My wife got sent to an ethical hacker class for work. I'm so jealous.
She brought home the course materials for us to play with.

Does anyone have a recommendations on where to get an account to do
penetration testing on my home network? I want to be able to get at the
firewall and DMZ from outside.

I thought about signing up for a netzero dial up account but I don't
want to run into trouble with their terms of service if I'm running
cracking tools.

Thanks!

On 17 Aug 2005 08:04:10 -0700, in alt.computer.security , "nobiscuit"
<nobiscuit@gmail.com> in
<1124291050.167775.95740@g47g2000cwa.googlegroups. com> wrote:

Why not do it direct? Get another computer and physically hook it up?


--
Matt Silberstein


And now our bodies are oh so close and tight
It never felt so good, it never felt so right
And we're glowing like the metal on the edge of a knife
C'mon! Hold on tight!
C'mon! Hold on tight!

Though it's cold and lonley in the deep dark night
I can see paradise by the dashboard light
Paradise by the dashboard light

Jim Steinman

On 17 Aug 2005 08:04:10 -0700, nobiscuit wrote:
You could see if you can find an old pc (400mh, 256 meg ram) with nic,
a crossover cable, load linux, and do whatever you like in house.

Hmm. My firewall also acts as a router for my internal nat'd computers.
It has a staic IP and its gateway is on the other side of the dsl
connection. It also does routing for a seperate DMZ subnet. I can set
up a brigding sniffer between the firewall/router and the dsl box but
I'm not sure how to set up a computer that would have a full network
connection between the firewall and the dsl so I could bang on the
firewall from the outside.

Oh. Duh. Crossover cable. Didn't think of that. :P

On 17 Aug 2005 08:22:53 -0700, nobiscuit wrote:
My firewall is connected to my cable modem. What I did was set the
cracking box's ip address same as the ISP gateway ip address. Since the
Firewall box was getting ip addy as DHCP. I had to change the FW box
to static and used the ip address given from the DHCP server.

"nobiscuit" <nobiscuit@gmail.com> writes:


Why not run it from your own machine? Or are the firewall/dmz in a router
or something like that?

I would like to be able to run the tests without interupting the
connection. My wife gets cranky when net access is down. I'm
guessing your firewall was no longer connected to the cable modem while
the cracking box was connected? If not, were their conflicts between
the ISP gateway and the cracking box?

I think there is still a PCI slot available in my firewall box. I
could throw another nic in there, connect with a crossover cable, close
off the nic with firewall rules and route incoming traffic from it to
the external interface.

I'd still like to get a clean shot at the firewall from the outside
though. I suppose I could just take my chances with netzero. They
didn't seem to notice all the noxious traffic from my neighbors
computer before we cleaned off all the spyware and crap.

Of course there is always Homeland Security. I can't believe they
would give a rats ass about my pitiful little network but these days
you never know. :P

Yup. The firewall and DMZ are handled by my router.

On 17 Aug 2005 09:46:18 -0700, nobiscuit wrote:
Now, we start getting the requirement.

Correct. That way each log entry/attempt is trackable back to test box.

Hmmm, might work depending on firewall software.

cheap $35 linksys switch, two regular cables, would let you jack in front
of firewall and have both connectivity and allow you to beat up the firewall.

USA Law was just passed that business were going to be responsible for malware
blasting the network.

Keep in mind, your firewall is only the first line of protection.
Malware writers are now going after apps running behind
firewalls. Example, realplayer, browsers, adoby, IM,....

nobiscuit wrote:

As long as you are trying to crack YOUR systems you should be fine...

I didn't think of the benefit of limiting the logs to just the cracking
attempts. That may be worth risking the wifely wrath.

I'm being thick here. If the firewall and the cracking box share a
connection via a switch, can I just give the cracking box a random IP
address? The firewall blocks any non-public IP addresses like
192.168.x.x from the outside so it would have to be a valid public IP
address. What would I set the subnet mask and gateway to?

Currently we are a Mac/OpenBSD only household so we have the benefit of
being a small target, virus/malwarewise. That's probably going to
change though. We also keep up on patches. I am planning to set up
snort again. The difficultly I have had with it in the past is tuning
the rules to avoid false positives and keeping up with the latest
signatures.

In article <1124291050.167775.95740@g47g2000cwa.googlegroups. com>,
nobiscuit <nobiscuit@gmail.com> wrote:
Get a cheap hub and patch in before your home router

Claude

On 17 Aug 2005 10:48:40 -0700, nobiscuit wrote:
Yes. Pick a china ip from your firewall log.
Make sure it is not a public ip like a business or college.

You get to test that by changing cracking box ip.

Pick an ip address, you are not supposed to chatting with anyone but
your firewall. Gateway can be the current one firewall is using or
munge the china ip+1.

What you do not want to do is send any attempt to a broadcast address
or anywhere but the known ip address of your Firewall Box.

I am guessing, if you ping the cracker box from the firewall box,
the SWITCH, not a HUB, should remember and only route between the two
as long as you are hitting only the firewall box. I would unplug the
WAN cable from switch until cracker/firewall can talk at each other.

Not M$ I hope. If so, I recommend firewalls on all other LAN
boxes and no id/passwords which could be sniffed by M$ box.
ftp, rlogin, rcp, mail..... nothing but ssh, scp for any box to box and
SSL for your email accounts. Any accounts on M$ should not match any
found on the lan and never use the M$ to log into LAN boxes.

Running Mandrivalinux myself, and check every day for updates.

All this begs the question, after putting a switch in WAN side, will your
connection still work. ISP's used to register MAC addresses. Your ip
address could change so check firewall ip after switch install.

I would power reset the WAN equipment for it to pickup the new MAC
found in the switch, otherwise nothing will work.

The wife has to take a bath, use a crossover to attack the system
during that time. Shoot you can let nmap run overnight, swap cables
back when you get up. Review the logs later.

Awesome. Thanks for the info! I'll try it when I get home from work.


Doh. I miscommunicated. What I meant was that although OSX is
currently, as far as I know, virus/malware free, it is only a matter
of time before someone writes a successful expolit. I love my Mac and
my wife would hurt me if I tried to take away hers. :P

Good idea.

Thanks again!

nobiscuit wrote:>
to fix the security issues...
Winged