Dave's Blog

So, I'm taking a network security class and one of the assignments is to come up with some sort of security related research project. I decided to do my project on getting a number of Operating Systems working in Virtual Machines (VMs) and then seeing if I could run various security scanners on them. I described the networking side of the project (getting bridging mode working for qemu) in my earlier article Virtually There. I had originally assumed that getting the guest operating systems working would be the easy part. Boy was I wrong.

The universe conspired to coerce me into getting WPA radius working for Windows. My wife started taking a Microsoft SharePoint class at the local community college and started bringing her laptop home from work so she could work on the homework. I have a bunch of wired RJ-45 ports around the house but none of them are where it's really convenient for her to work on her stuff. That meant getting WPA radius working for her Windows XP laptop. It also turned out that my certificates were expiring from my original exercise in setting up freeradius, WPA radius and getting them working with ndiswrapper on my laptop.

Regenerating the certificate for my laptop running CentOS Linux was easy. It also turned out to be futile and therein lies the tale.

Some time ago I decided to set up a qemu virtual machine (VM) with Windows 2000 (W2K). While just getting a basic VM running was pretty easy, getting my W2K installation updated with all of the various patches that have been released over the years was anything but easy. I described the process I went though in my article Virtual Hell.

Since getting my W2K VM running I decided to take a couple of classes on network security through a local community college. One of the classes is "Computer Security and Penetration Testing". It occurred to me that having my W2K VM be accessible on my network would be a great way to delve into some of the more interesting subjects from the penetration testing class like scanning, spoofing and hacking. The gotcha was I needed to set up my host system so that the NIC was bridged to the virtual NIC of the VM.

About a week ago I started noticing several odd entries in the DNS log digest. The entries either looked like:

client 208.76.253.253 query (cache) './NS/IN' denied: 19406 Time(s)

or something like:

client 70.86.80.98 query (cache) 'acihldaaaafwx0000dgaaabaaafbjmok/NS/IN' denied: 1 Time(s)

with the second form repeated possibly hundreds of times with minor changes in the cache query string. I had read about the theoretical possibility of DNS cache poisoning several months ago and had dully updated my DNS software. It looked like several people were attempting "brute force" cache poisoning attacks with the minimum consequence to me being the huge number of rejected queries making my logs difficult to use for diagnosing other problems and possibly much more serious consequences if the cache poisoning attcks succeeded.

I decided to get back into my hobby/task of digitizing the various vinyl albums I have in my music collection. After first verifying that my hardware and cabling setup was correct (it wasn't; I had the sound out from my receiver plugged into the microphone input on the sound card instead of audio in), I went to fire up audacity to capture and edit my digitized music and it wasn't there.

When my wife and I had our current house built in 1994 we decided that the back yard was way too small to bother trying to do anything with it in terms of landscaping and a lawn. We contracted with a local gentleman to build a flagstone patio instead with xeriscaping around the outside of the patio. This approach seemed to make the best use of the space, required little maintenance and was environmentally friendly since the xeriscaping required very little water. We especially liked the idea that a flagstone patio wouldn't require the regular power washing and staining required of a real wood deck (fake wood products were only just becoming available at that time and we didn't like the appearance of the products available).

One of my goals when I set up my server was to have a system that wasn't likely to fail. To that end, I set up the system with Linux software RAID and an Uninterruptable Power Supply (UPS). The idea was that the UPS would bridge minor power outages, the UPS monitoring software would gracefully shutdown the server if the power failed for a long enough period of time, setting the BIOS to resume when the power was restored meant the system should restart and the RAID array would handle the failure of any single disk.

That was the plan.

Besides working on the patio here at the house (expect a posting soon), I've been pondering what the best way is to cut over from my old WordPress blog to my new Drupal blog/web site. Given that I'd like to see if things like MyBlogLog can still find my postings, I'm going to finish migrating my blog content to Drupal by re-posting the old articles. This will probably start happening in early October since I have some personal travel coming up that will keep me away from my computer for a while.

I think the current incarnation of my Drupal presentation is close enough. It would be nice to have the tabs for the articles (forum topics) be below the logo graphic but I can live with them above the graphic. I now need to figure out how to deal with 1) getting my existing blog content into the Drupal incarnation and 2) how to continue to do development on my internal box while retaining all existing content on the production server.

Not much has changed but I learned a lot by making the changes. The most visible changes are "Forums" are now known as "Articles" and I have established a set of article topics. I also added a couple of fixed pages from my old blog. These eventually need to come over and are easy to move by just doing an x-copy of the text on my blog and pasting the text into Drupal's page input form. There are no links, pictures or other complications.