Author Archives: apomeroy

Summarize the struggle

Posted on by

So while struggling to write my latest paper on mobile communication technology and the associated vulnerabilities found at the various layers of the network stack, I found this odd little graphic and thought: gee, this really sums up how I feel right now…
badday

Of course it doesn’t make writing about 3G network implementation mistakes (Man-in-the-middle attacks on UMTS) any easier, but it did waste some time.

2009/06/05: Update: Ok, so the paper has been submitted. Now I’m a bit humbled, as I thought 3G mobile network connections were somehow sacred .. and somewhat ‘safe’ from hacking efforts. Alas, what a foolish concept. 3G (or UMTS) is no more immune to hacking than any other network technology that we currently use. UMTS is apparently vulnerable to (trivial?) man-in-the-middle attacks due to the carrier implementation of our shiny new 3G networks. Of course pure UMTS (3G) data networks would be best, however there is this entire encompassing 2G GSM network that includes base stations and controller infrastructure. Our friends K. Kotapati and associates outline some serious issues in A Taxonomy of Cyber Attacks on 3G Networks.  Unfortunately telecom carriers are not going to replace all the 2G infrastructure until absolutely necessary – this opens the vulnerability of 3G equipment (like our new iPhone 3G’s) as they roam onto 2G GSM networks until it has been replaced by all 3G UMTS (or various CDMA varients). Basically 2G base stations are not expected to protect the integrity of signaling messages and are subject to spoofing and manipulation by malicious parties. So someone can impersonate a 2G base station and force your shiny new 3G handset to operate in clear-text .. enabling subscriber information theft and eavesdropping on any non-SSL protected transactions. Hmm. Holy cr@p. Considering a friend of mine has demonstrated this in Calgary in January 2009, this is a bit too close to home for comfort. So if your phone indicates it’s on the EDGE network (E) vs (3G) .. I’d think about turning the power off or at least enclosing your precious iPhone (or Storm) in tin foil .. until you can get back on a 3G network segment.
Wow. So much for the new mcommerce, eh?

RAM based filesystems in Linux

Posted on by

When doing I/O intensive processing on Linux systems, I’ve found that creating a RAM based filesystem can substantially improve processing times. Of course nothing but the transitory processing data should be written to the fake filesystem to avoid data loss in the case of unintended dismount or system crash.

mount -t ramfs ramfs /tmp/ramfs -o size=4m

Info Sec and IT Sec books and articles of interest

Posted on by

Start of my InfoSec article journal and book list

Not really blog worthy, but I decided to start a journal of interesting information security articles or books that I’ve found to be particularly valuable. Not all of them are publicly available, but where I can, I’ll add some links. Really this is just a list of my dog-eared books in no particular order. (-:

Articles

Security Controls That Work; Information Systems Control Journal; Volume 4, 2007

Information Security Standards Foucs on the Existence of Process, Not Its Content; Communications of the ACM; August 2006, Volume 49, Number 8

FrankenSOA; Network Computing; 06/25/07; Page 41

Books

Chris McNab, Network Security Assessment, Sebastapol, CA: O’Reilly Media, Inc., 2004 – Describes a technical assessment methodology which can be used to understand the “threats, vulnerabilities, and exposures modern public networks face.”

Andrew Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt, Upper Saddle River, NJ: Addison-Wesley, 2007 – Information security has been largely justified by fear over the last many years. This book is the single best book I have seen yet which provides a pragmatic guide to using effective metrics in infosec programs and communication with stakeholders. I think that organizations which adopt this type of approach will fare well when infosec spending starts to level off or dry up.

Stephen Northcut, Lenny Zeltser, Scott Winters, Karen Kent & Ronald Ritchey, Inside Network Perimeter Security, Indianapolis, Indiana: Sams Publishing, 2005 – excellent multi-layer book which describes appropriate techniques to layer differing strategies together to provide stronger perimeter defense
.  “Defense in depth is a primary focus of this book, and the concept is quite
simple: Make it harder to attack at chokepoint after chokepoint.”

High availability firewalls with OpenBSD, pf and CARP

Posted on by

One can now inexpensively build a fault tolerant firewall cluster that removes any single point of failure in the security policy enforcement points at your security zone boundaries. Synchronous firewall state table updates and an open source version of virtual router redundancy protocol (CARP) gives the ability to seamlessly insert or remove firewalls from a cluster. No more patching firewalls at 2am hoping for the best (or not patching because it’s too hard).

PDF

Soekris net5501 SBC Linux installation

Posted on by

Soekris Engineering net5501 SBC setup with Linux

2008/09/03

net5501 is a x86 SBC that I ordered with 4 10/100 ethernet ports, 512MB memory, 500MHz Geode LX CPU

Serial console is used for setup of net5501 – BIOS writes to serial port since there is no xVGA port. <ctrl-p> to enter BIOS setup. DB9 pinout:

2 — 3

3 — 2

5 — 5

Use 19,200 bps 8 data bits, no parity, 1 stop

With the Macbook Pro, I use a Keyspan USA-19HS USB <–> DB9 RS232 serial converter (and DB9-RJ45 adapters to implement the null modem configuration and allow me to use an ethernet cable for the serial console <–> Keyspan device.

On OS X (10.5) I use “screen” to provide the serial terminal interface:

$ screen /dev/tty.USA19H1a2P1.1 19200,8

<ctrl-a><ctrl-\> to exit

On the net5501 BIOS, PXEBoot is disabled:

set PXEBoot=Disabled

I setup voyage-0.5.0 on a compact flash card then installed the card into the net5501 – works great the first boot

Default root info: root / voyage

OpenBSD setup info:

http://techblagh.blogspot.com/2008/08/installing-openbsd-43-on-soekris-5501.html

Setup IMAPS on iPhone 3G with self-signed certificates

Posted on by

So setting up my shiny new iPhone 3G for IMAPS email was not entirely straight forward.  (-:  There are two complicating factors that I ran into.  For IMAP over SSL (IMAPS) connections to a mail server that is using a digital certificate that is signed by a well known certificate authority AND running on the default TCP port 993, no problems.  You may have a be a bit patient as the mail app on the iPhone accepts the certificate.  For less standard mail server implementations, read on …

I am using a server certificate that is in essence a self-signed certificate – it is signed by CAcert.org, however very few (if any) browsers and mobile devices trust or even know of CAcert.org.  In this case, you will need to be patient while the iPhone mail app finally rejects the server certificate as untrusted.  The dialogue box will acknowledge the mail server certificate is invalid and will ask if you want to continue.  Accept the continue option and eventually (took about 5 minutes for my iPhone) the iPhone will accept the ‘invalid’ certificate.

Now, if you are using a mail server that has IMAPS running on a non-standard port (anything other than TCP 993), you must first establish the connection and have the iPhone accept the certificate over port 993.  Once the mail account is setup initially, then you can go change the port to something non-standard.

Once I get a chance I’ll post some screen shots.

MythTV FC7 LVM on RAID1 Configuration

Posted on by

MythTV PVR HDD Mirroring 2008/07/24
Host: n43 (mythtv)
– Two SATA 500GB drives sda sdb
– current production drive is sdb

Problem: I’ve done migrations of LVM2 volumes from 320GB SATA to 500GB SATA and added
a redundant 500GB SATA. Now I want to get software RAID 1 setup to protect the
root, swap and /storage filesystems from damage if/when one of the shiny new 500GB SATA
disks bite the dust.

Followed howtoforge.com linux_lvm_p1 (start of article) to free up sda from LVM
volume group VolGroup00 .. http://www.howtoforge.com/linux_lvm_p7

0. Did a file level backup to the fileserver:
[root@n59 20080724]# sshroot@192.168.1.2This e-mail address is being protected from spambots, you need JavaScript enabled to view it“tar cf – /lib” | dd of=mythtv-lib.tar
(repeat for /boot /storage /var /etc /home)

1. Free up sda2 LVM volume. I know this volume is not used anymore,
but it still has same-disk backup of /storage from when I was tweaking
MythTV.

[root@mythtv ~]# pvmove /dev/sda2
[root@mythtv ~]# vgreduce /dev/VolGroup00 /dev/sda2
[root@mythtv ~]# pvremove /dev/sda2

– now running on sdb only –

Setup RAID 1 mirroring (md)

2. Partition sda for mirroring (Auto RAID label)
[root@mythtv ~]# fdisk /dev/sda
<delete partitions>
<add primary 1 whole disk>
<set flag to fd – Auto RAID>

[root@mythtv ~]# fdisk -l

Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 19 152586 83 Linux
/dev/sda2 20 60801 488231415 fd Linux raid autodetect

Disk /dev/sdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 19 152586 83 Linux
/dev/sdb2 20 60801 488231415 8e Linux LVM

Notice that sdb is still using only LVM, not RAID.

Continue reading

Linux iptables notes

Posted on by

Add local redirection of low port to unpriv high port

Remove any existing entries:

iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025 2> /dev/null
iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080 2> /dev/null

Add new redirects:
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025
iptables -t nat -I PREROUTING –src 0/0 -p tcp –dport 80 -j REDIRECT –to-ports 8080

Windows SMB/CIFS shares

Posted on by

Map CIFS shares:

NET USE \\1.2.3.4 /USER:DOMAIN\USERID

NET USE

NET USE \\1.2.3.4 /DELETE

Alter boot time settings:

MSCONFIG

smbclient syntax:

# mount -t smbfs -o username=user,password=pass //server/sharepoint /mnt/localmntpoint

Escape admin shares:

//wfsnt55/c\$