xchg eax, eax

Networking

Networking | 2023-01-05 16:22:21

Sometimes even in the most organised of worlds, we still manage to miss patching older systems. I found an old HP iLO server running iLO 4 - 1.20 with no way to log into it. Every modern browser and OS has now deprecated old TLS, RC4 and 3DES cyphers for certificates with the most common FF error being thrown: SSL_ERROR_NO_CYPHER_OVERLAP.

Irrespective of what I tried (such as security.tls.version.min, version.fallback-limit, IE compatibility modes) nothing would work. Even an old 2008 server running IE wouldn't work because of Javascript blocking etc. Unfortunately the only way I could work around this was to spin a Win7 machine running original IE to bust into it. Ideally I wouldn't have had to roll a new Win7 VM, but old versions for this reason should be in everyones toolbox.

Once in, it's easy enough to upgrade to a more modern iLO FW which supports modern TLS considering that HP make it readily available https://support.hpe.com/connect/s/softwaredetails?language=en_US&softwareId=MTX_729b6d22f37f4f229dfccbc3a9.



Networking | 2013-05-14 02:12:30

This is the computed list of SSH bruteforce IP’s and commonly used usernames for April 2013.

Top 50 SSH bruteforce offenders IP’s.

Failed Attempt Count IP
479633 223.4.147.158
389495 198.15.109.24
354877 114.34.18.25
324632 118.98.96.81
277040 61.144.14.118
118890 92.103.184.178
113896 208.68.36.23
110541 61.19.69.45
102587 120.29.222.26
98027 216.6.91.170
87315 219.143.116.40
71213 200.26.134.122
68007 38.122.110.18
65463 133.50.136.67
65187 121.156.105.62
57918 210.51.10.62
55575 10.40.54.5
52888 110.234.180.88
51473 61.28.196.62
46058 223.4.211.22
45495 183.136.159.163
45363 61.28.196.190
41791 1.55.242.92
40654 223.4.233.77
39423 61.155.62.178
39360 61.28.193.1
39296 211.90.87.22
38516 119.97.180.135
35799 221.122.98.22
35077 109.87.208.17
31106 78.129.222.102
29505 74.63.254.79
28676 65.111.174.19
28623 116.229.239.189
28092 81.25.28.146
26782 223.4.148.150
26493 218.69.248.24
25853 210.149.189.6
25241 223.4.27.22
25231 221.204.252.149
25089 125.69.90.148
23951 69.167.161.58
22912 202.108.62.199
22433 61.147.79.98
22372 111.42.0.25
22068 218.104.48.105
21988 120.138.27.197
21914 14.63.213.49
21882 60.220.225.21
20780 195.98.38.52

Top 50 SSH bruteforce usernames.

Failed Attempt Count Username
2407233 root
45971 oracle
40375 test
26522 admin
22642 bin
20586 user
18782 nagios
17370 guest
13292 postgres
11193 www
11088 mysql
10281 a
10228 webroot
10061 web
9143 testuser
8946 tester
8708 apache
8611 ftpuser
8442 testing
8095 webmaster
7379 info
7112 tomcat
6826 webadmin
6309 student
6255 ftp
6254 ts
5947 backup
5688 svn
5314 test1
5127 support
4743 temp
4378 teamspeak
4335 toor
4149 test2
4046 www-data
3944 git
3907 webuser
3852 userftp
3637 news
3626 cron
3594 alex
3581 amanda
3535 ts3
3397 ftptest
3378 students
3360 test3
3283 mail
3243 games
3132 test123
3093 test4


Networking | 2013-05-11 00:05:59

As mentioned, I can confirm that Cisco Call Manager 9 (CCM9 ) does work in VirtualBox and can be installed in a similar manner to CCM7. I have had both 9.0.1 and 9.1.1 have been installed with all services running perfectly.

As we did with CCM7, CCM9 must first be installed in VMware and then moved over to VirtualBox. CCM9 is now 100% supported in VMware, so the install process should be flawless. Keep in mind though that VirtualBox is definitely not officially supported, so you will get no help from TAC. This should only be used in a lab environment.

The minimum requirements for CCM9 are the same as they were in CCM7, 1x 80GB SCSI disk with 2048MB RAM. The CUC prerequisites have changed slightly and if you use 80GB/2048MB you won’t be able to install CUC. I haven’t been bothered to find the minimum requirements for CUC but I’ll post them up when I get some time.

I’ve used VMware Workstation 8.0, but you should be able to use any version of VMware to build the initial machine. All we need to do is to have the install complete and boot successfully, all other finer details can be changed once we move over to VirtualBox.

  1. Start by creating a new VM and choose a custom config.
  2.  Depending on your version of VMware this may change, but I used Workstation 8.0 as the hardware platform.
  3. We don’t want to use the auto deployment scripts and we will need to modify the hardware before boot, so just choose the ISO later.
  4. Any version of Red Hat should work here, but I used 64-bit version of Enterprise 6.
  5. Name it appropriately.
  6. One processor is enough but if you’ve got more resources to throw at it, you may be able to do it here as long as you match the same in VirtualBox later.
  7. Same goes for the RAM. The minimum requirements call for 2048MB but if you’ve got more, chuck it in.
  8. I hate using NAT, but it’s probably useful for labs. In any case I’ve got bridged here, but we will redo this step later in the VBox config.
  9. Make sure you use SCSI here. I haven’t tried SAS but it may work too.
  10. Create a new HDD.
  11. Make sure this is set to SCSI, it won’t work with IDE here.
  12. I’ve got the minimum as 80GB here, but if you’ve got more throw it here.
  13. This is where the vmdk is stored, make sure you take note of the location as we will need this file later to import into VBox.
  14. Finish it up.
  15. Edit your VM before powering it on, we’ve got a few things to do here.
  16. Select the CD/DVD drive and browse for your ISO.
  17. Select your ISO.
  18. I’ve finished up here, but if you want you can remove the floppy, sound cards etc.
  19. Power on the VMWare image.
  20. The install process here is exactly the same as a typical CCM9 install, I’ve included it just for the sake of doing so.
  21.  
  22. Notice here that CUC isn’t available because our hardware config is too low speccd.
  23.  
  24. This will take quite a while.
  25. Once the installation has finished, log in and shut it down.
  26. Now it’s time to fire up VirtualBox.
  27. Add a new Red Hat 64-bit guest.
  28. Make sure your memory size is the same as what you built in VMware.
  29. We need to not add a new hard drive here (we will be reusing the one built by VMware).
  30. Just accept this.
  31. We need to edit our VM before powering it on.
  32. Remove the SATA controller, if you remember we built the VM in VMware using SCSI disks.
  33. Add a SCSI controller.
  34. Select Choose Existing Disk.
  35. Browse to the vmdk file that was outputted by VMware.
  36. Your disk setup should now look like this.
  37. Choose the IDE CDROM drive to boot from the CentOS live boot disk. Note that you can boot of any live distro, I actually used the Ubuntu 12.04 live CD because I was having issues with remote key forwarding to the VM whilst using CentOS.
  38. Again, I hate NAT’ed NIC’s so I switched mine to bridged.
  39. Mount your CCM partition and chroot to it.
  40. vi/nano/whatever the hardware_check.sh script in /usr/local/bin/base_scripts/ which is similar to what we did in CCM7.
  41. Find the function check_deployment() as shown below.
  42. Like we did for CCM7 edit out the isDeploymentValidForHardware function.
  43. Make sure you save the file, I used vi to edit this so :wq! it.
  44. Throw the following lines in to change the hardware type to match those by VMware.
    vboxmanage setextradata “<VM name>” “VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion” “6 ”
    vboxmanage setextradata “<VM name>” “VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor” “VMware”
    vboxmanage setextradata “<VM name>” “VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor” “Phoenix Technologies LTD”
    vboxmanage setextradata “<VM name>” “VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct” “VMware Virtual Platform”
  45. Now you’re ready to fire up CCM9 in VirtualBox so just run that thang.
  46. On bootup you should be able to see the OS detecting all your hardware as VMware devices – this is a good thing, don’t worry
  47. If you receive some weird output, don’t worry too much, the important thing is that the OS boots and services start successfully.
  48. Again, ignore any of these types of errors, this is why this shouldn’t be used in production.
  49. Login, hooray!
  50. Because the hardware has been modified slightly, the OS is unable to detect the vCPU and the amount of RAM.
    672
  51. However, everything still works perfectly 😉

Just a few notes about the install. In the CCM7 install I did before, I added a new user whilst chroot’ed over to the CCM partition so we could SSH in later to modify the check_deployment() script. I only attempted a few times, but every time I tried my SSH user couldn’t log in. All permissions were set correctly, the user was added to the OS properly but SSH wouldn’t work. I’m sure if I dug deeper I would probably find some sort of SSH permission script in Cisco’s funky land, but for the purposes of getting CCM9 into VirtualBox it wasn’t needed.

I’ll be posting some more info on the topic as I use this more. Also, due to CCM9’s new licensing model I *may* look at loading licenses on to get this running past the 60 day limitation.

Good luck

x90



Networking | 2013-05-07 21:30:27

Following on from the previous article I wrote about CCM7 in VirtualBox I can confirm that CCM9 can be installed in a similar manner. Both 9.0.1 and 9.1.1 have been installed with all services running perfectly.

I will post up a detailed guide on how to install and configure CCM9 in VirtualBox shortly.



Networking | 2012-06-25 23:01:09

I wanted to share some info on a recent issue I faced with Microsoft Hyper-V Server SP1 and trunking.

We are in an environment where we wanted to deploy a Hyper-V host to a site and have a trunk from a Cisco switch so that we could throw guests into different VLAN’s. Sounds relatively simple, and in the VMware environment it is, but Hyper-V proved a little more difficult to grasp.

Let me just run through a brief explanation of how the host is setup. We built the Hyper-V Server host, gave it an IP, added it to the domain and registered it in DNS. In SMVMM 2012 we defined a logical network in the fabric and added the VLAN and IP subnet (in CIDR) to the network site. We did not define an IP address pool for the logical network, as DHCP will be taking care of this for us. Next we added the host to VMM. We then deployed the host to the site and proceeded to modify the network settings to configure trunking remotely.

This was our downfall.

Remotely – in the host properties, we enabled logical network connectivity from out logical network, changed the NIC to trunk and made sure the subnet and VLAN details were correct. We then added the virtual network interface and granted host access through a VLAN so that we could still manage the host. Then we applied all the changed to the host.

What we did not know is that the host would apply settings one by one, and NOT send all config to the host to apply. What happened was that the host applied the trunking details and then could not apply the virtual network details as the host became offline.

After reading a tonne of unhelpful articles we solved the problem via the following:

  • Cabling the second NIC.
  • The second NIC got an IP via DHCP and hence moved the DNS record for the host.
  • As the host was added to VMM using DNS, the network settings were applied properly which meant that the virtual network was created, bringing our trunked host back online.
  • Once the host was up DNS had registered both IP’s so that we could safely shut down the second NIC, or allocate it to a management only NIC.

Hope this helps either explain a brief overview of trunking in Hyper-V or provide a solution to a similar problem.



Networking | 2012-02-15 07:29:25

Tonight I’ve been upgrading a CallManager 7.1.3 cluster to 7.1.5. This is a minor upgrade, but still follows upgrade procedures as usual.

I experienced two issues which I just need to note down.

Firstly, upon a switch version to the new partition CallManager takes A LONG TIME to start its services. The trap that I fell into was that I SSH’d to the box to check how the service start was going when I was greeted with this:

Requesting service status, please wait…
System SSH [STARTED]
Cluster Manager [STOPPED] Service Not Started
Service Manager [Not Running]
Warning: Service Manager need to be running for all Call Processing Applications

I started to freak out thinking that my new upgraded partition was fkd. I played with all sorts of starts and restarts shown below:

admin:utils service start Cluster Manager
Service Stopped
Cluster Manager [STOPPED]
admin:utils service start Service Manager
Starting servM
admin:

I rebooted the box hoping that something had got stuck and that it just needed a kick. When it came back up and SSH showed the same thing I tried to start services that I knew I hit the following:

admin:utils service start Cisco Database Layer Monitor
Service Manager [Not Running]
Warning: Service Manager need to be running for all Call Processing Applications
admin:utils service start Cisco Database Layer Monitor
Service Manager [Not Running]
Warning: Service Manager need to be running for all Call Processing Applications
admin:utils service start Cluster Manager
Service Stopped
Cluster Manager [STOPPED]

By this time I was freaking so I moved away for a few mins to work on something else. I came back and checked the service list again, and everything had started! So I guess the moral here is that 1. services don’t show as starting when they are starting for the first time. 2. an upgrade and switch partition takes a long time!

The second issue I had was a box not rebooting to its switched partition. I tried to force the switch but hit the following:

admin:utils system switch-version

Active Master Version: 7.1.3.32009-2 Inactive Master Version: 7.1.5.30000-1
If you are switching to an earlier release, you must run: utils dbreplication reset all
from the publisher after all the nodes are switched over. Do you really want to switch between versions ? Enter (yes/no)? yes Switching Version and Restarting the Appliance … Switch version duration can vary depending on the database size
and platform configuration.  Please continue to monitor the
switchover process from here. Waiting …………………………. Operation failed ERROR: Acquiring lock failed

I started to freak again. Then I found this page: http://iptbuzz.blogspot.com.au/2011/10/switch-version-doesnt-switch.html props to the guy who wrote that, because it worked perfectly! I manually rebooted the box and then forced a switch version and rebooted again and everything was gravy.

I’m yet to play with 8.x as we are waiting for 9 with proper VM support, but I hope that Cisco manage to fix their dodgey CCM scripting!



Networking | 2012-02-11 03:30:45

I thankfully received the extra 6 usb to serial cables today aswell as the Sunix USB PCI adapter. The GNS machine was rebooted, the drivers were loaded for the Sunix automatically and the additional usb to serial cables were registered without a hitch! For the first time since I started this quest I am able to console and telnet to all of my devices – I guess now the actual work starts.

Below are some new photos of the lab and telnet/console sessions to all of the devices.

 

More ranting and rambling bound to come now that config can begin.



Networking | 2012-02-09 01:03:39

It turns out I forgot an interface from SW1 to R5. Below is the new physical overview with accompanying GNS changes.

I’ve also set up the GNS routers with IP’s and associated frame relay commands. See below for the network overview containing IP’s + DLCI’s and the generic + frame relay config for each device.

Frame Relay Switch

hostname BR-CCIE-FRS
!
service password-encryption
!
no ip domain-lookup
!
enable secret 5 $1$GDhQ$Hufu4XUQWFqeQjap6/r7x1
!
frame-relay switching
!
interface Serial0/0
description TO BR-CCIE-R1 s0/0
no ip address
encapsulation frame-relay
clock rate 56000
frame-relay intf-type dce
frame-relay route 103 interface Serial0/3 301
!
interface Serial0/1
description TO BR-CCIE-R2 s0/0
no ip address
encapsulation frame-relay
clock rate 56000
frame-relay intf-type dce
frame-relay route 203 interface Serial0/3 302
!
interface Serial0/2
description TO BR-CCIE-R2 s0/1
no ip address
encapsulation frame-relay
clock rate 56000
frame-relay intf-type dce
frame-relay route 215 interface Serial0/5 315
!
interface Serial0/3
description TO BR-CCIE-R3 s0/0
no ip address
encapsulation frame-relay
clock rate 56000
frame-relay intf-type dce
frame-relay route 301 interface Serial0/0 103
frame-relay route 302 interface Serial0/1 203
!
interface Serial0/5
description TO BR-CCIE-R5 s0/0
no ip address
encapsulation frame-relay
clock rate 56000
frame-relay intf-type dce
frame-relay route 315 interface Serial0/2 215
!
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
logging synchronous
login

R1

hostname BR-CCIE-R1
!
service password-encryption
!
no ip domain-lookup
!
enable secret 5 $1$GDhQ$Hufu4XUQWFqeQjap6/r7x1
!
interface Loopback0
ip address 120.100.1.1 255.255.255.0
!
interface Serial0/0
description TO BR-CCIE-FRS s0/0
ip address 120.100.123.1 255.255.255.0
encapsulation frame-relay
clock rate 56000
frame-relay map ip 120.100.123.3 103
!
interface FastEthernet0/1
description TO BR-CCIE-SW2 fa0/1
ip address 150.100.1.1 255.255.255.0
speed 100
full-duplex
!
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
logging synchronous
login

R2

hostname BR-CCIE-R2
!
service password-encryption
!
no ip domain-lookup
!
enable secret 5 $1$GDhQ$Hufu4XUQWFqeQjap6/r7x1
!
interface Loopback0
ip address 120.100.2.1 255.255.255.0
!
interface Serial0/0
description TO BR-CCIE-FRS s0/1
ip address 120.100.123.2 255.255.255.0
encapsulation frame-relay
clock rate 56000
!
interface FastEthernet0/1
description TO BR-CCIE-SW2 fa0/2
ip address 150.100.2.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/1
description TO BR-CCIE-FRS s0/2
ip address 120.100.25.2 255.255.255.0
encapsulation frame-relay
clock rate 56000
frame-relay map ip 120.100.25.5 215
!
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
logging synchronous
login

R3

hostname BR-CCIE-R3
!
service password-encryption
!
no ip domain-lookup
!
enable secret 5 $1$GDhQ$Hufu4XUQWFqeQjap6/r7x1
!
interface Loopback0
ip address 120.100.3.1 255.255.255.0
!
interface FastEthernet0/0
description TO BR-CCIE-SW1 fa0/3
ip address 120.100.34.3 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
description TO BR-CCIE-FRS s0/3
ip address 120.100.123.3 255.255.255.0
encapsulation frame-relay
clock rate 56000
frame-relay map ip 120.100.123.2 302
frame-relay map ip 120.100.123.1 301
!
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
logging synchronous
login

R5

hostname BR-CCIE-R5
!
service password-encryption
!
no ip domain-lookup
!
enable secret 5 $1$GDhQ$Hufu4XUQWFqeQjap6/r7x1
!
interface Loopback0
ip address 120.100.5.1 255.255.255.0
!
interface FastEthernet0/0
description TO BR-CCIE-SW1 fa0/5
ip address 120.100.45.5 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip address 120.100.25.5 255.255.255.0
encapsulation frame-relay
clock rate 56000
frame-relay map ip 120.100.25.2 315
!
interface FastEthernet0/1
description TO BR-CCIE-SW2 fa0/5
ip address 150.100.3.5 255.255.255.0
speed 100
full-duplex
!
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
logging synchronous
login

Like the minicom scripts, I’ve also hardset the GNS console port numbers so I can configure console scripts. It’s very straightforward:

nano br-ccie-frs
telnet 127.0.0.1 2000
chmod 777 br-ccie-frs

Everything is still rolling well. Even though there are no routing protocols or heavy packets running yet, the X2 is handling the 5 routers without a hitch.



Networking | 2012-02-08 01:27:37

It’s taken me a full month to get prepared for the CCIE labs – and subsequently a full month to start studying. A whole month is a lot of time for extra learning, cramming and exam preparation, but it shouldn’t come to effect me too much – but now its time to roll.

Now here’s the first update in many as things get underway…

The physical lab has been altered slightly to accomodate for the hardware and GNS setup. It is still based on a mix of physical and virtual equipment in the topology outlined in the Cisco CCIE R&S v4 Practice Lab 1. Unfortunately the 3550’s don’t support auto MDIX like the 3560’s do, so new 0.5M CAT6 cross over cables were purchased to cable the switches together.

Logically I did want to run a seperate management VLAN over the switches to get telnet access to them and save on cabling costs, but I’ve scrapped that idea due to possible issues in killing a switch or vty sessions whilst being remote. The only physical change this has caused is the purchase of new console cables (hardware specs further on).

The GNS3 box has been configured up and is running happily. Instead of forking out ~$900 for a new i7 box I’ve reused an old AMD x2 I had lying around. The only parts I needed for this was a new case, PSU and DVD drive, so I opted to try this first to keep costs down in the interrum. If the X2 (with mobo limited to 4gb) can’t handle the GNS load I’ll have to invest in a new i7 down the road (which wouldn’t be too bad as it could multitask as a F@H client when not being used) but for now were with the AMD.

Heres the hardware specs for those interested:
AMD Athlon64 X2 6000+
Asus M2N-MX
4x 1GB Kingston DDR2 in dual channel
D-Link DGE-530TX

As for software – I’ve got everything running inside Ubuntu 11.04 x64 Desktop. I wasn’t sure how external hypervisors linked to a trunked NIC work in GNS3, so I didn’t opt for the server version and instead I’m running GNS on screen. If I can figure out external hypervisors I may change this but for now it’s working well enough. The DGE-530TX worked out of the box with no special driver support needed and the vlan and 80211 packages are happy enough on top of it.

As many threads on the net suggest – GNS needs root permission in order to bind the Linux Ethernet NIO needed for trunk access. Both sudo and gksudo works when launching GNS, but I lost all the pretty skinning and icons – so I’ve logged in locally as root and running GNS from roots x11 session. This is definitely not best practice especially for boxes with internet accessible remote access, but for me this thing is only doing GNS so security issues don’t phase me.

As for console access I’m running 7 Astrotek USB to Serial Converter (205153). This seems to be detected natively however I forgot to check the dmesg output and loaded the prolific pl2303 driver anyway. The devices successfully register as /dev/ttyUSBX and my original thought was to use socat to bind a tcp port to the tty device. This worked to an extent. I’ve played a fair amount with the socat raw device options, but whatever I tried socat still liked to put double crlf and crnl at the end of lines. The major pain in this was I could not do a show run as the ouput was killed by the second crnl. For anyone interested in what I was trying with socat:

socat TCP4-LISTEN:8890 /dev/ttyUSB0,raw,b9600,cs8,parenb=0.

I have instead decided to setup script files that launch a minicom session. The only downside to this is I need multiple ssh sessions to the GNS box with each of them a minicom session, or kill and relaunch the minicom scripts as neeeded. Here’s one of the minicom script examples:

minicom -b 9600 -8 -D /dev/ttyUSB0

The rest of the software setup is pretty generic, I’ve just used tutes from googling on anything I’ve got stuck on regarding linux+GNS3 but the install and configure is pretty straight forward.

As an overview I’m running the below in physical/virtual:
Physical:
3550 – Breakout trunked to GNS PC
3725 – R4
3725 – R6
3550 – SW1
3550 – SW2
3550 – SW3
3550 – SW4
Virtual:
3725 – R1
3725 – R2
3725 – R3
3725 – R5
3725 – Frame Relay Switch
All switches are running c3550-ipbasek9-mz.122-35.SE5 and all routers are running c3725-adventerprisek9-mz.124-15.T14.

Below is the outline of the topology I’m working with. This is a just a physical overview except for the L2 logic when GNS becomes involved.

The total cost of the R&S is slowly rising:
Antec Three Hundred Tower Gaming Case – $65
Corsair CX-500 V2 500W Builder Series Power Supply $79.99
Sony AD7280SGB SATA Internal DOUBLE Layer Multiformat DVD Bunner $26.80
Sunix USB 2.0 PCI Card $15.90
Astrotek USB to Serial Converter x7 $144.20
Cabac 0.5M CAT6 Crossover – Not yet invoiced
Total: $331.89

I’m sure that cost is set to rise, especially if i hit a hardware barrier with either my GNS PC or running the 3550 switches.

I’ll be posting config examples that I’m using to connect everything up and just general rambling on the subject. Keep posted.



Networking | 2011-12-05 22:21:28

Well I’ve been massively lazy over the past year. I finished my CCNP and CCNASec but never did the certs, leaving my original CCNA to rot.

Now its time to study, finish and pass my CCIE R&S – in 6 months.

I’m sure there will be a lot of ranting and rambling here so keep hold while I throw myself at this.

In the meantime heres the first practice lab from the CCIE R&S v4 practice labs using a combo of 4x 3550’s 2x 3725’s and GNS using a trunked breakout switch.