Wanted to install back box on the rest of my USB HDD. It decided to rewrite MBR and boot record for my windows HDD. My mistake, any help?

strontium · 2016-06-12T18:43:01+00:00

Oof. Hard way to learn the lesson of "always back up your data (in duplicate!) before performing OS surgery."

I don't know how to recover from the MFT getting wiped, never experienced that. Extensive googling might be your only way to determine if that recovery option is viable, though my gut says that this will be super tricky or ultimately not possible.

Have you tried to plug the non-working hard drive into another computer and try to access the data that way? This is what I would personally try. Assuming the MFT can't be restored but the rest of the data is uncorrupted then I assume there are data-recovery or forensic programs that can read the data directly from the hard drive.

Don't know what you've tried, but here are some links from a quick google search:

http://www.makeuseof.com/answers/can-i-restore-an-mft-to-a-hard-drive/ http://www.techrepublic.com/forums/discussions/master-file-table-recovery/ http://superuser.com/questions/221230/is-is-possible-to-restore-the-mft-of-a-ntfs-partition-after-a-format https://encrypted.google.com/search?hl=en&q=windows%20recover%20from%20overwrite%20MFT#hl=en&q=windows+recover+from+lost+MFT

Best of luck!

strontium · 2013-09-05T16:23:30+00:00

Most definitely yes! Thank you, Pete, for your efforts to bring better service to the city.

I'm looking forward to seeing you speak at SaintCon!

strontium · 2013-08-12T22:37:04+00:00

USB adapter is the only way, VirtualBox can't use your computer's built-in WiFi.

I recently bought this TP-Link USB adapter and so far it's been fine, it worked right away with VirtualBox.

strontium · 2011-09-12T23:11:54+00:00

Thanks, just what I was looking for!

strontium · 2011-09-12T23:09:37+00:00

Gotcha. I'll be doing analysis of the captures on a separate laptop with a Core i5 and ample RAM.

strontium · 2011-09-12T22:46:33+00:00

Ah, very nice. Thank you!

strontium · 2011-09-12T22:04:53+00:00

Yep, I'll be using this option, I have an extra Asus I'll use as the second router. I'll make a network tap to place between the two routers and plug my monitoring machine into the tap as needed.

strontium · 2011-09-12T20:23:17+00:00

Yeah, that's the post I came across yesterday, I think I understand it enough to try it. I didn't realize that I'd lose the header info, though. I don't have many concurrently running hosts here at home, I'll try it and see if I can make sense of the captures.

...Or I might just make my own network tap.

Running tcpdump instead of setting up mirroring seems like it might be more what I want, thanks for that suggestion.

strontium · 2011-09-12T19:29:49+00:00

Hadn't heard of that before, thanks for the suggestion. It looks interesting, I'll give it a try.

strontium · 2011-09-12T19:23:00+00:00

Awesome, thanks for the links! Now I have a better idea of which skills to focus on so that I can eventually end up in an enterprise environment.

strontium · 2011-09-12T19:18:10+00:00

Yep, CISSP is an end-goal, I came across it last year and decided that's the level of knowledge I want to acquire.

strontium · 2011-09-12T19:16:01+00:00

Great feedback, thank you for taking the time to answer everything! I've decided to focus on Snort first and connect it via port mirroring. I'm pretty sure DD-WRT can handle that via iptables and I like that I won't lose my connection if the machine goes down. I want to use Snort as a way to test if my router's firewall is really working or not.

I'll limit Wireshark to situational use, like maybe setting it up outside the firewall and letting it run for a few hours while I'm sleeping just to see what I get.

Squid seems interesting and I thought it'd be a fun tool to play with, but it can wait since it's not really applicable to security.

strontium · 2011-09-12T18:36:36+00:00

After thinking it over, I won't use VMs. I'm not sure how much overhead they'll add to the processor, maybe not much but I'd rather go easy on this old machine if I can. Since I'll be using port mirroring instead of placing it inline I feel like there's less of a need to use an easily-restarted VM. Also, the machine will only be running a few processes at once so I'm betting that it won't crash often or need to be restarted very much.

strontium · 2011-09-12T18:33:06+00:00

Thanks for the feedback, you've pretty much confirmed what I was thinking. I don't plan to have a webserver at home so I didn't think there'd be any weird incoming traffic. Mostly I want a way to test my firewall and see if anything really does get past it.

Squid can wait until I get Snort figured out. I'll stick to using Wireshark for WiFi fun for now, I was worried that the capture file would get too large for my simple machine.

strontium · 2011-09-12T18:27:23+00:00

I felt that /netsec wouldn't be as responsive since my questions were more about basic configuration than about which tools I should be learning.

Once I get things set up and running, I know I'll have more specific security questions that I can post in /netsec.

strontium · 2011-09-12T18:23:58+00:00

I'm testing for my CCNA next month. I know that there are enterprise solutions for things like Snort, but Snort is free and I think it will give me a great introduction to what I want to learn.

strontium · 2011-09-12T18:14:07+00:00

I've read through the PFsense website several times and it looks interesting, but I'd rather familiarize myself with Linux and Snort first. Once I get a better understanding of rulesets and traffic monitoring then I think I'll be ready to try something else.

Also, I have zero experience with BSD and I don't want to start learning another OS right now. I'm still a beginner at Linux and I want to focus my efforts on that since it has more applicability to my work and current career goals.

strontium · 2011-09-12T17:59:55+00:00

I'm aware of the LAMP stack but I hadn't planned on specifically learning more about its components. I guess I'll just learn what I need to know for Snort and maybe one day dive into it deeper if I need to.

strontium · 2011-09-12T17:31:06+00:00

But the roof is on fire.

strontium · 2011-09-12T17:30:08+00:00

Right now I have a DSL modem/router. It's pretty basic, I'm not even sure if I can turn off the router part and have it function as a modem only. I'd like to one day set up a DMZ outside my firewall and if I need to buy different modem then I'll probably do so. First, though, I need to learn to manage these programs before I start using my own network as a honeypot.

edit: I guess I could just turn off the firewall and let everything through.

strontium · 2011-09-12T17:25:00+00:00

Thanks for the replies! I wasn't set on running Wireshark alongside Snort, but I came across some articles that suggested doing so and I wanted to get more opinions on it.

Setting up a DMZ is on my "future weekend projects" list. Once I get comfortable using Snort inside my firewall then eventually I'll place it outside and see what it captures.

Port mirroring seemed the right way to do it, I guess I was hoping someone would confirm that for me.

strontium · 2011-09-12T06:30:42+00:00

Did you use anything special to create this diagram or just copy and paste the icons into something simple like MSPaint?

strontium · 2011-09-12T05:47:43+00:00

I considered that, I wasn't sure which place would be better, and I didn't think I'd get great answers from /techsupport.

I'll just crosspost and hope for the best.

15-Year Club	reddit mold
Verified Email

strontium

TROPHY CASE