Infiltrator

That can be achieved via group policy and batch scripting. I would recommend you to read up on domain group policy, there's a lot to learn and know about it. You also need to know on how to promote your server to a DC (domain controller), plenty of info on Google on how to do that. But basically with a domain controller, you can do anything from controlling user accesses, to limiting system resource to completely locking down a workstation on a network, that's all done via GPO (group police object). So there is a lot to know and learn about Windows Servers. WS isn't Windows XP or 7 there are tons of features, functionality built into it that managing or even building one for the first time can be a nightmare if you don't have right knowledge or experience. So I would strongly recommend you to research, read and buy books if you can, It will pay off. Let me know if you need help with anything.

What an interview!!!!!

That is a very interesting situation, I'm still thinking on a solution for this.

If I had the time, I would just run some testing on my network using wireshark and confirm how arp poisoning really works.

Generally I block all IP addresses that originates from the following countries Russia, China and Nigeria. Specifically China, they are very bad and can't tolerate them. You can use .htaccess as suggested by Digip to add the ip addresses individually or block them by a subnet range, this option would allow you to maintain a short blacklist of bad IP addresses, but the downside of this approach is of course, you could potentially block any legit user from visiting your site. That is if he/she falls under the same class or range of IP address contained in the .htaccess file. Blocking IP addresses can be an effective option to block bad IP addresses, but can be very hard to manage, once your black list starts getting longer.

Nice script very straight forward and concise.

I've never used them before, so I can't comment on them sorry.

Look into these brands, I've used them before never had any issues. Zalman Thermaltake

You have to be connected to the same network as your victim in order for the arp spoofing attack to work. Again, as long as you are connected to the same network, you could be sitting several miles away from him/her and still be able to arpspoof along with everyone else in the vicinity. Now depending on the network set up, some network switches may have been programmed to block arp poisoning, rendering arp spoofing useless.

There are other videos but this one should do the trick http://www.securitytube.net/video/1786

In most cases it would be very difficult to exploit a machine that is behind a firewall, unless its completely exposed to the internet or placed in a DMZ your chances would be very slim. An attacker for example would have to use other techniques to exploit a target. Via drive by download or via PDF exploits. PDF exploits would be the most common method and you can use Metasploit to encode a reverse_shell into your own PDF file, just as suggested by Digip.

I may be wrong, but somehow I don't think your server is being isolated. You can try following this tech suggestion, and see how you go but if you can still ping your server from your main computer than its not called isolation.

Ohh, in that picture the router is using a routing protocol (eg, RIP or IGRP) to split the the two subnets. So that's how it's possible to have two different subnets using the same gateway.

There's a lot you can do with a server. For instance, you can turn it into a webserver (Apache), host your own website. I think you should assess your needs, and ask yourself do I really need a server? What can I use it for?

Just wondering, what feature in Wrt300 are you using to isolate the main computer from the server?

What did you punch?

I would definitely recommend Ubuntu as your second OS. It may be frustrating at first but trust me, it will be a rewarding experience.

You never mentioned anything about internet. But to get around that, you will need to install an additional network card in your server. Both network cards will need to be on different subnets. For example, the first card will be operating on the following IP address range, 192.168.1.1 and the second network card on 10.0.0.1.

If you have correctly forwarded the right port on your router. Then make sure there is no security essentials running on the target host (eg AV or Firewall). On the other hand, can you successfully exploit the box from within your network? If you can't, then it could mean that the box is not vulnerable to the exploit.

That's good to hear, thank you again.

Get your second router and connect it up to your server. DO NOT connect it to your modem or first router, just have it sitting by itself with the server. That should isolate your server from your main computer. For example: First network: Modem->Router 1->Main computer DO NOT Connect these two networks together. They are meant to be separated/isolated from each other. Hope this makes sense to you. Second network: Router2->Server

How long is this challenge running for? I just need a little bit of more time, to complete the last part. Part 1 and part 2 are completed.

Why not try selling in Ebay or some place else, if you write it off on your taxes you won't get much back anyway. Government is always trying to rip money off people. Or try selling it privately for a few hundred dollars or so.

So you have two routers and one modem is this correct?

Ohh, now I know what is going on with your set up and that explains the situation a lot better. Let me ask you this question, do you have a spare router?