joe's blog.

doing cyber stuff, and maybe some other things, too.

so it begins. (383 stroker build)

Apr
18

i bought a conversion van a while back, with the intent to restore it and take on road trips.  I got a 2001 chevrolet express 1500 Explorer conversion (the one with the built-in N64).  needless to say, it was a wreck of a van.  after a while saving up, I finally have what I need to get the engine started.  the old vortec 5700 in there was trashed, and a rebuild was in order.  (reliability and safety first, then fun interior stuff later!)  after getting into the motor, and then looking at shop prices (not to mention the horror stories I’d heard about some of the shops in my area), I decided to do a replacement.  Since this is now a completely custom project, I ended up deciding to do a 383 stroker, so I got myself a remanufactured block from Summit (SUM-150100-40).  It’s a pretty nifty short block with a 40/1000″ overbore, along with a magnaflux job and a warranty.  For ~$800 shipped, it’s not too bad a deal, considering just how clean it is.  I’m excited to get started!  More updates to come soon on the build as new parts come in.

The reman. block on the engine stand.

Lowering reconnaissance efficiency with PSAD, the Port Scan Attack Detector

Apr
10

i recently changed service providers from Comcast Business to XFINITY.  Business was the only way to get a static IP, and they had a great deal at the time.  Unfortunately, they thought it would be cool to raise the bill to $200/mo recently, so I had to find a better way to host my web services reliably.  I ended up moving to a residential account with XFINITY for a much more reasonable $70/mo for a 500Mbps DOCSIS 3.1 downstream connection (and a 10Mbps DOCSIS 3.0 upstream, yet to be modernized in my area).  i got myself a free-tier google compute cloud VM (along with the included, free static IPv4 address), and set up an OpenVPN tunnel between the cloud VM and my local firewall, and set up the VM to forward traffic to my internal network, simulating a box out on the Internet with a static, publicly-routable IP.  I’ll be making a write-up on that setup soon.

What does all of this have to do with psad?  well, when I moved from my 5-static-ip proxy-arp paradigm to a more traditional single, dynamic, masqueraded IP paradigm, I failed to realize that my psad installation was no longer effective against detecting port scans.  because of the VPN tunnel, all of the DNAT’ed web traffic inbound to the web server appeared to come from the 192.168.0.0/24 network ($HOME_NET), and not the public internet, and was thus ignored.  i thought the easiest solution to this would be to migrate the psad installation out to the cloud VM, and thought it was a good opportunity to write about the process.

for the full step-by-step, take a visit to my wiki:

https://www.jamisontribe.com/wiki/index.php/PsadInstallAndConfigure

i think psad is a wonderful tool, because it’s super-easy to deploy, and it does a pretty good job of alerting/stopping simple network scans, making good and fresh network reconnaissance a pain in the butt.  michael rash wrote it, and you should definitely check out his website, http://cipherdyne.org, and give his book Linux Firewalls a read.  tools like psad and fail2ban are too easy to install and usually have little overhead concerns.

you’ll need to make sure your firewall is set up in a strict, whitelisting fashion (something that you should do anyway).  That’s most of the work.  You also need to make sure that any unwanted/unpredicted packets destined to be dropped are first logged.  From there, you install psad and point it to your firewall logs, and it does all the rest of the magic.  I like setting up and forgetting, so I made some configuration changes to have psad act a little more sensitively, and to actually add block rules into the firewall, as opposed to merely alerting me.

Here’s an example scan, run from mxtoolbox.com, before the installation repair:

My webserver, being scanned from mxtoolbox

And again, with the service running:

It would seem to appear that the website is down.

We can see below that psad appears to be doing its job:

lucky socket 3 motherboard find

Apr
08

i needed to get an AT power supply for a retro build, and when I need individual parts, I find that the best way to get them is to buy whole computers from eBay.  They’re usually really cheap, and you’ll get a bunch of extra parts with them that you can use for future projects.  I found a suitable computer, labelled as a ‘DATA-STOR 286’, in working condition.  It was a super-lucky find though, because in addition to working out-of-the-box, it was not a 286, but rather a Pentium Overdrive, sitting in an Addtech Galaxy II, a motherboard for which I have been searching for a while!  It’s a Socket 3 with 1 8-bit ISA, 1 16-bit ISA, 2 VLB, and 4 PCI slots.  The battery was in great shape, too.  Looks like I’ve finally got the motherboard I want for my 486 VLB build!  It probably won’t be soon, but I’ll make a follow-up post when this build is complete.  I’ll have to include some screenshots of Duke Nukem 3D, Doom, Hexen, Heretic, Strife, etc.

feast your eyes!

Excellent Security Advice (from the 90’s)

Apr
07

i’ve got some older reading materials scattered around my house that don’t get too much attention, but they can still be great references from time-to-time, if not just fun reads.  I was perusing an older NetWare book, and came across a note on post-installation security.  It was super-interesting to be reading this, nearly two decades after its publication, to see how far the industry has come, concerning best practices with security.  While good security has always been of concern, this was written in a time when the average cybersecurity posture was a far-cry from the mammoth industry it has grown to be today.  In a time when computer networks in the workplace were an intriguing facet, usually without all the modern tools and utilities we take for granted today.  When password-protection wasn’t commonplace, and when ‘IT’ was synonymous with job security.  Before offensive security specialists, Snort, Splunk, machine learning, and the myriad other security tools had become standard fixtures in the network operations budget.  The book is peppered with these kinds of references, and I appreciate being able to come back to something like this to reminisce on the past, and to predict what the future holds.

This section was the last step in the installation process. Of course, this wasn’t a book focused on security, but it’s interesting nonetheless to see the entirety of the book’s best security practices summed up into one paragraph.

indoor server rack

Mar
28

i have a ‘small’ rack that houses a few servers, switches, and other bits of equipment.  this site, in fact, is hosted on it.  we moved, and no longer had a cool, acoustically isolated place to house the rack.  we have a ‘shed’ in our yard, but it’s just no good at keeping out the elements; way to wet in the winter and way too hot in the summer!  i brought the essentials inside (perimeter firewall, VM server, network switch, and storage array.  The rest (including the XServe, which was virtualized, and the old PowereEdge) were put into storage in the meantime.

unfortunately, this was a loud, dust-attracting eyesore that the dogs loved to run into.  we found a perfectly-fitting cabinet at IKEA for about $100 on sale, and brought it home.  note that the lid was a separate part.  I modified most of the equipment to operate silently in an air-conditioned room.  this involved a few tasks: replacing a few fans with low-noise desktop equivalents; swapping for larger heatsinks; bridging the air-gap between the ASIC heatsink in the switch with its chassis for better heat dissipation, and finally, re-arranging the hard drives in the array, and mounting passively-cooled peltier plates on the hard drive caddies to get them under their recommended operating temp of 55°C

all said-and-done, the new parts cost about $50, and everything runs silently, and cool.  not a bad setup.  it’s a pretty high-traffic area, so my wife and i went to the hardware store and got some mesh screening to staple to the inside so dust cannot enter.

     

 

Installing an old version of Debian (Lenny)

Mar
21

recently, I found myself needing to use an old version of Debian for a temporary time.  It was my first time using jigdo to download the old image, and I had to re-configure the package manager once I got the machine running.  All-in-all it was pretty easy, but something I’ll likely forget how to do, so I’ll put the process up here.

for the full details, and a step-by-step guide, visit my Wiki article on this topic:  https://www.jamisontribe.com/wiki/index.php/DebianOldVersions

basically, you get a copy of jigdo from the author’s website, as well as a copy of the image template files from the Debian Package Archive server (https://cdimage.debian.org/mirror/cdimage/archive/)  You’ll have to re-aim the jigsaw downloader at the archive server (http://archive.debian.org/debian/), and it should work just fine.  I ended up downloading the DVD image for the first disc of 5.0.7 (Lenny), and it took about 30 mins.

once you’ve got your image and you’ve installed the OS, you’ll have to update your /etc/apt/sources.list to point at the archive server as well (deb [trusted=yes] http://archive.debian.org/debian lenny main).  from there, an apt-get update && apt-get upgrade should have you up and running!

now i’m an IT pro!

Mar
21

welcome to my blog!  i do lots of small IT projects (and other projects, too) and thought this would be a good place to share what i’ve learned.  hopefully it can be helpful to someone else out there; most of the best lessons I’ve learned through time have been from blogs from the real IT pros online.  there’s a link above to my Wiki, which will have much more details.  I’ll link out to it in my posts when appropriate.  i hope you enjoy it or find it useful!