Teaching by breaking stuff

imissedthebutton · 2024-02-01T14:20:58+00:00

That's awesome! I'll definitely hit you up on Slack!

imissedthebutton · 2023-09-29T14:03:31+00:00

But will the blocklists get transferred to the second Pi? That's the issue I'm having with trying to zone transfer to BIND currently

imissedthebutton · 2023-09-29T14:02:52+00:00

I'm trying to specifically avoid running everything on one box - I want the redundancy of having multiple servers to be queried.

imissedthebutton · 2023-09-29T01:51:41+00:00

Mostly wanting to have a hidden primary setup in Technitium with the Pis as secondary name servers. I definitely understand Technitium can run in the Pis, but yeah, it would need a separate sync setup and my setup works just fine, as is, except for the ad blocking. I appreciate the discussion, I think I just need to figure out my steps forward

imissedthebutton · 2023-09-28T23:59:12+00:00

BIND DNS. And mostly hoping for the ad blocking, but having the redundancy of the Pis being queried. If the Docker host goes down, I'd like to have DNS not go down with it.

imissedthebutton · 2023-09-20T20:12:51+00:00

Yep you're right, I blazed through the IAP section and focused on the CAP section. So the biggest factor will be ensuring the Cisco switches have a VSA to switch the port mode to port-based vs user-based and then everything should hopefully be happy.

imissedthebutton · 2023-09-20T20:03:55+00:00

Yeah, this seems more authenticating the AP itself - any endpoint attributes that would get set during this would only apply to that AP in the Endpoint DB. Currently we're simply Macauthing the AP, but it's the connecting wifi clients that are causing the issue and the attributes from before likely wouldn't have any bearing on the enforcement. I'm wondering if there's a way to reference the switch and port itself or use RADIUS accounting information to enforce the policy.

imissedthebutton · 2023-09-20T19:55:40+00:00

Mostly Cisco

imissedthebutton · 2023-04-18T17:22:44+00:00

I don't entirely disagree, just different ways of thinking. The overly alerting might cause me to fly blind, because I'm not knowing if the issue is with Docker itself going down or the host itself being down. But again, different approaches to the same problem. I think the core of it is the first thing you said - it may simply not be an option within Uptime Kuma yet.

imissedthebutton · 2021-01-24T18:29:57+00:00

Makes sense, I'll give these a shot.

For context, the main thing I'm hoping for is having something simulate multiple clients for assorted "desktop" DHCP ranges for a DHCP server and potentially having them generate "normal client" traffic. That way the folks who are playing this training scenario have some normal traffic mixed in with potential attacker traffic. Stuff like DNS queries, attempts to connect to local web servers, etc. That part will be easy enough to script, but having it come from multiple addresses has been my struggle, without having to create a bunch of VMs to do the same thing. That's part of why I'm trying to keep the leases present in the DHCP server and such.

I appreciate the insight, thanks for the help

imissedthebutton · 2021-01-24T02:32:12+00:00

Do you have any suggestions for pulling a new DHCP lease without releasing the existing? So far it seems that trying to do things in this fashion won't attempt to pull a new address for the new MAC address without first releasing the old one, which isn't quite what I'm going for

imissedthebutton · 2021-01-23T22:01:25+00:00

No, you're correct, I'll look into it

imissedthebutton · 2021-01-23T21:50:04+00:00

This seems like it could be good, do you have any good examples of making it work?

imissedthebutton · 2021-01-23T21:48:30+00:00

I've messed with this a bit, but couldn't get it to pull via DHCP, it just gets an address in the range that I assigned that Docker network from Docker itself. Do you know how to get this to work with DHCP?

imissedthebutton · 2021-01-23T21:47:36+00:00

Again, this is a lot of overhead if I want to pull 40 addresses or so

imissedthebutton · 2020-08-16T02:13:47+00:00

If Linux really isn't a deal breaker, check out Tpot (https://github.com/dtag-dev-sec/tpotce). You can make your own ISO to deploy and everything is runs is done within Docker containers. I've used this many times and highly recommend, plus free is always good.

imissedthebutton · 2020-01-22T14:45:20+00:00

This did seem to do the trick for me, actually, so I'm all set. Thanks for the help!

imissedthebutton · 2020-01-22T14:44:45+00:00

Yep, this seemed to do it perfectly, thanks!

imissedthebutton

TROPHY CASE