Michael Wheeler

SSH is a wonderful protocol / tool which I use every day. It allows a user secure communication between hosts. Amongst it’s many features it allows people to securely to execute commands, copy files and tunnel net traffic. Using SSH rather than telnet to configure and access devices is a great step up, and unlike telnet, passwords and secure information is encrypted.

But just because you’ve enabled SSH on all your devices doesn’t mean your network is any more secure. SSH is only one in many changes that need to be changed in order to have a secure network.

Network Management, most network management software still access your devices using insecure techniques (some of which are listed below). What’s the use of using SSH, when you network management polls it every 5 minutes insecurely

Keys
A simple think overlooked in most SSH setups, is that keys are never logged / saved, nor are private/public key authentication. So when you have 500 network devices, when you connect to one, people start getting into the habit of just accepting ssh keys without looking at them. A simple ARP man in the middle attack could allow a user to grab your password without any work.

File Transfer
So you need to upload a config file. Simple I’ll just TFTP or FTP it. Maybe you might even HTTP it across. Well there you go, all the work of installing SSH on all your devices has been wasted. This can easily be fixed with either SCP, HTTPS or FTPS.

SNMP
Commonly used SNMPv2 and v1 has no encryption support. It is common that most devices are setup with SNMPv2 and v1 rather than the SNMPv3 which support encryption. SNMP can be used to monitor, and set configuration options on most devices.

Vulnerabilities in software
Sounds pretty stupid, but why would an attacker bother with SSH when they can just exploit a page. It’s annoying, but IOS and other software need to stay updated.

Routing Protocols
Routing protocols really need to stay on routed links. Having OSPF running on general access VLANs is not a good idea. Very easy to make a man in the middle attack.

Spanning Tree
Spanning Tree can easily be disturbed, and be used for malicious activities. BPDU GUARD really needs to be enabled on access ports, otherwise you’ll be in trouble.

Theses simple fixes will in fact make your network more secure than SSH would.

realred_draco – Iodine, Disinfecting Our Wounds

Since I didn’t want to get charged $27.50 for 100MB of data on ReiverNet at the Oaks Auroa hotel (amazing place), I looked for some ways around the system. Before leaving I read up about ICMPTX( IP over ICMP, e.g. ping packets ) and NSTX(IP over DNS). ICMP didn’t seem to work, but hostnames were resolvable, so I done some more reading on NSTX.

Turns out that some software called iodine has taken over the roll of NSTX. I was able to convince another user to compile iodine for snow leopard because I forgot to install xtools before I left, and followed this tutorial on installing on FreeBSD and this. In no time I had free internet at the cost of their name server. If they charged a decent rate, I wouldn’t have worried.

The tunnel is ok for low bandwidth uses, like HTML, but other content slows the pipe down quickly.

TheSkorm – Hazard perception test hacking

HPT (Hazard Perception Test) is a test to test your reaction time for hazards when driving. It is required for Queensland drivers to take the test to move from a P1 to P2 licence. The test is taken online where you are shown several one minutes videos, and you must click on the hazard as soon as you spot it. I always like to play around with online systems testing security so I gave this setup a shot. I used the practice tests to see how the system worked, and it was pretty easy to work out a way to cheat the system (like most online exams).

Since it was encrypted using HTTPS Wireshark was out of the question, however this doesn’t mean you can’t still see what’s happening. I found a nice tool called “Live HTTP headers” which shows you all the requests. The first thing I noticed is that the videos are preloaded. You can see all the requested URLs in Live HTTP headers.

To watch one of the videos before taking the test, all you have to do is grab the URL for it (see the screenshot above) and paste that into a new tab. The videos seem to be able to be downloaded at least twice. You can then watch the videos, and then take the exam, and know exactly what’s in the exam / video.

It’s not overly hard to do, and actually quite fun.

TheSkorm – IMG_3438

Had some old hardware laying around at home, so I thought I would make my own iMac, or more namely, iBigMac. Started with a Dell 15″ LCD, an a7v8x-x with a AMD 450mhz CPU, and a nVidia Geforce graphics card and an unknown amount of RAM. It wasn’t much of a build. Make some holes in the LCD plastic, screw everything down and the hardware part was done.

I planned on using a USB stick to boot it, but he motherboard doesn’t support it so it’s network booting using PXE to my server, which is pretty cool. It’s BIOS is really quick, and since everything is loaded in RAM it’s quite speedy. It’s perfect for quickly looking at a website, and requires a lot less power. 100% recycled parts.

Oh, the red tape is to hold the motherboard on the screen at the top half. None of the holes lined up.