VoIP Hopper is a Unix/Linux based free opensource security tool that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper mimicks the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments to hope into the Voice VLAN.  VoIP Hopper is both a VLAN Hop test tool and a tool to test VoIP infrastructure security. 

In Cisco IP Phone networks, it first dissects either IEEE 802.3 or Ethernet II for Cisco Discovery Protocol (CDP) packets. If CDP is enabled on the switch port and the Voice VLAN feature is enabled, it will determine the Voice VLAN ID (VVID). This will allow the tool to create a new Ethernet interface on the PC that tags the 802.1q VLAN header in the Ethernet packet. After VoIP Hopper has created the new Ethernet device, it will send a DHCP client request. It can also generate CDP messages just as an IP Phone based on CDP would do.  It will send two CDP packets, requesting the Voice VLAN ID.  After creating the new interface, it will then iterate between sleeping for 60 seconds, and sending a CDP packet.

In Avaya IP Phone environments, it sends an Option 55 parameter request list, requesting Option 176.  When the DHCP server sends Option 176, it decodes the L2QVLAN reply field for the Voice VLAN ID.  It then creates a new voice interface and sends a DHCP request.

VOIP Hopper can be downloaded from here

VOIP Hopper requires

libpcap – For Sniffing

GNU C Compiler & Make utility to install

To install

Unzip & Untar VOIP Hopper

debian# tar -zxvf voiphopper-0.9.9.tar.gz

Change Directory and Install

debian# cd voiphopper-0.9.9

debian:~/voiphopper-0.9.9# make

This installs VoIP Hopper on your Linux distribution.

Now, some of the usage examples are

Sniff CDP & VoIP Hop

debian# voiphopper -i eth1 -c 0

where "eth1" is the interface

-c = 0 – Defines sniffing

Spoof CDP & VoIP Hop in Cisco SIP environment

debian# voiphopper -i eth1 -c 1 -E 'SIP00070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P003-08-8-00' -U 1

Spoof CDP & VoIP HOP in Cisco SCCP environment

debian# voiphopper -i eth1 -c 1 -E 'SEP0070EEA5086' -P 'Port 1' -C Host -L 'Cisco IP Phone 7940' -S 'P00308000700' -U 1

VLAN Hop without CDP Sniffing (if VLAN ID is known)

debian# voiphopper -i eth1 -v 200

Discover Voice VLAN in Avaya IP Phone environment

debian# voiphopper -i eth1 -a

Spoof MAC Address of an IP Phone by sniffing for CDP

debian# voiphopper -i eth1 -c 0 -m AA:AA:AA:AA:AA:AA

Spoof MAC Address of an IP Phone using Avaya DHCP request

debian# voiphopper -i eth1 -a -m AA:AA:AA:AA:AA:AA
 
Spoof MAC Address of an IP Phone by VLAN Hopping without CDP or DHCP

debian# voiphopper -i eth1 -v 200 -m AA:AA:AA:AA:AA:AA

Spoof MAC Address of IP Phone without changing the MAC Address of default ethernet interface

debian# voiphopper -i eth1 -v 200 -m AA:AA:AA:AA:AA:AA -D

Dnsmasq is an opensource light-weight,easy to configure and administer DNS and a DHCP Server. Dnsmasq is ideally suitable for smaller networks like Small Office and Home Office networks (SOHO) and branch office networks. Dnsmasq can be run on old PC and is very easy to configure and administer. Dnsmasq is seen to support upto 1000 nodes on a network.

In essence, Dnsmasq is a Caching nameserver and a DNS forwarder with DHCP enabled on it. Dnsmasq can provide nameservice for local hosts while forwarding the queries for global public resources to a Public DNS Server (like an ISP DNS server). So, small networks which are behind a DSL/ADSL router or even a modem link and share a single internet connection can make the best use of Dnsmasq.

Dnsmasq is included in most of the opensource firewalls and opensource router firmware and in the most common Linux distributions. Some of them include:

Opensource Firewalls:

IPCop / Smoothwall / floppyfw / Firebox / LEAF / m0n0wall / PfSense / Endian Firewall / ClarkConnect

Opensource router firmware:

dd-wrt / openwrt / stock firmware / fli4l

Linux Distributions:

Debian / Gentoo / Slackware / Suse / Fedora / Coyote Linux

*BSD

FreeBSD / OpenBSD / NetBSD

Some of the highlighting features of Dnsmasq are as follows:

• Automatically update the Public DNS Servers through PPP or DHCP connections. So, change in a Public DNS server of an ISP that the network is connected to will be picked up by Dnsmasq
• Caching Nameserver to reduce network traffic and improve performance
• Forwarding to Private DNS servers for specific Domains can be configured
• Nameservice for the localhosts using the /etc/hosts file and for DHCP Client hosts
• Static and Dynamic client leases on DHCP
• Multiple Network and IP Ranges on the DHCP server
• BOOTP support for network booting using a secure read-only TFTP server
• Simple global configuration using the /etc/dnsmasq.conf file
• Supports BOOTP and DHCP Relays
• Caches A records for IPv4 and AAAA records for IPv6 and PTR records
• Supports IPv4 and IPv6 protocols and even can act as a IPv4 toIPv6 and IPv6 to IPv4 forwarder
• Support MX records and SRV records for local machines
• Block DNS redirect websites (like some websites which forward to a link for a website that doesn't exist)

Dnsmasq does the name lookup from its /etc/hosts file and hence its all about maintaining a /etc/hosts file on one computer as against multiple PCs on the LAN. If the host is a DHCP client then even if there isn't an entry for the host in the "hosts" file it can still provide name resolution for the host.

Effectively, all hosts in the LAN will have the dnsmasq server as the nameserver in /etc/resolv.conf file (In windows under network connection) and you dont have to worry about the "hosts" file on the local system.

The /etc/hosts file on the Dnsmasq server can have only the hostname without the domain name (example: host1 instead of host1.mynetwork.com) as the domain name can be appended globally using configurations in the /etc/dnsmasq.conf file.

It's got .deb and rpm packages for Debian, Fedora and other distributions and also can be built from the Source files. For more information and download, click here for dnsmasq home page.

Ziptie is an Opensource Network Inventory and Configuration Management framework that can discover and manage network devices such as Routers,Switches and Firewalls. Ziptie out of the box support network devices from multiple major vendors. Ziptie is java based and is built on Eclipse framework. Ziptie can run on many Operating System platforms including Windows, Ubuntu, Fedora,Redhat, Madnriva amd most other Linux Distributions.

Ziptie Features include

Ziptie plugin framework

ZipTie plugin framework allows developers and network administartors integrate their own home grown tools, scripts and even newer modules to the framework making it easy to scale application and add more network device support onto the framework

Multi-Vendor support

Out of the box support major Network Device vendors and opens an option to add support more network device using the plugin framework

The following devices are supported out of the box:

Cisco – IOS, CatIOS, MSFC, CatOS, ArrowPoint, Security Appliance (PIX, ASA, & FWSM),

Linksys

Juniper – JUNOS

Nortel – BayRS, BayStacks

Vyatta – OFR

Extreme – Summit, Alpine

F5 – BigIP, 3DNS

Foundry – FastIron

Nokia – CheckPoint

Inventory Discovery

Ziptie uses a combination of ICMP ping, SNMP, TCP, ARP, CDP, IP Address to crawl and discover network devices and perform an inventory.

Configuration History and Configuration Comparison

Ziptie uses Subversion Version Control System to maintain as many version as you need and stores an entire copy of the current version of the config and reverse difference older versions

Also, allows to compare two different version of a comfig or two different configuration files themselves (say startup-config and a running-config on a Cisco router). Also, can help check and compare two differnt device configuration comaprison.

Change Automation for Standalone or Multi device configuration rollout

ZipTie enables very simple to quite sophisticated change automation via its Tools Plugin Framework. Network administrators can roll out changes to a large number of devices transparently as ZipTie provides the end user with detailed data of all the communication between ZipTie and the device(s).

Fully Featured Scheduler for Config backups

Using cron baed scheduler, Ziptie can schedule automated config backups and can provides fine control on the scheduling where for instance, ZipTie can avoid backups during a maintenance window

Easy Reporting with tagging and searching facility

ZipTie supports tagging network devices. Admins can associate as many tags as they want with multiple devices and can also search for devices with specific tags. ZipTie also provides a powerful search feature for searching text configurations.

Integrates Nipper Security audit

Ziptie also integrates Nipper, the opensource Security Audit Tool which makes a security just a click away. Ziptie supports all the devices supported by Nipper and hence makes a lot of sense to integrate it into Ziptie.

The website for ZipTie has great informative resources including documentation, system requirements and has a great community support backed by ZONA (Ziptie Open Network Alliance). Click here for ZipTie homepage

ZONA is a group of like-minded companies and organizations interested in advancing and promoting interoperability, open management standards, best practices and value-added tools for the networking community. ZONA already has Juniper,Fortinet,Vyatta,riverbed,radware,citrix,Force10 onboard. For more information, click here

Did you like it? Why not leave us your comments, suggestion and feedbacks…

A Reader's Toolbox

Although 70-431 is attempted right after 642-812, many IT professionals still take a sceptical view of this, suggesting VCP-310 instead. According to them, later one can go on with 70-292 as well.

Nipper, the opensource Security Audit Tool that can perform Securiy Audits of Network Device Configurations is now integrated into ZipTie, a Network Inventory and Configuration Management framework. Nipper in Ziptie will be called as Zipper.

Since, Ziptie supports all the network devices that can be audited by Nipper, all the functionality Nipper are available under Ziptie. An admin has to select the device and select Nipper to run the audit on the backedup configuration file.

Because, of the different licensing on both the products (Ziptie uses MPL while Nipper uses a GPL license). Zipper is not available out of the box and has to be installed using the plugin and is supported only on Windows at the moment and there is an intention to extend to other platforms on which ZipTie is supported.

For more information and download, click here

m0n0wall is a free opensource embedded firewall that runs on embedded PCs (recommended) and other generic standard PC workstations that can run FreeBSD or rather supported by FreeBSD. m0n0wall firewall provides most of the features provided by a commercial firewall.

Click here for a list of supported FreeBSD/i386 hardware.

For more information on the hardware details m0n0wall click here

M0n0wall is based on a bare-bones version of FreeBSD with mini-httpd webserver for web GUI and PHP (with CGI support) for boot time configuration. The complete configuration is stored in XML format. This is likely the only softwar where PHP does the boot time configuration instead of Shell scripts.

The image file for installation is of 6MB in size including the core freebsd and the required components and utilities that offers most if not all the features of a commercial firewall appliance. There are seperate image files for each of the different hardware platforms supported. For more information on downloads, click here

The whole software package can be run on a compact flash card (atleast 8M in size) or on a IDE hard disk. The recommended memory is atleast 64MB. The installation procedures are well documented.

For details on installation procedures click here

The Main features of m0n0wall firewall are,

• Stateful Packet Filtering
• Web Interface (SSL) and Serial Console for administration (mini-httpd)
• Wireless Support
• Captive Portal
• 802.1Q VLAN  support
• Stateful Packet Filtering using ipfilter
• NAT/PAT, Static Router, Host Aliases support
• DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface
• IPsec IKE VPN using Racoon with support for hardware crypto cards, mobile clients and certificates
• PPTP VPN (with RADIUS server support)
• DHCP server and DHCP-Relay (ISC DHCP)
• Caching DNS forwarder using dnsmasq
• DynDNS client and RFC 2136 DNS updater using ez-ipupdate
• Traffic shaping
• SVG-based traffic grapher
• firmware upgrade through the web browser
• Wake on LAN
• Configuration backup/restore

For more detailed feature list, click here

For more information on this FreeBSD based open source firewall, please click here

A Reader's Toobox

After 70-290, a small number of professionals who wants to study 70-296 move on to the next level i.e. 70-270, where as the rest go with the 642-901.

IPCop Firewall – Bad Packets Stop here!!! 

IPCop Firewall is a well known Opensource Linux distribution built to protect Home and SOHO networks from hackers and potential intruders on the Internet. IPCop can run a old PC and can be installed and be operational within minutes.

Please click here for more information on the Hardware compatibility list. Installation is fairly straight forward. Involves downloading the ISO image and burn it to a CD and start the hardware with the installation media and follow the onscreen instructions. A detailed installation instruction is here.

The IPCop firewall runs on Linux Kernel 2.4 and is a stateful firewall (1.3 and later) based on Linux IPTables. The IPCop firewall has a nice web interface from where almost all the configurations can be done.

While IPCop firewall is primarily a router and Stateful firewall, it has most of the common features found on commercial hardware firewall appliances. Some of the key features are

• Stateful Firewall using IPTables
• Intrusion Detection System using Snort
• IP, Web and FTP proxy using Squid Proxy
• Dynamic DNS Support
• DNS Forwarding and DHCP using dnsmasq
• IPSec VPN supporting both roadwarrior and Site to Site using OpenSwan
• Wireless supported a DMZ on the firewall using the Wireless_Tools (opensource Wireless tools sponsored and supported by HP)
• Traffic Shaping on the External Internet facing interface (RED)
• SSH using OpenSSH
• Local and remote logging support
• NTP Server/Client support
• NAT Helper and port forwarding support

The IPCop Firewall has a very good documentation and FAQ on its website actively supported by the Opensource community. Smoothwall Express is a opensource firewall based on th IPCop firewall

For more information and download, please click here

No Script allows JavaScript, Java and other executable content to run only from trusted domains of your choice, say your home-banking web site, and guards the "trust boundaries" against cross-site scripting attacks (XSS). This is the most important feature of this.

Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality…

Experts do agree: Firefox is really safer with NoScript

NoScript works with Firefox 1.5 to 3.*. NoScript can be installed from the following firefox addon website:

https://addons.mozilla.org/en-US/firefox/addon/722

Browse the URL from Firefox and click Install Now button. Once installed click "Restart Firefox" button for the addon to become active.

NoScript maintains a whitelist and it is important that you add your trusted sites in the white list to ensure proper functioning of the website. To do this, add the NoScripts Toolbar from View – Toolbars – Customize, select NoScripts icon and drag it to the Navigation toolbar.

Now, click on the NoScripts button and click Options, select Whitelist.

Add the website address of all your trusted websites. It allows you to Import and Export list as well.

Obvious, there is always going to be some website you don't remember. When you browse a trusted website (not added to the whitelist), a toolbar pops at the bottom of the website with an options button. Click the button and allow the website. Or if the site is not what you thought it was, then mark it as untrusted.

For example, try browsing a website like www.google.co.uk, you can see it blocking the scripts running from the website. A toolbar appears in the bottom of the page with an options button. Click the button and allow the domain, if you think google is a trusted site

Now, that to me is your browser, your internet, your security while browsing in your control.

A great work by Giorgio Maone.

Map your Cisco Catalyst switchports with Switch Miner. Switch Miner is a lightweight command line tool for Windows that queries Cisco switches using SNMP to discover the devices that are connected to the switchports.

Switch Miner creates a csv file that can be imported directly in to excel or into any any other database.  This tool is designed for Cisco networks but will gather information from other vendor switches also.

With Switch Miner you can find,

• Interface Info
• Speed and Duplex (Operational/Admin)
• MAC Addresses
• OUI Manufacturer
• VLAN Info (Name/Number)
• IP Addresses
• DNS/NBT Computer Names
• User Info
• Domain Info
• CDP Neighbor Info
• Interface Errors (Collisons, Aborts, CRC, Frame, Ignored, Overruns)

Usage is fairly straight forward.

Syntax:

The syntax is as follows:

c:\> sm -s [switchagent] -c [Switch SNMP community] -r [Routeragent] -e [Router SNMP Community]

Where,
  Switchagent is the Switch to be polled
  Routeragent is the Router for this switch

Other optional arguements are,

    v [1 or 2]   – SNMP version [Default is version 2]
  -x [retries] – Times to retry [Default 3], if you have a slow or congested network you may raise this
  -t [timeout] – Time to wait before timeout occurs, if you have a slow or congested network you may raise this [Default 6s]
  -m [max_repetitions] – Maximum repetitions for getbulk SNMP V2 only [Default 40] This is the number of records to be returned on 1 call
  -n Don't consolidate CDP Neighbor switch ports. Default for ports that contain CDP neighbors the MAC addresses is not shown. If you want to see all the MAC's for all ports turn this on.
  -l walk CDP neighbors. If a CDP neighbor exist on a port and it's a switch this option will scan it also.
  -p perform ping sweep before switch walk for more accurate results
  -f [filename] – read switch list from file
  -d turn debug on
  -h print this message

For more information and download, please click here.

Untangle is the free & open source alternative to Sonicwall. In addition to the basics (Firewall, VPN, IPS & routing), Untangle makes it easier to block spam, spyware, viruses, phishing, porn, gambling, MySpace, Facebook, IM, peer-2-peer & much, much more. Untangle has been named the "Best Security Solution" – LinuxWorld 2007

Untangle runs at the gateway… and requires no client to install as the complete protection is provided at the perimiter of the network.

The Intuitive GUI, logging, reporting & automatic signature updates makes Untangle very easy to use and administer.

The basic requires an Intel/AMD based system with reasonable processor speed and memory. More details here.

Installation is fairly straight forward. The software can be downloaded as an ISO image and burnt to CD or ordered for free. Boot with the CD and the Installation is wizard based. There is a nice installation documentation here.

There are also preinstalled appliance for out of the box experience.

The Untangle Network Gateway is free and has 12 applications that comes alone. There are also commercial addons to the software which basically has support for Active Directory integration, Advanced Policy Management, Config Backup, Remote Acces portal and Live support for the solution.

In addition to the basic Firewall, VPN, Intrusion Prevention and Routing functionalities, the following additional applications can run on the same device:

• Spam Blocker
• Web Filter
• Protocol Control like P2P and Online Games
• Virus Blocker with Dual Virus Blocker options
• Spyware Blocker
• Phishing Blocker
• Intrusion Prevention
• Attack Blocker

The pricing options for the commercial addons are very cheap to be honest for any basic levels.

For more information, please click here

OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including VPN client remote access, site-to-site VPN, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.

OpenVPN is a SSL VPN solution and does not support IPSec, LPTP and PPTP. OpenVPN is incompatible with IKE and although it uses SSL/TLS for security, it does not use the browser and hence needs OpenVPN installed on the server and the client.

OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.

OpenVPN Platforms 

OpenVPN runs on Linux, Windows 2000, Windows XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris. An OpenVPN PocketPC port is under development.

OpenVPN can easily be built from source for Linux and BSD variants. Building OpenVPN for Windows is more complex, therefore a pre-built installer is available for Windows on the OpenVPN download site.

OpenVPN can be built with

• both the OpenSSL Crypto and SSL libraries (version 0.9.6 or higher required), offering certificate-based authentication, public key encryption, and TLS-based dynamic key exchange,
• only the OpenSSL Crypto library, offering static-key based conventional encryption and authentication
• standalone, with support for unencrypted UDP tunnels.

Primary features of OpenVPN are

• Tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port
• Configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients
• Use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet
• Use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library
• Choose between static-key based conventional encryption or certificate-based public key encryption
• Use static, pre-shared keys or TLS-based dynamic key exchange
• Use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization
• Tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients
• Tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules
• Tunnel networks over NAT
• Create secure ethernet bridges using virtual tap devices
• Control OpenVPN using a GUI on Windows or Mac OS X.

OpenVPN is an Open Source project and is licensed under the GPL. Commercial licenses are also available for firms who would like to redistribute OpenVPN with their own proprietary applications. Contact info@openvpn.net for more information.

For more information, examples, HowTos, articles and downloads visit OpenVPN here