Security :: OT - Unencrypted Protocols In The Local Subnet - Switched Network
Aug 27, 2009
I was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
View 1 Replies
ADVERTISEMENT
Feb 23, 2010
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
View 4 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
Dec 9, 2010
I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?
Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.
View 5 Replies
View Related
Jan 22, 2011
does somebody know how dnsmasq / iptables need to be configured such that requests to my public IP from lan are correctly NAT'ed to the host that handles them? Currently my routing device treats them like "oh, these are anyway for me, gnam gnam" which actually doesn't work.Unfortunatly setting up NAT rules that redirect requests from my lan correctly as they are redirected from wan is an option I would like to use only if there is no other possibility.I would like some kind of solution that treats packets that are sent to my public IP as normal packets that are not looped back before they even get out. So they would need to be at least sent to the wan gateway where they are directed back where my firewall can successfully treat them like all other public requests.
View 1 Replies
View Related
Jul 30, 2011
I followed this howto in order to mount CIFS shares on demand. This works great, however, this guide suggests leaving my network passwords unencrypted on the disk. This is a very bad security practice, as the passwords can be easly retrieved by booting the computer using a different OS.
I was looking for a way to secure things up, so I came up with this solution: Instead of storing the passwords plain text on the disk, I store them in a tar file encrypted using GPG. When I boot my system, I open this file to a directory in /dev/shm, and order AutoFS to retrieve the passwords from there.
This does the trick, but I presume this solution is not that secure, since /dev/shm content can be written to the swap partition. Is there any other solution which is a better security practice? Maybe using some sort of keyring service?
View 3 Replies
View Related
Jun 21, 2010
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
View 5 Replies
View Related
May 17, 2009
I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
View 3 Replies
View Related
Aug 19, 2010
I just don't get it? I've attempted multiple times to get the knetworkmanager to connect to an unencrypted network, yet it keeps asking for a wep key. However the networkmanager in the Gnome version connects to unencrypted networks just fine. Why won't knetwork manager do the same?
View 9 Replies
View Related
Feb 24, 2010
I have a linux firewall. I want to limit a ssh connection number from local network to internet .
Example :
Internal pc (192.168.0.10) start a ssh scan to the external (internet) host.
I want that iptables limit that host (192.168.0.10) and block ssh connection from this host at 3 attempt.
View 2 Replies
View Related
Apr 6, 2011
I want to know the details about the implementation of distributed firewall in a local area network
View 5 Replies
View Related
Jan 8, 2010
I am trying to do a command line installation.Finished the installation and my wireless card wasnt working.Did a "sudo ifconfig wlan0 up" and got it working.But for some reason wireless-tools is not installed thus I dont have iwconfig, iwlist, etc.The wireless works and connects fine off a liveUSB.So I am going to give info from this liveUSB run and maybe someone can suggest how I can set the right settings on the Command Line Installation I presume in the etc/network/interfaces.
View 1 Replies
View Related
Apr 10, 2009
How to implement Network Protocols.
View 1 Replies
View Related
Aug 10, 2009
I m pretty new to Linux..! I've been given a task to modify network protocol(TCP in particular). So now i've to make few changes to the kernel which includes modifying few source files. So i want to know how can i go abt it. Till now i've explored various .c files of kernel(Eg.tcp.c,tcp_input.c etc etc)by referring few books. And now comes the important part of implementing it. So how exactly can i go abt it?? I went thru various threads like installing a kernel,compliling a kernel and other things. But i m not getting the exact sequence in which i should do it. I've installed fedora 10. But i cannot see any source files which i can modify. Where and how can i modify these files?
View 5 Replies
View Related
May 30, 2010
I'm trying to setup a NFS4 server (no security, local home network behind FW). It seems that I'm missing something because 'rpcinfo -p' does not list v4 for NFS: petit-pois:/home/eric# rpcinfo -p
[Code]...
View 3 Replies
View Related
Aug 4, 2010
Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
View 6 Replies
View Related
Aug 16, 2011
I want to connect my Debian Squeeze machine to my school wireless network with wpa_supplicant.
I think the network uses 802.1X authentication, because when the other students connects to the network for the first time in Windows they enter their username and password then the connection is established. I have asked the the IT staff but they do not known what 802.1X, PEAP EAP etc. is and just say "Enter the login details in the box!".
If I bring a Windows 7 machine to school and successful connects to the network, is it then possible for me to extract the information [and extract a certificate if used on the network] from Windows somehow so i can setup the wpa_supplicant.conf correctly on Debian?
The information I want to extract is which protocols are used, like PEAP,MSCHAP etc.
View 1 Replies
View Related
Sep 6, 2010
I need to monitor network performance/usage based on protocols.
About snort now, is perfstat.c is replaced with some thing else?
View 1 Replies
View Related
Dec 28, 2010
I have a VMware farm where:
- DHCP is in use to give machines IPs
- Machines go up and down all the time
- All IPs are on a certain subnet
- VMs update DNS (we don't go by IP)
- SSH is in use
I would like to disable StrictHostKeyChecking only for this subnet, because IPs change all the time and editing known_hosts usually only works for a few days before the IP changes again, and once I get enough entries, there are tons of conflicts.
I tried the following in ~/.ssh/config:
Code:
Host 10.0.217.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
[Code]....
View 10 Replies
View Related
Jul 22, 2011
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
View 2 Replies
View Related
Feb 27, 2010
I have a machine running the 32-bit version of openSUSE 11.2 that can't seem to get outside the subnet (TCP/IP works properly inside the subnet). I've researched this problem, and I just can't seem to solve it.
The machine originally had 2 LAN cards in it. I failed to remove it before the install of openSUSE. One card was an old Network Everywhere, and the other was a 3Com 3c905c card. I decided to keep the 3com in, as I've good luck with this particular card when it comes to Linux. I've since removed the other, not only from the machine itself, but also from YaST ('Network Settings').
I can't see much in /var/logs. I've sifted through them several times. I don't see anything that really stands out. I've tried switching network control from ifup to network manager and back. That didn't seem to help. I've tried a static IP configuration and that doesn't seem to help either. I've also removed Avahi just to make sure my variables here are kept to a minimum (I don't use Avahi anyway, so it doesn't hurt).
The network is a 10.0.0.0/24 subnet with a default gateway of 10.0.0.1 (NAT). I have only 2 other PCs on this subnet - a Windows XP Pro machine, and a dual-booting laptop (XP / openSUSE 11.2). Both of them work fine. The gateway is a Linksys WRT54G router that I've flashed with DD-WRT (latest stable version). It handles DHCP for my small subnet. I have not made any changes to the network configuration / setup in a long, long time.
[Code]....
View 1 Replies
View Related
Jul 4, 2011
I installed Redhat Enterprise linux server5. it has two LAN card and two subnet connected to these two LAN card. i can browse network from these two network easily. But i created VLAN on one network card.Now i cant browse network from these VLAN subnet.
View 3 Replies
View Related
Dec 26, 2010
I have been trying to get a DHCP PXE server up for a few days now, this is what I got so far..I am following this how-tohere are some outputs and what-nots, go to the last one to see the problem I am having.the host network
Code:
:~> /sbin/ifconfig
br0 Link encap:Ethernet HWaddr 00:19:DB:62:97:20
[code]....
View 9 Replies
View Related
May 28, 2011
I installed a fresh copy of Ubuntu 11.04 on my server about 2 weeks ago, I setup remote desktop and figured to just leave the password field out as it suppose to be pre-configured to only accept local connections, well, apparently not. I was noticing some strange network activity and checked my router connections and sure enough I see port 5900 to the server, open vino icon and see that there is someone else connected! (IP of unauthorized user: 77.29.51.239 ).. Immediately kick them and set a password. This should really be addressed and/or a password should be defaulted or at the very least the "Your desktop is only reachable over the local network." should be removed.
View 9 Replies
View Related
Dec 14, 2010
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
View 9 Replies
View Related
Sep 13, 2010
I'm living at a friend's right now, and he's got a wireless access point in the house that I set my laptops wlan0 interface to route through the eth0 to my desktop. It's been working fine for internet sharing and internal networking ( ssh and ftp ) between the laptop and the desktop, but there's a problem with both subnets being able to communicate with each other, and I haven't been able to solve it with DNAT either.
The wireless access point is 192.168.0.1 and has its own lan on 192.168.0.0/24 of which my laptop is 192.168.0.5. I setup the little subnet I created by routing with the laptop to 192.168.1.0/24 and my desktop is 192.168.1.50. With shorewall I can configure iptables to DNAT all of my ssh traffic destined to 192.168.0.5 to 192.168.1.50, but the problem seems to occur when ssh on my desktop fails to connect rather than the DNAT failing.
Using iptraf I've seen that all of the routing does work properly, because I can see on the connection in iptraf that only the SYN packet is being sent from a 192.168.0.x address, there is no ACK packet sent back. I believe this is because in the connection dialog it always shows a 192.168.0.x ip as the source of the connection, but I don't have a route to 192.168.0.0/24 from 192.168.1.0/24 setup and I'm unsure of how to do so.
I'm pretty much in over my head because I don't know what is wrong, I thought it should work like this. Everything else from port configurations, to the configurations of the software itself seems fine so I don't think it's anything like that preventing a connection, but I can't think of what it would be aside from the lack of routing between each subnet.
Is there anyway to just add a route so that 192.168.1.0/24 and 192.168.0.0/24 can communicate with each other directly? I know there should be, I'm just not at all sure how it would be done.
View 1 Replies
View Related
Feb 14, 2010
I am basically from system side and often confused about the calculation of the IP addresses.Just i want to know that what how can i calculate the following of a IP Address:
(1) Available IP in a Network
(2) Broadcast IP
(3) Network Prefix or Net Mask
View 5 Replies
View Related
Mar 15, 2010
Step 1 : In Hyper-v Machine i have created two Virtual Ports.
Step 2 : Now for these two diff ports two ip address with different subnet mask(e.g 192.168.9.19 and 192.16.9.20)have been assigned(and have checked using ifconfig).
Step 3 : In Host machine i have added one subnetmask for one machine next one for another machine,however i m not able to ping both the ports from either of the machines having static ip 192.168.9.13 or having ip 192.16.9.107.
Step 4 : If i add same subnet mask for both machine it is pinging properly between 2 machines.
View 4 Replies
View Related
Aug 6, 2010
I will try to explain a bit first about my network typology: I have one cent os 5.5 machine with 2 nics - external one 86.x.x.122 and internal one with 2 IPs: 192.168.1.1 and 89.x.x.121. The ideea is that I have a public subnet (86.x.x.120/29) of IPs which are routable only through 86.x.x.122 so I have a webserver hosted on a different machine with the IP of 89.x.x.122 and GW 89.x.x.121 - everything works perfectly fine, except that I cannot access from the internal network 192.168.1.0 / 24 the so called DMZ (roughly) - the 89.x.x.122.
What really makes me crazy is that I setup the IPtables rules correctly because I can access the webserver from the outside world but I cannot accessit from the internal network...
what I'm missing - why the 192.168.1.0/24 cannot see the 89.x.x.122 machine... What IPtables rules should I add?
View 2 Replies
View Related
May 16, 2010
I'd like a way to see all of the devices on my local network and what their local IP address is. I recall that I used wireshark to troubleshoot a similar problem a while back, but it doesn't seem to have a way to see all of the devices- only the traffic. (I'd like to do this without having to physically interface with my router if possible, and I am in an encrypted network if that matters)
View 6 Replies
View Related
