Hacking Life - Network

How to summarize your network traffic

nospam@example.com (Stefan Kraatz) — Fri, 22 Jun 2007 13:46:23 +0200

In case you want to create firewall rules and don't know what type of traffic you have in your network, you will need to find out by sniffing it off the wire. This article outlines a very basic, but also very easy method to summarise your network traffic by looking at the TCP SYN ACK packets. Obviously, this doesn't catch everything you might have in your network, but if you need more, you can easily adapt this method to fit to your requirements.

Happy Birthday

nospam@example.com (Stefan Kraatz) — Fri, 18 May 2007 12:14:42 +0200

A while ago, I installed an OpenBSD gateway router for accessing a private network via a single IP address, which inspired me to write this article. Today, this router is up and running flawlessly for 100 days. This is, in my mind, worth noticing. Thanks to the OpenBSD team for providing me with such a decent operating system, that makes my life as a networker so much easier.

# uname -a
OpenBSD gateway 4.0 GENERIC#625 sparc
# uptime
12:07PM up 100 days, 23:07, 1 user, load averages: 0.13, 0.10, 0.08

getting ip calculation right

nospam@example.com (Stefan Kraatz) — Tue, 06 Mar 2007 15:01:18 +0100

This is a nice article, explaining the fundamental calculations needed, when dealing with ip addresses and subnets.

Packet Crafting for Firewall & IDS Audits

nospam@example.com (Stefan Kraatz) — Wed, 21 Feb 2007 13:58:40 +0100

This article is a very nice introduction to hping and it's use for testing firewall rules and intrusion detection. I would recommend reading it to anybody, with interest in this topic.

Article Part 1
Article Part 2

using SSH for loads of cool stuff

nospam@example.com (The Kungfu Hacker) — Tue, 06 Feb 2007 14:04:00 +0100

I have written a small article on SSH, that will be more and more expanded when I have time, or learn something new. Check it out here
Updated:
I have amended the article with a picture for illustration purpose and put in some additional notes.

manage your pf firewall

nospam@example.com (The Kungfu Hacker) — Fri, 26 Jan 2007 11:05:52 +0100

Manage OpenBSDs firewall with Firewall Builder
Dru Lavigne, an exerienced administrator and trainer for topics related to unix has written a good article about using fwbuilder to create a desktop firewall. The article you will find here and my amendments to make in work in OpenBSD here.

Sample Configuration of a pf Server Firewall

nospam@example.com (The Kungfu Hacker) — Mon, 22 Jan 2007 10:06:01 +0100


 ##      $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
 #
 # See pf.conf(5) and /usr/share/pf for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 
 #pass quick on $int_if
 #antispoof quick for { lo $int_if }

 
 server_if="nfe0"
 maint_if="le0"

 maintenance = "{ssh, www }"
 user_tcp_services = "{ www, afpovertcp }"
 user_udp_services = "{ afpovertcp }"

 nice_hosts = "{ a.a.a.0/25, b.b.b.b }"
 bad_hosts = "{ a.a.a.2 }"
 maintenance_hosts = "{ c.c.c.1 }"
 
 set skip on lo
 scrub in

 block in log
 block in on $server_if from $bad_hosts to any

 pass in quick on $server_if proto tcp from $nice_hosts to ($ext_if) port $user_tcp_services keep state
 pass in quick on $server_if proto udp from $nice_hosts to ($ext_if) port $user_udp_services 
 
 pass in quick on $maint_if proto tcp from $maintenance_hosts to ($maint_if) port $maintenance keep state

 pass out keep state

download sample config

(OpenBSD) desktop firewall

nospam@example.com (The Kungfu Hacker) — Thu, 18 Jan 2007 13:40:56 +0100

This posting is related to an entry in the BSD DEV Center. It contains the neccessary amendments to the original article, in order to make it work for me, running OpenBSD

installing the packet fwbuilder-2.0.7p0:

#pkg_add fwbuilder-2.0.7p0.tgz

ssh access to localhost has to be configured like this:

src			dst			srvc 
server_wall:lo0:ip	server_wall:lo0:ip	ssh

* the final rules look like this :

# pfctl -s rules 
pass in quick inet proto tcp from 127.0.0.1 to 127.0.0.1 port = ssh keep state \
label "RULE 0 -- ACCEPT "
pass out quick inet proto tcp from 127.0.0.1 to 127.0.0.1 port = ssh keep state \
label "RULE 0 -- ACCEPT "
pass out quick inet from  to any keep state label "RULE 2 -- ACCEPT "
block drop in quick inet all label "RULE 3 -- DROP "
block drop out quick inet all label  "RULE 3 -- DROP "
block drop in quick inet all label "RULE 10000 -- DROP "
block drop out quick inet all label "RULE 10000 -- DROP "

Backslashes are just there because of the formatting, they would not be included in the command output.