Root Shell on DrayTek AP 800

The DrayTek AP 800 is a 2.4Ghz 802.11n Access Point with the ability to make it dual band, 2.4Ghz and 5Ghz, with an optional USB dongle. It supports multi-SSID with VLAN tagging, built in RADIUS server, per-SSID/station bandwidth control and can act as a bridge, repeater etc. As with all of these SOHO products it’d built on Linux. Which means somewhere there is a root shell lurking. The DrayTek AP

Show Me The Config!

Back in the days before stacks and VSS, doing a “show run” to look at something was easy. You pressed space a few times to page through the output and found the section you were interested in. Now when you’ve got a stack of several switches or switch running VSS with hundreds of interfaces you’ll be pressing space forever and a day paging through the config. In IOS you can pipe output to a selection of

Cisco Crypto ACLs – Do They Really Need to Match?

When starting out with IPsec tunnels it seems to be a common misconception that the crypto ACL, sometimes referred to as the encryption domain or the interesting traffic, must match 100% or be mirrored at both peers or the tunnel won’t come up. This isn’t strictly true. Whilst the ISAKMP phase 1 and IPsec phase 2 proposals must match, the crypto ACL can be different. Assume that at the local

Auditing Cisco ASA Firewall Rules

Today I was auditing a firewall rule set on a Cisco ASA firewall. The firewall has around 399 ACLs (Access Control Lists) comprising of 7272 ACEs (Access Control Entries). Quite a task! Unfortunately I didn’t have any tools to hand such as Cisco Security Manager or something like FirePac to audit the rules and give me some suggestions. Stage 1 was to visually look at the ACLs and spot the obvious

Open Curtains – VNC With No Authentication

A few weeks ago I read an article about mass scanning the Internet for VNC servers that don’t require authentication. Dubbed “open curtains” because it’s like having your curtains open allowing anyone passing by to glance in. The person doesn’t need to bypass any security in place or have a key to your door to get this access – it’s open for everyone to take a peek inside. To achieve

Custom Kernel On a DigitalOcean Droplet

A few days ago I decided to create a VPS, known as a “droplet”, with DigitalOcean. They claim a deployment time of 55 seconds. And 55 seconds after hitting the button I had a Debian 7 x64 droplet running. The plan was to migrate my current VPS to this DigitalOcean droplet. The first task I always undertake with any Linux deployment is to create a custom stripped down kernel patched

Automating Mass Cisco IOS Upgrades

This morning I needed to upgrade the IOS on 29 Cisco 3560G switches. Rather than login to each one, clean up the flash storage, FTP on the IOS image and set the boot image, I wrote a simple shell script and used clogin from RANCID to automate this task. Of course, nearly every Network Configuration Management platform that’s any good should be able to do this but I prefer the personal

Automating Cisco Switch Swap Outs

So you can’t automate the entire process unfortunately. You’re still going to need to pull a late night and get your hands dirty… Recently I was tasked with swapping out 4 old Cisco 10/100Mb switches with new 10/100/1000Mb switches. The old switches were a combination of Cisco 3560, 2950 and 3548 series. The old switches also had some old configurations that needed to be updated and the interface configurations weren’t consistent. The

Should Network Engineers Also Be Programmers?

Short answer: Yes. Maybe not a programmer in the sense that you need to be proficient in C++, .NET, assembler, know UML etc but having some general programming knowledge is very useful. In my opinion and experience the most important programming skill to have is a fairly in-depth knowledge of a scripting language. Be that shell, Perl, Powershell or even batch scripts. A week doesn’t go by where I don’t write a

Editing Cisco IOS ACLs

If you’ve administered Cisco PIX or ASA security appliances, you’ll know how easy editing ACLs is. If you want to insert a new rule in to an existing ACL you can easily insert it where you want. For example: access-list outside_access_in line 12 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80   This will insert the rule at position 12 of the outside_access_in ACL, pushing the existing rule at position