also free free to suggest things to add to the pastebin
Christopher Martinez
...
Jaxson James
this triggers me on a great many levels
Nolan Garcia
would bleach
Chase Jenkins
>Femnigger /our girl/?
Matthew Rodriguez
>Femnigger ???
Cooper Barnes
I have a reasonable amount of security/hacking books in pdf I can contribute at some point if there's interest
Adrian Perez
Please do! If you can host them anywhere reliably the links could be added to that prospective pastebin.
Easton Kelly
i just fucking fuck
Aiden Wood
lol
Dylan Martinez
Can I participate if I am a noob, as in non-programmer, mostly hobbyist enthusiast?
John King
I've done minor sysadmin work at my job (since our main guy is a Microsoft purist and I'm the only one with extensive Linux knowledge) and I'm seriously starting to think about pursuing a career in security or devops instead of staying in software development.
where should one get started if he wishes to avoid going back to college?
Logan Bennett
both of you should join and check the pastebin out we have accumulated several resources span many subjects you are both among friends do not be shy
Jackson Bell
Blackarch.org Read the man pages. All the man pages
Jordan Robinson
Does it help you get in IT or net-sec if you have a math background? Working towards my bachelors in math but we only got 1 course thats related(Databases1).
Caleb Hall
>that color scheme I am basically bleeding now
Zachary Powell
it helps with logic and programming but math is more for cryptography although creating a IDS is math intensive
Cooper Perry
thanks dude
Xavier Martin
Yeah it's pretty bad. Luckily it's changeable.
Noah Campbell
It's a bunch of penguins running a little factory! That's rich.
Now what's the most secure and up to date router I can buy that uses FOSS? I'm interested in something for home use. Price range is around 300 USD, but I'm not a poorfag so that budget is extremely flexible.
Josiah Jones
maybe try your had at buy a raspberry pi and install openbsd
Easton Gray
Sounds like too much work. I want something that I can pull out of the box, set the wireless network names and passwords, then fap to webms on /gif/ all in under 20 minutes.
Jack Hall
owning a FOSS router, as far as I know, involves flashing something openwrt or openbsd. I don't personally know of any vendor that ships fully libre firmware.
I personally own a Mikrotik RB2011UiAS and it's a solid machine. the only downside is no dual band. it's also supported by openwrt but I have yet to try it.
Easton Green
I already have a Librebooted laptop and a phone that has baseband hardware isolation and a FOSS OS. I need a stupid freetard router. Pls help.
Matthew Cruz
Fuck you
Nathan Carter
Read the wiki on routers. You will have to flash it regardless.
Xavier Rivera
Shit, well there goes my weekend I guess. I'll just buy whatever.
I've never seen these threads before, would this be the right place to ask for a more experienced opinion about what I'm trying to do with my home network security wise?
Grayson Campbell
ask the question
Alexander Diaz
linux duh Why would anyone want to into NT
Connor Brooks
...
Ayden Sullivan
I've got an Asus AC68U router. I want to firewall one of its LAN ports in such a way that the connected device has all access cut off (internet included) except a few specific services running on my network. It should also be able to respond to connections that are initiated by something else. I would also want to mess as little as possible with the router's default config.
What I've come up with is this: >assign port to a different VLAN >bridge it with the rest, so shit like DHCP still works >using ebtables, drop all traffic heading to the router's IP >redirect everything else that is going to my local network, so that it gets routed instead of forwarded (because I need TCP connection tracking) >drop whatever is left, such as traffic heading to an external IP >filter traffic in iptables FORWARD chain, allow established connections and packets heading to allowed services >drop everything else That's the short of it. It's probably hard to understand, I can dump the actual rules if that would help.
Basically, is there a recommended way of doing something like this? What I've done works now, but I don't know if I'm doing it in a retarded way or if I might have left any holes, since this is the first time I've used ebtables or fucked with VLANs.
Gavin Watson
sorry we can not help you but go a head a dump the rules
Lucas Flores
Sure. Everything is working, I'm just wondering if I went about it in a retarded way or not. This is in ebtables nat and I've added all the rules: Bridge chain: PREROUTING, entries: 7, policy: ACCEPT -s ! 0:1c:f0:e9:fa:2 -i vlan10 -j DROP -p IPv4 -i vlan10 --ip-dst 10.23.45.1 -j DROP -p IPv4 -i vlan10 --ip-dst 10.23.45.0/24 --ip-proto tcp -j redirect -p IPv4 -i vlan10 --ip-proto udp --ip-sport 68 --ip-dport 67 -j ACCEPT -p ARP -i vlan10 -j ACCEPT -i vlan10 -j DROP -p IPv4 -d 0:1c:f0:e9:fa:2 -i vlan1 --ip-proto tcp --ip-dport 8080 -j redirect
And iptables filter, there are some default rules here controlling the router, I only added 2: -P FORWARD DROP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD ! -i br0 -o vlan2 -j DROP -A FORWARD -i vlan2 -m state --state INVALID -j DROP ### my rules ######################################### -A FORWARD -d 10.23.45.2/32 -i br0 -p tcp -m mac --mac-source 00:1C:F0:E9:FA:02 -m tcp --dport 80 -j ACCEPT -A FORWARD -i br0 -m mac --mac-source 00:1C:F0:E9:FA:02 -j DROP ##################################################### -A FORWARD -i br0 -o br0 -j ACCEPT -A FORWARD -m conntrack --ctstate DNAT -j ACCEPT -A FORWARD -i br0 -j ACCEPT
That MAC is from the device connected to the firewalled port (there's no physdev support so I'm using it to identify the traffic in iptables, since it's seen as coming from br0 and not the vlan10 itself for routing purposes) >vlan1 = LAN from switch >vlan10 = firewalled LAN port >br0 = local bridge (i.e. switch LAN + vlan10 + WiFi)
Colton Smith
has anyone completed a war game or ctf? if did not what did you get stuck on? if you did complete the challenge did you get hung up on anything?
Jace Barnes
Thanks m8.
Kayden Fisher
I'm not an expert, but I can't see anything wrong there at first glance. I mean, if you wanna be 100% sure you could always do a pentest from outside your home network.
David Ross
I hope I don't get bullied for just lurking the IRC
Bentley Garcia
>femnigger kek
Joseph Hughes
it's supposed to be a "beginner-friendly" channel
Charles Fisher
Mac filtring is useless
Blake King
what does /nsg/ think of blackphone 2?
Christian Gray
Not that her stickers are good (looks cringeworthy to me), but we have seen waaaaaaaaaaay worse on those "show your stickers" threads
But hey, she looks young, and at certain age ranges people experiment and meke poor decisions, so it's ok
Leo Morgan
Sounds good, thanks for having a look.
How is it useless in this particular case, in the way I'm employing it? The device is physically connected using a cable. Even if somebody were to somehow change its MAC, it wouldn't bypass the rules, it would simply lose even the restricted access it does have. That's why the first ebtables rules is there, if the MAC is different than what is expected all incoming traffic is dropped.
