Tag Archives: linux

SPF, DKIM, DMARC, and ADSP

For a while now, I’ve been having problems with DKIM. It wasn’t working. My logs always had the same error:

And I’d look for a fix but never find anything useful.

Today I decided to go through my mail quarantine folders. In them I found several emails from a friend who is having problems with spammers using his email address. None of them are going through his mail server, they’re all spoofed. We’ve compared our SPF records and they look right. So I went and looked up why I’m seeing all these mails.

Turns out that not all mail admins have set up their servers right to look at SPF and block. That was my problem.

So I went and found a howto for my operating system to fix SPF with my Mail Transfer Agent (MTA). The document, provided by my VPS hosting provider, had how to set up SPF, how to configure my MTA to quarntine emails that fail SPF, a DKIM walk through, a ADSP howto, and a DMARC howto, all on the same page.

First things first. I fixed the SPF inbound. Now it should do the stuff it needs to. Then I figured since I still had time, I’d go after the DKIM problem.

So I backed up my existing files and followed along. AND NOTHING WORKED!. Still the same problem. Heck even the same error message.

So an

later and I started completely fresh. Nothing old, not even the old backup files.

And it still didn’t work. sysctrl status -l opendkim.service and journalctrl -xe were not much help either. Neither one gave enough information on what was wrong.

I did some searching through the logs, and found that even after changing the port to a local socet for Milter it still couldn’t work. But this time I found that it couldn’t see the files, and searching the directory that local socket should be in, it wasn’t there. After much googling I found an old bug report for Debian (my OS of choice). If the socket and pid files were missing, do this:

And suddenly everything was working. I sent test emails to test services, and they seem to be working. At least they told me that everything works.

Then I went why not and set up the ADSP and DMARC stuff in DNS.

Really just happy to get past the problem where dkim isn’t working. Now to go finish clearing out the quarantine files.

Why I don’t have a lab

An industry mailing list I’m on recently had a conversation that started asking about Master Degrees but had some hiring managers chip in. They said a question they tend to ask is to have the candidate tell about their home lab.

I’ve been asked this question a few times in the past, and I’ve asked people this question in job interviews. I know it’s to find out what kind of passion the candidate has for the job, but I think it’s starting to become a bad question to ask.

Here is why I don’t have a home lab.

Continue reading

Raspberry Pi WPA_Supplicant setup taking way longer than it should

—- TL/DR —-
If you want to connect a raspberry pi to a hidden access point your wpa_supplicant.conf needs to have the following in the network statement.

Don’t put a ” or a ) in your ASCII PSK it causes problems. I couldn’t get it to work with the hex psk using wpa_passphrase but I broke the rules of troubleshooting making multiple changes at a time instead of one and resetting it.

—– End TL/DR —-

I got a new phone. Nexus 5x.  But this isn’t what this post is about. My SO got a new phone last August. It was an unplanned by after the last one went for a porta-john swim. Again. not what this is about.

A co-worker suggested setting up a NAS to back up the pictures to. Being a poor college student, yes still grad school isn’t cheap, that really isn’t an option. Then he said well if it’s just the phones, why not use one of your Raspberry Pis?

The problem is getting the wpa_suplicant.conf file talking. It has taken me 2 days. Mainly because I don’t mess with that file much.

it hated my passphrase because of the ” and the ) in the middle example:

I tried wpa_passphrase with the file, but it didn’t like that either. (although I kind of want to go back and test it again, in case I missed something.

Which I couldn’t find out until after I set the AP to broadcast. So after more digging I found that

scan_ssid=1 has to be in the config.

Sigh. This is taking way longer than need be, and I’d just wire it, but it’s going to not be near the cables, because of power.

It’s all about the pcaps baby

So my android phone as an interesting problem, granted it’s an S4, running not the latest build so I don’t know if that problem still exists. Apparently the way the default mail application is set up, it can’t sync the mailboxes unless the Sync button is turned on. But that doesn’t stop that the mail application from trying to sync on a schedule.

Continue reading

New and Improved WiFi Intrusion Detection System. Pi 2.

So my last post I was fighting the Raspberry Pi 2, with Kali Linux 2.0.1, when it came to starting kistmet_drone on boot. Ian had a work around, but it wasn’t what I wanted. I wanted the built in tools to do their job. Well it turns out it’s a SystemD problem. I spent probably about 12 hours bashing my head against it, making changes and trying things.

Finally, I got smart with my Google searching, and found a slightly better way, but still didn’t want to call an external shell script. Then I spent time smacking my head on the desk. SSHD works, and starts by systemd, why not look at it’s config. Seriously the better you are at something, the less you think of the simple answers that made you good to start with.

2 new lines. One made SystemD wait until after networking was up. The second was a strange sshd -D option. man ssh. Oh doesn’t run ssh as a daemon…

remove –daemonize from Kismet… It worked.

SO….

 

Now to get everything ready before I leave for GrrCon in 17 hours, I’ll be presenting Saturday last I heard.

More on moving WIDS to the Raspberry Pi 2.

So I’m using the Raspberry Pi 2 and Kali 2 for this project so far. As I said last time, I had to expand the image to use the full disk. I have a script for that now. I was actually trying to script the whole deployment. These scrips can be found on my WIDS github repository. But fair warning they are still a work in process.

Continue reading

Moving WIDs to Raspi2.

So I tried to do this back in July but got sick. My next talk is at A2Y.asm on Sept 12, and rebuilding all the Pi2 again with Kali 2.0.1. I have litteraly spent most of the day trying to expand the root directory.

There is a tool called rpi-wiggle, that sounded really cool, but it hasn’t been updated in 3 years. It also didn’t work for the pi2 running Kali 2.0.1. After lots of searching, I found a forum post saying talking about it.

After running apt-get install triggerhappy lau5.1 (from Kali repos) and getting the Debian raspi-config file from Debian. It says it worked. I’m waiting for the reboot to know for sure.

And it worked. from console it says it has full space.

Now if I was making anything other than a drone, I’d run apt-get install kali-linux-full to get the whole Kali experience instead of the light version. But I’m making a drone. So here is what needs to be worked on before I start making images:

  • install: Kismet, NTP.
  • boot to cli instead of gui
  • change the root password
  • configure kismet
  • Clone
  • configure static ip, and daemon mode.

normally I’d disable ipv6, still might. but the ipv4 and ipv6 stacks are working well together right now. In the past they haven’t.

Unofficial training at Circle City Con

I’ll be presenting at Circle City Con this year, on Wireless Intrusion Detection with the Raspberry Pi. I’ve done  some test runs of the talk, and have ended with people wanting to contact me later if they have questions. Mainly if they get stuck. Also one of the comments from the reviewers when I submitted my talk was this would be better as a training class.

After talking to one of the organizers, here is how this is going to work. Currently I’m scheduled to talk on Saturday. After my talk, through the end of the Conference I can be available (as long as I’m not in a training sessions) to use some of the the common / lobby area to work with people wanting to set up the wireless drones, what kismet calls sensors.

Continue reading

Designing a new home lab

I used to have a home lab of 3 cisco routers, and 3 cisco switches. That was for my CCNA training. Problem was, they were so old, they were not worth it. The lab also had 2 Intel 32-bit PC towers and a Sun Ultra 10. The Sun box was to get the Sun certification, but never got around to it. That isn’t to say that the lab wasn’t used. Just not used for the reasons I originally bought the components for.

Now, since I graduated and I have money to spend on building a new lab, I’m looking at getting something new set up. After watching Johnny X(m4s) and Eve Adams recorded talk from Derbycon. I decided on the following design.

Lab Design v1

So this will be on a separate internet connection from my home network. That means getting a second line to the house, but it doesn’t have to be the fastest line in the world.

The hope is to have the PFSense box, the Security Onion Box, and the Vmware ESXi box all running on Micorservers. The price for the Lenovo ones are decent.

I want a Cisco 3560g switch for Gig out all the ports, plus the layer 2 / 3 routing. Again the price isn’t too bad, about the same as the Microsevers. Lastly if I decide to go for the CCNA again, it should be useful.

The wireless access point was chosen from the Offensive Security WiFu class hardware list. I could use my old Linksys WRT54GL with dd-rwt on it. But it cant’ do N. Granted it looks like the Off-Sec recommended ones are only half N.

Lastly, it would be nice to have a peg board with all my Raspberry Pi devices attached to it. Requires being easy to remove them, but not a big issue. This would give me a place to have them while working and store them when not in use. If I can get POE on the 3560g, that means I can get a POE splitter and adapter for each Raspberry Pi, and don’t have to worry about power there either.

The laptop would be as needed device. I could use my current one or buy one to dedicate to the lab. Mainly it’s there for user interface purposes than anything else.

The only downside, even though I’m not paying for college classes out of pocket any more, is that it will take a while to build this lab. I’m going to have to piece it together a little at a time.

Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi

So I mentioned this previously as a teaser, but I had an article posted in the Linux Journal. It was based off my independent study at Eastern Michigan University.

It was in the December issue of the Linux Journal. Now it’s posted on their website.

This is related to the talk I am submitting for conferences this year. It has already be accepted to one conference. The talk has a little more information built in to it. For example the experience I had in an environment with heavy wifi coverage compared to home and Eastern Michigan University. A slight design modification. I don’t know yet if I’m going to rebuild using Raspberry Pi B+ or the new Raspberry Pi 2 model B.