Network Monitoring Tools Les Cottrell, SLAC. Last Update: December 14, 2015 ESnet | ESCC | PinGER Internet monitoring | Tutorial This is a list of tools used for Network (both LAN and WAN) Monitoring tools and where to find out more about them. The audience is mainly network administrators. You are welcome to provide links to this web page. Please do not make a copy of this web page and place it at your web site since it will quickly be out of date. See here if you wish to suggest additions or changes. Routing internet traffic through a site-to-site IPsec tunnel in PfSense 2.1 In PfSense versions before 2.1 you could create site-to-site IPsec tunnels to connect two or more sites together. This worked fine but you couldn’t (from the web interface) route internet traffic from site A through the IPsec tunnel so that it would use site B’s internet connection. PfSense version 2.1 introduces that possibility. In such a setup internet traffic from Site A would appear to be coming from Site B. We had to use this because a vendor would check from which public IP an incoming connection was initiated. In this article we have two sites:
18 Extensions For Turning Firefox Into a Penetration Testing Tool - InfoSec Institute Firefox is a popular web browser from Mozilla. Popularity of Firefox is not only because it’s a good web browser, it also supports add-ons to enhance the functionality. Mozilla has a website add-on section that has thousands of useful add-ons in different categories. Some of these add-ons are useful for penetration testers and security analysts. These penetration testing add-ons helps in performing different kinds of attacks, and modify request headers direct from the browser. This way, it reduces the use of a separate tool for most of the penetration testing related tasks. Download Knoppix Live CD or DVD, Get Documentation and Help What is KNOPPIX? KNOPPIX is a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a Linux demo, educational CD, rescue system, or adapted and used as a platform for commercial software product demos.
wall m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format. In m0n0wall 1.8.1, the base system has been switched to FreeBSD 8.4 for better support of recent hardware, and there have been significant improvements, new features and bug fixes in many areas.
Prevent IPv6 multicasts from flooding the pfSense logs - pfSense - Zomers Knowledgebase If you have a pfSense box running with IPv6 enabled, you might notice that your pfSense firewall logs many link local to IPv6 multicast packets (ff02::/28). This happens because these are caught by the default deny rule in pfSense. In order to prevent these packets from flooding your logs, you can add a firewall rule which represents these specific packets and prevents them from falling into the default deny rule thus being logged. In order to add this rule, follow these steps: Log on to the webserver of your pfSense boxIn the top menu, go to Firewall -> RulesGo to the Floating tabClick on the little + icon at the right bottom to add a new ruleFill in the form as shown on the screenshot below (click on it to enlarge). At Interface, select the network(s) from which you are receiving these multicast packets (will be different on your box compared to the screenshot below).
Setting Up a Pentest Lab with pfSense in VirtualBox Introduction Penetration testing requirements often force penetration testers to do both external as well as internal assessments. This article covers the concepts that are required to setup a pentest lab in VirtualBox, which looks like a real network for a small-scale organization. This can be used as a base for setting up more advanced labs to practice penetration testing concepts in a legal environment. Before proceeding further, here is a quick note about licensing. Windows Operating Systems that we use in this article must be purchased from Microsoft or you can go with trial versions available.
Seven Different Linux/BSD Firewalls Reviewed Did you know more than 500 million computers in the United States have been disposed of in the last 10 years? That’s approximately 2 computers per person! One of the best ways to re-purpose an old computer is to install a Linux or FreeBSD firewall distribution, and use it to run your personal, home office, or small office network is one way to keep “obsolete” technology from ever reaching a landfill. Help the environment by reusing an old computer as a firewall. It will protect your computer from internet worms, save you time, money and most importantly – improve your internet experience as a whole. Using the PHP pfSense Shell Using The PHP pfSense Shell Using the PHP pfSense shell allows configuration of the config.xml file directly without needing to use the webConfigurator. Using this system can also allow rapid deployment of pfSense and or the setup of exotic configurations. The following will show an example session, with the text coming from the "help" command in the PHP shell. Follow each line or group of lines to run with "exec;". Recording and Playback
Open Source Intrusion Detection (IDS) Tools: A Quick Overview Whether you need to monitor hosts or the networks connecting them to identify the latest threats, there are some great open source intrusion detection (IDS) tools available to you. I won't bore you with how long I've been doing network security, but I've been doing packet analysis before any of these tools even existed. Tcpdump and me, good buddies. I've deployed and managed virtually every commercial and open source IDS tool out there. In fact my ardor for packets landed me a job analyzing network traffic for Fortune 50 companies while working at a major MSSP I'm sure everyone has heard of. Enough about me, let's get to it.
Access Control and Access Control Operators - Squid User's Guide Access control lists (acls) are often the most difficult part of the configuration of a Squid cache: the layout and concept is not immediately obvious to most people. Hang on to your hat! Unless the Squid Configuration Basics chapter is still fresh in your mind, you may wish to skip back and review the access control section of that chapter before you continue. This chapter assumes that you understood the difference between an acl and an acl-operator. The primary use of the acl system is to implement simple access control: to stop other people using your cache infrastructure. Configuring pfSense Hardware Redundancy (CARP) pfSense Hardware Redundancy with CARP This guide is brief and omits important considerations. You should read the hardware redundancy chapter in the pfSense book before configuring CARP.