a client asked me to install ettercap on their linux gateway machine - two ethernet machine. I tried it in bridged mode, it but as soon as I start it, the traffic stops and no one can access anything. Did anyone ever succeed in running it on the gateway?
View 1 RepliesI have been playing with Ettercap on my home network, learning about packet forwarding and all such things. Recently, after doing some certificate stuff, Ettercap is performing the SSL attack where it sucks out the password of a user after it issues a fake certificate. How do I turn off the SSL attack in ettercap when I'm not interested in SSL information?
View 1 Replies View Relatedettercap can see http request but not response
I'm trying to see regular http responses from my wireless ipad (victim) from my wired pc (attacker). Everything's working great but I can only see the http requests not the responses.
I've done much reading and googling and tried registering in more relevant forums but some forums were shutdown, so I've come here.
Code:
# setup ip forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
# use ettercap to do the mitm using only mitm
sudo ettercap --iface eth0 --text --plugin autoadd --only-mitm --mitm arp:remote /192.168.0.1/ /192.168.0.155/
[Code]....
How do you set up a linux workstation to act as a gateway for all other PC's in the LAN giving them internal IP's using DHCP, but which also forces all access to the internet to go through a proxy running inside the same linux workstation at 127.0.0.1:9666?the proxy is provided by ultrasurf and run using wine and we do not want to set applications one by one to use a proxy - it must be an automatic effect.
View 3 Replies View Related1.Making a Home server connect using ssh tunnel to a remote server ( to bypass proxy )
2. Making the home server accept connections as a gateway and forward anything that comes to it to the ssh tunnel connection of the remote server.
3. Making any client that puts the home server as a gateway in the network configuration gets a the tunnel connection to the remote server.
Home Server: ubuntu
Remote server: ubuntu
I am attempting to setup my home ubuntu-box (10.04, 64bit) to vpn into work (cisco).My attempt has been partially successful - connecting successfully to shared drives - but I can't access the internal company sharepoint site (using network-manager-vpnc). When I enter the URL into firefox, it tries for a few seconds then displays the "connection was reset" error page (see attached). I don't even get the normal pop-up dialog asking for my credentials! The URL is resolvable to an IP, and the server can be pinged successfully.
So, to make sure my home network wasn't to blame, I brought home a work laptop with a windows vpn client. This worked fine.I then went to work with Ubuntu-NR on a USB stick and booted up into ubuntu to make sure ubuntu wasn't to blame. This worked fine
I am trying to access my company VPN using my Centos 5.5 laptop. I have the vpn client certificate issued by my company's IT dept. I am able to access the webmail using the same certificate which I installed in firefox. But I would like to know how to use this certificate to sign in to the VPN. Some of my colleagues use the Cisco VPN client v5.0.? software and the vpn client certificate to login. It works fine. But I would like to do the same with Centos.I tried connecting using vpnc. I converted the pcf file to conf using pcf2conf. Converted the certificate to .pem file. I replaced the /etc/vpnc/default.conf file with the pcf2conf converted file. Following is the converted conf file:
IPSec gateway example-vpn.companyname.com
IPSec ID <groupid>
IPSec secret <groupsecret>
[code]....
we hav one of our client want access our company computer from outside network and all our computers are under proxy server therefore all computers have limited access so one of the limited access computer, client has to access from outside. so we want this computer should remain under proxy server as well as accessible from outside network
View 3 Replies View RelatedMy problem is that my wireless network traffic sometimes just stop.Like when I tries to update my system, update NetBeans or just download using Uget. I have no clue on what's wrong,Here is my system info:
Laptop model:
Code:
Lenovo R500
[code]....
i did install opensuse and everything ok; i did configure it to be the server and gateway for a little office network Everything seems to be ok most of the time but sometimes (usually between 5 and 7 pm each day) internet stops working and there is no way to let it start again. So i turn off the suse, switch all cables to the old fedora server, just turn it on fedora and internet works. Turn off fedora, connect suse, let it start and everythng ok...it happens all the times
View 9 Replies View RelatedI have been beating my head for the last few weeks on this problem, (although I have been taking the wrong approach, it seems).
I need a gateway to direct web traffic to three separate servers/domains. I have been trying to do this with both a dns server and , (seperatly), apache server to forward requests. The dns server was a no go, and <i can only get apache to redirect http and ftp.
After Googling this ALOT, I believe that what I need is a gateway server to redirect my traffic to the 3 different servers. I have been reading about using using nat and iptables for this and was wondering if anyone had any advice/suggestions on this. The other thought I had was to use something like pfSense to create the gateway, but I am still reading the documentation, and I am unsure if this approach will work.
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
what rules I need to use to only allow traffic between 2 interfaces (which are part of a linux bridge) using ebtables?
So let's say I have if0, if1, if2. I want if1 to communicate with if0. I also want if2 to be able to communicate with if0. But I don't want if1 and if2 to communicate with each other.
We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies View RelatedWhere I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
has my Ubuntu machine been cracked?
machine on home lan
192.168.0.102
it is the DMZ from router
ufw on (ports open for aMule)
sshd installed
[Code].....
I have installed fedora 11 64 bit on a new computer. I have no problems accessing the computers on my local network, but can not get past the gateway. The gateway is running windows XP with IP address 192.168.0.1 and is named "internet". When I boot the new computer in windows, there is no problem. Here is the output of some commands I saw in other posts with similar problems:
$ /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:24:8C:7F:10:0C
inet addr:192.168.0.245 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::224:8cff:fe7f:100c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies View RelatedI have computers in the DMZ (192.168.1.0/24) .. How to block traffic initiated from computers in the DMZ?
View 3 Replies View RelatedI set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:
Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
How do you allow SSH through the iptables firewall?
I've a server, and I want to drop all the traffic going out with other source port than 80 (apache) and 22(ssh). The reason is I want to prevent my machine sending packets I don't know (i.e. my server scanning networks or making DDOS attacks without my knowledge). The problem are the updates. If I do what I've said, the updates will not work. I want to allow updates, so I need to let DNS traffic (port 53) and the traffic of the updates to go out.
The problem is the source port. This traffic uses a dynamic port (I think like HTTP). Is there any way to specify a source port to do this? If a have a static port to do this, I would drop all the traffic going out with other port than 22,53,80 and this port.
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
I've set up bridged networking so that I can have KVM virtual machines that are accessible from outside the host. I can access both the Host and my VM from other machines on the local network, and from the VM I can access the internet but from the Host I can only access my local network. Since I can access the local network and the same issue applies regardless of whether I use host names or IP addresses I suspect it's not picking up the gateway properly.
How do I go about allowing the VM host to access the internet while still having bridged networking so I can access my VMs?
What I've checked so far:
Ping Google DNS (8.8.8.8 )
From Host: Destination Host Unreachable
From VM: Suceeds
[Code].....
The issues are only with accessing things outside of my subnet. I can access other machines on the same subnet from the Host just fine.
I have 1 root-server with 2 NICs, both having their own internet IP addresses:
Code: eth0 = 8x.x.x.183
eth2 = 8x.x.x.205 We only have one gateway on that network:
Code: gateway = 8x.x.x.1 We want to use eth2 for postfix + http, and eth0 for all the other stuff.
How can this be setup ? With route / ip route / iptables ?
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
View 9 Replies View RelatedI want to check if traffic to a specific URL is being throttled by a hospital acting as an ISP. A client is having great trouble accessing a hosted web-app from inside the hospital, but access is fine from outside. The hospital IT dept are not interested as the rest of the Internet is fine. I need to trace where the latency is creeping in or where the throttling is happening, if I can do that, the hospital will remove it. Traffic is standard http to a specific URL.
View 9 Replies View Relatedwe want to post anonymously to a public forum like linuxquestions. We can do it through a service like [URL]. This uses a secure link so any eavesdropper in my LAN cannot see the url I am connecting to.
If this eavesdropper in my LAN suspects I am posting on linuxforums.com, they can look at times when my suspected posts appear in this public forum, and compare them with peaks in the traffic from my computer, and if the times match, it's a strong indication I am the same person. If I somehow fill the virtual private connection with a dummy data stream, can the eavesdropper still tell I am posting to linuxquestions?
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
We've had a site broken into, and several of the desktop computers physically stolen. The Ubuntu 9.10 router/gateway/firewall/web filter box has however NOT been stolen. I'm wondering if there is any information we can get from this that would help the police.
NAT and firewalling are handled by firehol. It runs a DHCP server to provide the desktops with IP addresses. It runs a Samba server with some file shares. It runs Squid and Dansguardian in an intercepting-proxy configuration. Of particular interest might be whether the MAC addresses of the stolen desktops can be obtained, which might help with tracking them down. Also anything to narrow down the time of the break-in.
I am completely new to linux in any flavour. I installed ubuntu 10.4.1 64-bit on my Gateway NV59 laptop as a dual boot with Windows 7. The installation went just fine. When it comes to networking, I can connect to my home network when wired directly, wireless is another matter. I can connect wireless in windows just fine, so the card is physically fine.
My set up is as follows:
Gateway NV59 laptop with Atheros AR928X PCI-E wireless adapter
Linksys WRT54G router using WPA2 Personal and a class C address scheme (192.168.x.x)
(If anyone thinks it would be necessary to post actual hardware specs of the laptop, I can, but don't think it really necessary). I have followed the Wifi Wireless Troubleshooting Guide found at [URL].
When connecting to my network wirelessly, I click the icon in the top right, and choose "Create New Wireless Network". When I input my settings (SSID - not broadcast, and security type and key - WPA), it then states I am connected under the "Wireless Networks" section found in that menu, and shows my network name with a strong signal and a computer/monitor icon. When I double-click the icon, it tells me I am connected and that the connection is active, yet the actual wireless icon on the top bar is grey, not white, and has a red exclamation mark on it. According to the steps in the troubleshooting guide, my wireless card is recognized and installed, with a driver of ath9k.
When I run lsmod, the driver is listed, therefore loaded, and ndiswrapper is NOT listed. I have verified that the driver is communicating with the kernel. When I scan for my router, it is listed under Cell 04, with the correct SSID and hardware address. There do not appear to be multiple drivers loaded, and my wifi is NOT disabled. When I check to see if I'm associated with a router, iwconfig shows my network ssid under wlan0, with the correct hardware address listed under Cell:, yet I cannot ping my router's internal ip address. At this point, I ran ifconfig, and for some reason, my wireless card has been given a class A address of 10.42.43.1.
When I try to assign an ip address via dhcp, DHCPDISCOVER runs for a number of intervals and then tells me "No DHCPOFFERS received", yet my router is using dhcp to assign ips with a pool of 50, more than enough ips for all the hardware in my network. When I run the command "sudo invoke-rc.d networking restart", I get the statement "Ignoring unknown interface wlan0=wlan0" - not sure what that means, but doesn't sound good to me, and retrying to accquire an ip address through dhcp still does not work. If I attempt to assign an ip address within my network range manually, I first run the command "sudo ifconfig wlan0 down", then just out of curiosity to see if the interface is really down.
I run ifconfig again, and wlan0 is no longer listed, but now there is eth0 (my regular ethernet interface) with no ip address. AND another interface is listed - eth0:avahi with the same hardware address as eth0, and an address of 169.254.4.42 - this seems to be the default address the OS will assign when it cannot get one via dhcp, but I have no idea why it has shown up as eth0::avahi... Anyway, after entering the command "sudo ifconfig ip addr 192.168.x.x netmask 255.255.255.0 broadcast 192.168.x.255 up" with the appropriate addresses, I receive the error "addr: Unknown host".
What I have NOT tried, are the following steps:
1. Change my router to an open signal (I would prefer not to do this, but will, if it is absolutely necessary for troubleshooting)
2. Try gtk wifi, or wifi radar
3. Try booting with kernel option pci=noacpi or acpi=off (not entirely sure how to do this just yet)
4. Try wpa supplicant (not sure what this is, just noted it was in the troubleshooting guide)