Friday, January 26. 2007

Manage OpenBSDs firewall with Firewall Builder
Dru Lavigne, an exerienced administrator and trainer for topics related to unix has written a good article about using fwbuilder to create a desktop firewall. The article you will find here and my amendments to make in work in OpenBSD here.

Posted by The Kungfu Hacker in Network, Unix at 11:05

Sample Configuration of a pf Server Firewall

Monday, January 22. 2007


 ##      $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
 #
 # See pf.conf(5) and /usr/share/pf for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 
 #pass quick on $int_if
 #antispoof quick for { lo $int_if }

 
 server_if="nfe0"
 maint_if="le0"

 maintenance = "{ssh, www }"
 user_tcp_services = "{ www, afpovertcp }"
 user_udp_services = "{ afpovertcp }"

 nice_hosts = "{ a.a.a.0/25, b.b.b.b }"
 bad_hosts = "{ a.a.a.2 }"
 maintenance_hosts = "{ c.c.c.1 }"
 
 set skip on lo
 scrub in

 block in log
 block in on $server_if from $bad_hosts to any

 pass in quick on $server_if proto tcp from $nice_hosts to ($ext_if) port $user_tcp_services keep state
 pass in quick on $server_if proto udp from $nice_hosts to ($ext_if) port $user_udp_services 
 
 pass in quick on $maint_if proto tcp from $maintenance_hosts to ($maint_if) port $maintenance keep state

 pass out keep state

download sample config

Posted by The Kungfu Hacker in Network, Unix at 10:06 | Comments (0) | Trackbacks (0)

(OpenBSD) desktop firewall

Thursday, January 18. 2007

This posting is related to an entry in the BSD DEV Center. It contains the neccessary amendments to the original article, in order to make it work for me, running OpenBSD

installing the packet fwbuilder-2.0.7p0:

#pkg_add fwbuilder-2.0.7p0.tgz

ssh access to localhost has to be configured like this:

src			dst			srvc 
server_wall:lo0:ip	server_wall:lo0:ip	ssh

* the final rules look like this :

# pfctl -s rules 
pass in quick inet proto tcp from 127.0.0.1 to 127.0.0.1 port = ssh keep state \
label "RULE 0 -- ACCEPT "
pass out quick inet proto tcp from 127.0.0.1 to 127.0.0.1 port = ssh keep state \
label "RULE 0 -- ACCEPT "
pass out quick inet from  to any keep state label "RULE 2 -- ACCEPT "
block drop in quick inet all label "RULE 3 -- DROP "
block drop out quick inet all label  "RULE 3 -- DROP "
block drop in quick inet all label "RULE 10000 -- DROP "
block drop out quick inet all label "RULE 10000 -- DROP "

Backslashes are just there because of the formatting, they would not be included in the command output.

Posted by The Kungfu Hacker in Network, Unix at 13:40

(Page 1 of 1, totaling 8 entries)

Competition entry by David Cummins powered by Serendipity v1.0

Hacking Life