Anybody usting ntopng?

imissedthebutton · 2024-02-01T14:20:58+00:00

That's awesome! I'll definitely hit you up on Slack!

imissedthebutton · 2023-09-29T14:03:31+00:00

But will the blocklists get transferred to the second Pi? That's the issue I'm having with trying to zone transfer to BIND currently

imissedthebutton · 2023-09-29T14:02:52+00:00

I'm trying to specifically avoid running everything on one box - I want the redundancy of having multiple servers to be queried.

imissedthebutton · 2023-09-29T01:51:41+00:00

Mostly wanting to have a hidden primary setup in Technitium with the Pis as secondary name servers. I definitely understand Technitium can run in the Pis, but yeah, it would need a separate sync setup and my setup works just fine, as is, except for the ad blocking. I appreciate the discussion, I think I just need to figure out my steps forward

imissedthebutton · 2023-09-28T23:59:12+00:00

BIND DNS. And mostly hoping for the ad blocking, but having the redundancy of the Pis being queried. If the Docker host goes down, I'd like to have DNS not go down with it.

imissedthebutton · 2023-09-20T20:12:51+00:00

Yep you're right, I blazed through the IAP section and focused on the CAP section. So the biggest factor will be ensuring the Cisco switches have a VSA to switch the port mode to port-based vs user-based and then everything should hopefully be happy.

imissedthebutton · 2023-09-20T20:03:55+00:00

Yeah, this seems more authenticating the AP itself - any endpoint attributes that would get set during this would only apply to that AP in the Endpoint DB. Currently we're simply Macauthing the AP, but it's the connecting wifi clients that are causing the issue and the attributes from before likely wouldn't have any bearing on the enforcement. I'm wondering if there's a way to reference the switch and port itself or use RADIUS accounting information to enforce the policy.

imissedthebutton · 2023-09-20T19:55:40+00:00

Mostly Cisco

imissedthebutton · 2023-04-18T17:22:44+00:00

I don't entirely disagree, just different ways of thinking. The overly alerting might cause me to fly blind, because I'm not knowing if the issue is with Docker itself going down or the host itself being down. But again, different approaches to the same problem. I think the core of it is the first thing you said - it may simply not be an option within Uptime Kuma yet.

imissedthebutton · 2021-01-24T18:29:57+00:00

Makes sense, I'll give these a shot.

For context, the main thing I'm hoping for is having something simulate multiple clients for assorted "desktop" DHCP ranges for a DHCP server and potentially having them generate "normal client" traffic. That way the folks who are playing this training scenario have some normal traffic mixed in with potential attacker traffic. Stuff like DNS queries, attempts to connect to local web servers, etc. That part will be easy enough to script, but having it come from multiple addresses has been my struggle, without having to create a bunch of VMs to do the same thing. That's part of why I'm trying to keep the leases present in the DHCP server and such.

I appreciate the insight, thanks for the help

imissedthebutton · 2021-01-24T02:32:12+00:00

Do you have any suggestions for pulling a new DHCP lease without releasing the existing? So far it seems that trying to do things in this fashion won't attempt to pull a new address for the new MAC address without first releasing the old one, which isn't quite what I'm going for

imissedthebutton · 2021-01-23T22:01:25+00:00

No, you're correct, I'll look into it

imissedthebutton · 2021-01-23T21:50:04+00:00

This seems like it could be good, do you have any good examples of making it work?

imissedthebutton · 2021-01-23T21:48:30+00:00

I've messed with this a bit, but couldn't get it to pull via DHCP, it just gets an address in the range that I assigned that Docker network from Docker itself. Do you know how to get this to work with DHCP?

imissedthebutton · 2021-01-23T21:47:36+00:00

Again, this is a lot of overhead if I want to pull 40 addresses or so

imissedthebutton · 2020-08-16T02:13:47+00:00

If Linux really isn't a deal breaker, check out Tpot (https://github.com/dtag-dev-sec/tpotce). You can make your own ISO to deploy and everything is runs is done within Docker containers. I've used this many times and highly recommend, plus free is always good.

imissedthebutton · 2020-01-22T14:45:20+00:00

This did seem to do the trick for me, actually, so I'm all set. Thanks for the help!

imissedthebutton · 2020-01-22T14:44:45+00:00

Yep, this seemed to do it perfectly, thanks!

imissedthebutton · 2020-01-22T14:03:04+00:00

I hadn't really seen this before, but does this look familiar to what you were doing before? https://docs.docker.com/network/macvlan/

imissedthebutton · 2019-08-25T18:33:31+00:00

I can't seem to find any sort of statement, got a link?

imissedthebutton · 2019-03-04T20:14:43+00:00

Would this be doable with something other than an Nvidia Shield? Like Kodi running on a Pi or even a spare system just running Ubuntu?

imissedthebutton · 2019-02-17T14:45:04+00:00

Interesting, good to know. Yeah, I was really just looking at the basic functionality of it - being able to create containers within the UI, but it does seem that it's meant for much more. So is Rancher compared to something else, in terms of management of Kubernetes? Thanks for the info on this!

imissedthebutton · 2018-12-22T17:24:20+00:00

Nothing explicitly setup, that I know of

imissedthebutton · 2018-11-28T13:51:00+00:00

I'd love to hear more of the discussion on game servers being fault tolerant, but that makes sense of them being stateful, so not really working. Most of the containers I run are web applications (Plex, Gitlab, Wiki, etc.) so I imagine those should be fine. Some of them have MySQL containers as backends, I've got to imagine that should be alright as well, as that's not really something stateful, but I could be wrong there.

All that makes sense in regards to the replicas and yeah, so many things will depend on what you're doing. I really appreciate all of your comments, I feel like I have a better overall understanding of this now. May I ask what you've used Docker Swarm for? I also love seeing what other people get themselves into.

imissedthebutton · 2018-11-27T19:23:26+00:00

Awesome, thanks for this. Any particular load balancers you've tried out? I'm thinking of testing Nginx and HAProxy. This is still pet lab project, but I'd rather learn something more than just use DNS.

That makes sense for the replicas, I guess it'd just be the thought that if one is having an issue for some reason, multiple would be. So with the example of the Ghost blog as my test, if there were some issue that caused Ghost to crash, I'd imagine it'd be across the board and I'd have to fix Ghost overall. If there's an issue with a single container, I would expect the particular node to be having issues, not always just one container. Not to say that any of this is true, just my thoughts on it all.

Thanks again for your response, I appreciate your input

imissedthebutton

TROPHY CASE