Network Stuff

From Knelcorpwiki

Jump to: navigation, search

Contents

KNEL Corporate Network Information

Main rack layout

  • TOP OF RACK
    • Production wireless access point from t-mobile
    • DSL modem
    • Cordless phone
  • Black shelf (with 14 wireless access points, (development ps3, cisco lab 1841 router) )
  • Cisco lab 4000 (top)
  • Cisco lab 4000 (bottom)
  • Cisco lab Catalyst 5002
  • Cisco lab 3900
  • Cisco lab 3920
  • Cisco lab AS5200
  • Power strip
  • Cisco production 3548xl
  • Cisco lab 2611
  • Cisco lab 2500
  • Cisco lab 2500
  • Cisco lab 2500
  • Cisco lab 2924 switch (top)
  • Cisco lab 2924 switch (bottom)
  • Cisco lab 3640 router
  • Main Server
  • BOTTOM OF RACK

Next to the rack is the printer.

VLAN Details

VLAN Overview

Classname Description
black production vlan
blue non production vlan
lime trusted
gray semi trusted
red non trusted


Production VLANs

Superclass Subclass VLAN ID description Associated Subnet
black lime 2 Internal wired production devices (main-server, mythfe-livingroom, printer) 10.10.4.0/24
black lime 3 Internal wireless users (mac filtered, hidden essid and associated blackberrys/ipod touches/laptops) 10.10.4.0/24
black gray 4 Guest wireless users (thewybles-guest essid) 10.10.5.0/24
black lime 5 Production private DMZ (VPN termination) 10.10.6.0/24
black gray 6 Production public DMZ (knownelement.com etc) 10.10.7.0/24

Wireless Development VLANs

Superclass Subclass VLAN ID description Associated Subnet
blue lime 8 OLSR Mesh network 10.12.1.0/24
blue lime 9 Batman Mesh network 10.12.2.0/24
blue lime 10 Mesh potato network 10.12.3.0/24

Product Development VLANs

Superclass Subclass VLAN ID description Associated Subnet
blue lime 7 Mikes Development VOIP vlan 10.11.1.0/24
blue lime 11 lay3r8 voip development vlan 10.11.2.0/24
blue lime 13 parallel computing lab 10.10.8.0/24

Virtualization VLANs

Superclass Subclass VLAN ID description Associated Subnet
blue gray 14 vmware lab 10.10.9.0/24
blue lime 15 xen lab 10.10.10.0/24
blue lime 16 kvm lab 10.10.11.0/24

Malware VLANs

Superclass Subclass VLAN ID description Associated Subnet
blue red 600 windows wireless honey net 10.14.1.0/24
blue red 601 linux wireless honey net 10.14.2.0/24
blue red 666 unprotected windows 2003 (exchange/ad/iis) 10.15.1.0/24
blue red 667 unprotected windows vista (outlook/ie/pdf reader) 10.15.2.0/24
blue red 668 unprotected windows xp (outlook/ie) 10.15.3.0/24
blue red 669 protected windows 2003 (exchange/ad/iis) 10.15.4.0/24
blue red 670 protected windows vista (outlook/ie/pdf reader) 10.15.5.0/24
blue red 671 protected windows xp (outlook/ie) 10.15.6.0/24
blue red 672 protected centos 5 (zimbra/sugarcrm/trac/wordpress/php apps) 10.16.1.0/24
blue red 673 protected ubuntu 9.10 (zimbra/sugarcrm/trac/wordpress/php apps) 10.16.2.0/24
blue red 674 unprotected centos 5 (zimbra/sugarcrm/trac/wordpress/php apps) 10.16.3.0/24
blue red 675 unprotected ubuntu 9.10 (zimbra/sugarcrm/trac/wordpress/php apps) 10.16.4.0/24
blue red 676 unprotected network gear 10.17.1.0/24

Production Network

Traffic flow

Phone line

-> DSL modem (Currently this is a motorola modem provided by at&t in bridge mode. In the near future, I plan to swap the motorolla modem out and place a netgear dsl modem that I can put custom firmware on. Idea is to have a transparent bridging firewall/ids/ips.)

-> Cisco 1841 router (running pppoe stack and doing my port forwarding etc. This is my network border router. Very happy with it so far. )

  • external interface is en0/1
  • internal interface is en0/0.2

-> Cisco 3548 switch

  • -> dmz-server (virtual machine with IP 10.10.4.3) -> (this is where most external traffic ends up as it hosts xmpp/www/sip/smtp/imap etc)
  • -> dev-server -> (all external non production traffic is directed here to various virtual machines (malware stuff for example, voip bits etc)
  • -> vpn-server (self explanatory)

Switch documentation

Switch port System and interface Description VLAN
1 uplink to 1841 fe0/0.2 switchport trunk encapsulation dot1q switchport mode trunk 2
2 Linksys WRT54G-TM thewybles t-mobile wireless ap 2
3 printer printer-wired 2
4 mythtv livingroom frontend mythtv livingroom frontend 2
5 dev server server hosting dhcp/dns/e-mail/web/xmpp/sip and all virtual machines. 2
6 extra port for temp use extra port for temp use 2

Internal Production Network (physical hosts and virtual machines)

ip address hostname description
10.10.4.1 edge-router cisco 1841 router (very nice, fully featured router).
10.10.4.2 wireless-ap has two high gain antennas providing amazing wifi coverage over my entire property
10.10.4.3 Main-server_documentation dell optiplex dns/dhcp, file serving via samba, e-mail, xmpp etc
10.10.4.4 mythfe-livingroom myth frontend in the living room hooked to the big screen. has an external dvd player attached. connected to my surround sound system. main hulu viewer also a secondary server for dns/mysql/apache
10.10.4.5 mythfe-bedroom myth frontend in the bedroom (used for occasional hulu watching and traffic reports etc)
10.10.4.6 dev-server development server (white box system. 4 core amd phenom, 8 gigs ram, 3tb storage. (used for uec, hadoop, boinc, security research,video/audio editing as a render node and vm host)
10.10.4.7 charles-bb Charles BB pearl 8120 (UMA)
10.10.4.8 patti-wireless Patti HP laptop wifi
10.10.4.9 patti-wired Patti HP laptop wired
10.10.4.10 patti-bb Patti BB
10.10.4.11 charles-hp-wifi Charles HP wifi (my main system)
10.10.4.12 charles-hp-wired Charles HP wired
10.10.4.13 printer-wifi Photosmart 3300
10.10.4.14 printer-wired Printer wired (this is how it's currently attached to the network, due to proximity to wired switch)
10.10.4.15 dev-laptop Development laptop (used for misc hacking tasks)
10.10.4.16 dev-wifi RT USB dongle (currently used for kismet, packet injection etc)
10.10.4.17 chalres-ipodtouch Charles ipodtouch (jailbroken of course)
10.10.4.18 rufus-ipodtouch Rufus ipodtouch
10.10.4.19 phillips-streaming phillips wireless streaming box
10.10.4.20 rufus-wifi Rufus sony laptop
10.10.4.21 simplenet simplenet box (linux server that goes everywhere with me)
10.10.4.23 rufus-ps3 rufus-ps3 (gaming ps3)
10.10.4.24 ps3 ps3 (running ubuntu 9.04. used for boinc/opencl etc. not for gaming)
10.10.4.25 prod2924 cisco 2924 switch (main production switch)
10.10.4.26 patti-ipodtouch Patti Ipod touch
10.10.4.27 prod3548xl production switch
10.10.4.29 conference-server bigbluebutton server
10.10.4.30 opsview-server opsview vm
10.10.4.31 w2k8 windows 2008 production server
10.10.4.32 vpn-server VPN termination server
10.10.4.33 voip-server VOIP server
10.10.4.34 ocs-server Office communications server
10.10.4.35 exchange-external External exchange server

External production network (DMZ)

99.59.102.17 is for KNEL production traffic

port internal destination ip address
443 10.10.4.32
22 10.10.4.3
80 10.10.4.3
25 10.10.4.3
3000 (redmine) 10.10.4.3

Virt machine details

184:root 27795 19.2 6.9 614672 532296 ? Sl 20:30 0:42 /usr/local/w2k8kvm/bin/kvm -drive file=./BigBlueButton.img,if=virtio,boot=on -cdrom ../../isos/ubnt91032.iso -boot c -name BigBlueButton -net nic,model=virtio,macaddr=52:54:00:12:34:01 -net tap -balloon virtio -m 512 -daemonize -nographic -serial telnet::30001,server,nowait -serial mon:telnet::40001,server,nowait -vnc :1

173:root 3146 6.4 7.0 647120 541528 ? Sl Mar25 196:20 /usr/local/w2k8kvm/bin/kvm -drive file=./dmzServer.img,if=virtio,boot=on -cdrom ../../isos/ubuntu-9.10-server-amd64.iso -boot c -name DmzServer -net nic,model=virtio,macaddr=52:54:00:12:34:02 -net tap -balloon virtio -m 512 -daemonize -nographic -serial telnet::30002,server,nowait -serial mon:telnet::40002,server,nowait -vnc :2

183:root 27720 19.4 6.9 728760 532688 ? Sl 20:30 0:48 /usr/local/w2k8kvm/bin/kvm -drive file=./Opsview.img,if=virtio,boot=on -cdrom ../../isos/ubnt80432.iso -boot c -name Opsview -net nic,model=virtio,macaddr=52:54:00:12:34:03 -net tap -balloon virtio -m 512 -daemonize -nographic -serial telnet::30003,server,nowait -serial mon:telnet::40003,server,nowait -vnc :3

185:root 27892 99.4 53.6 4311988 4117232 ? Rl 20:31 2:37 /usr/local/w2k8kvm/bin/kvm -drive file=./w2k8.img,boot=on -cdrom winvirt.iso -boot c -name Windows2008Production -net nic,macaddr=52:54:00:12:34:05 -net tap -balloon virtio -smp 4 -m 4096 -daemonize -serial mon:telnet::40005,server,nowait -vnc :5

Development Network

Traffic flow

Switch documentation

All development gear (wired and wireless) is connected to the 48 port cisco switch.

There are two 6 node wireless meshes and two honey net nodes (one will be connected to the windows malware network and one will be connected to the linux malware network) for a total of 14 access points.

Key:

  • m1 = mesh1
  • m2 = mesh2

n(x) = node(x)

The physical access points are labeled.


Wireless Gear
Switch port Mesh / node Description Power supply details WAN MAC VLAN
7 m1,n1 tba tba tba 8
8 m1,n2 tba tba tba 8
9 m1,n3 tba tba tba 8
10 m1,n4 tba tba tba 8
11 m1,n5 tba tba 00 16 01 d6 c8 e4 8
12 m1,n6 tba tba tba 8
13 m1,capture tba tba tba 8
14 m2,n1 tba tba tba 9
15 m2,n2 tba tba tba 9
16 m2,n3 tba tba tba 9
17 m2,n4 tba tba tba 9
18 m2,n5 tba tba tba 9
19 m2,n6 tba tba tba 9
20 m2,capture tba tba tba
21 Linux wireless honeypot tba tba tba 601
22 Linux wireless honeypot, capture tba tba tba 601
23 Windows wireless honeypot tba tba tba 600
24 Windows wireless honeypot, capture tba tba tba 600
25 Windows malware port tba tba tba tba
26 Windows malware port, capture tba tba tba tba
27 Linux malware port tba tba tba tba
28 Linux malware port, capture tba tba tba tba
Wired gear
-
Switch port System and interface Description VLAN
1 main server - eth2 (this is the physical ethernet port for windows malware virtual machines)
2 span port span port for windows malware
3 main server - eth1 this is the physical ethernet port for linux malware virtual machines
4 span port span port for linux malware
21 ps3 ps3 port

Internal Development Network (virtual hosts)

VOIP

Mikes VOIP Stuff
ip address hostname description vlan
10.10.4.150 voip-host centos vm 7
10.10.4.151 voip-fs-dev freeswitch development openvz slice 7
10.10.4.152 voip-fs-qa (openvz slice) 7
10.10.4.153 voip-fs-lt (openvz slice) 7
10.10.4.154 voip-fs-stg (openvz slice) 7
10.10.4.155 voip-fs-prod (openvz slice) 7

lay3r8

lay3r8 VOIP Stuff
ip address hostname description vlan
10.10.4.160 voip-host.lay3r8 (ubuntu vm) 11
10.10.4.161 voip-fs-dev.lay3r8 (openvz slice) 11
10.10.4.162 voip-fs-qa.lay3r8 (openvz slice) 11
10.10.4.163 voip-fs-lt.lay3r8 (openvz slice) 11
10.10.4.164 voip-fs-stg.lay3r8 (openvz slice) 11
10.10.4.165 voip-fs-prod.lay3r8 (openvz slice) 11
lay3r8 Parallel Computing
ip address hostname description vlan
lay3r8 Malware
Windows
Unprotected Windows 2003
ip address hostname description vlan links
10.15.1.1 w2k3-up-router router system for unprotected w2k3 net
10.15.1.2 w2k3-ad active directory machine


Unprotected Windows Vista
ip address hostname description vlan links


Unprotected Windows XP
ip address hostname description vlan links
Protected Windows 2003
ip address hostname description vlan links
Protected Windows Vista
ip address hostname description vlan links
Protected Windows XP
ip address hostname description vlan links


Linux
Unprotected Centos 5
ip address hostname description vlan links


Unprotected Ubuntu 9.10
ip address hostname description vlan links


Protected Centos 5
ip address hostname description vlan links


Protected Ubuntu 9.10
ip address hostname description vlan links
Network

Unprotected network gear. Got cisco exploits? Try em here.

ip address hostname description vlan links
10.17.1.1 edge-router cisco 2911 edge router 676
10.17.1.2 core-switch 3com switch 676
10.17.1.3 prod-server (vm) gotta have a host on the network 676

External Development Network (DMZ)

99.59.102.19 is for mikes voip development traffic

Protocol Ports
udp all ports (do not filter anything)
tcp all ports (do not filter anything)

99.59.102.20 is for lay3r8 development

99.59.102.21 is for windows malware

99.59.102.23 is for linux malware

Personal tools