Archive

Category Archives for "Brezular’s Blog"

IPFire on Raspberry Pi 3B

IPFire is a modular opensource firewall distribution with a primary objective of security. IPFire employs a Stateful Packet Inspection (SPI) firewall, which is built on top of netfilter (the Linux packet filtering framework). The modular designs allows to extend basic functionality by installation of add-ons that can be easily deployed with the IPFire package management system - pakfire. Updates are digitally signed and encrypted.

During the installation of IPFire, the network is configured into different, separate segments (zones). These different segments may be enabled separately, depending on your requirements. Each segment represents a group of computers who share a common security level.

Green represents a "safe" area. This is where all regular clients will reside. It is usually comprised of a wired, local network. Clients on Green can access all other network segments without restriction. Red indicates "danger" or the connection to the Internet. Nothing from Red is permitted to pass through the firewall unless specifically configured by the administrator. Blue represents the "wireless" part of the local network. Since the wireless network has the potential for abuse, it is uniquely identified and specific rules govern clients on it. Clients on this network segment must be explicitly allowed Continue reading

LEDE on Raspberry PI

In December 2017, I created a home router based Linux piCore installed on Raspberry PI3. I use this router in everyday life in order to provide Internet connection for my home devices. So far I have not noticed any issues. However, the router offers only basic functionality. The number of packages that extends router's functionality is limited by the number of available PiCore extensions in repository. Therefore, it is better to load Raspberry with a advanced network distribution that provides a better customization of embedded netwrok devices with many available packages.

The article discusses an installation and configuration of Linux Embedded Development Environment (LEDE) on Raspberry PI3. LEDE is an opensource project that was created in 2016 as a fork of OpenWrt - Linux OS for embedded devices. In 2018, LEDE and OpenWrt projects reemerged and they announced their unification  under OpenWrt name .

1.  LEDE Installation

The part 1 discusses installation of LEDE on Raspberry Pi3 and resizing LEDE image. After copying LEDE to SD card, we need to resize file system in order to use full capacity of SD card.

1.1 Downloading and Extracting LEDE for Raspberry PI3

$ wget https://downloads.lede-project.org/releases/17.01.4/targets/brcm2708/bcm2710/lede-17.01.4-brcm2708-bcm2710-rpi-3-ext4-sdcard.img.gz

$ Continue reading

EIGRP Support in FRRouting 5.0.1

Recently, I have created Linux Core 9.0 x86-64 VMware Disk (VMDK) and installed FRRrouting suite 5.0.1 on the top of it in order to test current EIGRP support in Linux (RFC 7868).

The last time I tested EIGRP with FRR 3.1-dev installed on Linux Core, FRR suffered from many bugs. In fact, they were so serious so EIGRP was not ready for use. Unfortunately, they are also presented in FRR version 5.0.1. Therefore, I advise you to use another IGP routing daemons such as OSPF or IS-IS available in FRR until the issues are resolved.

Anyway, you can use my Core Linux VMDK disk with installed FRRouting 5.0.1 to practice routing in Linux. Thanks to using minimalistic Core Linux distribution, the size of image is only about 86 MB. The Core kernel is compiled with enabled option MULTIPATH so you can test equal cost multipath routing with OSPF. The image is available in Linux Core Router/Switch appliances.

Openswitch OPX 3.0.0 Installation On Ubuntu 18.04.1 LTS

I have covered installation of Openswitch OPX 2.3.2 on Linux Ubuntu 16.04 in a previous article. I will go further with this time and cover installation of Openswitch 3.0.0 on Ubuntu 18.04 (upgrade from 16.04). Firstly, it is worth to add that I haven't been successful with installation of any OPX version on Ubuntu 18.0.4.1. I have done several test with different Oracle VirtualBox versions (5.1, 5,2) but I have always got the error message VBoxManage: error: Code NS_ERROR_FACTORY_NOT_REGISTERED (0x80040154) - Class not registered (extended info not available). According to the words of developers installation of OPX 3.0.0 has been tested with Ubuntu 16.04 and Oracle VirtualBox 5.2.

1. Openswitch OPX 3.0.0 Installationon Ubuntu 18.04.1 Using Nested Virtualization

As I do not posses any spare hardware I decided to do a little workaround with the help of nested virtualization. Nested virtualization refers to virtualization that runs inside an already virtualized environment. In other words, it is the ability to run a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor. I installed Openswitch OPX 3.0.0 Continue reading

Openswitch OPX in GNS3

The previous article discusses an installation of Openswitch OPX on VirtualBox using lvm tool. We have extracted Openswitch OPX VDI disk from VirtualBoxVM and run the disk with Qemu. The image has been subsequently customized using the after install script in order to run it inside GNS3. Finally, we have tested the image within a simple GNS3 lab that proves its functionality. This article goes further and we are going to test VLANs bridging using Linux native commands.

Picture 1 - Network Topology

The lab consists of three Openswitch OPX 2.3.2 instances powered by Qemu hypervisor. The device OPX-Distrib1 is multilayer switch that is responsible for routing between VLANs 10,20,30,40 and 50. The VLANs 10-40 are end-users VLANs and the VLAN50 is used for management. The switches OPX-Access1 and OPX-Access2 are L2 switches with the port e101-001-0 configured as the trunk ports. End users are connected to the access ports e101-002-0 and e101-003-0 on both access switches.

Note: Customized Openswitch OPX 2.3.3 vdi disk can be downloaded in Download section. Login name is opxUser and the password is not set.

1. End User Computers and Management PC Configuration

In order to save memory of host, Continue reading

Crypto Energy Consumption Overtakes

I am more than happy to publish the new infographic " Crypto Energy Consumption Overtakes" with the help of my friends from btxchange.io. As we know, cryptocurrency mining is very popular nowadays but it comes with huge drawback in form of huge electricity consumption. The infographic finds out the most surprising numbers for crypto energy volumes. Enjoy reading.

Crypto Energy Consumption Overtakes

I am more than happy to publish the new infographic " Crypto Energy Consumption Overtakes" with the help of my friends from btxchange.io. As we know, cryptocurrency mining is very popular nowadays but it comes with huge drawback in form of huge electricity consumption. The infographic finds out the most surprising numbers for crypto energy volumes. Enjoy reading.

Openswitch OPX Installation on Linux

We have recently covered installation of Openswitch OPS on Linux. Since the version 2.0, Openswitch OPS has transformed into to a completely new project, called Openswitch OPX Base. Similar to its predecessor, OpenSwitch OPX Base system also provides an abstraction of hardware devices of network switch platforms in a Linux OS environment. However, original Yocto OS has been replaced by an unmodified Linux kernel based on Debian Jessie distribution.

We can install OPX Base on a virtual machine, similar to installing OpenSwitch on hardware platforms. A virtual machine (VM) uses the same software binaries as those executed on S6000-ON devices. The main difference is that the low-level device drivers for the SAI and SDI libraries are replaced with the packages that support hardware simulation, and interact with the hardware simulation infrastructure.

A host machine running Openswitch OPX VM might be Windows, or Mac OS X with at least 8GB of RAM and 100GB available disk space, and Virtual Box installed. The virtual machine needs to have one network interface configured for the Management interface (eth0). The network adapter eth0 corresponds to the first adapter attached to the VM, e101-001-0 to the second adapter and so on, and e101-00N-1 to Continue reading

Openswitch OPX Installation on Linux

We have recently covered installation of Openswitch OPS on Linux. Since the version 2.0, Openswitch OPS has transformed into to a completely new project, called Openswitch OPX Base. Similar to its predecessor, OpenSwitch OPX Base system also provides an abstraction of hardware devices of network switch platforms in a Linux OS environment. However, original Yocto OS has been replaced by an unmodified Linux kernel based on Debian Jessie distribution.

We can install OPX Base on a virtual machine, similar to installing OpenSwitch on hardware platforms. A virtual machine (VM) uses the same software binaries as those executed on S6000-ON devices. The main difference is that the low-level device drivers for the SAI and SDI libraries are replaced with the packages that support hardware simulation, and interact with the hardware simulation infrastructure.

A host machine running Openswitch OPX VM might be Windows, or Mac OS X with at least 8GB of RAM and 100GB available disk space, and Virtual Box installed. The virtual machine needs to have one network interface configured for the Management interface (eth0). The network adapter eth0 corresponds to the first adapter attached to the VM, e101-001-0 to the second adapter and so on, and e101-00N-1 to Continue reading

Openswitch OPX Appliances

OpenSwitch OPX Base is an innovative operating system for network systems. It uses an unmodified Linux kernel and standard distribution to take advantage of rich ecosystem, and also provide flexibility in customizing your system according to your network needs.

Note: Openswitch OPX images are customized with my after install script  and they are ready for use in GNS3.

Openswitch OPX 2.3.2
https://drive.google.com/file/d/1Vdpjoz53R7Rx1HYi8KcEuRuNvQnMMn0f/view?usp=sharing
https://sourceforge.net/projects/gns-3/files/VirtualBox%20Appliances/OpenswitchOPX-2.3.2.zip
https://www.4shared.com/s/fQu2DUd9dca

Openswitch OPX Appliances

OpenSwitch OPX Base is an innovative operating system for network systems. It uses an unmodified Linux kernel and standard distribution to take advantage of rich ecosystem, and also provide flexibility in customizing your system according to your network needs.

Note: Openswitch OPX images are customized with my after install script  and they are ready for use in GNS3.

Openswitch OPX 2.3.2
https://drive.google.com/file/d/1Vdpjoz53R7Rx1HYi8KcEuRuNvQnMMn0f/view?usp=sharing
https://sourceforge.net/projects/gns-3/files/VirtualBox%20Appliances/OpenswitchOPX-2.3.2.zip
https://www.4shared.com/s/fQu2DUd9dca

16 Blockchain Disruptions

I am more than happy to publish the new infographic "16 Blockchain Disruptions" with the help of my friends from bitfortune.net.  As we know, blockchain enables decentralized transactions across a P2P network. The infographic lists 16 different industries that benefits from using the blockchain technology. Enjoy reading.

 

16 Blockchain Disruptions

I am more than happy to publish the new infographic "16 Blockchain Disruptions" with the help of my friends from bitfortune.net.  As we know, blockchain enables decentralized transactions across a P2P network. The infographic lists 16 different industries that benefits from using the blockchain technology. Enjoy reading.

 

Are Chatbots a Security Risk?

Chatbots – ingenious little bits of programming that have been making it possible for companies to automate the handling of queries, sales, and basic customer support. These bots are deployed through a number of different messaging platforms like Facebook Messenger, WhatsApp, etc.

And they have proven very popular. But, how secure is the tech? Lately, especially, there have been a lot of concerns raised. Say, for example, that I head out and use the Nordstrom app. I find the perfect pair of discounted sport shoes and want to buy them.

How safe am I entering my credit card details over the system? Or, more importantly, can chatbots be hacked?

Let's take a step back here for a second. Certainly, a chatbot is essentially just a program, and so, it makes sense that it could be hacked. But the danger is not likely to be any more than your local bank being hacked.

The same HTTPS protocols and metadata techniques used to provide security for the bank's site and messaging services can also secure the information transmitted via chatbots. The tech underlying the chatbot is similar, in fact, to your standard app, so it is not new.

The main difference here, Continue reading

Are Chatbots a Security Risk?

Chatbots – ingenious little bits of programming that have been making it possible for companies to automate the handling of queries, sales, and basic customer support. These bots are deployed through a number of different messaging platforms like Facebook Messenger, WhatsApp, etc.

And they have proven very popular. But, how secure is the tech? Lately, especially, there have been a lot of concerns raised. Say, for example, that I head out and use the Nordstrom app. I find the  perfect pair of discounted sport shoes and want to buy them.

How safe am I entering my credit card details over the system? Or, more importantly, can chatbots be hacked?

Let's take a step back here for a second. Certainly, a chatbot is essentially just a program, and so, it makes sense that it could be hacked. But the danger is not likely to be any more than your local bank being hacked.

The same HTTPS protocols and metadata techniques used to provide security for the bank's site and messaging services can also secure the information transmitted via chatbots. The tech underlying the chatbot is similar, in fact, to your standard app, so it is not new.

The main difference here, Continue reading

Wireless ESSID as ROT13 Ciphertext

Recently, I have scanned nearby wireless networks with airodump. I have discovered five networks transmitting on channel 3. MAC addresses of access points (BSSIDs) transmitting on channel 3 differ only in last two hexa digits and a signal level (PWR) reported by my WiFi card is almost same for all BSSIDs.

$ sudo airodump-ng wlp3s0

Picture 1 - Wireless Networks of Caffe Geo Guru

The following three ESSIDs have caught my attention.

1) Heslo do siete caffe.geo.guru
2) zistis rozlustenim sifry
3) qnw fv qboer cvib

In fact, the ESSIDs represent a cryptography challenge created for customers of caffe.geo.guru. Once the challenge is successfully solved a customer gains a password for connection to the wireless network with ESSID caffe.geo.guru.

Note: The first two ESSID are written in Slovak. Their English version is below.

1) Password to network caffe.geo.guru
2) can be gained by decoding words
3) qnw fv qboer cvib

The third ESSID represents an encoded password. Obviously, letters are substituted in ciphertext which let us to the assumption that ROT cipher is used. Using ROT13 cipher on the encoded text 'qnw fv qboer cvib' gives us a required plain-text password Continue reading

Wireless ESSID as ROT13 Ciphertext

Recently, I have scanned nearby wireless networks with airodump. I have discovered five networks transmitting on channel 3. MAC addresses of access points (BSSIDs) transmitting on channel 3 differ only in last two hexa digits and a signal level (PWR) reported by my WiFi card is almost same for all BSSIDs.

$ sudo airodump-ng wlp3s0

Picture 1 - Wireless Networks of Caffe Geo Guru

The following three ESSIDs have caught my attention.

1) Heslo do siete caffe.geo.guru
2) zistis rozlustenim sifry
3) qnw fv qboer cvib

In fact, the ESSIDs represent a cryptography challenge created for customers of caffe.geo.guru. Once the challenge is successfully solved a customer gains a password for connection to the wireless network with ESSID caffe.geo.guru.

Note: The first two ESSID are written in Slovak. Their English version is below.

1) Password to network caffe.geo.guru
2) can be gained by decoding words
3) qnw fv qboer cvib

The third ESSID represents an encoded password. Obviously, letters are substituted in ciphertext which let us to the assumption that ROT cipher is used. Using ROT13 cipher on the encoded text 'qnw fv qboer cvib' gives us a required plain-text password Continue reading

Chatbots Gone Wild

I am pleased to publish a link to infographic called "Conquering The World - Chatbots Gone Wild". This infographic contains statistics that highlight the impact of Artificial Inteligence (AI) chatbots on business and other sectors. In online business they interact with customers and boost sales by saving time and cost. They become more and more useful as the customers are getting more comfortable with technology through voice commands.  According to the graphic, the business trust in chatbots is going to grow as the 80% of businesses claimed they already used or plan to use chatbots by 2020.

The link below is published with the kind permission of 16best.net.

Conquering The World – Chatbots Gone Wild (Infographic)

https://www.16best.net/blog/chatbots-gone-wild/

1 2 3 4