tag:blogger.com,1999:blog-15256584090739579622024-03-14T01:24:40.542-04:00Geekempire.comUnknownnoreply@blogger.comBlogger16125tag:blogger.com,1999:blog-1525658409073957962.post-53335010381323155892018-07-30T22:58:00.000-04:002018-07-30T22:58:52.036-04:00IPv6 with OPNsense and Spectrum/TWC"I still remember back in the day installing winsock clients on windows 3.1 machines so people at my work could get internet."<br />
<div>
<br /></div>
<div>
Although the above statement dates me a little bit, I have been using TCP/IP for a long time. One of the most used books I have is TCP/IP Illustrated. For the longest time I have avoided adopting IPv6 for an array of factors. First being the addresses are long, second is the lack of support from a lot of things out there, and third there is a lot of basic information out there but nothing that could address my needs.</div>
<div>
<br /></div>
<div>
Even though there really isn't much incentive for companies to move over, I figured I would give it a shot at home. I have a complex setup that I use to keep things organized and separated at home. Right now I have my main home network VLAN, a VLAN for work, and an isolated network for incoming connections. I have plans to segment even more for kids, guests, security cameras, the whole shebang. OPNsense is at the heart of all this and I use it to run the show.<br />
<br />
I feel as if I should run a disclaimer that I am an IPv6 noob. I understand a lot of the basics but there is a ton of room for me to improve and grow my knowledge. I learn by doing so here is what I did and the struggles I faced. Your mileage may vary based on your ISP but a lot of these concepts should relate.<br />
<br />
<h3>
<b>Test 1 - Does IPv6 from Spectrum even work?</b></h3>
<br />
Enable it on your WAN interface:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-p31mAd1o1nw/W1_Fgwnd_KI/AAAAAAAAAk4/eIbd81_8pRsekogsYthcmjczr2emY7H_QCLcBGAs/s1600/Screen%2BShot%2B2018-07-30%2Bat%2B10.11.31%2BPM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="124" data-original-width="639" height="77" src="https://3.bp.blogspot.com/-p31mAd1o1nw/W1_Fgwnd_KI/AAAAAAAAAk4/eIbd81_8pRsekogsYthcmjczr2emY7H_QCLcBGAs/s400/Screen%2BShot%2B2018-07-30%2Bat%2B10.11.31%2BPM.png" width="400" /></a></div>
<br />
Now on your LAN interface select "Track Interface" under IPv6 Configuration Type:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-YMNw-u1nS5Q/W1_G3mdIlGI/AAAAAAAAAlI/Bu1megPeOLAuwc-6jJ6-P7Ye8OOf33yxQCLcBGAs/s1600/Screen%2BShot%2B2018-07-30%2Bat%2B10.15.42%2BPM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="58" data-original-width="634" height="36" src="https://1.bp.blogspot.com/-YMNw-u1nS5Q/W1_G3mdIlGI/AAAAAAAAAlI/Bu1megPeOLAuwc-6jJ6-P7Ye8OOf33yxQCLcBGAs/s400/Screen%2BShot%2B2018-07-30%2Bat%2B10.15.42%2BPM.png" width="400" /></a></div>
<br />
Go to the bottom and set the interface to WAN and a prefix of 0:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-MV8lQmLlHAU/W1_G3Zu0EuI/AAAAAAAAAlE/i9CYaFbvStsZynAUxSFU6R-oKUmg7dhIQCEwYBhgL/s1600/Screen%2BShot%2B2018-07-30%2Bat%2B10.15.54%2BPM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="152" data-original-width="646" height="93" src="https://3.bp.blogspot.com/-MV8lQmLlHAU/W1_G3Zu0EuI/AAAAAAAAAlE/i9CYaFbvStsZynAUxSFU6R-oKUmg7dhIQCEwYBhgL/s400/Screen%2BShot%2B2018-07-30%2Bat%2B10.15.54%2BPM.png" width="400" /></a></div>
<br />
Reboot your router and log back in. Under your main dashboard you should see a v6 address assigned to your WAN and LAN interfaces. Clients should also start picking up addresses and as long as you didn't change your default v6 rules you should be able to ping ipv6.google.com.<br />
<br />
If all you have is a single LAN and want IPv6, CONGRATS! you are done!<br />
<br />
<h3>
<b>Meat and Taterz time</b></h3>
<br />
After getting to the above I needed to segment. This is where I started looking for more advanced documentation. A lot of the suggestions out there was around assigning a static IP to the LAN and using DHCPv6 to hand out addresses etc. The main issue with that was if your ISP changes your /64 then everything is broken. Or at least that is how I understood it. I was really looking for a way to keep it simple and not have to mess with anything.<br />
<br />
Several things I read suggested requesting a larger prefix from TWC/Spectrum and then just dishing out a /64 per network. After some testing and a bunch of floundering I came up with a working solution.<br />
<br />
Change the following settings on your WAN interface:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-pxc1V04_I_4/W1_JWbLO4PI/AAAAAAAAAl0/9JX9L1zRWOQFM2zV-fBXC_7NpmJNM_6tgCLcBGAs/s1600/Screen%2BShot%2B2018-07-30%2Bat%2B10.27.43%2BPM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="343" data-original-width="652" height="210" src="https://2.bp.blogspot.com/-pxc1V04_I_4/W1_JWbLO4PI/AAAAAAAAAl0/9JX9L1zRWOQFM2zV-fBXC_7NpmJNM_6tgCLcBGAs/s400/Screen%2BShot%2B2018-07-30%2Bat%2B10.27.43%2BPM.png" width="400" /></a></div>
<br />
<br />
So now go to each interface on OPNsense that represents the networks you want to add and change the prefix number to the next number. So we set LAN to 0 and in my case I set the other to to 1 and 2. Rinse and repeat for all of your other networks. You can have up to 256 /64s from a /56 so in theory you are looking at supporting up to that many interfaces, although I am sure you will hit some sort of limit in OPNsense before that.<br />
<br />
Once you have done all of that its time to add a firewall rule. I don't know if this is really needed or not but I saw it in a couple of other examples so I put it in there.<br />
<br />
Allow your networks to get out and request an IP from your ISP. Add the below policy to the WAN interface on your firewall:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gl_ZiRUmcVw/W1_L84PUJUI/AAAAAAAAAmM/rF0fNFycLx4WQUiV8b99Z25M-LuENXb7QCLcBGAs/s1600/Screen%2BShot%2B2018-07-30%2Bat%2B10.38.53%2BPM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="157" data-original-width="1109" height="89" src="https://1.bp.blogspot.com/-gl_ZiRUmcVw/W1_L84PUJUI/AAAAAAAAAmM/rF0fNFycLx4WQUiV8b99Z25M-LuENXb7QCLcBGAs/s640/Screen%2BShot%2B2018-07-30%2Bat%2B10.38.53%2BPM.png" width="640" /></a></div>
<br />
Apply that and REBOOT your OPNsense box. For some reason you have to reboot for IPv6 stuff to take hold. Once it is back up your interface list should look something like this:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-GDdLOXYrn8I/W1_OnVj3d_I/AAAAAAAAAmk/EeTrwBE-wnQi54nlF8E46yvAfC38_U4WACLcBGAs/s1600/interfaces.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="175" data-original-width="462" height="151" src="https://2.bp.blogspot.com/-GDdLOXYrn8I/W1_OnVj3d_I/AAAAAAAAAmk/EeTrwBE-wnQi54nlF8E46yvAfC38_U4WACLcBGAs/s400/interfaces.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Big thanks to the OPNsense twitter account for getting me over the last hurdle which was the prefix stuff. Please leave comments if anything above is incorrect but this is how I got mine working. </div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1525658409073957962.post-42563118637718810952017-12-06T14:50:00.001-05:002017-12-06T14:50:21.273-05:00It's Back!!It has been a long while since we have done anything here. Real life has a way of getting in the way of stuff. I was finally able to separate the Geekempire Youtube channel from my personal account so I am going to start firing up more content there as well as talking about things I have been getting a lot of questions about around security and crypto currency.<br />
<br />
Smooth outUnknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-91194842514074260002015-08-17T11:56:00.001-04:002015-08-17T11:56:04.633-04:00OnionSalt Update and Support for Critical Stack Intel Client<div class="tr_bq">
I got inspired at the Bro conference to dust off OnionSalt and start adding some features. Currently it is in my <a href="https://github.com/TOoSmOotH/onionsalt/tree/dev" target="_blank">dev branch</a>. There are a couple of things to talk about before you start putting this code into your environment. Let's rap about some roadmap stuff real quick.</div>
<br />
<h3>
The Dedicated Master Skeleton</h3>
<br />
You will see in the release notes the talk about dedicated master support skeleton. The plan here is to give the option to not run OnionSalt on an actual sensor if you don't want to. This has been something that has been requested from several folks due to security reasons. They want to give people ability to modify rules but not give them full access to their actual sensors etc.<br />
<br />
To accomplish this you will now see a new pillar called <a href="https://github.com/TOoSmOotH/onionsalt/blob/dev/opt/onionsalt/pillar/sensors/template.sls" target="_blank">sensors</a>. You will name your sls file the name of you sensor so that it will match the pillar correctly. This is where you will store all unique values specific to each sensor. For this example we will be using the <a href="https://intel.criticalstack.com/" target="_blank">Critical Stack API key</a>. In the future you will be able to use this file to tune your individual sensors right from this file. For our example our sensor name is pwntsauced so the sls file would be like this:<br />
<br />
Filename: pwntsauced.sls<br />
<br />
File Contents:<br />
<br />
<blockquote class="tr_bq">
<pre>############################################################
## ##
## Template File for Unique Sensor Variables ##
## ##
############################################################
sensorstuff:
hostname: pwntsauced
cskey: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</pre>
</blockquote>
<pre>
</pre>
You will also need to comment out a section in the pillar/top.sls so that we match the pillar correctly.<br />
<br />
<br />
<blockquote class="tr_bq">
<pre>#######################
## ##
## Pillar top.sls ##
## ##
#######################
# Pull the hostname grain
{% set hostn = salt['grains.get']('host', '') %}
# You shouldn't have to mess with this.
base:
'*':
- users
- sensors.{{ hostn }}</pre>
</blockquote>
<br />
By using the grain, we don't have to modify the top.sls every time we add a sensor. If you have each sensor spelled out directly just add the - sensors.pwntsauced to the section for that sensor. You won't need the grain at that point.<br />
<br />
So this code will lay the foundation for managing unique values on each of your sensors within your grid. Look for more to come on this as I find time.<br />
<br />
<h3>
Enable Critical Stack Intel Client Support</h3>
<div>
<br /></div>
Now that we have completed the first part of this its now time to enable the Critical Stack Intel Client on our sensors. For this example we are assuming each sensor has a unique API key. To enable this to work you will see a couple of things added to the salt/sensor/init.sls file. The first section is the creation of the /etc/state directory which we will use for drop files to enable state tracking. (yea it is sorta janky but it works) You will see the new code look like this:<br />
<br />
<blockquote class="tr_bq">
<pre># Create the state directory
statedir:
file.directory:
- name: /etc/state</pre>
</blockquote>
<br />
This will create the directory for us to use. Next lets create a folder under salt/sensor called scripts. You will see from the dev repo the actual script that we use to do install of the client called cstackinstall.sh:<br />
<br />
<blockquote class="tr_bq">
<pre>###
## Script for Critical Stack Intel Client install
##
# Check for the drop....
if [ ! -f /etc/state/cstack.txt ]; then
curl https://packagecloud.io/install/repositories/criticalstack/critical-stack-intel/script.deb.sh | bash
apt-get install critical-stack-intel
critical-stack-intel api {{ salt['pillar.get']('sensorstuff:cskey', '') }}
touch /etc/state/cstack.txt
fi</pre>
</blockquote>
<br />
Now from the script we can put together what we did in the first section of this post where we pull the unique value for this sensor. You see it in here as sensorstuff:cskey. This will pull the unique value and insert it into the script that runs.<br />
<br />
Let's enable this script to run on all of our sensors. Uncomment the following code from the sensor/init.sls file.<br />
<br />
<blockquote class="tr_bq">
<pre>## Enable Critical Stack Intel Client ##
csinstall:
cmd.script:
- source: salt://sensor/scripts/cstackinstall.sh
- shell: /bin/bash
- template: jinja
## End Critical Stack Intel Client
</pre>
<div>
<br /></div>
</blockquote>
This will run the script to make sure the client gets installed. I will be adding more features as I get time like ensuring the CS service is running etc but I wanted to get the skeleton out there for people to test. This code needs more testing so please submit pull requests if you find something wrong and fix it.<br />
<br />
Smooth out<br />
<br />
Important Links:<br />
<br />
Critical Stack:<br />
https://intel.criticalstack.com/<br />
<br />
OnionSalt DEV repo:<br />
https://github.com/TOoSmOotH/onionsalt/tree/dev<br />
<br />
<blockquote class="tr_bq">
</blockquote>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-1525658409073957962.post-81996513015806616602014-09-14T19:02:00.002-04:002014-09-14T19:03:11.694-04:00OnionSalt Saltstack Cheat SheetI was asked by a couple of folks about some handy dandy salt commands that would help with a Security Onion deployment with Onionsalt at <a href="http://www.securitybsides.com/w/page/77739272/BSidesAugusta%202014" target="_blank">BSides Augusta</a> and the <a href="http://www.eventbrite.com/e/security-onion-conference-soc-2014-tickets-12205183031" target="_blank">Security Onion Conference</a>. So being true to my word here are a few good things to know when writing your own salt scripts. Also feel free to fork and contribute to my repo on github <a href="https://github.com/TOoSmOotH/onionsalt/" target="_blank">HERE.</a><br />
<br />
Let's start with some basics.<br />
<br />
createadirectoy:<br />
file.directory:<br />
- name: /opt/somedir<br />
<br />
Createdirectory is the name of the task we are performing. We are saying make sure you have the directory /opt/somedir<br />
<br />
managedfile:<br />
file.manage:<br />
- name: /opt/somedir/somefile.sh<br />
- source: salt://files/somefile.sh<br />
<br />
We are saying in that last example always make sure that /opt/somedir/somefile.sh matches the one we have on our salt file area.<br />
<br />
manageddirectory:<br />
file.recurse:<br />
- name: /opt/somedir<br />
- source: salt://files/somedir<br />
<br />
This says lets make sure that all the files in file/somedir are copied to /opt/somedir<br />
<br />
runascriptatcheckin:<br />
cmd.script:<br />
- source: salt://scripts/somescript.sh<br />
- shell: /bin/bash<br />
- cwd: /root<br />
<br />
Sometime you want to write a script that you run every time the minion checks in. I typically use this to check certain states on the box to make sure everything looks good. We are saying use bash to execute the script somescript.sh from the /root directory.<br />
<br />
runsomecommand:<br />
cmd.run:<br />
- name: df -h<br />
<br />
This one is if you just want to run some sort of command each time something checks in.<br />
<br />
watchsomethingthendosomething:<br />
cmd.wait:<br />
- name: service httpd restart<br />
- watch:<br />
- file: /etc/httpd.conf<br />
- file: /etc/somedir<br />
<br />
Here we are saying watch for anything changing in the httpd.conf or any file in /etc/somedir and if you see something run "service httpd restart"<br />
<br />
These are a few easy things to use to get you started in writing your own salt scripts. <a href="http://www.saltstack.com/community/" target="_blank">Saltstack.com</a> has a lot of documentation that can enable you to get much deeper than this.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-62038859745675024232013-10-26T17:22:00.001-04:002013-10-26T17:22:29.379-04:00Back at TWC.. What a mess so far...<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-j-WUZ8Tm5GU/UmwrDknGWTI/AAAAAAAAATI/6sL_ExZCC5U/s1600/jiFfM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="256" src="http://2.bp.blogspot.com/-j-WUZ8Tm5GU/UmwrDknGWTI/AAAAAAAAATI/6sL_ExZCC5U/s320/jiFfM.jpg" width="320" /></a></div>
<br />
So... I just got off the phone canceling my DirecTV service because I made the switch back to TWC. I did this under the auspice that I was going to simplify my setup and give me more flexibility as far as devices. That and I was going to save some money in the process. It's been an epic mess so far.<br />
<br />
Let's address the elephant in the room.. Why am I not cutting the cord? Well I have kids who are addicted to Disney jr and my wife and I enjoy several TV shows. There are times where I would like to watch TV or shows that I have DVR'd but the kids are the owners of the remote. (Sad but true) So that led me to my current setup.<br />
<br />
I bought a Tivo Romio and let me say the thing is pretty awesome. I am able to control the whole thing form my iPad and watch DVR'd shows or even live TV. This means I can watch whatever I want when I want. It also means when I travel I can download shows to it for the plane or even stream it from my house. Although I have not tried those last 2 features yet I will give it a try soon.<br />
<br />
So enter Time Warner. My original install date was October the 15th I believe. I bought a Roku so the kids could watch Netflix and use the TWC app for their stuff. I got the Tivo unpacked and cleared some room so the guy could get to my equipment. Turns out the cable outside running under the street was cut. They woudl need to have some contractor dudes come out and run a new cable. They showed up on Thursday October 24th. These guys were very polite and did a great job. Lucky for them there was conduit under the street and it only took a few minutes.<br />
<br />
Time Warner sent the truck back out yesterday and they hooked everything up. The cable card seemed to work nicely and the 50Mbit internets seemed ok as well. I didn't really have time to play with stuff because I was working which was a big mistake. After the tech leaves I start having weird connectivity issues. I don't get any ICMP packet loss but my sessions keep timing out. So the kids are downstairs streaming and my VPN keeps dropping and I keep dropping from IRC.<br />
<br />
When I finally get a minute to go mess with the Tivo I switch it to a HD local station. Looks good so I go over to AMCHD and it says it is not authorized. So I call them up and they try and send something to my card to make it do something.. nothing happens still locked out. I call them up and they say they are sending the tech back out here. It is a "All Day" appointment and they will call before he shows up. Next thing I do is fire up my TWC app on my roku to test it out. It tells me I am not on my home network right now which means I can't stream jackola. So I call them about that and they make me do a bunch of stuff to which I tell them I am clearly getting a TWC IP and I provide it to them. Of course the person on the other end of the phone is following some stupid script wasting their time and mine. Finally I get it could take from 24 to 72 hours to work or something like that. I figure when tech dude gets here he can check that out as well.<br />
<br />
At about 7PM last night I have yet to hear anything. At this point I am sorta pissed and call them up. They basically give me the run around and tell me there is still a chance they might show and if they don't call back tomorrow. So I called them today because you know they never showed up and now they are coming out Monday. Now I remember why I hate cable companies. This has been nothing but fail so far. I am guessing that dude never checked the signal strength coming form the street so if I had to guess that would be it. Cable internets and TV was working fine last time I had it and the only new thing in the mix is that new cable they ran.<br />
<br />
Now I am stuck until Monday to see what happens.. I am monitoring the drops and I already know they will say its your pfsense box. I switch over to DSL and everything works fine. so I already took out that factor. It sucks that there is a monopoly on this crap because you are forced to take whatever they give you. Once this saga is over I will definitely be getting some credits to my account.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-17934364705668924802013-07-13T23:45:00.000-04:002013-07-14T00:03:52.078-04:00Virtual Security Onion via Ubuntu, KVM & Openvswitch port mirror<div dir="ltr" style="text-align: left;" trbidi="on">
I've had a desire to play with KVM and openvswitch for a while. I've been curious about how capable openvswitch's port mirroring functionality might be (could I mirror one source to multiple destinations for instance). This combined with some recent hardware purchases and the annoyance of booting into windows to manage my ESXi setup at home provided me the motivation this weekend to finally get the ball rolling on redoing the home network altogether with migrating to KVM as the first step. So I took a new AMD 8 core cpu box with 24 megarams and blew on Ubuntu 13.04 - just because. This box will host my pfSense firewall that sits between the big bad intertubes and my home network as well as the Security Onion sensor guest to watch traffic that passes through both the inside and outside interfaces. Here's a crappy diagram. Ignore the FreeNAS junk or check out Smooth's earlier <a href="http://www.geekempire.com/2013/02/my-home-setup-freenas-and-vmware-esxi.html"><span style="color: blue;">post</span></a>.<br />
<span style="text-align: center;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-uZ0KwUBXPJA/UeIPm29NA5I/AAAAAAAAAE4/bVWmWjwShnw/s1600/Virt_Setup.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://3.bp.blogspot.com/-uZ0KwUBXPJA/UeIPm29NA5I/AAAAAAAAAE4/bVWmWjwShnw/s400/Virt_Setup.jpg" width="400" /></a></div>
<br />
Here's some notes on what I did. Cobbled together from various blogs and documentation:<br />
<br />
1.) I chose the "this machine will be a virtual host" or whatever during the initial install. Update, install some more stuffs and reboot:<br />
<br />
<br />
<div class="p1">
<span style="font-size: x-small;">apt-get install openvswitch-datapath-source openvswitch-common openvswitch-switch virt-manager</span></div>
<br />
2.) Modify /etc/network/interfaces:<br />
<br />
<div class="p1">
<span style="font-size: x-small;"># The INSIDE Physical Interface</span></div>
<div class="p1">
<span style="font-size: x-small;">auto eth0</span></div>
<div class="p1">
<span style="font-size: x-small;">iface eth0 inet manual</span></div>
<div class="p1">
<span style="font-size: x-small;">up ifconfig $IFACE 0.0.0.0 up</span></div>
<br />
<div class="p1">
<span style="font-size: x-small;">down ifconfig $IFACE down</span></div>
<div class="p1">
<span style="font-size: x-small;">post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6</span></div>
<div class="p1">
<span style="font-size: x-small;">post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done</span></div>
<span style="font-size: x-small;">#</span><br />
<span style="font-size: x-small;"># Management interface for hypervisor</span><br />
<span style="font-size: x-small;">auto br0</span><br />
<span style="font-size: x-small;">iface br0 inet static</span><br />
<span style="font-size: x-small;"> address 10.101.1.5</span><br />
<span style="font-size: x-small;"> gateway 10.101.1.1</span><br />
<span style="font-size: x-small;"> netmask 255.255.255.0</span><br />
<span style="font-size: x-small;"> broadcast 10.101.1.255</span><br />
<span style="font-size: x-small;">post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6</span><br />
<span style="font-size: x-small;">post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done</span><br />
<span style="font-size: x-small;"># </span><br />
<div class="p1">
<span style="font-size: x-small;"># The OUTSIDE Physical Interface</span></div>
<div class="p1">
<span style="font-size: x-small;">auto eth1</span></div>
<div class="p1">
<span style="font-size: x-small;">iface eth1 inet manual</span></div>
<div class="p1">
<span style="font-size: x-small;">up ifconfig $IFACE 0.0.0.0 up</span></div>
<br />
<div class="p1">
<span style="font-size: x-small;">down ifconfig $IFACE down</span></div>
<div class="p1">
<span style="font-size: x-small;">post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6</span></div>
<div class="p1">
<span style="font-size: x-small;">post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done</span></div>
<span style="font-size: x-small;">#</span><br />
<br />
3.) Modify /etc/init/failsafe.conf timeouts to 1<br />
<br />
<span style="font-size: x-small;">$PLYMOUTH message --text="Waiting for network configuration..." || :</span><br />
<span style="font-size: x-small;">sleep 1</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">$PLYMOUTH message --text="Waiting up to 60 more seconds for network configuration..." || :</span><br />
<span style="font-size: x-small;">sleep 1</span><br />
<span style="font-size: x-small;">$PLYMOUTH message --text="Booting system without full network configuration..." || :</span><br />
<span style="font-size: x-small;"># give user 1 second to see this message since plymouth will go</span><br />
<span style="font-size: x-small;"># away as soon as failsafe starts.</span><br />
<span style="font-size: x-small;">sleep 1</span><br />
<div>
<br /></div>
<div>
4.) Create openvswitch bridges and add ports. Br0 is my home network, Br1 the internet side.</div>
<div>
<br /></div>
<div>
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl add-br br0 </span></div>
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl add-port br0 eth0</span></div>
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl add-br br1</span></div>
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl add-port br1 eth1</span></div>
<div class="p1">
<br /></div>
<div class="p1">
5.) Reboot and check openvswitch is running/configured with these commands:</div>
<div class="p1">
<br /></div>
<div class="p1">
<span style="font-size: x-small;">service openvswitch-switch status</span></div>
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl show</span></div>
<div class="p1">
</div>
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl list bridge</span></div>
</div>
<br />
6.) Create pfSense and Security Onion VMs. Note that virt-manager doesn't currently support creating the network types needed. I just created the guests using the default network and then edited each virtual machine's interface settings via virsh (sudo virsh edit <name of VM>. Here is a sample of what my interface settings look like for my Security Onion sensor:<br />
<br />
<span style="font-size: x-small;"><interface type='bridge'></span><br />
<span style="font-size: x-small;"> <mac address='52:54:00:ec:ac:6f'/></span><br />
<span style="font-size: x-small;"> <source bridge='br0'/></span><br />
<span style="font-size: x-small;"> <virtualport type='openvswitch'></span><br />
<span style="font-size: x-small;"> <parameters interfaceid='e9e255c6-84ca-2f76-991a-543547638960'/></span><br />
<span style="font-size: x-small;"> </virtualport></span><br />
<span style="font-size: x-small;"> <model type='virtio'/></span><br />
<span style="font-size: x-small;"> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/></span><br />
<span style="font-size: x-small;"> </interface></span><br />
<div>
<br /></div>
After firing up your VM you'll notice new interfaces on your host that correspond to interfaces on your guest. For instance I have vnet0 that corresponds to the management interface of my sensor while vnet1 and vnet2 are my inside and outside monitoring interfaces respectfully Keep track of these for your port mirror setup.<br />
<br />
7.) Create port mirrors. Here's my inside port mirror config, all one line:<br />
<br />
<br />
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl -- set Bridge br0 mirrors=@m -- --id=@eth0 get Port eth0 -- --id=@vnet1 get Port vnet1 -- --id=@m create Mirror name=mymirror select-dst-port=@eth0 select-src-port=@eth0 output-port=@vnet1</span></div>
<br />
A few things to note here. You can remove your port mirror config like this:<br />
<br />
<span style="font-size: x-small;">ovs-vsctl clear bridge br0 mirrors</span><br />
<span style="font-size: x-small;"><br /></span>
You can also add a script to /etc/libvirt/hooks if you so wish. I modified this dude's <a href="http://www.rivy.org/2013/03/configure-a-mirror-port-on-open-vswitch/"><span style="color: blue;">script</span></a> so that it worked for me.<br />
<br />
Also, it turns out that you can indeed mirror traffic from one source port to multiple destinations. Might be handy for dev/testing NSM sensors. Here's what I tested, all one line:<br />
<br />
<br />
<div class="p1">
<span style="font-size: x-small;">ovs-vsctl -- set Bridge br0 mirrors=@m,@n -- --id=@eth0 get Port eth0 -- --id=@vnet3 get Port vnet3 -- --id=@vnet5 get Port vnet5 -- --id=@m create Mirror name=mymirror select-dst-port=@eth0 select-src-port=@eth0 output-port=@vnet3 -- --id=@n create Mirror name=secondmirror select-dst-port=@eth0 select-src-port=@eth0 output-port=@vnet5</span></div>
<br />
8.) tcpdump on your Security Onion monitoring interfaces, you should see traffic. Now you can run through your <span style="color: blue;"><a href="https://code.google.com/p/security-onion/wiki/Installation">Security Onion setup</a> </span>and rock some NSM.<br />
<br />
<br />
Helpful links:<br />
Virtio pfSense stuff: <a href="http://doc.pfsense.org/index.php/VirtIO_Driver_Support">http://doc.pfsense.org/index.php/VirtIO_Driver_Support </a><br />
<br />
<div class="p1">
<a href="http://openvswitch.org/cgi-bin/ovsman.cgi?page=utilities%2Fovs-vsctl.8">http://openvswitch.org/cgi-bin/ovsman.cgi?page=utilities%2Fovs-vsctl.8</a></div>
<div class="p1">
<br /></div>
<br /></div>
jmlynchhttp://www.blogger.com/profile/16067193454079164293noreply@blogger.com0tag:blogger.com,1999:blog-1525658409073957962.post-11936020034646256012013-06-01T11:24:00.000-04:002013-06-01T11:24:45.656-04:00Live TV on the Playstation PS3I have two HDHOMERUN Prime cable tuners with cable cards in them. Silicondust recently updated the firmware to enable DTCP-IP support for encrypted channels to work. They have a list in their forums for DLNA devices that this should work on, and the PS3 is one of them.<br />
<br />
All you need to do is enable DTCP-IP in the system settings of your PS3. This is where it got fun.<br />
I kept getting an error code (8071053d) when I tried to enable it. So I did a little searching.<br />
<br />
First thing i did was enable UPNP on my pfsense firewall and set a rule to allow my PS3 ip and a port range of 3000-6000. I also enabled UPNP on my PS3.<br />
<br />
I then tried enable DTCP-IP again, and I still got the stupid error.<br />
So this time, I ssh'd into my pfsense firewall and started running tcpdump on my WAN interface looking at ports <span style="background-color: white; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: 13px; line-height: 18px;">5223,</span><span style="background-color: white; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: 13px; line-height: 18px;">3478,</span><span style="background-color: white; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: 13px; line-height: 18px;">3479,</span><span style="background-color: white; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: 13px; line-height: 18px;">3658</span><br />
<span style="background-color: white; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: 13px; line-height: 18px;"><br /></span>
<span style="background-color: white; font-family: 'Lucida Grande', 'Lucida Sans Unicode', Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: 13px; line-height: 18px;">I started seeing a few IP's popping up. I then did a whois on one of the IP's and saw:</span><br />
<span style="font-family: Lucida Grande, Lucida Sans Unicode, Arial, Helvetica, Sans, FreeSans, Jamrul, Garuda, Kalimati; font-size: x-small;"><span style="line-height: 18px;">network:In-Addr-Server;I:PLAYSTATION1-HST.127.0.0.1/32</span></span><br />
<br />
I run pfblocker on my firewall and it was telling my PS3 to screw off.<br />
So I had to whitelist this CIDR 198.107.128.0/19<br />
<br />
Once that was complete. I went back to my PS3 and viola ..... DTCP-IP enabled!<br />
Now I can watch all the cable stations I subscribe to through my PS3.<br />
<br />
<div style="text-align: center;">
HD HOMERUN PRIME showing up on the PS3:</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-gJ9CK6TjYug/UaoRfvQcrCI/AAAAAAAAAQ8/TayUmK1QOkw/s1600/ps3_tv_1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-gJ9CK6TjYug/UaoRfvQcrCI/AAAAAAAAAQ8/TayUmK1QOkw/s320/ps3_tv_1.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
Science Channel HD:</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-25VPDsU9NI8/UaoRiEvLI7I/AAAAAAAAARE/Vi2xxONRTO0/s1600/ps3_tv_2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://2.bp.blogspot.com/-25VPDsU9NI8/UaoRiEvLI7I/AAAAAAAAARE/Vi2xxONRTO0/s320/ps3_tv_2.jpg" width="320" /></a></div>
Panamanhttp://www.blogger.com/profile/16935899038164386523noreply@blogger.com0tag:blogger.com,1999:blog-1525658409073957962.post-64666388463787393222013-05-19T10:57:00.000-04:002013-05-19T10:57:14.751-04:00How do you do this without NSM?I have had many many conversations over the past few weeks on the difference between traditional IDS and NSM and I am shocked that NSM is still a foreign concept to people. Sometimes there is a challenge to help folks realize what the real difference is. If you don't know what NSM is then read this <a href="http://www.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772" target="_blank">book</a> written by Richard Bejtlich. This is not a ploy to sell more books for Richard but a cry out to detection folks out there that you could be doing it differently.<br />
<br />
Several years ago I stumbled upon Sguil when I was looking for a way to better manage my Snort environment. I was using Acid (yea.. I know) and I just wasn't happy with it. I was finding bad hosts with obvious signatures such as SQL Slammer and Code Red (yea.. I am dating myself) which was great but I didn't know what I was missing. I thought I was happy, management was happy I was finding these bad hosts, and for me everything was good in the world. What I didn't know is I was only scratching the surface on what could be done.<br />
<br />
Now the landscape back then was completely different but I think back on what else I could have detected. This was before people could make money off huge botnets and most people didn't bank online. But with today's climate with all the drive bye java exploits and APT1 noise having an alert is no longer sufficient to protecting your environment.<br />
<br />
You see IT teams think the security guys are crying wolf all the time because 1 out of the last 20 hits was a false positive. It takes more proof these days generally to get them off their seats to do something. You cannot be an effective analyst if all you do is send resources on wild goose chases. Lets choose an example that is relevant to current events. You see a host hit a drive-by site. That is all the information you have in your console. So we know this person hit a site and did the AV on the system catch the evil that was potentially pushed to the machine. You could use the aliens approach and nuke the site from orbit and re-image the machine, but chances are the IT dudes will run AV and say I got nothing that says there is anything bad on this box. Thanks for the false positive and you move on to the next one. You used all the information and your layered security approach to show you "Hey this was a blip.. maybe the evil code was taken down etc". What you don't know is this machine is WTFPWNTSAUCED.<br />
<br />
You don't know this because the evil it downloaded was new to AV. In the NSM world once you got the alert the first thing you would do is pull the transcript of the entire session of the drive-by In that case you see the host hit the site and was directed to download a jar file. Now we know that it downloaded a jar file but what else happened? Here is where things get fun. So you could pull that jar file from the stream using wireshark and run it on a sand box and see what it does. (You know like @SecShoggoth MASTIFF) Another option is you could pull the session data from the host for 2 minutes before the incident and 2 minutes after and see that after it downloaded that jar it made connections out to other internet IP addresses in suspect countries. You could also pull the HTTP info from it to see that it then requested an exe file from a suspect looking domain. Now you can pull that from PCAP and see what it does. You run it through MASTIFF and see it starts up a process called kungfu.exe and then tries to reach out to an IRC server in the Ukraine. Or flip it around.. You see the first stage is successful by grabbing the jar file but in the second stage you see a 404 when its trying to grab its evil.<br />
<br />
So what does NSM really give you? It gives you options. It gives you all the data you need to make an informed descision about what is the real deal vs what is just noise. As attacks become more and more behavior based there will be even further needs for this type of info. The best part of it all is the best tools out there to do this are open source. You can get started today by simply downloading<a href="http://securityonion.blogspot.com/" target="_blank"> Security Onion</a>.<br />
<br />
I did not write this to say traditional IDS is useless but to show folks that there is a difference. You may believe that your methods are awesome and I am full of crap and that is fine but I have never heard anyone complain they have too much information on an incident. I just know that having an alert for me is not enough information to make an informed decision on the state of the machines involved.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-2116617935788253112013-04-26T19:16:00.000-04:002013-04-26T19:16:21.156-04:00Thanks for Hacking Me!!!Dear "Hacker" from Brazil,<br />
<div>
<br /></div>
<div>
I wanted to thank you for hacking my Redhat box in 2000 via a vulnerability with wuftpd. At the time I was very angry with you and I felt violated. I also want to thank you for not covering your tracks very well. What pisses me off is I was doing a remote install and I had to start it all over again once you owned it. I was excited when I was about to leave for work that day since the install had just finished from running over night and I rebooted the box and tested the remote login. I was going to finish up what I was doing when I got to the office. </div>
<div>
<br /></div>
<div>
You see I was taken aback when I tried to connect from my shell server on the internets when I got a warning about the SSH key. In the 30 minutes between leaving my house and getting settled into work you somehow found my box and rooted it. I was unable to log into the machine because you replaced the standard ssh server with your own personal version. This was stupid because if you would have tried to hide yourself a little bit I probably would not have noticed. But I am glad your stupid because had you not done that I would not have switched to Infosec as a career.<br />
<br />
When I looked at your shitty code with comments in portuguese I started to see what you did there. I know you were using my fast connection at the time to move mp3s around and I have to say your choice in music was horrible. After I booted that thing in single user mode and moved the code off to somewhere else I restarted that damn install. Some days I miss those boot floppy linux installs. :)<br />
<br />
To that point I just wanted to be a network engineer because I thought that was really cool messing with routers and switches. I had just set up my first BGP router and route filters and was riding high. But that day when I booted into single user mode I was a changed man. I took that crappy code of yours and rooted myself as soon as the fresh install finished. I learned so much from your code that I started looking for other scripts to play with. I think it was 6 months later I got my first dedicated security job. (very rare at the time)<br />
<br />
After being in this business for a long time now I talk to a lot of people who got into this line of work for the exact same reason. Something they used got wtfpwntsauced and they found a whole new world once their eyes were opened. So although I was extremely pissed at the time I want to take back that anger and formally thank you for owning me. I can't think of anything else I would rather be doing.<br />
<br />
Smooth out</div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-57200389262854036502013-02-23T14:38:00.000-05:002013-02-23T14:38:29.435-05:00My Home Setup - FREENAS and VMWare ESXiThroughout the years my home setup has seen many changes but the overall requirements have pretty much stayed the same. I need some test servers and a file server as well as a firewall to provide internet access and do some PAT/NAT luvin. Here is sort of an explination of the evolution of my home setups through the years.<br />
<b><br /></b>
<b><br /></b>
<h2>
<b><span style="font-size: x-large;">The early days</span></b></h2>
<div>
<b><br /></b></div>
In the early dial up/cable modem days I would have a standalone multi-homed box acting as my firewall and then multiple machines living behind that. This worked really well for a long time but it had a rather large physical footprint. I would have multiple physical machines for different things. Back in the day this wasn't a big deal because energy was cheap and I thought it was cool to have a sun box to learn on etc.<br />
<br />
<h2>
<b><span style="font-size: x-large;">Enter virtualization</span></b></h2>
<br />
Once virtualization became something that was solid and memory prices began to drop I was able to consolidate a lot of hardware on to less physical hardware. This eventually pushed me down to a single server with lots of disk running linux and a commodity interwebs firewall/router. This worked fine for a while but there were a few things I had problems with:<br />
<h3>
<b><span style="font-size: large;"><br /></span></b></h3>
<h3>
<b><span style="font-size: large;">1. Flexibility</span></b></h3>
With linux being my host OS and running VMs I was constantly trying to manage updates and reboots. This becomes a serious pain in the ass when you have to recompile kernel modules every kernel update so that vmware would continue to work. The other issue was if I wanted to play around with different base OS installs I would have to do something with my data like copy it to other machines which is a royal pain. Also your standard home based firewall can't do a lot of cool things like say a pfsense box. (OK The WRT stuff is cool)<br />
<h3>
<b><span style="font-size: large;"><br /></span></b></h3>
<h3>
<b><span style="font-size: large;">2. Security</span></b></h3>
Typically there are a few services I like to expose to the internets like SSH in case I need to log into the crib or shell access for things like irssi etc. The problem with using PAT is that if your internet facing VM gets WTFPWNTSAUCED the adversary now has a foot hold inside your internal network. This means they can try and access your systems that actually have something you care about on them.<br />
<br />
<h2>
<b><span style="font-size: x-large;">Enter my new home setup:</span></b></h2>
<br />
Normally my home setup was something that was just pieced together with old stuff without too much thought. So I decided new hardware instead of hand me downs and also put together some basic requirements for my new home setup. (Disclaimer - My hardware is not new any more as this setup has been running for several years now but when I built it was mostly new)<br />
<br />
- Must be able to keep network storage available while I am blowing up my OS/kernel.<br />
- Need to isolate VMs that have no exposure to my internal network.<br />
- Easy to spin up instances for testing stuff.<br />
- ZFS Z-Raid.. Cause its pretty much awesome.<br />
- Jumbo Frames NICs. (We'll get into that later)<br />
- ESX compatible hardware.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-_iESc5nHZjA/USjqWJOLp9I/AAAAAAAAAQQ/GgOE3Fqtal8/s1600/Screen+Shot+2013-02-23+at+11.11.35+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-_iESc5nHZjA/USjqWJOLp9I/AAAAAAAAAQQ/GgOE3Fqtal8/s400/Screen+Shot+2013-02-23+at+11.11.35+AM.png" width="311" /></a></div>
<br />
<br />
<br />
When I took these requirements into consideration I ended up going for 2 physical boxes. I would have a FreeNAS box and an ESXi box. The FreeNAS machine would meet my ZFS needs as well as allow me to mess with stuff on my main box without having to move data around. I would simply use this same disk for the storage pools inside ESXi.<br />
<br />
First off I won't go deep into the steps to get ESX working on a whitebox type motherboard. There are tons of articles and sites with info out there for that. In my ESX box I have 8 gigs of RAM and a quad core CPU. I ended up buying 2 intel Gigabit NICS and pulled an old 3Com 3C905B from storage. Those were the bomb back in the day and I still have a few.. I could never bring myself to pitch them. So my hoarding ways for old hardware paid off. (I still have my 2 Canopus Pure 3DII cards.. Those will always be with me.) All I have is a 8 gig USB thumb drive plugged into the back.<br />
<br />
So why 3 NICS? My first Intel NIC is my uplink to the internal network. On the second Intel NIC is my dedicated connection to my FreeNAS box utilizing jumbo frames. (You must configure the virtual switch to use jumbo frames) My 3rd NIC the trusty old 3C905B is for connectivity to the Internet. It's only a 100meg NIC but my Interwebs is only 30mbit so it will do.<br />
<br />
On the FreeNAS box I dropped in an Intel NIC along with the onboard Realtek. The Intel NIC would be for the jumbo frames network. I also used an 8GB USB drive for the OS as well. I also have 6 x 1TB hard drives that are in a Raid-Z config as well as 2 x 300GB that are mirrored for my iSCSI mounts for the OS.<br />
<br />
<h2>
<b><span style="font-size: x-large;">So give me some details:</span></b></h2>
<br />
In ESXi I created 4 virtual switches 3 of which have one of the NICs assigned. You can see ISONET has no physical adapters. This will be the network for VMs I want to expose inbound services from the Internet to.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rxcRnjmNdn8/USjxFXSAjvI/AAAAAAAAAQg/_BzRjuFrSJc/s1600/Screen+Shot+2013-02-23+at+11.35.38+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://2.bp.blogspot.com/-rxcRnjmNdn8/USjxFXSAjvI/AAAAAAAAAQg/_BzRjuFrSJc/s640/Screen+Shot+2013-02-23+at+11.35.38+AM.png" width="412" /></a></div>
The Kernel Port in the Storage network is important because that is how I am mounting the iSCSI mount from the FreeNAS box for my VMs.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-9MCRo3J5HaA/USjxHf0ocpI/AAAAAAAAAQo/BxKzA1avj7c/s1600/Screen+Shot+2013-02-23+at+11.36.43+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="468" src="http://3.bp.blogspot.com/-9MCRo3J5HaA/USjxHf0ocpI/AAAAAAAAAQo/BxKzA1avj7c/s640/Screen+Shot+2013-02-23+at+11.36.43+AM.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-6Aa1ui8VPV0/USjxHali7pI/AAAAAAAAAQw/qSvHjdUBIaA/s1600/Screen+Shot+2013-02-23+at+11.37.13+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://3.bp.blogspot.com/-6Aa1ui8VPV0/USjxHali7pI/AAAAAAAAAQw/qSvHjdUBIaA/s640/Screen+Shot+2013-02-23+at+11.37.13+AM.png" width="520" /></a></div>
<br />
<br />
<h2>
<b><span style="font-size: x-large;">FreeNAS</span></b></h2>
<div>
FreeNAS is pretty straight forward. I set up iSCSI but you can also use NFS for your ESX setup. Just be sure to change the networking for jumbo frames support:</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rBgmua8swsg/USkT6hoWyTI/AAAAAAAAARA/ZXPxdkpb5QQ/s1600/Screen+Shot+2013-02-23+at+12.15.31+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" src="http://2.bp.blogspot.com/-rBgmua8swsg/USkT6hoWyTI/AAAAAAAAARA/ZXPxdkpb5QQ/s640/Screen+Shot+2013-02-23+at+12.15.31+PM.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-K9bP04vFj-s/USkT6gvC8PI/AAAAAAAAARE/wEdMDBkmh_Y/s1600/Screen+Shot+2013-02-23+at+12.15.52+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://1.bp.blogspot.com/-K9bP04vFj-s/USkT6gvC8PI/AAAAAAAAARE/wEdMDBkmh_Y/s640/Screen+Shot+2013-02-23+at+12.15.52+PM.png" width="352" /></a></div>
<div>
<br /></div>
<h2>
<b><span style="font-size: x-large;">pFSense.. The key to this setup:</span></b></h2>
<br />
Commodity firewall/routers are neat and all that but nothing beats pfSense. It gives me everything I need out of the box with some really cool remote access features. When you install the pfSense VM assign it 3 network cards and put one in the 3C905B switch (Internet), the internal network Intel NIC (LAN), and finally the last one in the ISONET.<br />
<br />
When install pFSense make sure you assign the correct network cards to the "zone" they are supposed to be in. Typically you can keep the default for the WAN and LAN zones but make your ISONET ruleset look like this:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-2M5IM28Rlcs/USjmteu3WlI/AAAAAAAAAQA/FNW4XJ9Zv98/s1600/Screen+Shot+2013-02-23+at+10.54.15+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="335" src="http://4.bp.blogspot.com/-2M5IM28Rlcs/USjmteu3WlI/AAAAAAAAAQA/FNW4XJ9Zv98/s640/Screen+Shot+2013-02-23+at+10.54.15+AM.png" width="640" /></a></div>
The first rule denies all traffic to the LAN Network. The second rule allows it to go everywhere else. Now you can further lock this down if you like or you could open certain services to your internal network if you really wanted to like ssh etc. Just make sure you put those above the first rule.<br />
<br />
<h2>
<span style="font-size: x-large;">Where to go from here?</span></h2>
<div>
Personally I am getting ready for a hardware refresh as recent motherboards etc have way lower power usage. I know Panaman is using an E-350 for his FreeNAS box which is extremely low power. That is really the only shortcoming with my current implementation is power usage. If I was building this today I would make sure to take power consumption in mind. Although I am running 6 of the WD Green Drives I think I would get 4 x 3TB WD Red drives. They are better for home NAS use according to Western Digital. Soem other things I would like to do to improve this is add second NICs to the jumbo frame network and make them bond interfaces to get more bandwidth. Most of the time this is not a problem but if I am processing a lot of data across that link I do notice a performance hit on other VMs.</div>
<div>
<br /></div>
<div>
That's really it. Comment below if you have questions.</div>
<div>
<br /></div>
<div>
Smooth out</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1525658409073957962.post-50432955209275035532013-01-21T13:45:00.002-05:002013-01-21T15:03:55.402-05:00Creating a ramdisk in OSX 10.7 - For Games :)Lately I have been pondering buying an SSD for my Mac Pro to improve my IO but for some reason I can't pull the trigger. I am not sure what the hell I am waiting for all I know is I can't decide on size or fully trust the reliability. I put an SSD in my wife's laptop 8 months ago and everything is fine. So who knows.. Maybe I will take care of business and get one. In the mean time I decided to go a different route.
<br />
<br />
<span style="font-size: large;">I got all these here megarams..</span><br />
<span style="font-size: large;"><br /></span>
So my mac pro is sitting pretty with 24 gigs of RAM. I know it sounds like a lot because well.. it is but when you rock a few VMs on it it starts to get chewed up pretty quick. I have the standard fair 7200RPM 1TB drive that came with this mid 2010 Mac Pro and I wanted more so I thought maybe I should do a RAMDISK!<br />
<br />
<span style="font-size: large;">What is a RAMDISK?</span><br />
<span style="font-size: large;"><br /></span>
A RAMDISK is simply a drive located in memory. It is similar to SSD in that it is fast but has one serious drawback... It's gone when you reboot or dismount it. So don't write a 400 page thesis and save it to a RAMDISK or you are done. Consider yourself warned. Now for games its great because I can put the entire game in a RAMDISK and it loads super snappy like. There are tons of other uses for RAMDISKS and google is your friend if you are looking for other uses.<br />
<br />
<span style="font-size: large;">So how many megarams do I need?</span><br />
<span style="font-size: large;"><br /></span>
Well this really depends on how big your game is. Currently my Diablo III uses around 13 gigs so I made my ramdisk 15 gigs. The joy is you can make you RAMDISK crazy sizes and it only takes from RAM what is actually being used. So if you specify a 2 gig RAMDISK and you copy 500M to it you will see that you are only using 500M of memory. Keep in mind that though if you oversubscribe this drive you will start to page and your system will run like dog doo.<br />
<br />
<span style="font-size: large;">Ok I get it now what?</span><br />
<br />
First thing is first.. you have to calculate the size of your RAMDISK. To do this pick how many megabytes is going to be. For quick math sake let's assume we are creating a 10M ramdisk. So the calculation would be as follows: 10 * 2048 = 20480. Now remember 20480 because we are going to need it.<br />
<br />
Now lets go ahead and create this bad boy. Use the following command:<br />
<blockquote class="tr_bq">
diskutil erasevolume HFS+ "Geekempire" `hdiutil attach -nomount ram://20480`</blockquote>
You should now have a 10M RAMDISK called Geekempire mounted up. The cool part is you don't need root to do this. Now lets kick it up a notch when it comes to Diablo III and automate this mug. create a file called diablomount.sh in your home directory using your favorite text editor and drop the following in there and then:<br />
<br />
<blockquote class="tr_bq">
diskutil erasevolume HFS+ "Diablo3Ramdisk" `hdiutil attach -nomount ram://30720000``</blockquote>
<blockquote class="tr_bq">
rsync -a --progress /Applications/Diablo\ III /Volumes/Diablo3Ramdisk/</blockquote>
<blockquote class="tr_bq">
open /Volumes/Diablo3Ramdisk/Diablo\ III/Diablo\ III.app</blockquote>
<div>
Next make this puppy executable by running:</div>
<blockquote class="tr_bq">
chmod 755 diablomount.sh</blockquote>
<div>
Then run it with:</div>
<blockquote class="tr_bq">
./diablomount.sh</blockquote>
<div>
This will create a 15GB Ramdisk and copy your Diablo III install to it then launch it. Keep in mind you will <b>NOT</b> want to run this script multiple times! Once the RAMDISK is created you will have to go click on it or just use the last line again from the shell script. Make sure you are launching it form the RAMDISK otherwise you are wasting all those megarams for nothing.</div>
<div>
<br /></div>
<div>
I would write a guide for windows but I only have home premium which has a 16GB limit on RAM. So you are on your own if you want to do it it winders. I am in the process of working on a gui based program where you can basically pick a game you want to do this with etc. We'll see how that goes.</div>
<div>
<br /></div>
<div>
Smooth out</div>
<blockquote class="tr_bq">
</blockquote>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-1525658409073957962.post-59711515306234631122012-12-15T11:18:00.000-05:002012-12-15T11:32:41.877-05:00Epic Friday Night BattlesHad some epic battles last night on PS2.. Check out the pwnage.. We were doing special op harassing the enemy by doing back caps and delaying reinforcements.<br />
<br />
<br />
<object bgcolor="#000000" data="http://www.twitch.tv/widgets/archive_embed_player.swf" height="378" id="clip_embed_player_flash" type="application/x-shockwave-flash" width="620"><param name='movie' value='http://www.twitch.tv/widgets/archive_embed_player.swf'><param name='allowScriptAccess' value='always'><param name='allowNetworking' value='all'><param name='allowFullScreen' value='true'><param name='flashvars' value='channel=toosmooth513&start_volume=25&archive_id=348108943&title=%255BDVS%255D%2BFriday%2BNight%2BPwnage&auto_play=false'></object><br />
<a class="trk" href="http://www.twitch.tv/toosmooth513" style="display: block; font-size: 10px; font-weight: normal; padding: 2px 0px 4px; text-align: center; text-decoration: underline; width: 320px;">Watch live video from toosmooth513 on TwitchTV</a>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-68102912762998968262012-12-14T16:36:00.001-05:002012-12-14T16:36:41.718-05:00Where is the forum yo?Got a few questions today about where our forums went. The truth is we ditched them. We did this for a couple of reason the main being upkeep. The forums were a pain in the ass since every time there was an update they would revamp the template system. It took a long ass time to customize the templates every time a new version dropped.<br />
<div>
<br /></div>
<div>
So where did we move that type of functionality? Well we moved it to our Facebook group. Our group is located <a href="https://www.facebook.com/groups/64033314255/" target="_blank">here</a>. Its not open to the public so ask to be added and we will take care of it. I am working on integrating Facebook functionality with this just have not had the time just yet. Also if you think you have something to contribute post wise feel free to msg me and we can add you as an author on the blog.</div>
<div>
<br /></div>
<div>
Smooth out</div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-1525658409073957962.post-55521745206065020452012-12-14T09:30:00.002-05:002012-12-14T09:30:57.988-05:00Stake Land Movie Review<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-wJjcct5sHZU/UMswHalCL8I/AAAAAAAAAPQ/_nUuvGK6ESU/s1600/91wZW0r5N0L._AA1500_.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://3.bp.blogspot.com/-wJjcct5sHZU/UMswHalCL8I/AAAAAAAAAPQ/_nUuvGK6ESU/s200/91wZW0r5N0L._AA1500_.jpg" width="200" /></a></div>
<br />
I was cruising around on Netflix the other night when I stumbled upon this gem. I have always been into post-apocalyptic type movies so that is what caught my eye. This movie is sort of a cross between "<a href="http://www.imdb.com/title/tt0898367/" target="_blank">The Road</a>" and your standard vampire type movie.<br />
<br />
<b>Plot:</b><br />
<b><br /></b>
Badass dude saves kid and teaches him his vampire hunting ways. They are traveling to a place called "New Eden" and the flick basically follows them on their journey.<br />
<br />
<b>Likes: </b><br />
<b><br /></b>
Like I said previously love the concept of post-apocalyptic America and what people do when there are no laws. For me I couldn't stop watching it. I turned this flick on to fall asleep to and I found myself glued to the tube. From the picture and descriptions and the fact that I had never heard of it made me believe that this was a total dud. The Netflix rating for me was 4 stars so it was pretty much on point. The acting was believable and there were no stand out awful performances that would give it that B movie feeling. I found myself wanting the movie not to end.<br />
<br />
<b>Dislikes:</b><br />
<b><br /></b>
I think the pacing was off at certain times. There were some story lines that left me wanting more. I don't want to go into too much more detail because I don't want to ruin it. The ending sort of left some things open for me which I was hoping they would elaborate on.<br />
<br />
<b>Summary:</b><br />
<b><br /></b>
If you like gore and crazy religious whackos then this is your movie. The "Vamps" were sort of zombie like and that added a interesting twist to it. It's definitely worth a watch and leave a comment below on what you thought.<br />
<br />
<b>Exit56 Scale Rating: 4 out of 5 Exits</b><br />
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-wN9vo3mRY30/UMs4BiOU5-I/AAAAAAAAAPg/QLIvAXwmQR4/s1600/4exits.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="91" src="http://1.bp.blogspot.com/-wN9vo3mRY30/UMs4BiOU5-I/AAAAAAAAAPg/QLIvAXwmQR4/s320/4exits.jpg" width="320" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-1525658409073957962.post-91288913314339039492012-12-13T20:29:00.001-05:002012-12-13T20:33:57.854-05:00I'm Back!It is time to get your game face on. <br/><br/><div class="separator"style="clear: both; text-align: center;"><a href="https://lh4.googleusercontent.com/-9a_KZdu313s/UMqBCf4wZTI/AAAAAAAAAI8/kHILuo2C3PU/s640/blogger-image--269145733.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://lh4.googleusercontent.com/-9a_KZdu313s/UMqBCf4wZTI/AAAAAAAAAI8/kHILuo2C3PU/s640/blogger-image--269145733.jpg" /></a></div>Panamanhttp://www.blogger.com/profile/16935899038164386523noreply@blogger.com3tag:blogger.com,1999:blog-1525658409073957962.post-14639905589471748052012-12-13T11:06:00.000-05:002012-12-13T20:22:57.604-05:00Changing things up..Hey all,<br />
<br />
We are in the process of revamping Geekempire. Instead of hosting forums any more we will leverage blogger and our facebook groups for communication. You will see a lot more geeky posts here about all things that our community is interested in. Stay tuned for more.<br />
<br />
Smooth outUnknownnoreply@blogger.com0