Iain

I've tried to install BT4 on a USB memory stick but it won't boot, so I need to troubleshoot. I followed the detailed video tutorial at http://www.offensive-security.com/videos/b...sb-install.html and everything seemed to go fine. I used a brand new 4GB USB memory stick. Despite following the instructions exactly, I don't know if it's a problem with grub or my laptop. Questions: 1. As far as I know, I do not need any specific make or model of USB memory stick. Correct? 2. My laptop is about 5 years old and will boot from a USB floppy. Needless to say, that it first in the boot order on BIOS. I was under the impression that, as it will boot from the USB floppy, it *should* boot from a USB memory stick. Correct? There are no BIOS updates on the manufacturer's site. 3. I'm fairly new to Linux and my knowledge of grub is negligible. Does anyone have any tips about examining the grub configuration to see if that's the reason why it's not working? I've followed the instructions twice to create the bootable USB stick with identical results. Thanks for your time.

You beat me to it - it was going to be my project for the weekend!

Ha - that's the problem using abbreviations but I'm not blaming you specifically. IT is littered with such abbreviations. I'll set about researching "Network Level Authentication" now.

As you were kind enough to explain NLA (I didn't know what it was!), I'll explain what I know about VPN/RDP. They are both intrinsic within Windows XP/2003. Remote Desktop is an insecure protocol that's used to access a remote host and bring the desktop to the local host as if the operator were sitting at the remote host. By default, it uses TCP 3389. In order to make the RDP connection more secure, it's not uncommon to connect to the remote network first via VPN and that connection is encrypted. The simplest encryption is PPTP (TCP 1723) and the more secure is L2TP (TCP 1701). When the VPN connection has been established, the local host is given an additional IP address which is an address on the remote network. It's a simple matter then to connect to the target host via a RDP connection which is tunnelled through a secure VPN connection. I'm a "Windows guy" and my knowledge of Linux is very limited. I think that the principles in Linux are similar.

If the VPN server hands out IP addresses via DHCP, you will get an IP address which is on your home network. When the VPN's established, check it using ipconfig /all from the command prompt and you'll see 2 IP addresses. Just make sure that the remote and home networks are not using the same IP range. At home, I typically use something like 10.17.100.0/24 so there's almost no chance of that range being used if I connect to a potentially hostile wireless network. If your home server address is, for instance, 10.17.100.250 then that's the address you'll need to use from your remote client. When the VPN is established you are, in effect, sitting at home connected directly to your home LAN.

I'd like to get my head around the wireless association and authentication process. I set up 2 laptops, each with a wireless card (one Netgear WG511T and the other Intel PRO/Wireless 2200BG) and a Netgear router/AP. I ran Wireshark and collected traffic. I tried Wireshark in both Windows XP and Linux and tried the capture process using both wireless cards but I didn't collect any beacons, probes or the assocation process. The only traffic that I captured was a number of EAPOL frames when the capturing laptop actually authenticated. I hoped to be able to collect all the beacons, probes and other management frames when both laptops associated and authenticated. I set the wireless cards in both promiscuous and monitor mode ... but nada. Any suggestions? As I say, all I want to do is collect then analyse the traffic within my own wireless network. I do not plan to access other wireless networks.

I don't know about klutz, but it looks like h3%5kr3w used Cisco's Packet Tracer.

I receive similar PMs on the various fora that I visit. My reaction depends upon my mood - sometimes I just delete them whilst other times I forward them to a mod so they can do whatever they feel is appropriate.

I'm happy to try a 30 day free trial if it will generate income for something which I look forward to each week.

Now you've got me wondering digip!

Yes, that struck me too. If it has been hacked, that would be a bit embarrassing Edit: Thanks for the link digip. I just went there and saw a comment: "This was posted as a comment to my blog before I took it down" and that was on 19 September. He's posted some links since then. If he has indeed taken room362 down, I'm sure there are good reasons. Maybe we'll find out in due course.

When I read the OP question, I thought it meant getting out of Israel, rather than accessing sites in Israel. It made me think of the situation several weeks ago when Iran tried to restrict internet access to their citizens following the election. Of course, many found ways around that. I'd agree with VaKo's comment, assuming that they haven't locked everything down so tight that you can't even create a VPN tunnel. I guess they might have blocked outgoing 1723/1701 for students so you might have to think of something else.

I visit mubix's site but now it says "I'm done, catch me on Facebook". Has anyone else seen this? I know that mubix visits here. I hope he (or someone else) can throw some light on this.

So, what's your home network ID, the remote network ID and what addresses are given to the VPN server and client when the tunnel is created. When it's all connected, what address do you use to access the remote network resources? I'm following Darren's suggestions with XP and W2K3 so there is no server.conf file as recommended by beakmyn.

If you manage to find how you did this in a reproducible way, I'd be interested to know the steps that you took.

I've been searching for netadmin and security articles and have come across some US college sites which have some interesting articles, aimed at students on their courses. I tend to use wget.exe and would be grateful for advice about getting an index page. Imagine that the URL for a paper is http://college.edu/tutor/paper.pdf. I tried wgetting http://college.edu/tutor/index.html and http://college.edu/tutor as well as several other variations and nothing brings up any sort of index. Needless to say, I've googled <site:college.edu/tutor> but that hasn't brought up any useful links either. I just wonder if the tutor's pages aren't indexed by google. Is there any easy way of interrogating the site(s) to get a list of resources available for download? Thanks in advance.

I never really liked the physical mods. I prefer the grey activity (and how to prevent against it) as well as information about the many Windows and Linux tools that I'd never encounter otherwise. As a side note, I'm amazed that Darren et. al. manage to find sufficient time and material to produce a 30 - 40 minute show each week. I was impressed by the monthly production so this season has got me buzzing. It's a pity there's not a lot of time for me to play around with what's been demonstrated in one episode before the next one comes around!

Agreed. I don't know what the OP had in hand when mentioning a 50ft cat 5 cable. I would *assume* that such a length is solid ... but I might be wrong.

I found some information (here and here) suggesting that solid UTP should be used for longer runs because the attenuation is less than with stranded UTP. I knew there was a reason to limit the length of stranded UTP cables.

When I did CCNA, I was told that, whilst the maximum Ethernet cable length is 100m, I should use a maximum of 5m of stranded cable (at each end of a long run) and the remaining (upto 90m) of unstranded cable. The reason given was that there's much less interference with unstranded vs. stranded. I've not seen this documented so it might have been one of those pearls of wisdom gained "on the job". I don't know if the OP's 50ft cable is stranded or not. It might be worth experimenting with a length of unstranded (if such a length is available to him/her).

Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance.

I don't know if the regulations have changed, but, if you fail an exam, there must be a period of 180 days before it can be retaken. I got it a couple of months ago and it's not for the squeamish! You MUST be able to interrogate a router (or switch) as I had several simulations. I had been told that it's not the sort of exam that can be passed by simply hitting the books and cramming - and I agree. There *are* some pure facts ("the default OSPF Hello interval is .... " etc.) but it's much more aimed at folks who've actually spent time configuring and troubleshooting networks. Bottom line - read, read, read but also play with as much kit as you can and get somone to screw up a network for you to troubleshoot.

Interesting - I didn't know that. In the last episode, Darren was playing around with BT and wireless capture. IIRC, he used his "real" eeePC rather than his VMWare on the AAO. He didn't explain why but it might relate to the situation that you've mentioned. Has anyone else had problems using wireless with VMWare? It's not something that I had planned to do (not initially, anyway).

You can run a live CD on your Windows PC. Boot from the CD and the OS runs entirely in RAM. It doesn't install on your hard drive, nor does it write/read data to/from it ... unless you specifically perform a write/read operation. This is the way that I first started to play around with it and I'm planning to install it into VMWare shortly.

Isn't it illegal to access someone else's network without consent - even if the network belongs to a mate and it's done for a prank?