An introduction to Big Data – RackSpace’s CloudU MOOC

CloudU

Several years ago we introduced you to CloudU. A perfect introduction to how the ‘cloud’ works.  CloudU by RackSpace now has a MOOC (Mass Open Online Course) that introduces you to Big Data.

According to Wikipedia, Big Data is a term used to describe a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications. Thats a great definition but its only one. This topic is too big to base this learning series on one definition so we asked the brightest minds in academia and the cloud industry the same question, “What is Big Data”? We are confident you will enjoy their insights and take away a broader perspective on big data.       Sign up, it’s free (Link)

Earlier Post

“After contacting Rackspace so that my students could benefit from the cloud university curriculum as a supplement.   I was met with open arms and personally talked with Greg Alfaro, Michael Ferranti and Ben Kepes either by phone or email.   Here’s a quote from Ben. - “CloudU is an excellent resource for anyone wanting to learn about Cloud Computing. As an instructor of information technology, the certificate provides a great learning tool for the planning, deployment and logistics behind cloud computing.”    ~ Ben Kepes

Commands in Telnet – DD-WRT and Tomato routers

If you have flashed your router with DD-WRT or Tomato you can probably use the following linux commands in the picture below.

Before you get started, you’ll need to enable Telnet client on your Windows computer.  Go to Programs and Features under the Control Panel.   Telnet client is found under add/remove features.

If you want to capture the information to a local Windows computer, during the telnet session, make a folder on your C: drive named telnet.  Then type :

telnet youripaddress -f c:\telnet\capture.txt

Enter your username and password.

Want to see the commands that are available?  Type ls /*bin /*/*bin . – ls will list the commands and used with bin will give the commands found in the different directories that have ‘bin’ in the name.

commands

While there are hundreds of command options for both operating systems, they are primarily Linux.

Here’s a great list – link.  (Not all commands will work)

uname -a gives the Linux version

Linux

 

Want to see a ton of information about your router?  Type sysinfo | more

This will give you information about the system including CPU, memory, network and a ton of other information.

unknown login: root
Password:
Tomato v1.28.0000 MIPSR2-120 K26 Max
========================================================
Welcome to the Linksys E2000 [TomatoUSB]
Uptime: 00:39:53 up 1:54
Load average: 0.16, 0.03, 0.01
Mem usage: 30.8% (used 8.88 of 28.84 MB)
WAN : 192.168.0.3/24 @ C0:C1:C0:xx:xx:xx
LAN : 192.168.1.1/24 @ DHCP: 192.168.1.2 – 192.168.1.51
WL0 : Zeus @ channel: 6 @ C0:C1:C0:xx:xx:xx
========================================================
root@unknown:/tmp/home/root# ls /*bin
/bin:
ash date fgrep ls netstat ping sed udpxy
busybox dd grep mdu nice ping6 sh umount
cat df gunzip mkdir ntpc ps sleep uname
chmod dmesg gzip mknod ntpstep pwd stty usleep
chown eapd kill more ntpsync rm sync vi
cp echo ln mount nvram rmdir tar watch
cstats egrep login mv pidof rstats touch zcat
/sbin:
arp hotplug mtd-erase sched
buttons hotplug2 mtd-unlock service
console ifconfig mtd-write setconsole
ddns-update init ppp_event syslogd
dhcp6c-state insmod radio udevtrigger
dhcpc-event klogd rc udhcpc
dhcpc-release led rcheck vconfig
dhcpc-renew listen reboot wldist
disconnected_pppoe lsmod redial
gpio modprobe rmmod
halt mount-cifs route
root@unknown:/tmp/home/root# sysinfo
Tomato v1.28.0000 MIPSR2-120 K26 Max
Linux version 2.6.22.19 (root@tomato) (gcc version 4.2.4) #37 Sat Jun 7 05:30:28
CEST 2014
NVRAM
1012 entries, 21604 bytes used, 39836 bytes free.
INTERFACES
br0 Link encap:Ethernet HWaddr C0:C1:C0:xx:xx:xx
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:185075 errors:0 dropped:0 overruns:0 frame:0
TX packets:166658 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21559405 (20.5 MiB) TX bytes:160278768 (152.8 MiB)
eth0 Link encap:Ethernet HWaddr C0:C1:C0xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:165763 errors:0 dropped:0 overruns:0 frame:0
TX packets:175648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:161724476 (154.2 MiB) TX bytes:22794209 (21.7 MiB)
Interrupt:4 Base address:0x2000
eth1 Link encap:Ethernet HWaddr C0:C1:C0:xx:xx:xx
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:235085 errors:10 dropped:0 overruns:0 frame:269509
TX packets:234875 errors:72 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:56724666 (54.0 MiB) TX bytes:201731456 (192.3 MiB)
Interrupt:3 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:87 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13018 (12.7 KiB) TX bytes:13018 (12.7 KiB)
vlan1 Link encap:Ethernet HWaddr C0:C1:C0:xx:xx:xx
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:7418 errors:0 dropped:0 overruns:0 frame:0
TX packets:16101 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5137752 (4.8 MiB) TX bytes:1536952 (1.4 MiB)
vlan2 Link encap:Ethernet HWaddr C0:C1:C0xx:xx:xx
inet addr:192.168.0.3 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:158047 errors:0 dropped:0 overruns:0 frame:0
TX packets:159142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:153556156 (146.4 MiB) TX bytes:21209557 (20.2 MiB)
ROUTING TABLE
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 vlan2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 vlan2
Kernel IPv6 routing table
Destination Next Hop
Flags Metric Ref Use Iface
::1/128 ::
U 0 0 1 lo
ARP TABLE
192.168.0.1 dev vlan2 lladdr 00:09:5b:cd:50:40 REACHABLE
192.168.1.38 dev br0 lladdr 68:5d:43:e7:83:44 REACHABLE
IP TABLES
:filter
Chain INPUT (policy DROP 403 packets, 193K bytes)
pkts bytes target prot opt in out source destination

692 61801 DROP all — * * 0.0.0.0/0 0.0.0.0/0
state INVALID
10214 1655K ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 shlimit tcp — * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 state NEW
14 2052 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0

6522 793K ACCEPT all — br0 * 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0
udp spt:67 dpt:68
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

253K 139M all — * * 0.0.0.0/0 0.0.0.0/0
account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
0 0 ACCEPT all — br0 br0 0.0.0.0/0 0.0.0.0/0

59 2360 DROP all — * * 0.0.0.0/0 0.0.0.0/0
state INVALID
9434 453K TCPMSS tcp — * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
128K 15M monitor all — * vlan2 0.0.0.0/0 0.0.0.0/0

249K 138M ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 wanin all — vlan2 * 0.0.0.0/0 0.0.0.0/0

4738 223K wanout all — * vlan2 0.0.0.0/0 0.0.0.0/0

4738 223K ACCEPT all — br0 * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 12586 packets, 5087K bytes)
pkts bytes target prot opt in out source destination

Chain monitor (1 references)
pkts bytes target prot opt in out source destination

0 0 RETURN tcp — * * 0.0.0.0/0 0.0.0.0/0
WEBMON –max_domains 2000 –max_searches 2000
Chain shlimit (1 references)
pkts bytes target prot opt in out source destination

0 0 all — * * 0.0.0.0/0 0.0.0.0/0
recent: SET name: shlimit side: source
0 0 DROP all — * * 0.0.0.0/0 0.0.0.0/0
recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
pkts bytes target prot opt in out source destination

Chain wanout (1 references)
pkts bytes target prot opt in out source destination

:nat
Chain PREROUTING (policy ACCEPT 9977 packets, 1113K bytes)
pkts bytes target prot opt in out source destination

403 193K WANPREROUTING all — * * 0.0.0.0/0 192.168.
0.3
0 0 DROP all — vlan2 * 0.0.0.0/0 192.168.1.0/
24
Chain POSTROUTING (policy ACCEPT 10 packets, 1912 bytes)
pkts bytes target prot opt in out source destination

6165 323K MASQUERADE all — * vlan2 0.0.0.0/0 0.0.0.0/0

26 8531 SNAT all — * br0 192.168.1.0/24 192.168.1.0/
24 to:192.168.1.1
Chain OUTPUT (policy ACCEPT 1812 packets, 127K bytes)
pkts bytes target prot opt in out source destination

Chain WANPREROUTING (1 references)
pkts bytes target prot opt in out source destination

0 0 DNAT icmp — * * 0.0.0.0/0 0.0.0.0/0
to:192.168.1.1
:mangle
Chain PREROUTING (policy ACCEPT 273K packets, 142M bytes)
pkts bytes target prot opt in out source destination

128K 124M DSCP all — vlan2 * 0.0.0.0/0 0.0.0.0/0
DSCP set 0x00
Chain INPUT (policy ACCEPT 17877 packets, 2707K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 253K packets, 139M bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 12618 packets, 5092K bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 266K packets, 144M bytes)
pkts bytes target prot opt in out source destination

IP6 TABLES
:filter
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

:mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

NET STATS
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.1:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::23 :::* LISTEN
udp 0 0 127.0.0.1:38032 0.0.0.0:*
udp 0 0 0.0.0.0:53 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 0 0 127.0.0.1:38000 0.0.0.0:*
udp 0 0 :::53 :::*
raw 0 0 0.0.0.0:255 0.0.0.0:* 255
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
FILE SYSTEMS
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/root 5056 5056 0 100% /
tmpfs 14764 172 14592 1% /tmp
devfs 14764 0 14764 0% /dev
MOUNTPOINTS
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
proc on /proc type proc (rw)
tmpfs on /tmp type tmpfs (rw)
devfs on /dev type tmpfs (rw,noatime)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
SWAPS
Filename Type Size Used Priority
PARTITIONS
major minor #blocks name
31 0 256 mtdblock0
31 1 7872 mtdblock1
31 2 5091 mtdblock2
31 3 1856 mtdblock3
31 4 64 mtdblock4
ENVIRONMENT
USER=root
HOME=/root
PS1=\u@\h:\w\$
LOGNAME=root
TERM=vt100
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/home/root:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/
mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin:
SHELL=/bin/sh
PWD=/tmp/home/root
CPU INFO
0.12 0.03 0.01 2/32 3739
system type : Broadcom BCM4716 chip rev 1 pkg 9
processor : 0
cpu model : MIPS 74K V4.0
BogoMIPS : 176.53
cpu MHz : 354
wait instruction : no
microsecond timers : yes
tlb_entries : 64
extra interrupt vector : no
hardware watchpoint : yes
ASEs implemented : mips16 dsp
shadow register sets : 1
VCED exceptions : not available
VCEI exceptions : not available
unaligned_instructions : 4
INTERRUPTS
CPU0
3: 770819 MIPS eth1
4: 298897 MIPS eth0
7: 687164 MIPS timer
8: 13 IRQ2 serial
ERR: 0
MEMORY
total used free shared buffers
Mem: 29532 18664 10868 0 2464
-/+ buffers: 16200 13332
Swap: 0 0 0
MemTotal: 29532 kB
MemFree: 10864 kB
Buffers: 2464 kB
Cached: 7112 kB
SwapCached: 0 kB
Active: 6188 kB
Inactive: 5336 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 1952 kB
Mapped: 1592 kB
Slab: 4228 kB
SReclaimable: 676 kB
SUnreclaim: 3552 kB
PageTables: 284 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 14764 kB
Committed_AS: 5068 kB
VmallocTotal: 786356 kB
VmallocUsed: 2404 kB
VmallocChunk: 782068 kB
WIRELESS VER
5.10 RC147.0
wl0: Mar 4 2010 00:00:47 version 5.10.147.0
US (US/0) UNITED STATES
LOADED MODULES
Module Size Used by Tainted: P
xt_webmon 16320 1
xt_DSCP 992 1
ip6table_mangle 992 0
ip6table_filter 704 0
xt_recent 6800 2
xt_IMQ 736 0
imq 2320 0
nf_nat_pptp 1440 0
nf_conntrack_pptp 3808 1 nf_nat_pptp
nf_nat_proto_gre 1072 1 nf_nat_pptp
nf_conntrack_proto_gre 2464 1 nf_conntrack_pptp
nf_nat_ftp 1568 0
nf_conntrack_ftp 5792 1 nf_nat_ftp
nf_nat_sip 5920 0
nf_conntrack_sip 19008 1 nf_nat_sip
nf_nat_h323 5504 0
nf_conntrack_h323 37120 1 nf_nat_h323
wl 1781264 0
et 49280 0
igs 13680 1 wl
emf 17408 2 wl,igs
PROCESSES
Mem: 18812K used, 10720K free, 0K shrd, 2464K buff, 7112K cached
CPU: 0% usr 0% sys 0% nic 100% idle 0% io 0% irq 0% sirq
Load average: 0.12 0.03 0.01 1/32 3757
PID PPID USER STAT VSZ %VSZ %CPU COMMAND
1609 1 root S 2684 9% 0% httpd
2031 1 root S 1312 4% 0% crond -l 9
1612 1611 root S 1304 4% 0% -sh
3564 434 root S 1304 4% 0% -sh
1610 1 root S 1304 4% 0% udhcpc -i vlan2 -b -s dhcpc-event -H u
nknown -m
314 313 root S 1300 4% 0% /bin/sh
434 1 root S 1296 4% 0% telnetd -p 23
3676 3564 root S 1296 4% 0% {sysinfo} /bin/sh /usr/sbin/sysinfo
3757 3676 root R 1296 4% 0% top -b -n1
2018 1 root S 1292 4% 0% syslogd -L -s 50 -b 1
2020 1 root S 1292 4% 0% klogd
1 0 root S 1260 4% 0% /sbin/init noinitrd
312 1 root S 1244 4% 0% buttons
313 1 root S 1184 4% 0% console
1611 496 root S 1140 4% 0% dropbear -p 22 -a
1295 1 nobody S 1104 4% 0% dnsmasq -c 1500 –log-async
1225 1 root S 1080 4% 0% nas
496 1 root S 1072 4% 0% dropbear -p 22 -a
1242 1 root S 968 3% 0% cstats
1236 1 root S 916 3% 0% rstats
1222 1 root S 900 3% 0% eapd
273 1 root S 616 2% 0% hotplug2 –persistent –no-coldplug
87 2 root SW< 0 0% 0% [mtdblockd]
3 2 root SW< 0 0% 0% [ksoftirqd/0]
5 2 root SW< 0 0% 0% [khelper]
42 2 root SW 0 0% 0% [pdflush]
44 2 root SW< 0 0% 0% [kswapd0]
2 0 root SW< 0 0% 0% [kthreadd]
43 2 root SW 0 0% 0% [pdflush]
4 2 root SW< 0 0% 0% [events/0]
45 2 root SW< 0 0% 0% [aio/0]
18 2 root SW< 0 0% 0% [kblockd/0]
DMESG
Linux version 2.6.22.19 (root@tomato) (gcc version 4.2.4) #37 Sat Jun 7 05:30:28
CEST 2014
CPU revision is: 00019740
Found a 8MB ST compatible serial flash
Determined physical RAM map:
memory: 02000000 @ 00000000 (usable)
On node 0 totalpages: 8192
Normal zone: 64 pages used for memmap
Normal zone: 0 pages reserved
Normal zone: 8128 pages, LIFO batch:0
Built 1 zonelists. Total pages: 8128
Kernel command line: root=/dev/mtdblock2 noinitrd console=ttyS0,115200
Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
Primary data cache 32kB, 4-way, linesize 32 bytes.
Synthesized TLB refill handler (20 instructions).
Synthesized TLB load handler fastpath (32 instructions).
Synthesized TLB store handler fastpath (32 instructions).
Synthesized TLB modify handler fastpath (31 instructions).
PID hash table entries: 128 (order: 7, 512 bytes)
CPU: BCM4716 rev 1 pkg 9 at 354 MHz
Using 177.000 MHz high precision timer.
console [ttyS0] enabled
Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
Memory: 29416k/32768k available (33k kernel code, 3352k reserved, 2718k data, 11
6k init, 0k highmem)
Calibrating delay loop… 176.53 BogoMIPS (lpj=882688)
Mount-cache hash table entries: 512
NET: Registered protocol family 16
PCI: Using membase 8000000
PCI: Disabled
PCI: Fixing up bus 0
PCI: Fixing up bus 1
NET: Registered protocol family 2
Time: MIPS clocksource has been installed.
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 1024 (order: 1, 8192 bytes)
TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
TCP: Hash tables configured (established 1024 bind 1024)
TCP reno registered
squashfs: version 3.0 (2006/03/15) Phillip Lougher
io scheduler noop registered (default)
HDLC line discipline: version $Revision: 4.8 $, maxframe=4096
N_HDLC line discipline registered.
Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0xb8000300 (irq = 8) is a 16550A
PPP generic driver version 2.4.2
MPPE/MPPC encryption/compression module registered
NET: Registered protocol family 24
PPPoL2TP kernel driver, V0.18.3
PPTP driver version 0.8.5
pflash: found no supported devices
Creating 5 MTD partitions on “sflash”:
0x00000000-0x00040000 : “pmon”
0x00040000-0x007f0000 : “linux”
0x00127400-0x00620000 : “rootfs”
0x00620000-0x007f0000 : “jffs2″
0x007f0000-0x00800000 : “nvram”
u32 classifier
OLD policer on
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (512 buckets, 4096 max)
ip_tables: (C) 2000-2006 Netfilter Core Team
ipt_account 0.1.21 : Piotr Gasidlo <quaker@barbara.eu.org>, http://www.barbara.e
u.org/~quaker/ipt_account/
net/ipv4/netfilter/tomato_ct.c [Jun 7 2014 02:58:57]
NET: Registered protocol family 1
NET: Registered protocol family 10
ip6_tables: (C) 2000-2006 Netfilter Core Team
NET: Registered protocol family 17
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
VFS: Mounted root (squashfs filesystem) readonly.
Freeing unused kernel memory: 116k freed
Warning: unable to open an initial console.
emf: module license ‘Proprietary’ taints kernel.
PCI: Setting latency timer of device 0000:00:02.0 to 64
eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.10.147.0
PCI: Setting latency timer of device 0000:00:01.0 to 64
eth1: Broadcom BCM4328 802.11 Wireless Controller 5.10.147.0
Algorithmics/MIPS FPU Emulator v1.5
vlan1: add 33:33:00:00:00:01 mcast address to master interface
vlan1: add 01:00:5e:00:00:01 mcast address to master interface
vlan1: dev_set_allmulti(master, 1)
vlan1: dev_set_promiscuity(master, 1)
device eth0 entered promiscuous mode
device vlan1 entered promiscuous mode
device eth1 entered promiscuous mode
br0: port 2(eth1) entering forwarding state
br0: port 1(vlan1) entering forwarding state
vlan2: Setting MAC address to c0 c1 c0 xx:xx:xx.
vlan2: add 33:33:00:00:00:01 mcast address to master interface
vlan2: add 01:00:5e:00:00:01 mcast address to master interface
IMQ starting with 2 devices…
IMQ driver loaded successfully.
Hooking IMQ after NAT on PREROUTING.
Hooking IMQ before NAT on POSTROUTING.
vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
vlan2: del 01:00:5e:00:00:01 mcast address from master interface
vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
vlan2: del 33:33:00:00:00:01 mcast address from master interface
vlan2: Setting MAC address to c0 c1 c0 xx:xx:xx.
vlan2: add 01:00:5e:00:00:01 mcast address to master interface
vlan2: add 33:33:00:00:00:01 mcast address to master interface
vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
vlan2: del 33:33:00:00:00:01 mcast address from master interface
vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
vlan2: del 01:00:5e:00:00:01 mcast address from master interface
br0: port 2(eth1) entering disabled state
br0: port 1(vlan1) entering disabled state
vlan1: del 01:00:5e:00:00:01 mcast address from vlan interface
vlan1: del 01:00:5e:00:00:01 mcast address from master interface
vlan1: del 33:33:00:00:00:01 mcast address from vlan interface
vlan1: del 33:33:00:00:00:01 mcast address from master interface
device vlan1 left promiscuous mode
br0: port 1(vlan1) entering disabled state
device eth1 left promiscuous mode
br0: port 2(eth1) entering disabled state
vlan1: add 33:33:00:00:00:01 mcast address to master interface
vlan1: add 01:00:5e:00:00:01 mcast address to master interface
device eth1 entered promiscuous mode
br0: port 2(eth1) entering forwarding state
br0: port 1(vlan1) entering forwarding state
vlan2: Setting MAC address to c0 c1 c0 xx:xx:xx.
vlan2: add 33:33:00:00:00:01 mcast address to master interface
vlan2: add 01:00:5e:00:00:01 mcast address to master interface

 

Security Onion- IDS, NSM, and log management

What if you want an IDS system that monitors malicious activities and provides you with logs (Network Security Monitoring) and graphs to help protect your network?  And what if you want an easy setup that provides you with information that will help you – something with a GUI interface?   Security Onion can provide you with the defacto IDS system – Snort, Squert and a ton of other tools to help you.  While there are options, Security Onion offers the choice of Snort (http://snort.org/) or Suricata (http://suricata-ids.org/).

The setup below shows a test system using VMWare with 2 processors and 2 Gb of RAM if you want to try it out.   While the bare minimum is suggested to be 3 Gb, a production environment should have 8- 128 Gb of RAM, a ton of hard drive space for logs and two network cards.  One network card for management and one to sniff.

Security Onion’s ISO can be downloaded from SourceForge.   While there is a ton of how-tos on the internet about Security Onion, there is a great deal of information on there blog located here.

Here’s a simple setup I did at home to try out Security Onion.  Using VMware’s Player (non-commercial use).  If you plan on trying Security Onion or deploying it in a production environment, you should use the commercial version or have a system that supports the minimum requirements.

menuinstallliveLive Runninginstalling rullinstalling driveinstalling drive erase  Installing files after time keyboard finished

 

Once you restart, you’ll need to run setup again to enter an email address for squert and setup a password. Once this is done, you can open the shortcuts on the desktop or use your host computer to login. Once this is complete, login to Snorby’s url.

While snort is running, Snorby will present a dashboard.  You may be surprised to see no threats once you login.  You can expedite this process by running NMap (Zenmap against the virtual machine) if you want to see threats.

What is Snorby? “ Snorby is a web application interface to view, search and classify Snort and Suricata alerts and generate various types of reports, such as most active IDS signatures, most active sensors, and top source and destination IP addresses.”  more information.
2 snorby

Once you run NMap, click on More Options in the right corner and update the Cache

2a cache update

Give Security Onion just a few seconds and refresh the screen.  You’ll see the events logged.  This will visually show you not only how  many threats were ‘ seen’ on the network but will categorize and graph them.

3 snorby 3 severity

Clicking on the events will show each event and give you the option to categorize unknown threats or to reclassify threats.
4 nmap to test

Logging in to Squert allows you to see threats along with maps and information from threats.

5 squert

Squert map

ELSA – allows you to query and look for information.

6 Elsa

What does NMap show when Security Onion is scanned?

7 is it logging

 

 

 

Introduction to Security Onion

Security Onion Blog

 

The dangers of using outdated software


 Outdated software contains security flaws which cybercriminals can use as avenues to infiltrate the corporate network.

The dangers of using outdated software.

Installing Linux Lite – A mini review

Home users that ONLY check email and use very few other programs may consider replacing their OS.   Linux has made an exceptional gain over the past several years with a Programs (Add/Remove) component and with hardware drivers.

To see just how Linux Lite stacked up other OSs, I decided to load it in Oracle’s VirtualBox.  The little over 600+mb download is comparable in size to Windows XP.  The ISO can be burned with an image burner to make a bootable CD/DVD.  Before you decide to switch, remember there are limitations to Windows software even with Wine.  Wine is a software application that allows you to run Windows programs.  Hunting around the internet you’ll find hundreds of Linux programs comparable to Windows programs.  You don’t have to look far considering the Linux repository has hundreds of programs.

After loading Oracle’s VirtualBox, simply walk through the New OS wizard, select Linux, allocate 2 GB of RAM and 8 GB of HDD space if you can.  Once you have completed this step, click on Settings and select bridge on the Network Card and load the ISO under storage.

Once you complete that step, start the OS and follow the on screen prompts.

1

(Above) – initial load screen.

2

Loading the OS into RAM

3

Load time of around two minutes for the initial screen to appear.

4

Select your language.

5

The above screen is checks to insure hardware and internet connectivity is ok.

6

Erase the hard drive.

7

Below – set your location for the time.

8

Select the keyboard layout.

9

Setup an initial user and password.

10

Copying files

11

After the installation, Restart your computer (VirtualBox)

12

Booting up from the hard disk drive.

13

Login and options.

14

The initial desktop is clean.  Don’t let this fool you.  The amount of programs and options for an internet user is excellent.

15

 

17 updates

 

Checking for updates is easy.  Simply click on the menu and select update.  Provide your login password and Linux Lite does the rest.

Printer setup

If you have a printer that supports IPP Protocol, login to the printer’s web address and Enable IPP.   The printer in our home is the Samsung SCX-3400 wireless.  An inexpensive laser printer that provides for thousands of pages with Samsung’s toner cartridge.  The printer provides hundreds of options for Windows, Apple, Linus or mobile devices.

printer

 

What programs come with Linux Lite?  Hundreds of items.  Here’s the main categories.

  • Office
  • Games  (Such as steam and others)
  • Graphics  (Gimp and more)
  • Accessories
  • Internet (email and browsers)
  • Multimedia
  • System (dozens of tools)
  • Settings

accessories Games Graphics Internet Multimedia Office settings Sharing System

 

If you ONLY use the internet and want to look into an alternate operating system.  Linux Lite may be for you.  It is easy to use, install and offers hundreds of programs.

How to guard your wireless network and see intruders

100% credit goes to Bill Mullins for sharing this information. (BillMullins.wordpress.com).

Softperfect has some of the best freeware for Windows.   With Netscan you can see devices on your network and find information about the  devices.  Now with their software “WiFi  Guard”, you can use a device on your network and find the devices that are attached to it.

While you should take precautions to secure your wireless network, is someone accessing your network without your knowledge?

Installation is fast and easy.  Simply follow the wizard and make sure you run the software at startup.

Scan

Once you install the software, select the adapter and scan your network.  Next double click on known devices and select “I know this device.”  Let the software run and periodically scan your network.   If you find a device connecting to it,   locate the device and remove it from the network or take action to prevent unknown devices from connecting.

I Know

The software is designed to run on Apple, Windows or Linux.

Note: The above pic is from a lab environment and the addresses and macs do not represent real machines or a production environment.

Protecting your network by pen testing it

This post is for educational purposes and any use of these tools against a network without explicit permission could be illegal.   Metasploit is designed to identify weaknesses in networks and hardware/software on a network.  Do NOT use metasploit for other reasons.

Want to protect your network and the computers in your network?  You can get updates for your operating systems (Linux, Mac, iOS, Android, Windows or whatever) along with updates for third party programs yet you can still be unsecure.    When updating these products, you also have to remember firmware and updates for wireless devices, access points, bridges, firewalls, routers, switches, SCADA devices, robots, mobile devices, printers and any device on your network.

Metasploit

http://www.metasploit.com/download/

Metasploit Community is free and allows for a free scan of your network or server. Although limited (Try Pro for details and Brute Force), Metasploit Community is a first step in finding open services and ports on your operating system, hardware devices such as routers and other devices.   The trick to installing Metasploit is to disable your antivirus or make exceptions to what your antivirus finds.   You should truly install the software inside of a VM (Virtual Machine) so that your computer remains protected.

You can use Metasploit to protect your network by ‘seeing’ what a hacker or malicious person would see.  Truly for network professionals and auditors, this software can help you identify services, ports and weaknesses in your network.

There are several versions of Metasploit – Community, Pro, Express and Framework (Compare Editions)

Metasploit     Metasploit Two

Metasploit Scan Complete     metasploit Hosts

Metasploit Services After Scan

The above scan was in a controlled lab.  Malicious scanning of networks may be illegal.  Read  Penetration Basics on Metasploit’s website.

Tutorials (Videos)

Your business and home needs a firewall…why?

So what happens when you install a firewall and make sure all operating systems on your home network are fresh installs?

craziness

 

You’ll probably see hits from foreign and U.S. IP addresses trying to make connections to your computers, phones and other devices on your network.   You’ll also notice common port numbers in the above log.  So what would happen if any of the services and ports were open?  It could result in the loss of data.

What should you do?  Install a hardware SOHO firewall and keep your OS firewall on.  While there are tons of other precautions you also need to take, ultimately this is a form of protection most home users and business users fail to implement.

Credit: Chris Davis

What should you do with an old computer? Create a home router/firewall!

ITX-motherboards can often be found in older computers from garage sales or thrift stores.  What is the practical use for these motherboards or older computers?

Here’s a small project that involves protecting your home.

After finding an ITX motherboard and gathering extra parts from broken laptops and computers, this project will put the software SMOOTHWALL Express onto the computer to make a mini firewall.  Total cost?

  • $22 250watt power supply
  • $5 Gearhead mini keyboard

0306141659a

Base processor
Athlon 64 X2 (B) 5400+ 2.8 GHz (65W)
800 MHz front side bus
Socket AM2

Chipset
GeForce 9100

Motherboard

  • Manufacturer: Pegatron
  • Motherboard Name: APX78-BN
  • HP/Compaq motherboard name: Nutmeg-GL6E

Power supply
250W

Memory
240 Pin DDR2 PC2-6400 MB/sec
4GB
Hard drive
120 GB SATA 6G (6.0 Gb/sec)
7200 rpm

Video Graphics

Integrated on motherboard (NVidia 9100)

Sound/Audio
High Definition 6-channel audio
ALC 888S chipset

Network (LAN)
Integrated 10/100 Base-T networking interface
Added Broadcom wireless to create a wireless router

External I/O ports connections – 6  USB

Expansion slots

PCI Express mini card socket – added Broadcom Wireless
PCI Express x16
PCI Express x1

Additions-

  • 2″ Fan for Chipset

In the video below, HAK5 shows just how to make a motherboard like this into a nice home router/Firewall.

Solving The Security Workforce Shortage – DarkReading

According to the study, the most sought-after quality is a broad knowledge of security — more of a strategic understanding than technical know-how followed by certifications.  Read More

Opinion – While certifications are an important part of IT, the technical know-how is the most important. Getting a degree or a certification is a great advancement for your education but can you configure a firewall? Run Linux-OSX- Windows? Support mobile, wireless, servers with Active Directory and monitor and control an IT environment?   That’s the difference between $12 an hour and a career.

Thrift stores -an Internet and computer goldmine

Thrift stores and yard/garage sales can become a goldmine for computer geeks.  You have to know your technology and how to upgrade the device – and you have to truly know the value of a device/computer you stumble on.  Here’s an example -

The D-Link Dir-601 is a home router that lacks many features of other Wireless N routers.   This $60 router lacks MIMO antennas and has a throughput of about 65 -150 mbps.  However, the router can be upgraded to DD-WRT and dozens of features are added to this little router including power settings, virtual wireless, IPv6, QoS and more.

Dir-601

Amanda picked one up for the class for $1.99.   A real bargain for anyone.  So what can you get for $20 ?

D-Link, Belkin, Hawking, Linksys (WRT-54g), Cisco 150  – Most of which can take alternate firmware.

2310 Belkin Hawking wrt54g WRT120N

How about a cool project with a Pegatron motherboard so you can make a hardware firewall (Picked up for $0) -it included a quad core AMD processor and fan and 2 Gb of Ram.  Add a laptop hard drive, a 220 watt power supply and Smoothwall firewall to create a tiny firewall that protect you from malicious activity.   Total investment – $22.  I have a hard drive from Amanda’s old computer and ordered the power supply from Amazon.

Motherboard

Speaking of Firewalls – How about a Netgear FVS328 VPN firewall for the home.  Although it has reached EOL, $1.99 and uploading the latest firmware will still add extra protection to your home.

prosafe