Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by decepticon_eazy_e

  1. This is usually the answer to Why Websense? Because in a Cisco firewall config you get 2 choices, Websense or Secure Computing(now McAfee). Of those 2 choices, I'll pick Websense 11 out of 10 times. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_filter.html#wp1045692 Even if they only ever sold to customers with a Cisco ASA, that's still a few million sales with reoccurring license fees, that's some major money for R&D.
  2. I'm looking for help running tests against DNS servers. I want to list all the subdomains for a specific domain. So I try to use the dig command with axfr and it fails every time. dig @ns.SOA.com somedomain.com axfr Am I doing it wrong or are modern dns servers hardened and no longer accept this query? Is there a better way to do this? For example, so I build a dns server and try to replicate records to query? Would the axfr command be accepted if it came from a dns server? If so, what is the 'check' that I would be passing, so I could spoof it. Next DNS question along the same lines, I want to do reverse dns lookups. It also seems that all the DNS servers I tried don't accept this, which is the proper behavior after hardening. However we all know, not EVERYBODY does the proper settings and there is always somebody out there with some default settings. Are the queries wrong or am I just not finding a server that allows reverse dns? Anyone know of some servers that accept reverse dns? Anyone know a good resource to find these one in a million dns servers?
  3. The NIC teaming is usually done by the 3rd party software, like Intel or Broadcom. On both of those, the individual addresses disappear and you have one shared address. Unless you add secondary IPs to the team, of course. Check the software that will do your teaming and you'll find out.
  4. Since we have covered everything else in this thread, it's worth taking this point out of the argument. VLANs and subnets are NOT how you will achieve this next goal. You need something else to limit or regulate the content. Controlling what users can do and how info is accessed is the job of a couple more devices. You need a content management device and/or firewall, something like Websense. You'll also need an enterprise level monitoring system if you want to see HOW the information is accessed. Having file share permissions in Active Directory is one step, but once the information is out of that 'secure' folder, you don't have any control of it. You seem to elude to wanting more than that. I'm going to assume you really don't need more than that, but just understand none of those goals can be met with the built in technology of a switch or small/med (translate: affordable!) router. You are onto another topic or area of technology altogether now.
  5. True, but you left out... 99% of all managed switches will do VLANs. VLANs are a layer 2 concept, so a layer 2 switch will do vlans. You need to buy a layer 3 switch to do what you suggest. The VLANs cannot talk to each other without some device routing the information between them, even on the same switch. A layer 3 switch would have a route processor (RP) built in and that would do the job. Otherwise you need a router attached to that switch and trunk all the VLANs to the router, etc. VLAN routing is not something built in to every switch. Honestly, if the network is as large as 100 workstations, and you have good switches, you would see a slow down with this configuration. 100 workstation is not a big network. That's 100+ IPs, which fits fine in a class C subnet. When you need to use large subnets because of the amount of workstations, then you'll need this. I'm talking 1000+
  6. Short answer, I seriously doubt it. But you came here for a decent answer so I'll elaborate... First, learn about subnetting and or TCP/IP if you plan to implement because by implementing a thing you are now 'supporting' a thing. When it's broken, you typically go back to the guy who put it in to fix it. When you learn about OSI Layers, you'll find out packets are Layer 3 objects. You will need a layer 3 capable device to route the packets from one network (or subnet) to another. You will need a layer 3 switch or a router. If you have one of these devices, you'll need to learn to configure it. If you want to limit different networks to different resources (i.e. facebook), you will need something like a firewall or content management device (some routers and high end switches do this). You'll need to learn to configure that also. Don't worry about packet collisions unless you have a layer 2 only network. Again, when you learn about the layers, you'll find out frames are at layer 2. Hubs and switches are the devices that route frames, switches don't broadcast every frame so you won't have collisions. At some point early in your self education you'll find out about collision domains vs broadcast domains. If you have switches (not hubs) in your school, you have many collision domains and one broadcast domain. Don't worry about this, I don't think people had this problem since the 80's... that's why CDMA was created.
  7. Short answer is Comp B will not see the router or Comp A. Also Comp B will have an invalid IP, that is the network number, the first usable number will be 129. In the real world, it can get really goofy, and this is why overlapping networks with similar numbers are BAD and you need to keep that stuff organized and vlan'd. If you only change the subnet mask of Comp B, the above statement is true from the perspective of Comp B. Comp A and the router will still have the /24 mask. That means that Comp B will see broadcasts because they go from 0-255 there. Comp B will try to answer those broadcasts and traffic will get mixed up.... I've seen this happen and it's hard as hell to troubleshoot. But for your exams and labs, ignore this rant, it shouldn't happen on paper! Moral of this story is get your subnet masks matching on everything!
  8. You really have a hub? If it's really a hub, throw that thing away and upgrade. Select the 2 interfaces on the laptop (wifi and lan) and make them a bridge. Your laptop becomes a bit transparent in the network but the 2 interfaces become a pass-through, which is what you need.
  9. Build redundancy into the box and you should be fine. RAID, dual NICs, ECC ram, dual CPUs, etc. When you do a P2V on the others, you should have no problem, but the Exchange conversion will take forever unless you take it offline. You will have to make them live without email for a weekend to get this done right. There are services out there that will catch or host your email until your server comes back online and then push it all down, this would also be a nice service to keep running in case of server failure.
  10. I'm gonna guess you put those 4 other drives on a RAID card or some other PCI expansion card. Did you check to see if those are on the vmware HAL?
  11. Getting the actual IP address is pretty trivial. For example, not every server is hosted elsewhere. There's a good chance something is hosted locally if it's a large enough company. For example, we keep our website hosted elsewhere, but our Exchange in house where we get to back it up and keep it safe. Once you find an IP address, you can pretty easily get the range, ping sweeps are legal. You can ping as much as you want around the world with no consequence. With that in mind, if they did get attacked and you did the ping sweep from your house, you will be on a short list of destinations for the FBI to visit. DO IT FROM A STARBUXXX WIFI. As previously mentioned, the most successful attack would be from the inside out. Social engineering or trojan exploits, etc. You would be surprised how easy a telco shirt and tool box will get you past the front desk. Otherwise you would need to exploit vulnerable services. Here's where it gets fuzzy. A ping is a legitimate request from computer to computer. A port scan is not, it is an active inquiry into a system that is not your own. This might be where you cross the line. Again, do this from NOT your house. Find a vulnerable service and apply the zero day (that you wrote!! ;/). These are the basics of a pen test, study up on pen testing for more on this topic. Many good books out there, "Stealing the ______" (network/continent/etc) is a really good series by experienced authors, it's all fiction, but the methods are real.
  12. Cancel your Rapidshare account so nobody else can use it. Problem solved.
  13. If you really have a terabyte to back up, that's probably an accurate time. I really don't think backing up the VMFS partition is the best/fastest solution. There's probably a few servers that don't need nightly incrementals, so you could eliminate those. Then apply backup solutions to the VMs themselves. Find an agent that does a dedupe before sending the data to disk/tape. You do have alot to backup, and perhaps outsourcing a solution would best if you're stuck. I think you have to put some serious money into this in some form, either prof services or backup software or backup hardware...
  14. The problem with backing up the actual VM files is that they are running and constantly changing. You need an agent that will recognize this and deal with it, or that will stop the processes and run the backup automatically. You could clone it live and call that a backup, I suppose. I wouldn't call any of those options clustering. VMFS is slow, VMware will admit that. But they didn't create it to be fast, they created it to be solid for the files to sit in. If your resources over commit and it starts a SWAP file, your server will CRAWL. The purpose is to keep files contiguous and ready to pull into ram. VMs don't run off the disk, they just sleep there. They get up and go to work in the RAM. So you need to find an agent that understands VMs, typically we recommend backup solutions that run INSIDE the VM. Something more traditional like commvault or networker. These agents run on the windows OS and backup like they were physical machines. Rarely do we backup the VMDK files, especially running ones.
  15. If you use ESXi, you don't get to use it as PC, you must have another PC to pull a remote desktop. If you do anything graphics related, don't virtualize it, no support or performance.
  16. Turn on SNMP on the port the WAP is connected to and monitor the bandwidth of that port. PRTG is a good free windows based monitor, based on MRTG.
  17. To be fair, this has nothing to do with the security of Apple products. That could have been any computer store with any brand electronics. You smash a plate glass window with a rock and grab all that stuff in 31 seconds, it won't matter what brand it was. It could have been 23 HP laptops, 14 blackberrys, and 9 Zunes.
  18. Take the modem/router with you to work. How hard could this be? Put it in your bedroom and lock it. You act like the guy has complete control over your life and you this is a last resort. If the roommate is that unreasonable, kick him out!
  19. Totally right, if it's a Layer 2 broadcast, it won't pass through a router (or layer 3 device-without special circumstances). "The Magic Packet is a broadcast frame" -wiki Frames don't travel the internet, packets do. Bottom line is you would need a device in his VLAN or subnet (not just lan) to deliver the WOL frame.
  20. All these hoops to jump through to get a T1 installed? I call BS, I assume they also are arranging an IDS service for you (and will charge you for it). I've had to work around those situations before, however I was always given a very clear (and short) list of firewall rules to configure. The ones I've dealt with drop an appliance on the network, have me configure a mirror port on a switch or put the device inline and allow them remote access to the device. The customer pays them for active network monitoring and that's what they get. No ISP should request you open ports or install anything for them, so I assume you've left something out in this story and might have a similar situation that I ran into. Either way, you should be allowed to get a full, technical, explanation of any changes you need to make to YOUR equipment.
  21. You create a new scope or sub-scope for the VLAN/network that the DHCP server does NOT reside in. You give the ip-helper command to point to the dhcp server for the other vlan. Then in the DHCP configuration you use the network ID (or something like that) and give the number that corresponds to the VLAN, i.e. Vlan 200. Pretty simple on a MS server.
  22. If you trust VLANs then physical separation isn't needed, just virtual. Some people don't trust vlans, not sure why, but I can respect that. Also the benefit here is more NIC ports for all your connections, instead of 2 for this one and 2 for that one, you get 4 for this one.
  23. Snort is free, try that first. You will not find an IDS that works out of the box. You have to tune and tweak them to eliminate false positives. This will not be a 20 minute project, this will take you a couple of months. Longer on a home network since there will be no attacks to watch for and flag.
  24. I assume you are giving the management console port the IP of 63.x.x.x? That's the only management (service console) port. You would need to create another one to give it another IP address. I don't believe ESXi allows that, ESX3.5 does. I see no reason to put that out on the open internet, I recommend you give it an internal IP and use your firewall to allow access into that IP address. You can at least control or white list the allowed IPs then.
  • Create New...