Jump to content

decepticon_eazy_e

Active Members
  • Posts

    164
  • Joined

  • Last visited

Recent Profile Visitors

2,470 profile views

decepticon_eazy_e's Achievements

Newbie

Newbie (1/14)

  1. This is usually the answer to Why Websense? Because in a Cisco firewall config you get 2 choices, Websense or Secure Computing(now McAfee). Of those 2 choices, I'll pick Websense 11 out of 10 times. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_filter.html#wp1045692 Even if they only ever sold to customers with a Cisco ASA, that's still a few million sales with reoccurring license fees, that's some major money for R&D.
  2. I'm looking for help running tests against DNS servers. I want to list all the subdomains for a specific domain. So I try to use the dig command with axfr and it fails every time. dig @ns.SOA.com somedomain.com axfr Am I doing it wrong or are modern dns servers hardened and no longer accept this query? Is there a better way to do this? For example, so I build a dns server and try to replicate records to query? Would the axfr command be accepted if it came from a dns server? If so, what is the 'check' that I would be passing, so I could spoof it. Next DNS question along the same lines, I want to do reverse dns lookups. It also seems that all the DNS servers I tried don't accept this, which is the proper behavior after hardening. However we all know, not EVERYBODY does the proper settings and there is always somebody out there with some default settings. Are the queries wrong or am I just not finding a server that allows reverse dns? Anyone know of some servers that accept reverse dns? Anyone know a good resource to find these one in a million dns servers?
  3. The NIC teaming is usually done by the 3rd party software, like Intel or Broadcom. On both of those, the individual addresses disappear and you have one shared address. Unless you add secondary IPs to the team, of course. Check the software that will do your teaming and you'll find out.
  4. Since we have covered everything else in this thread, it's worth taking this point out of the argument. VLANs and subnets are NOT how you will achieve this next goal. You need something else to limit or regulate the content. Controlling what users can do and how info is accessed is the job of a couple more devices. You need a content management device and/or firewall, something like Websense. You'll also need an enterprise level monitoring system if you want to see HOW the information is accessed. Having file share permissions in Active Directory is one step, but once the information is out of that 'secure' folder, you don't have any control of it. You seem to elude to wanting more than that. I'm going to assume you really don't need more than that, but just understand none of those goals can be met with the built in technology of a switch or small/med (translate: affordable!) router. You are onto another topic or area of technology altogether now.
  5. True, but you left out... 99% of all managed switches will do VLANs. VLANs are a layer 2 concept, so a layer 2 switch will do vlans. You need to buy a layer 3 switch to do what you suggest. The VLANs cannot talk to each other without some device routing the information between them, even on the same switch. A layer 3 switch would have a route processor (RP) built in and that would do the job. Otherwise you need a router attached to that switch and trunk all the VLANs to the router, etc. VLAN routing is not something built in to every switch. Honestly, if the network is as large as 100 workstations, and you have good switches, you would see a slow down with this configuration. 100 workstation is not a big network. That's 100+ IPs, which fits fine in a class C subnet. When you need to use large subnets because of the amount of workstations, then you'll need this. I'm talking 1000+
  6. Short answer, I seriously doubt it. But you came here for a decent answer so I'll elaborate... First, learn about subnetting and or TCP/IP if you plan to implement because by implementing a thing you are now 'supporting' a thing. When it's broken, you typically go back to the guy who put it in to fix it. When you learn about OSI Layers, you'll find out packets are Layer 3 objects. You will need a layer 3 capable device to route the packets from one network (or subnet) to another. You will need a layer 3 switch or a router. If you have one of these devices, you'll need to learn to configure it. If you want to limit different networks to different resources (i.e. facebook), you will need something like a firewall or content management device (some routers and high end switches do this). You'll need to learn to configure that also. Don't worry about packet collisions unless you have a layer 2 only network. Again, when you learn about the layers, you'll find out frames are at layer 2. Hubs and switches are the devices that route frames, switches don't broadcast every frame so you won't have collisions. At some point early in your self education you'll find out about collision domains vs broadcast domains. If you have switches (not hubs) in your school, you have many collision domains and one broadcast domain. Don't worry about this, I don't think people had this problem since the 80's... that's why CDMA was created.
  7. Short answer is Comp B will not see the router or Comp A. Also Comp B will have an invalid IP, that is the network number, the first usable number will be 129. In the real world, it can get really goofy, and this is why overlapping networks with similar numbers are BAD and you need to keep that stuff organized and vlan'd. If you only change the subnet mask of Comp B, the above statement is true from the perspective of Comp B. Comp A and the router will still have the /24 mask. That means that Comp B will see broadcasts because they go from 0-255 there. Comp B will try to answer those broadcasts and traffic will get mixed up.... I've seen this happen and it's hard as hell to troubleshoot. But for your exams and labs, ignore this rant, it shouldn't happen on paper! Moral of this story is get your subnet masks matching on everything!
  8. You really have a hub? If it's really a hub, throw that thing away and upgrade. Select the 2 interfaces on the laptop (wifi and lan) and make them a bridge. Your laptop becomes a bit transparent in the network but the 2 interfaces become a pass-through, which is what you need.
  9. Build redundancy into the box and you should be fine. RAID, dual NICs, ECC ram, dual CPUs, etc. When you do a P2V on the others, you should have no problem, but the Exchange conversion will take forever unless you take it offline. You will have to make them live without email for a weekend to get this done right. There are services out there that will catch or host your email until your server comes back online and then push it all down, this would also be a nice service to keep running in case of server failure.
  10. I'm gonna guess you put those 4 other drives on a RAID card or some other PCI expansion card. Did you check to see if those are on the vmware HAL?
  11. Getting the actual IP address is pretty trivial. For example, not every server is hosted elsewhere. There's a good chance something is hosted locally if it's a large enough company. For example, we keep our website hosted elsewhere, but our Exchange in house where we get to back it up and keep it safe. Once you find an IP address, you can pretty easily get the range, ping sweeps are legal. You can ping as much as you want around the world with no consequence. With that in mind, if they did get attacked and you did the ping sweep from your house, you will be on a short list of destinations for the FBI to visit. DO IT FROM A STARBUXXX WIFI. As previously mentioned, the most successful attack would be from the inside out. Social engineering or trojan exploits, etc. You would be surprised how easy a telco shirt and tool box will get you past the front desk. Otherwise you would need to exploit vulnerable services. Here's where it gets fuzzy. A ping is a legitimate request from computer to computer. A port scan is not, it is an active inquiry into a system that is not your own. This might be where you cross the line. Again, do this from NOT your house. Find a vulnerable service and apply the zero day (that you wrote!! ;/). These are the basics of a pen test, study up on pen testing for more on this topic. Many good books out there, "Stealing the ______" (network/continent/etc) is a really good series by experienced authors, it's all fiction, but the methods are real.
  12. Cancel your Rapidshare account so nobody else can use it. Problem solved.
  13. If you really have a terabyte to back up, that's probably an accurate time. I really don't think backing up the VMFS partition is the best/fastest solution. There's probably a few servers that don't need nightly incrementals, so you could eliminate those. Then apply backup solutions to the VMs themselves. Find an agent that does a dedupe before sending the data to disk/tape. You do have alot to backup, and perhaps outsourcing a solution would best if you're stuck. I think you have to put some serious money into this in some form, either prof services or backup software or backup hardware...
  14. The problem with backing up the actual VM files is that they are running and constantly changing. You need an agent that will recognize this and deal with it, or that will stop the processes and run the backup automatically. You could clone it live and call that a backup, I suppose. I wouldn't call any of those options clustering. VMFS is slow, VMware will admit that. But they didn't create it to be fast, they created it to be solid for the files to sit in. If your resources over commit and it starts a SWAP file, your server will CRAWL. The purpose is to keep files contiguous and ready to pull into ram. VMs don't run off the disk, they just sleep there. They get up and go to work in the RAM. So you need to find an agent that understands VMs, typically we recommend backup solutions that run INSIDE the VM. Something more traditional like commvault or networker. These agents run on the windows OS and backup like they were physical machines. Rarely do we backup the VMDK files, especially running ones.
  15. If you use ESXi, you don't get to use it as PC, you must have another PC to pull a remote desktop. If you do anything graphics related, don't virtualize it, no support or performance.
×
×
  • Create New...