- Vulnerability: Infiltrating a network via Powerline (HomePlugAV) adapters
- Communicating with HomePlugAV Devices using Python
- Unbound: Adding Custom DNS Records
- Android: Protecting your network data from local snooping
- NGinx: Accidentally DoS'ing yourself
- Citroen C5: BSI Reset
- Allowing your Internal Search Engine to Index JIRA Issues
- MySQL Cheatsheet
- Usurping the BTHomeHub with a Raspberry Pi: Part 6 - Conclusion
- Testing Raspberry Pi Images with Qemu
- Removing index.php from SEF URLs
- Audi A6: Front Brake Pad Replacement
- Usurping the BTHomeHub with a Raspberry Pi: Part 5 - Inbound OpenVPN
- Recovering from corrupted InnoDB Pages
- OpenVPN on CentOS 6 (Updated) - With HMAC
- Usurping the BTHomeHub with a Raspberry Pi: Part 4 - Using a VPN to Tunnel Connections to Specific IPs
- OpenVPN on Debian
- Usurping the BTHomeHub with a Raspberry Pi: Part 3 - Routing, Remote Administration and Utilities
- Usurping the BTHomeHub with a Raspberry Pi: Part 2 - DNS, DHCP and NTP
- Usurping the BTHomeHub with a Raspberry Pi: Part 1
As I posted recently, I've been playing around with some of ON Network's PL500 HomePlugAV Adapters. Given my previous experience with Powerline adapters, as part of that tinkering I thought I'd see whether they contain (or are) a security issue.
Unfortunately the news isn't great, as I can now get effective physical network access using the HomePlugAV adapters as my entry point. It does, of course require some proximity to the target network, but is otherwise pretty straight forward.
As I don't have $5,000 to spare, I did this without reading the HomePlugAV technical specification.
Responsible Disclosure: Before publishing, I contacted the HomePlug Alliance to notify them of the issues I'd identified, but have had no response
I've got a couple of pairs of ON Networks' PL 500 HomePlugAV Powerline Adapters and have been playing around with them to see how they compare to the Computrend 902 devices I played around with 5 years ago.
I'm still playing around with the kit, but thought I'd document a very basic example of how to send commands to the devices using Python - the instructions should work for any kit based on Qualcomm's INT6x00 and AR7x00 chipsets (mine use the AR7420/QCA7420) - we'll be changing one of the encryption keys (the NMK) that the devices use
When I wrote my post on configuring DNS, DHCP and NTP on a Raspberry Pi, I forgot to include information on how to add your own DNS records to Unbound (straight forward as it is). So in this post, I'll give a very brief overview.
All changes should be made in an unbound configuration file (probably /etc/unbound/unbound.conf, though you could also put them into a file in local.d, depending on your distribution - see below)
There's been a lot of news of late about the likes of NSA and GCHQ passively listening to Internet traffic. The steps in this post won't protect you from such a well resourced attacker, but will prevent others on open wifi networks and your mobile data provider from looking at the content of your phone's network traffic.
A good example of the data that can easily be collected can be seen in this recent Ars Technica post.
In this post, we'll be configuring an Android phone to conditionally connect to an OpenVPN server, dependant on whether it's associated with a specific WLAN
It turned out to be entirely self-inflicted, but I had a minor security panic recently. Whilst checking access logs I noticed (a lot of) entries similar to this
127.0.0.1 [01/Jun/2014:13:04:12 +0100] "GET /myadmin/scripts/setup.php HTTP/1.0" 500 193 "-" "ZmEu" "-" "127.0.0.1"
There were roughly 50 requests in the same second, although there were many more in later instances.
Generally an entry like that wouldn't be too big of a concern, automated scans aren't exactly a rare occurrence, but note the source IP - 127.0.0.1 - the requests were originating from my server!
I noticed the entries as a result of having received a HTTP 500 from my site (so looked at the logs to try and find the cause). There were also (again, a lot of) corresponding entries in the error log
2014/06/01 13:04:08 [alert] 19693#0: accept4() failed (24: Too many open files)
After investigation, it turned out not to be a compromise. This post details the cause of these entries.
The Body control unit (BSI) on Citroens (and Peugeots) sometimes goes batshit-insane and switches things off for no other apparent reason than it felt like it.
A reset is usually enough to resolve, but the steps need to be followed almost exactly, and the car should be thoroughly checked afterwards to make sure everything is working.
This documentation details how to perform the reset
I use a number of tools on my network, including a private JIRA install (i.e. you need to log in to view anything) and the Sphider PHP search engine (I've generated a lot of documentation over the years).
Unfortunately the two aren't exactly compatible, as Sphider has no way to log into JIRA, but I wanted my JIRA issues and comments to be indexed so that relevant items can be included in my search results. One option would be to set JIRA to public mode, but I'd rather maintain the need to log in.
So instead I created a simple PHP script - JIRA Issue Listing - to generate a list that Sphider could index, but would redirect 'real' users to the relevant issue on JIRA.
This post is the documentation for that script
I started an article on basic MySQL Tips and Tricks a little while ago, but never quite finished it. This documentation contains those tips as well as some additional techniques I've picked up
Throughout this series of articles, we've been aiming to usurp the role of the BTHomeHub on our home network, leaving it to do nothing but act as an Internet Gateway and provide a basic NAT firewall. As we've seen, it can be stubborn and insist on trying to ignore 'off' settings.
In the previous five parts, we've configured our Raspberry Pi to perform many of the functions of the HomeHub, as well as a few extras that BT never saw fit to provide. So, now we're going to step back and look at the functionality we've got.
Although changing the OS on a Raspberry Pi is quick and easy (especially if you have a spare SD card), there are times when you might want to test a system first, or simply tinker without needing a spare Pi.
This documentation details how to use Qemu to run a RaspberryPi image.
So you set up your Joomla! site, made it live, and later realised that you'd forgotten to enable the HTAccess file for SEF URL's.
The end result being that all your URLs contain /index.php/ What to do?
You could just enable the HTAccess file, but all the old URL's will then return a 404. Not great if your site has already been indexed by search engines, even worse if others have linked to you too.
In fact, on newer sites, it might even be worse - the old link will still be valid, but there'll be a 'new' link too, so you'll end up with two URLs for the same content.
It's actually incredibly simple to resolve, and this documentation details the two steps you need to take to resolve it, without breaking the old URLs.
Changing the front brake pads on the Audi A6 Savant is a relatively straight forward task to complete. The brakes are one of the areas where Audi appear to have taken the wise decision not to over-complicate things too much.
This documentation applies to the 2000 model, but the steps should be similar for others too
In Part 4 we configured our Raspberry Pi router to maintain a number of OpenVPN tunnels and to route through them selectively. Now we'll look at the steps needed to allow connection to our LAN via OpenVPN. Although helpful, as the HomeHub doesn't provide VPN connectivity, this stage doesn't really count as Usurping the BTHomeHub.
The steps are almost completely identical to those performed when Installing Open VPN on Debian. We're going to have to NAT connections though, as the HomeHub is a little stupid and we can't add static routes to it (so if we're connected to the VPN and accessing the Internet, it won't know where to route the response packets).
What we'll do, though, is only NAT if the connection isn't to something on the LAN.
I recently encountered an issue with various InnoDB pages becoming corrupted on the database that plays host to my JIRA install. It was - to some extent - a mess of my own making for mixing production and development databases (or more precisely, for hosting that production database on a dev machine).
Lesson learnt, sure, but I still needed to address the issue so that I could get JIRA up and running again.
This documentation details the steps to follow - it won't resolve every case of corruption, but it resolved the issues I was seeing
I've previously documented how to install and configure OpenVPN on CentOS 6, but the steps appear to be outdated.
In this documentation, we'll (very quickly) detail how to configure OpenVPN on CentOS 6. We're also going to enable TLS Authentication so that OpenVPN won't even respond unless the connecting client provides the right pre-shared key.
You'll need the EPEL repos installed and enabled.
Usurping the BTHomeHub with a Raspberry Pi: Part 4 - Using a VPN to Tunnel Connections to Specific IPs
Content Filtering is becoming increasingly popular amongst Politicians, ISPs and generally clueless do-gooders. The problem is, whatever you think of their motives, it's generally poorly implemented and interferes with the end-users browsing experience, even when it's not supposed to (the image to the right appeared with filtering off! - click to enlarge).
As we've been Usurping the BTHomeHub with a Raspberry Pi, we're going to take a brief break to implement some useful functionality that the HomeHub didn't provide.
In this Part, we're going to configure our Raspberry Pi to connect to an OpenVPN server and route some of our traffic over the tunnel - depending on the destination IP (i.e. Split tunnelling). This will allow us to easily bypass the troublesome content filtering, whilst not un-necessarily introducing any latency to any connection that is (for the time being at least) unaffected by the filters.
Note: We'll be manually specifying the connections that are routed via VPN, so that we can 'whitelist' mistakes such as the EFF and Wikipedia, whilst still being 'protected' against other filtered pages.
Unless otherwise stated, all commands need to be run as root
Setting up OpenVPN on Debian is as straight forward as on CentOS, though some of the file locations differ slightly.
This documentation details how to install and configure OpenVPN on a Debian server.
In Part One we configured a RaspberryPi to act as a Wireless Access point, providing DHCP services to wireless clients. In Part Two we then configured our Pi to provide DHCP, DNS and NTP services to the entire LAN.
In this part, we'll be taking some more responsibility away from the BTHomeHub, as well as configuring a few conveniences, such as Remote administration and useful utilities, including
- Wake On Lan
- Network Troubleshooting Tools
- Dynamic DNS Update Client (No-Ip.com)
In Part One, we configured our RaspberryPi to act as a Wireless access point and bridged the wireless and wired interfaces so that WLAN client's were easily accessible from the LAN.
As part of that setup, we configured a DHCP server, however we haven't yet made it the DHCP server for the LAN - our tired old BTHomeHub is still the authoritative server for the network.
In this part, we'll be reconfiguring our DHCP server so that it takes responsibility for the entire LAN, configuring DNS services, and making our Pi the LANs central NTP (Network Time Protocol) Server
Step by step, we'll be configuring our Raspberry Pi to take over nearly all of the duties performed by the BTHomeHub.
I used to run a nice pfSense box as my router, unfortunately power bills being what they are, I reverted back to using a BTHomeHub. Unfortunately, the BTHomeHub isn't particularly good - the Wifi signal sucks, it's DNS server seems to daydream and it occasionally forgets that it should be assigning some devices the same IP every time (or more precisely, will give their IP away if they are not currently present).
We could, of course, replace the HomeHub with something a bit more up market, but where's the fun in that? In this post, we'll be starting down the route of using a Raspberry Pi to usurp some of the power the BTHomeHub currently holds over the LAN. Eventually, the HH will be acting as nothing but a dumb internet gateway, doing a little bit of NAT and not much else.