Technical Insanity of JFINLEY

ARP Cache Spoof detection in an appliance

jfinley — Thu, 10 May 2012 18:41:23 +0000

While slinking around on the Internet, I ran across this little appliance that shows to be a quick drop in solution. The device called “ArpDefender” can be found here and explained as:

full-fledged LIDS (LAN IDS), tailored to what the best information security experts currently recommend for the LAN environment. ARPDefender serves to fill the critical gaps left in your local network security by NIDS, HIDS, and NAC. Each ARPDefender unit reliably provides LAN security while allowing you to avoid false positive alerts.

Check it out!

VMware Hacked; source code stolen?

jfinley — Wed, 25 Apr 2012 14:17:39 +0000

I am seeing reports from various sources that say VMware was hacked into and source code was stolen. Trying to confirm this. At any rate, make sure outside access to your VM Hosts are always challenged by VPN entry only.

– Update: 4/25/12 Reported by TheHackerNews.com

– Update: 4/27/12 PCMag has also weighed in on the breach. VMware acknowledges hackers gain access, but is down playing the severity. Read more here.

Fortinet Wireless Webinar – interesting

jfinley — Fri, 20 Apr 2012 15:37:29 +0000

Attended a Fortinet Webinar on their Wireless initiative. Very interesting things coming soon, especially with FortiOS 5.0. Some features include:

Bridging
Client Side Wireless – traffic is not required to hit wireless controller if controller is remote
Remote Wireless Controllers
Receptionist Guest Provisioning

The Receptionist Guest Provisioning and bridging local is something we could use today, but FortiOS is expected to be released summer 2012. Can’t wait!

Temporary outage…. suuuurrray

jfinley — Fri, 20 Apr 2012 02:45:35 +0000

A PHP update took place at my hoster causing some outage….

FlashBack Virus on MAC OSX

jfinley — Wed, 11 Apr 2012 22:04:52 +0000

As Apple begins to penetrate into Microsoft’s dominance on the desktop, more and more “bad” guys will begin writing software to infiltrate your MAC. The latest is one called FlashBack; linked here to Apple – .

Kaspersky has a website to find & detection if your MAC is infected. Kudo’s to them for providing this free tool Click here for the link.

Fortigate Uptime

jfinley — Thu, 29 Mar 2012 01:14:20 +0000

So I logged into a clients Fortigate and noticed the following below. I love uptime.

Uptime 493 day(s) 2 hour(s) 23 min(s)
System Time Wed Mar 28 21:04:23 2012 [Change]

RFC 1918 & IPSEC Tunnels

jfinley — Tue, 06 Mar 2012 02:41:48 +0000

Do you add the necessary blocks for RFC 1918 on your EGRESSING ports? You should. Playing around the other day, I wanted to find out what would happen if taking a VPN route out. Using Route-Based IPSEC Tunnels on a Fortigate I placed a FW Policy with an address group on all internal -> egressing interfaces; placed at the top. I removed the static route, low and behold I see my counters going up on the DENY statement.

Now, will your ISP deny or block RFC-1918 traffic, sure…but what about the bleeding traffic exiting – could it be recorded? Sure…lesson? Block RFC-1918 traffic exiting your WANS.

SSL Clients accessing remote networks

jfinley — Sat, 04 Feb 2012 23:06:20 +0000

Came across the need to allow SSL VPN clients access to remote networks beyond the SPOKE Firewall. In this instance, we have an IPSEC LAN-2-LAN VPN Tunnel between two points, we’ll use the name HQ & Sister-Company. A remote user accessing the HQ Firewall needs access to the Sister-Company file server. Instead of configuring another instance of a user on the Sister-Company firewall or another instance in the SSL VPN Client, we can allow access from the HQ Firewall.

HQ Fortigate LAN2LAN VPN MUST be configured in interface/route mode. SSL_VPN clients connect to the HUB FGATE ie. HQ

FW-Policy(s):

* ssl.root:(source subnet) -> VPN_Interface:(destination subnet)
* WAN:(source subnet) -> VPN_Interface:(destination subnet) (ACTION) SSL-VPN (identify “interesting traffic” on the SSL Client. Make sure to set the group access under this policy.

Route(s):

* Destination_Network:VPN_Interface

Connect using the SSL_Client and ping a host on the far side and see if your COUNT SEND/Receive increment with each ping on the SSL VPN Client.

SOPA needs to be stopped

jfinley — Sat, 14 Jan 2012 22:29:30 +0000

While I carry heavy conviction on politics, one area I do not like our US Gov involved in is the Internet. Stop Online Piracy Act is yet another intrusion into it’s citizens lives. You may hear this only affects non-citizens, think again. You give an inch, they, the US GOV will take more than a mile.

FortiOS 4.3.4 is out

jfinley — Sat, 14 Jan 2012 22:25:49 +0000

Upgraded a test system to review the features/fixes, but it’s been getting some complaints from other admins that the IPSengine is consuming mass amounts of memory again. I’d recommend waiting for 4.3.5.