Random_N00b

I'll have to take a look! Thanks!

I'm very aware of the distinction between "hackers", "crackers", and other. I'll still give that a good google though, I may learn something. I think what I was remarking on was the knee-jerk reaction to the term "hacker". I think what a lot of people think of when they hear "hacker" is that guy who steals their bank account information, or dare I say it, "anonymous". What people fail to realize is a "hacker" is the guy who takes that piece of electronics and figures out how to do something the manufacturer and designer never would have never dreamed possible. Or the guy (or gal) who figured out that some protocol that was supposedly secure has a gaping hole in it, or that the password hashes are easy to break, etc. Now, the way I look at this site, and others like it, is simply presenting information. What you choose to do with the information is up to you. Just because you can break into someones system doesn't mean you should. Myself, personally, I'm just some random noob here who is interested in knowing where the weak points are, so I can make sure I don't leave those open on my professional networks that I'm responsible for setting up.

That's...sad. I'm interested in learning more, but I almost feel like I'm a criminal for going to "hacker" websites. I feel the government is cranking down on it's control of information. How long before they go, "Hmmm, you know China, we like what you got over there?" With DPI getting passed I know it's a matter time at this point...Maybe I'm just ignorant. Or haven't looked up enough. I thought my SSH tunnel was secure if that tells you anything.

Thanks for the responses. I'm just hearing about this for the first time. Not sure why they are making a big deal about it now, especially how long this threat has been around.

I get the Comp TIA Smart briefs, and one thing that recently caught my eye was a link to a Reuters article talking about how the US Government is apparently warning people to disable UPnP on network devices because of a security flaw. Now, I'm not in the best situation as far as news goes right now (Out of the US in a 3rd world country), so I'm not sure if this is all over the news, or is old news. Either way, have you in this community heard anything about this or are familiar with it and why UPnP is a big issue right now? Thank you.

For the purposes of security testing, and I really do mean that, I think I'll throw one of my password hashes into Cain and Able. The only problem is, I've never worked much with it, and never got it working. However, this isn't an issue for this forum. Actually, I think it's on Hiren's...

I'm going to put my 2 cents in on this. I just implemented a system to get around a restrictive DNS server that was being hosted on the default gateway, and simply setting a new DNS server in my internet options did not work. I think it can be used to help in this situation. If I'm not mistaken, packet sniffers like wireshark can pick up DNS requests that go over the network. While you may have your traffic encrypted and proxyed through an SSH tunnel/SOCKS Proxy, someone with a sniffer out would still be able to pick up on DNS requests. What I was able to learn through asking on this site was that Firefox has a great setting in it's "about:config" where you can tell it to put DNS requests through the proxy, allowing for those requests to be encrypted and handled by your remote server. (This is done by setting the value network.proxy.socks_remote_dns to "true") While this will not stop someone from stripping SSL, it will still deny someone with just a sniffer that piece of information. This may be common knowledge, and I didn't know that. If it is, my bad. Either way, that's my 2 cents, take it for what it's worth.

Did not know that. I mean, I was sure that it worked at one point, but for the time that I've been in the industry (about 4 years) I've never seen that tool work. Maybe on the default IOS's, but I've never tried it. Also, if you're to the point where you're trying to decrypt the hash, you can probably just do a password recovery. Probably be easier.

You could try and get in contact with user "plazmatron". I saw in his signature a couple linux certs, linux + being one of them.

You're from Michigan, aren't you? Didn't the State Government overrule that collective bargaining that the voters shot down, or something? Either way, my 2 cents worth, coming from a former Michiganer, is to take the money, job, and experience. While you may not agree with paying the Union dues and such, the thing I see is that while you are at this job, you will be able to demonstrate your skills and abilities, make new fiends and acquaintances, develop your skills and yourself, network to hopefully get a better job, and hopefully learn some new things from someone who knows more than you. At the very least, if you do well at this job and make those connections, you may be able to get some good recommendations and such from people you worked with. Sometimes, it's not who you know, it's who knows you. Hope this helps. Also, the job outlook in Michigan scares me, that's why I got out.

Now, I can't speak for my work, as I am not allowed access to the information on the automatons side of the house, but from being a user on the network, I know that a version of Bluecoat is used, and that a proxy server is used that we log in to (firefox and IE). The only problem I have with Bluecoat is that at times it is too restrictive. Sites that I've had to get to for school have been blocked, along with some legit news sites.

First off, OP shouldn't have to block out the password information. Username, maybe, password, no. The passwords are encrypted in the config by: switch(config)#service password-encryption in older IOS versions. I know the newest version of IOS for 3750 (all versions that I'm aware of in the catalyst series of switches) supports a new command which encrypts the password and is integrated into the user command. It is: switch(config)#username <user> privilege <1-15> secret <password> If you were to use the username of bob, and wanted him to be fully enabled upon login, and have the password of password123, it would look like: switch(config)#username bob privilege 15 secret password123 A "show run" command would show the line as: username bob privilege 15 secret @ts24%s0asr42siowd42$ or some other hash However, still probably not a bad idea to block that line out. I am aware of some tools (Solar Winds Engineer Toolset) that come with Cisco password decryptors, but I have never seen it actually work.

Thank you. I'll be sure to take a look at that.

I just got an offer to take a Comp TIA exam for free. It's the new Cloud Plus cert. I don't know anything about "The Cloud" in reference to what this exam is. Yes, I understand "The Cloud" is the internet. I just know nothing about cloud computing. Anyone know of any good resources for learning about cloud computing? Thank you.

Awesome. I have a project for after my CCNA. Thank you so much. Hopefully, I'll be able to Q you up later.