Peter Van Eeckhoutte's Blog

Archive for the ‘Networking’ Category

A couple of days ago, I have released a small perl script to back up Cisco IOS based switches via telnet.

I know there are a couple of similar scripts available on the internet, but most of them either use the “expect” functionality (which does not work all the time), or use SendKeys (which only works when the application has the ‘focus’, and thus cannot be safely scripted.), or are commercial tools.

So I decided to write a quick and dirty (free) script myself, which is purely based on a basic tcp socket connection.

I know, this script only works with telnet (clear text), but at least you can backup your switches (and if you have a dedicated management network, it may be ok to use telnet after all). Furthermore, you can safely schedule the script to run in the background, lean back, …

Just a quick note to let you know that 2 Japanese scientists (from Hiroshima and Kobe Universities) have found a practical way to crack WPA TKIP in about one minute, using a technique called “Beck-Tews”. This technique is not new. It has been discovered by some Germans back in november, but was somewhat limited in use (QoS was required) (and it took about 15 minutes to crack the key).

Now, this limitation has been broken using mitm + a new algorithm to apply the technique.

Their findings can be downloaded from http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf

I guess it’s time to migrate to WPA2 (which has been supported on wi fi devices since 2006) AND never consider any wireless network as trusted… I always recommend using VPN on top of wireless networks, just to be safe & sure :-)

Other links :

http://www.net-security.org/secworld.php?id=7962

http://isc.sans.org/diary.html?storyid=7027&rss Read more »

Insecure.org has released a new major version of the free, open source “nmap” security scanner. (Don’t just call nmap a port scanner – Thanks to many improvements over the last years, nmap has become an excellent security scanner).

Visit http://nmap.org/5/ for more information about this new version.

Although there are roughly 600 updates in this new version, these are the top 5 improvements in nmap 5 :

ncat (allows data transfer, redirection and debugging) – (Remember hobbit’s nc ?)
ndiff scan comparison
better performance
improved zenmap GUI (including a real neat feature to visually map the network you have scanned)
Improvement of nmap scripting engine (nse), reviewed existing scripts and added 32 new scripts.

Download and install the new version, buy/read the book, spread the word, and scan ‘til you drop !

Some of my favorite nmap parameters/scan parameters :

Detecting common stateless …

Introduction In this blog post, I’ll show the easy steps to set up a screenOS based active/passive cluster. I’m not going to discuss the configuration of active/active clusters because, in my opinion, this configuration is only needed in rare circumstances and may introduce some weird behaviour issues.  Furthermore, active/passive clusters have been working quite well for me. These are the main requirements to set up a cluster : The 2 devices need to be the same model The 2 devices need to run exactly the same screenOS version (Or you’ll get “configuration out of sync” messages because the checksums will fail) The 2 devices need to be connected to each other : You need to have at least one free interface on each device to interconnect …

The default route or “route of last resort” is an important route in most present inter-network connectivity configurations. It contains all public and private routes possible and is responsible for directing traffic to a next hop when no better route is found.  In most cases, it is used to allow networks to access the internet, but this is not the only scenario where a default route is used.  It can be used for example on child networks, that don’t have a direct connection to the internet, to aggregate all routing into one single route, pointing to an upstream router, which then separates internet traffic and private traffic. (Example : OSPF stub area’s and not-so-stubby area’s)

It is important to understand that the “0.0.0.0/0” notation does not always refer to the default route. In fact, in some/most routers, 0.0.0.0/0 refers to “all …

As explained in one of my earlier posts, one of the requirements to successfully setup and operate an iBGP configuration is that all iBGP clients need to have a BGP connection to all other iBGP clients. (= full mesh). This is required because an iBGP device only exchanges information about its own networks and it does not pass on BGP updates from other peers to other peers. Suppose you have 4 devices in the same AS, exchanging prefix information over BGP, then you would need 6 iBGP connections. If you add one more router in the AS, you need 4 more iBGP connections …

Basic steps : Put interface in monitor mode Find wireless network (protected with WPA2 and a Pre Shared Key) Capture all packets Wait until you see a client and deauthenticate the client, so the handshake can be captured Crack the key using a dictionary file (or via John The Ripper)   I’ll use a Dlink DWL-G122 (USB) wireless network interface for this procedure.  In backtrack4, this device is recognized as wlan0. First, put the card in monitor mode : …