Nope...

Mon 1 Nov 2021

How to update the firmware on cisco 2960 serie switch.

Backup the running configuration to your laptop or what ever. By using putty, after being connected: Select Change Settings…, in Session, select Logging, Click on Printable output, click on Browse and then select wher you want to save the output file and then Click on Apply On the switch: term len 0 sh running configuration Select Change Settings…, in Session, select Logging, Click on None, and then Click on Apply Connect to the switch, via SSH. Read More...

Tagged cisco, 2960, firmware

Mon 11 Oct 2021

Catégories:
Security

Generate certificate on windows PKI

The Internet Information Server (IIS) and Microsoft Internet Security and Acceleration (ISA) provide wizards in the administration user interface to request and install SSL certificates. With this blog post I want to explain how to request a SSL server certificate manually. The manual steps are required if the Certification Authority (CA) is not available in the same forest as the IIS or ISA is a member of. Prerequisites The AD server is running on the Microsoft Windows Server 2012 R2 operating system or later. Read More...

Tagged PKI,Windows Server,SSLCerts

Fri 8 Oct 2021

Catégories:
Analyse

TCPDUMP Filters

TCPDUMP Filters A tcpdump(8) filter to capture all packets that are # SSLv2, SSLv3, or TLS < 1.2 Assuming that all has been copied in a sile named ‘sslfilter’ Only the last line is useful, all the comments are only for understanding. sudo tcpdump "$(grep -v '^#' sslfilter)" or tcpdump -i vmx0 -s 1500 "`grep -v '^#' sslfilter`" -nnXSs0 -ttt # A tcpdump(8) filter to capture all packets that are # SSLv2, SSLv3, or TLS < 1. Read More...

Tagged security, Tcpdump

Thu 26 Aug 2021

Catégories:
wireguard
network
VPN

Comment configurer WireGuard sur Ubuntu 20.04

Important Traduction d’un article du site Digital Ocean Le contenu de cette page est la traduction Française de l’article How To Set Up WireGuard on Ubuntu 20.04 de Jamon Camisso. Introduction WireGuard est un réseau privé virtuel (VPN) léger qui prend en charge les connexions IPv4 et IPv6. Un VPN vous permet de traverser des réseaux non fiables comme si vous étiez sur un réseau privé. Il vous donne la liberté d’accéder à Internet en toute sécurité depuis votre smartphone ou votre ordinateur portable lorsqu’il est connecté à un réseau non fiable, comme le WiFi d’un hôtel ou d’un café. Read More...

Tagged security, VPN

Thu 12 Aug 2021

Catégories:
Firewall

Geeking out with HAproxy on pfSense

How to use HAproxy to share TCP port 443 for OpenVPN and SSH tunneling.

Tagged pfSense, HAproxy, HTTPS, SNI

Mon 17 May 2021

Catégories:
DNS

Use dig to Perform Manual DNS Queries

dig is a command line domain name system (DNS) querying utility that allows you to diagnose issues with domain name resolution. Installing Dig dig is part of a collection of DNS utilities often packaged with the DNS server “BIND”. You can install these utilities by issuing the appropriate command for your Linux distribution. For users of Debian and Ubuntu systems, use the following command: apt-get install dnsutils Users of CentOS and Fedora systems can use the following command: yum install bind-utils In Arch Linux, use the following command: pacman -S dnsutils Using Dig Consider the following basic dig output: Read More...

Tagged dig, troubleshooting, domain names

Fri 19 Mar 2021

Catégories:
Firewall

FreeeBSD commands

Performance Analysis Tools ![FreeBsd Performance tools]((images/FreeBSD_Performance_Observability_Tools.png) Users adduser # wrapper script to add users chsh # change user shell and other info pw groupadd teamtwo # add a group to the system pw groupmod teamtwo -m <username> # add a user to a group /etc/group # file to edit groups manually id # show group membership for current user System Configuration cat /var/run/dmesg.boot # show boot log with info about disks and pci devices kenv # show bios, board and chassi info (dump from kernel env) pciconf -l -cv # show info about PCI devices of the machine camcontrol devlist -v # list of attached ATA devices ifconfig # show and configure network interface parameters sysctl # tool to show/set all system/kernel coniguration variables sysctl -a # show all system/kernel configuration variables sysctl hw # show hardware related info and settings sysctl net # show all network related info and settings sysctl hw. Read More...

Tagged pfsense

Fri 19 Mar 2021

Catégories:
Analyse

WireShark Filters

Wireshark Filters Intro This document is meant to serve as a quick reference for points of interest in IP, TCP, UDP and ICMP headers. I cobbled the information from a variety of sources, all listed at the bottom of this page. This information will (hopefully) be useful to people building filters for network tools that use BPF, such as tcpdump or snort. I was moved to collect all of this stuff in one place after completing “Intrusion Detection In-Depth” at a recent SANS conference. Read More...

Tagged reference

Mon 1 Feb 2021

Catégories:
wireguard
network
VPN

Wireguard endpoints et adresses ip

Important Traduction d’un article du site PRO CUSTODIBUS Le contenu de cette page est la traduction Française de l’article WIREGUARD ENDPOINTS AND IP ADDRESSES de Justin Ludwig Wireguard endpoints et adresses ip Lorsque vous démarrez avec WireGuard, il peut être difficile de comprendre l’interaction entre les couches réseau sous WireGuard (le « vrai » réseau, souvent un réseau Ethernet ou WiFi physique) et le VPN WireGuard (réseau privé virtuel). Cet article couvrira quels paramètres de configuration sont utilisés pour quel (réseau « réel » ou réseau virtuel), et retracera comment un paquet individuel circule entre les deux. Read More...

Tagged security, VPN

Wed 18 Nov 2020

Catégories:
wireguard

Wireguard configuration Hub et Spoke

Important Traduction d’un article du site PRO CUSTODIBUS Le contenu de cette page est la traduction Française de l’article Wireguard Hub and Spoke configuration de Justin Ludwig Wireguard configuration Hub et Spoke Introduction Cet article explique comment configurer trois peers WireGuard dans une topologie Hub and Spoke. Il s’agit de la configuration que vous utiliseriez lorsque vous souhaitez connecter deux points de terminaison exécutant WireGuard, mais les deux points de terminaison sont derrière un NAT (traduction d’adresse réseau) restrictif ou des pare-feu qui ne permettent pas à l’un des points de terminaison d’accepter de nouvelles connexions de l’autre. Read More...

Tagged security, VPN