Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by Mat

  1. Looks like I'll just upgrade the cards in the current pfsense box then. That's a fine solution I was just interested in options. As for prices, £35 per month will get you a 100/5 line, and those speeds are pretty solid, not a fictional "up to" speed.
  2. The internet is a little faster than it used to be. CDN's easily offer those speeds. But I digress. What router hardware is used by anyone here with a decent internet connection and and without Cisco money? :)
  3. That's a very good point actually. Two computers and a handful of mobile devices really, the standard for a single guy :) The main computer has a decent SSD with a sustained write speed over 200mbps though, so I've a bit of room yet! Don't get me wrong, 120 down is way overkill for most things, but if it's there, it will be nice to use it! Oh, and 5mb up is the fastest domestic speed possible in the UK.
  4. My home connection is rated at 100mbps down, 5mbps up. Moving to 120mbps down when the provider gets its act together and upgrades the headend. I currently have the docsis3 modem connected to an old desktop computer running pfsense, and it has a server grade dual port 100mbps network card in it. The upgrade will mean that the download speed of the WAN is faster than the wirespeed of the LAN ! Everything else is connected to a small gigabit switch, but if I want to get the most from the connection, I'll need to two gigabit cards to the pfsense machine. Before I do so, is there any other options? Are there any low power devices capable of running at these speeds, what's the lowest cost solution? here's a speedtest result from a moment ago, over wifi :) http://www.speedtest.net/result/2523055951.png Thanks.
  5. Mat

    Vpn Security

    We may be talking about slightly different things. I'm not referring to websites, or for that matter even a web browser. Tunnelblick for OSX establishes a VPN using SSL protocols and makes it available to the system, the VPN is restricted to just allow the user to run a terminal services session on the office servers.
  6. Mat

    Vpn Security

    Thanks for that, so as long as the vendor has done their job right, a packet replay attack is unlikely. So, if I were to connect the VPN while connected to a "bad wireless network", and all the traffic were captured; a hacker wouldnt be able to just re-send everything and gain a connection to the workplace, and he'd not be able to extract the username/password from the packet capture because they'd be encrypted by the SSL layer. That puts to rest most of my concerns; I was thinking that the encryption was not brought up until the link was, so the credentials may be passed in the clear. The remaining point would be sslstrip or similar which I hear can get ssl credentials by putting itself in the live connection and impersonating the remote side (I think) anyone got any thoughts there? I know I'm being too paranoid about this, but I think it's best to assume the worst and plan accordingly! [edit: worth mentioning some specifics. The VPN is being made on OSX using the 3rd party software Tunnelblick and its connecting to a Smoothwall UTM308. I've spoken to smoothwall support about native LT2P over IPSec and they say it cant be done, basically. ]
  7. Mat

    Vpn Security

    At work we have laptops which connect back to the office via an IPSec over L2TP VPN. The connection is made with a username and password and a certificate is installed on the laptop, without which the username and password will not be accepted. This, I think is a good thing. This only works for windows though, the folks with a Mac laptop are out of luck. My only option to allow connections from the Mac's is to enable SSL VPN's but this is a security concern to me. The SSL VPN is secured with only the username and password. I see on the show that Darren often recommends the use of a VPN for domestic use, so you'd VPN while at Starbucks before connecting to gmail or something, so people cant get your email credentials, but the part I dont understand is, what's to stop someone sniffing my VPN username and password and then just connecting as me? Short version then is: Is SSL VPN vulnerable to a replay attack, and is SSL VPN secure enough for corporate use? Any and all comments on this topic will be appreciated.
  8. I've got loads of that brand of drive and they work fine. Try using the HP USB formatting tool, then use grubinst_gui to install a bootable MBR (make sure to pick the right drive) and then replace grldr with the one from grum4dos. That really should be all there is to it.
  9. I still dont understand how the plantext passwords were acquired if they were stored salted and hashed.
  10. Fix already reported in this thread in Post 84 I know this thread is getting long, but it'll get even longer if questions are repeated!
  11. I've added some more today, Puppy Linux SliTaz ntpasswd F-Secure Rescue CD Kapersky Rescue CD Ubuntu 9.04 (iso mount method shown above) XBMC Live CD xPUD AIDA Ranish Partition Manager MHDD I think it's time I took a backup of this drive now!
  12. Please read the full thread, you cant have the casper folder in a subfolder, it wont work. It's expected in the root of the drive. I'm looking through the initrd script for clues, and looking for a kernel switch that would allow for a redirection of the casper folder, but I dont think it exists.
  13. I'd like BT4, Live Ubuntu and others on this same drive, but with the casper folder being seemingly hardcoded with no kernel argument to override it, this is not possible. Still looking...
  14. I should have posted the whole file originally, sorry. BT4 prefinal is packaged with casper, which is nice because it puts the whole thing into a single file, but it sucks because the casper folder cannot be moved or renamed, which means it has to be in the root and cant co-exist with other stuff done in the same way. I'm looking for a fix for this. For now though, this folder structure is needed /backtrack/initrd.gz /backtrack/vmlinuz /casper/filesystem.manifest /casper/filesystem.manifest.desktop /casper/filesystem.squashfs Clearly I'd like all five files to be in the backtrack folder. Hope that helps for now. color green/black yellow/blue timeout 120 # --- Memtest 86 --- # title Memtest86 v2.11 kernel /memtest/memtest86+-2.10.bin # --- --- --- --- # --- DSL Damn Small Linux --- title Damn Small Linux kernel /dsl/linux24 ramdisk_size=100000 init=/etc/init lang=us apm=power-off vga=789 initrd=minirt24.gz nomce noapic quiet BOOT_IMAGE=dsl initrd /dsl/minirt24.gz boot # --- --- --- --- # --- CloneZilla --- title Clonezilla root (hd0,0) kernel /clonezilla/vmlinuz1 boot=live union=aufs vga=789 ip=frommedia live-media-path=/clonezilla bootfrom=/dev/hda toram=filesystem.squashfs noprompt ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" initrd /clonezilla/initrd1.img boot # --- --- --- --- # --- Gparted --- title Gparted 0.4.5-2 root (hd0,0) kernel /gparted/vmlinuz1 live-media-path=/gparted bootfrom=/dev/sd boot=live union=aufs noswap noprompt vga=789 ip=frommedia initrd /gparted/initrd1.img # --- --- --- --- # --- Dr Web Anti-virus --- title Dr Web Antivirus (*not working) root (hd0,0) kernel /drweb/vmlinuz root=/dev/ram0 init=/linuxrc init_opts=4 quiet dokeymap looptype=squashfs loop=/drweb/white.mo usbroot slowusb initrd=/drweb/initrd vga=789 splash=silent,theme:drweb CONSOLE=/dev/tty1 initrd /drweb/initrd # --- --- --- --- # --- Hiren's Boot CD --- title Hiren's BootCD find --set-root /HBCD/boot.gz map --mem /HBCD/boot.gz (fd0) map --hook chainloader (fd0)+1 rootnoverify (fd0) map --floppies=1 boot # --- --- --- --- # --- Mini Windows XP --- title Mini Windows XP find --set-root /HBCD/XPLOADER.BIN chainloader /HBCD/XPLOADER.BIN # --- --- --- --- # --- TRK Trinity Rescue Kit --- title Trinity Rescue Kit (*not working) find --set-root /trinityrescue/initrd.trk kernel /trinityrescue/kernel.trk ramdisk_size=49152 root=/dev/ram0 vga=789 splash=verbose pci=conf1 initrd /trinityrescue/initrd.trk # --- --- --- --- # --- Konboot --- title KonBoot map --mem /konboot/FD0-konboot-v1.1-2in1.img (fd0) map --hook chainloader (fd0)+1 map (hd1) (hd0) map --hook rootnoverify (fd0) # --- --- --- --- # --- Backtrack 4 --- title BackTrack 4 pre-final kernel /backtrack/vmlinuz vga=0x314 BOOT=casper boot=casper nopersistent rw initrd /backtrack/initrd.gz boot # --- --- --- --- # --- FreeDOS --- title FreeDOS kernel /freedos/memdisk initrd /freedos/FDSTD.144.imz # --- --- --- --- # --- DBAN --- title DBAN (Darik's Book and Nuke) kernel /dban/memdisk initrd /dban/dban-1.0.7_i386.ima # --- --- --- --- # --- FreeNAS --- title FreeNAS .7 RC1 map --mem (hd0,0)/ISOs/FreeNAS-i386-LiveCD-0.7RC1.4735.iso (hd32) map --hook chainloader (hd32) # --- --- --- ---
  15. Mine works with the following entry, it looks like you missed just the live-media-path entry. I have a clonezilla folder containing filesystem.squashfx, initrd1.img and vmlinuz1 # --- CloneZilla --- title Clonezilla root (hd0,0) kernel /clonezilla/vmlinuz1 boot=live union=aufs vga=789 ip=frommedia live-media-path=/clonezilla bootfrom=/dev/hda toram=filesystem.squashfs noprompt ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" initrd /clonezilla/initrd1.img boot # --- --- --- ---
  16. Here's my grub entry for dsl: # --- DSL Damn Small Linux --- title Damn Small Linux kernel /dsl/linux24 ramdisk_size=100000 init=/etc/init lang=us apm=power-off vga=789 initrd=minirt24.gz nomce noapic quiet BOOT_IMAGE=dsl initrd /dsl/minirt24.gz boot # --- --- --- --- The USB drive has a folder called DSL which contains just two files linux24 and minirt24.gz which were taken from the iso.
  17. Out of curiosity, I've replaced the MBR and bootloader with GRUB2 and I've played around with that for a while, it looks to be far better in terms of capabilities but I had a hell of a time getting everything to work. I managed to boot BT4 with it, so similar builds would be easy enough, but I even struggled to get memtest to work, so after an hour or so, I gave up and swithed it back to standard grub. If anyone has better luck than me with grub2, I'd be interested to see their .cfg file :)
  18. I spent a little time on this and so far I cant get Trinity to work, which is a shame seeing as that's the one featured ni the show, it really should have been included in the instructions. I currently have these entries on my key: Memtest 86 Damn Small Linux CloneZilla Hiren's Boot CD Mini Windows XP Trinity (not working) KonBoot BackTrack 4 (prefinal, no persist) DBAN FreeDOS FreeNAS (configured with my real config.xml for emergencies) I would like to be able to use this to install windows from, either by moving to grub2 or some other way. Being able to reinstall without using the CD/DVD would be nice as the USB is faster. If someone get's trinity to work right, could you let us know how. If anyone wants the grub entries for the ones I have working, let me know.
  19. It is highly unlikely that anyone can erase a modern hard drive by waving any standard magnet on it. The strength of permanent magnet required for this would be very dangerous to use and most people dont have access to an electro magnet suitable.
  20. A clicking drive can be a few things, but one of those things can be a damaged servo track which would not be fixed by swapping the logic board. If you are concerned about your data falling into the wrong hands, concerned enough to want to blank the drive, concerned enough to make a forum post about it, then put a dollar figure on the data. Enough for a new drive. Then just buy the drive and dont RMA the faulty one, take the hit on the cost. If it's not work the two hundred bucks to remove the risk of a seagate employee accessing your data then dont worry about erasing it in the first place.
  21. I guess I'm just finding the learning curve of the kamikaze branch of OpenWRT to be a little steep. I've never had occasion to deal with it before so I have no prior experience with it. Is it correct to assume that by flashing the fon just with the boot and kernel, that I should be able to configure it as a valid wifi access point, without installing any further packages? I did try this and while it looked like I had things set correctly, I couldnt get it to work. I'll keep looking into it, at least I have a starting block of use OpenWRT rather than DD-WRT.
  22. Atheros chipsets in all of them. Buy a D250 if you can find one, they are much nicer than the D150 which feels a little bulky to my hands.
  23. Update: I've installed and tried gargoyle. It is a lot simpler than kamikaze and I have it running as a wireless access point right now. So that's a result. However, now it offers pretty much the same functionality as my standard wifi AP, which is a basic import unit made by TP Link. Because the fon can do all sorts of advanced stuff, I want to be able to :) So I want a more powerful AP. I guess I'll need to flash it back and try again. I am confusing myself with the two network ports on the back though. I'm connecting the AP to the LAN, and the LAN is connected to the net via a smoothwall. I think the normal way would be to connect the AP to the internet directly, and then connect a switch to it's LAN port and add the computers there. My configuration does not seem to go well with the gargoyle software, as with that, the only way I can get at the admin interface is by connecting a computer to the Fon's LAN port, wereas I can access the web admin for my standard router from any computer on the lan. More testing!
  24. Thanks for that, I installed kamikaze on it yesterday and found the process ok but the interface horrible. Looks very nice and friendly but I was unable to actually make it work. Gargoyle is currently installing on it now, it just sucks that it takes so long to complete the flashes!
  25. So I bought a fon to hack with out of curiosity and while it's a nice piece of hardware I have no practical use for a Jasager or interceptor so now I want to turn the little beasty into a standard wifi access point. What version of the various flavours of DD-WRT should I use for this?
  • Create New...