They are as crazy as ever. Little man loves to run around with his shirt off and his sisters are as sweet as ever.
Thursday, April 14, 2011
Thursday, April 7, 2011
Weather Geek
I am somewhat of a weather geek. It all stems from growing up on a farm. Weather is extremely important in the flower business. Too much rain can cause the flowers to rot on the stem. At the same time too much hot weather can cause the blooms to wither before you get a chance to pick them. I fondly remember waking up early with my father to watch the satellite radar weather station to see what the day and days to come will be like.
I have been a huge user of both The Weather Underground and Intellicast. However, I have found a new site that is amazing WeatherSpark. All I can say is wow. It may not have all the bells and whistles of the other sites, but it has an amazing interface. It is not a replacement for the aforementioned sites. Wunderground has an amazing group of local stations and a community of users of which I want to join. However, my neighbor 100' away already has a station set up so there is really no need to. Intellicast still has an amazing animated radar page. I really like the interface of WeatherSpark. Hopefully they will keep developing it. A few more features and it could become the only Weather site I use.
On a parting note does anyone else have any Weather websites they would like to recommend to me?
I have been a huge user of both The Weather Underground and Intellicast. However, I have found a new site that is amazing WeatherSpark. All I can say is wow. It may not have all the bells and whistles of the other sites, but it has an amazing interface. It is not a replacement for the aforementioned sites. Wunderground has an amazing group of local stations and a community of users of which I want to join. However, my neighbor 100' away already has a station set up so there is really no need to. Intellicast still has an amazing animated radar page. I really like the interface of WeatherSpark. Hopefully they will keep developing it. A few more features and it could become the only Weather site I use.
On a parting note does anyone else have any Weather websites they would like to recommend to me?
Tuesday, February 15, 2011
Setting up Kippo on an AWS Linux Micro Instance
I came across a medium interaction honeypot named Kippo recently. It is written in Python and relies on the Twisted framework for most of its networking. I signed up for the free AWS micro instance (http://aws.amazon.com/free/)and was thinking of moving my blog over to it. However, the last thing I wan to do when I get home is administer my own server. So I decided I might take advantage of the micro instance by running a honeypot on it. I have done honeypot research in the past for my Masters degree and have always liked studying the bots and skiddies that break in.
The micro instance is running a stock 10GB AWS Linux image. I am running ami-08728661 like other micro instances it is a boot from EBS ami. AWS Linux is built on Red Hat sources so it is really a lot like running a CentOs server (without the huge repo). AWS Linux has a smaller repo and the instance itself is really stripped down. I think this is great from a security perspective. However, when it came to installing Kippo there were a few packages that were missing. Most notably Twisted.
Download the latest version of Twisted at:
In order to install Twisted there are a few python module dependencies that need to be met. The easiest way to install these modules is to use python-setuptools easy_install. So from a command prompt run:
Another package that is needed is python-devel so run:
Now install the needed python modules pycrypto and pyasn1
and
Now you can install Twisted first un bzip and un tar the bundle:
Enter into the Twisted directory:
Now run the python setup script:
Once Twisted is installed it is time to get Kippo and get it running. You can download Kippo from:
I used wget to pull it down:
Ungzip the package:
Now you can move the Kippo driectory to wherever you want I chose to move it to the /opt directory:
By default Kippo runs on port 2222 so in order to have ssh access to your server I suggest moving the ssh port to another higher port. You can make this change in your /etc/ssh/sshd_conf file. Once you change the port you connect to restart the ssh server with:
or
Reconnect to your micro instance on the new ssh port.
Now you can use IPTables to redirect all traffic to port 22 to port 2222 by using the following IPTables command:
Now everything should be in place. Make sure you do not run Kippo as root. Now you can run the start.sh script in the kippo-0.5 directory.
If everything works correctly you should now see kippo running. Now try to connect to your new honeypot and verify it works.
Take a look at the kippo.cfg file to get a good idea about all of the configuration options. You can also add more commands. However, that will have to wait for another blog post. Have fun and be safe. If you et any interesting results please don't hesitate to share them with me.
Thursday, July 29, 2010
Learning Python via Scapy
t my new job some of the things I need to do is network mapping and interface mapping so we can figure out where potential risk lies within the network. I have been looking for a framework in Ruby that can help me programatically map a network. I thought I found what I need in Scruby. However, it seems like Scruby is not in development anymore and is really just a proof of concept of Scapy. Recently I saw a post by Chris Gates on the Carnal0wnage blog about exactly what I need. I have also been trying to diversify when it comes to my programming languages and python is first on my list. So I decided to give Scapy a shot. The out of the box network visualization tools in Scapy are amazing (if you get all of the correct dependencies installed). You have multiple choices when it comes to outputs. I don't think I have even begun to scratch the surface of the visualization capabilities of Scapy. One of the best things about Scapy is that it allows for low level packet manipulation. For those of us who know and care what tcp flags and ttls are there is a lot of power in Scapy. The Scapy demo page has a lot of greate demos to go through to get a feel of Scapy. This has helped me get a better feel for pythonesque formatting. So far so good. So if you ever need to craft packets, analyze pcap files or do some network visualization Scapy is the way to go.
Wednesday, July 21, 2010
Sam loves swimming and ribs
Here is a few pictures of Sam at our last swim and BBQ in the backyard. He loves his gator floaties and is pretty fearless. He likes to go down the slide all by himself with Mommy waiting to catch him. Still with skin like that I feel I need to invest in a 50 gallon barrel of sunscreen at Costco.
Smiling for the camera.
Smiling for the camera.
MMMM Ribs and BBQ Sauce.
Sunday, June 20, 2010
It’s time for the Security Industry to grow up
It’s time for the Security Industry to grow up. Most of us have been drawn to the security industry because of the fun things we get to do. We like finding problems with security controls and love being paid to break into systems and networks. However, as much fun as those things are information security has become a very important part of businesses and industry. As more and more businesses digitize their business information and assets the more important information security becomes. Whether we like it or not information security is quickly becoming a critical part of the business process.
In that light it is important for us as information security practitioners to learn more about business processes. I know that it feels great to get a shell on a box. However, that shell might not be attacking a critical business process and therefore is a potential waste of effort. By understanding the underling business processes of the company you are testing you can identify targets that are critical to the business as a whole.
This approach however, requires an understanding of business processes. A great way to begin to understand general business processes is through education. I know that business classes can be uninteresting and even boring at times. I will admit that during my education the business classes were the least interesting classes I took. I still can barely remember the content I went over even though I did very well in the class. Recently I have realized my shortcoming in understanding business processes and have been going back over my business classes’ textbooks. If I take more of a “hackers” view at business processes I can begin to see critical places in the business process of where a successful attack could be critical to the business as a whole.
There are many obvious targets such as high-level executives, payroll, and data warehousing. However, some targets could be just as critical. Imagine targeting the PR department and having the ability to send out press releases that could immediately damage the businesses’ reputation with their customers. All it takes is one factitious press release going viral and the company’s reputation could be irreparably damaged.
By understanding the business process we as “security professionals” can begin to see these cracks in them and begin to design stopgaps to protect them. I still believe that the hacker mentality can thrive in a business environment. However, in order to do that we need to grow up, educate ourselves and take our rightful place in the business world.
I am writing this in hopes to spark a discussion on this topic. If you don't agree with me please feel free to let me know why. I am a firm believer in open, uncensored and frank discussions.
Tuesday, June 8, 2010
Western Tracking Institute Tracking Class
1 I spent last Saturday at an animal tracking class provided by the Western Tracking Institute. The instructors Rick, Lee and William were top notch and we were able to learn a lot about gaits and animal identification. 2 You have no idea how many ways a rabbit track can present itself. Our Tracking location was very interesting. We spent all day under the 805 and 56 merge underpasses and bridges. The first part of the day was spent under the big overpasses. The underpasses were a great place to see many different types of tracks. The substrate was very soft in places and that allowed us to analyze the gaits and tracks fairly easily. We saw raccoon, skunk, bobcat, deer, opossum and the ever present cottontail tracks. 3 4 The second part of the day was spent under the bridge in the muck. Luckily I brought a pair of rubber boots to keep all of the mud and water at bay. We found some really interesting tracks under the bridge including crawfish, deer, bobcat, a ton of raccoon tracks and a mystery track that no one could identify. In all it was a fun day of tracking even if you could barely hear each other talking over all of the traffic noise. I'm looking forward to the trailing workshop later on this summer and hope to get through the entire curriculum. In all it was a great experience and I highly reccommend taking any of the classses offered by the WTI.
Subscribe to:
Posts (Atom)