Dnsmasq: the unsung hero of network management, where DNS meets DHCP with a side of TFTP, just to keep things spicy. (Speaking of spicy, how do you like the novelty glasses?) DNSmasq is a lightweight, yet robust service that doesn't just juggle network requests—it makes local network life easier. Ideal for smaller networks like your home or that tiny, yet over-ambitious office, Dnsmasq helps devices play nice with each other by resolving hostnames and dishing out IP addresses. So why bother? Because manually handling network configurations is about as enjoyable as stepping on LEGOs. Read on for the more boring installation and config instructions/considerations.
To set up dnsmasq on an Ubuntu server for local DNS queries, with forwarding to Cloudflare's nameservers for internet queries, follow these detailed step-by-step instructions:
You should see the 127.0.0.1:3306 (3306 indicating the default port for mySQL)
The database server will eventually need to talk to other systems on the network.
For some easy-listening learning, I often turn to NetworkChuck's YouTube channel. Recently, I decided to set up Pi-hole, a network-wide ad and tracker blocking application that acts as a DNS sinkhole and optionally as a DHCP server. However, Chuck's video used a Pi-hole image that wasn't ARM architecture compatible. I modified it, pulled the regular pihole/pihole:latest image, and then watched Brandon Lee's VirtualizationHowTo channel for additional insights. Here are my notes from this process:
Explanation:
1. We are running the container with the latest version of Pi-hole, naming it chacho_pihole.
2. Port forwarding is set up so the host forwards traffic to the Pi-hole container. Note: On macOS, mDNSResponder may use port 53 (and possibly 5353). In that case, use an alternative port like 5399 for the host while keeping port 53 for the container.
3. We are mounting two volumes from the current working directory to the container's directories.
Once this container is spun up, and in a healthy status (docker ps to check this), we're ready to visit the Pi-hole interface. Open up a browser and use your docker host IP address like so:
The first, most logical thing to find out is for what purpose the server is being used. This, along with other basic information guides the rest of the test.
Then scan only those hosts to learn which services are running and which common ports are open.
nmap-sV-iLactive_hosts.txt
Further scanning or targeted scanning may also necessitate running default scripts and if it is a webserver, perhaps also run the --script http-enum script.
A couple of months ago, I was invited to join a team to compete in a capture-the-flag event. Having only joined the cybersecurity community a year and a half ago, the invitation was both appreciated and a bit intimidating. Would I be able to contribute something of value? What if I didn't know how to do anything? What if it showed everyone how much I didn't understand?
* screech the brakes *
Curiosity is the antidote to imposter syndrome. When you care more about learning what you need to know than what people think about you, its a game-changer. So armed with my tenacity for learning and the goal of finding out where my strengths might lie in such an event, I accepted the invite.
This was for an exercise I participated in where we thought we would need a way defend our servers against flags from other teams. I created a couple of scripts and then combined them into an iterative script to make it easier to execute once on the box so I wouldn't forget to change specific variables.
Fail2Ban is a log-parsing application that monitors system logs for symptoms of an automated attack on your server, and it bans offending IPs automatically by updating firewall rules to prevent further breaches. Fail2Ban is configured through jail files located in /etc/fail2ban. It comes with a default configuration file (jail.conf) which should not be edited directly, as it may be overwritten by package upgrades. Instead, create a local copy to override the defaults.
Adjust the permissions so that users and services have only the necessary rights to perform their duties. In Windows, you can manage user permissions through the Local Users and Groups Manager or PowerShell.
The ability to effectively analyze network traffic is critical for maintaining security, troubleshooting issues, and optimizing performance. Crafting a tailored Wireshark setup that aligns with specific analysis goals and preferences can significantly enhance efficiency and effectiveness in packet capture analysis. In this post, I'll review some of the basic customization options including display filters, protocol dissectors, and advanced display configurations. These allow users to streamline workflows, focus on pertinent information, and uncover insights that may otherwise remain obscured. In the following walkthrough, we will explore how to set up Wireshark to suit distinct analysis needs.