From Knelcorpwiki

Contents 1 KNEL Corporate Network Information 1.1 Main rack layout 1.2 VLAN Details 1.3 Production Network 1.3.1 Traffic flow 1.3.2 Switch documentation 1.3.3 Internal Production Network (physical hosts and virtual machines) 1.3.4 External production network (DMZ) 1.4 Development Network 1.4.1 Traffic flow 1.4.2 Switch documentation 1.4.2.1 Wireless Gear 1.4.2.2 Wired gear 1.4.3 Internal Development Network (physical hosts) 1.4.4 Internal Development Network (virtual hosts) 1.4.4.1 VOIP 1.4.4.1.1 Mikes VOIP Stuff 1.4.4.2 lay3r8 1.4.4.2.1 lay3r8 VOIP Stuff 1.4.4.2.2 lay3r8 Parallel Computing 1.4.4.2.3 lay3r8 Malware 1.4.4.2.3.1 Windows 1.4.4.2.3.2 Unprotected Windows 2003 1.4.4.2.3.3 Unprotected Windows Vista 1.4.4.2.3.4 Unprotected Windows XP 1.4.4.2.3.5 Protected Windows 2003 1.4.4.2.3.6 Protected Windows Vista 1.4.4.2.3.7 Protected Windows XP 1.4.4.2.3.8 Linux 1.4.4.2.3.9 Unprotected Centos 5 1.4.4.2.3.10 Unprotected Ubuntu 9.10 1.4.4.2.3.11 Protected Centos 5 1.4.4.2.3.12 Protected Ubuntu 9.10 1.4.4.2.3.13 Network 1.4.5 External Development Network (DMZ)

KNEL Corporate Network Information

Main rack layout

• TOP OF RACK
• Silver shelf (main server backup usb drive, development ps3, production cisco 1841 router)
• Silver shelf (with 14 wireless access points)
• Power strip
• 48 port cisco switch (3500)
• Cisco 2611
• Cisco 2500
• Cisco 2500
• Cisco 2500
• 3 com
• Production cisco 2924 switch
• Cisco router (3600)
• Main Development Server
• BOTTOM OF RACK

Next to the rack is the printer and the main production server.

VLAN Details

Classname	Description
black	production vlan
white	non production vlan
green	trusted
orange	semi trusted
red	non trusted

Superclass	Subclass	ID	description	Associated Subnet
black	green	2	Internal wired production devices (main-server, mythfe-livingroom, printer)	10.10.4.0/24
black	green	3	Internal wireless users (mac filtered, hidden essid and associated blackberrys/ipod touches/laptops)	10.10.4.0/24
black	orange	4	Guest wireless users (thewybles-guest essid)	10.10.5.0/24
black	green	5	Production private DMZ (VPN termination)	10.10.6.0/24
black	orange	6	Production public DMZ (knownelement.com etc)	10.10.7.0/24
white	green	7	Mikes Development VOIP vlan	10.11.1.0/24
white	green	8	OLSR Mesh network	10.12.1.0/24
white	green	9	Batman Mesh network	10.12.2.0/24
white	green	10	Mesh potato network	10.12.3.0/24
white	green	11	lay3r8 voip development vlan	10.11.2.0/24
white	red	12	cisco lab vlan	10.13.1.0/24
white	orange	13	parallel computing lab	10.10.8.0/24
white	green	14	vmware lab	10.10.9.0/24
white	green	15	xen lab	10.10.10.0/24
white	green	16	kvm lab	10.10.11.0/24
white	red	600	windows wireless honey net	10.14.1.0/24
white	red	601	linux wireless honey net	10.14.2.0/24
white	red	666	unprotected windows 2003 (exchange/ad/iis)	10.15.1.0/24
white	red	667	unprotected windows vista (outlook/ie/pdf reader)	10.15.2.0/24
white	red	668	unprotected windows xp (outlook/ie)	10.15.3.0/24
white	red	669	protected windows 2003 (exchange/ad/iis)	10.15.4.0/24
white	red	670	protected windows vista (outlook/ie/pdf reader)	10.15.5.0/24
white	red	671	protected windows xp (outlook/ie)	10.15.6.0/24
white	red	672	protected centos 5 (zimbra/sugarcrm/trac/wordpress/php apps)	10.16.1.0/24
white	red	673	protected ubuntu 9.10 (zimbra/sugarcrm/trac/wordpress/php apps)	10.16.2.0/24
white	red	674	unprotected centos 5 (zimbra/sugarcrm/trac/wordpress/php apps)	10.16.3.0/24
white	red	675	unprotected ubuntu 9.10 (zimbra/sugarcrm/trac/wordpress/php apps)	10.16.4.0/24
white	red	676	unprotected network gear	10.17.1.0/24

Production Network

Traffic flow

Phone line

-> DSL modem (Currently this is a motorola modem provided by at&t in bridge mode. In the near future, I plan to swap the motorolla modem out and place a netgear dsl modem that I can put custom firmware on. Idea is to have a transparent bridging firewall/ids/ips.)

-> Cisco 1841 router (running pppoe stack and doing my port forwarding etc. This is my network border router. Very happy with it so far. )

• external interface is en0/1
• internal interface is en0/0.2

-> Cisco 3548 switch

• -> Main server -> (this is where most external traffic ends up as it hosts xmpp/web/sip/e-mail etc)
• -> Dev server -> (all external non production traffic is directed here (malware stuff for example, voip bits etc)

Switch documentation

Switch port	System and interface	Description	VLAN
1	uplink to 1841 fe0/0.2	switchport trunk encapsulation dot1q switchport mode trunk	2
2	Linksys WRT54G-TM	thewybles t-mobile wireless ap	2
3	printer	printer-wired	2
4	mythtv livingroom frontend	mythtv livingroom frontend	2
5	main server	server hosting dhcp/dns/e-mail/web/xmpp/sip etc	2
6	dev-server	dev server	2
7	extra port for temp use	extra port for temp use	2

Internal Production Network (physical hosts and virtual machines)

ip address	hostname	description
10.10.4.1	edge-router	cisco 1841 router (very nice, fully featured router).
10.10.4.2	wireless-ap	has two high gain antennas providing amazing wifi coverage over my entire property
10.10.4.3	Main-server_documentation	dell optiplex dns/dhcp, file serving via samba, e-mail, xmpp etc
10.10.4.4	mythfe-livingroom	myth frontend in the living room hooked to the big screen. has an external dvd player attached. connected to my surround sound system. main hulu viewer also a secondary server for dns/mysql/apache
10.10.4.5	mythfe-bedroom	myth frontend in the bedroom (used for occasional hulu watching and traffic reports etc)
10.10.4.6	dev-server	development server rack mount server (a white box system. 4 core, 8 gigs ram, 3tb storage. (used for uec, hadoop, boinc, security research,video/audio editing as a render node)
10.10.4.7	charles-bb	Charles BB pearl 8120 (UMA)
10.10.4.8	patti-wireless	Patti HP laptop wifi
10.10.4.9	patti-wired	Patti HP laptop wired
10.10.4.10	patti-bb	Patti BB
10.10.4.11	charles-hp-wifi	Charles HP wifi (my main system)
10.10.4.12	charles-hp-wired	Charles HP wired
10.10.4.13	printer-wifi	Photosmart 3300
10.10.4.14	printer-wired	Printer wired (this is how it's currently attached to the network, due to proximity to wired switch)
10.10.4.15	dev-laptop	Development laptop (used for misc hacking tasks)
10.10.4.16	dev-wifi	RT USB dongle (currently used for kismet, packet injection etc)
10.10.4.16	charles-hp-wired	Charles HP wired
10.10.4.17	chalres-ipodtouch	Charles ipodtouch (jailbroken of course)
10.10.4.18	rufus-ipodtouch	Rufus ipodtouch
10.10.4.19	phillips-streaming	phillips wireless streaming box
10.10.4.20	rufus-wifi	Rufus sony laptop
10.10.4.21	simplenet	simplenet box (linux server that goes everywhere with me)
10.10.4.23	rufus-ps3	rufus-ps3 (gaming ps3)
10.10.4.24	ps3	ps3 (running ubuntu 9.04. used for boinc/opencl etc. not for gaming)
10.10.4.25	prod2924	cisco 2924 switch (main production switch)
10.10.4.26	patti-ipodtouch	Patti Ipod touch
10.10.4.27	prod3548xl	production switch
10.10.4.29	conference-server	bigbluebutton server
10.10.4.30	opsview-server	opsview vm
10.10.4.156	w2k8	windows 2008 server

External production network (DMZ)

99.59.102.17 is for KNEL production traffic

port	internal destination ip address
443	10.10.4.3
22	10.10.4.3
80	10.10.4.3
25	10.10.4.3
3000 (redmine)	10.10.4.3

99.59.102.18 is for lay3r8 voip traffic (final production/integration testing for an r&d voip project)

Protocol	Ports
udp	all ports (do not filter anything)
tcp	all ports (do not filter anything)

Development Network

Traffic flow

Switch documentation

All development gear (wired and wireless) is connected to the 48 port cisco switch.

There are two 5 node wireless meshes (one will run batman, one will run oslr), and two honey net nodes (one will be connected to the windows malware network and one will be connected to the linux malware network) for a total of 12 access points.

Key: m1 = mesh1

m2 = mesh2

n1 = node1

and so forth

Wireless Gear

Switch port	System and interface	Description	Power supply details	WAN MAC	VLAN
5	m1,n1	Linksys WRT54G v1.1	12v	00 1c 10 27 bf 7B	8
6	m1,n2	Linksys WRT54G v1.1	12v	00 1e e5 7a 53 cc	8
7	m1,n3	Linksys WRT54G3G-ST	12v 1a	00 1c 10 b7 21 0e	8
8	m1,n4	Linksys WRT54gl v1.1	12v 1a	00 1e e5 86 01 c3	8
9	m1,n5	Buffalo Air Station WHR-G125	3.3v 1A	00 16 01 d6 c8 e4	8
10	Simplenet	Span port			8
11	m2,n1	linksys wrt160n	12v 1a	00 1e e5 4b 77 fa	9
12	m2,n2	Buffalo Air Station WHR-G125	3.3v 1a	00 16 01 d6 c9 fa	9
13	m2,n3	Linksys WRT54gv8	12v 1a	00 1d 7e 44 53 f0	9
14	m2,n4	Linksys WRT54gl v1.1	12v 1a	00 1a 70 46 ab 56	9
15	m2,n5	Linksys WRT54gl v1.1	12v 1a	00 1e e5 7a 57 17	9
16	Simplenet	Span port			9
17	Linux wireless honeypot	Netgear WGR614 v6	12v 1a	00 14 6c 06 99 60	601
18	Simplenet	Span port			601
19	Windows wireless honeypot	D-Link di-624		00 0f 3d 4a db f9	600
20	Simplenet	Span port			600

Wired gear

-

Switch port	System and interface	Description	VLAN
1	main server - eth2	(this is the physical ethernet port for windows malware virtual machines)
2	span port	span port for windows malware
3	main server - eth1	this is the physical ethernet port for linux malware virtual machines
4	span port	span port for linux malware
21	ps3	ps3 port

Internal Development Network (physical hosts)

Internal Development Network (virtual hosts)

VOIP

Mikes VOIP Stuff

ip address	hostname	description	vlan
10.10.4.150	voip-host	centos vm	7
10.10.4.151	voip-fs-dev	freeswitch development openvz slice	7
10.10.4.152	voip-fs-qa	(openvz slice)	7
10.10.4.153	voip-fs-lt	(openvz slice)	7
10.10.4.154	voip-fs-stg	(openvz slice)	7
10.10.4.155	voip-fs-prod	(openvz slice)	7

lay3r8

lay3r8 VOIP Stuff

ip address	hostname	description	vlan
10.10.4.160	voip-host.lay3r8	(ubuntu vm)	11
10.10.4.161	voip-fs-dev.lay3r8	(openvz slice)	11
10.10.4.162	voip-fs-qa.lay3r8	(openvz slice)	11
10.10.4.163	voip-fs-lt.lay3r8	(openvz slice)	11
10.10.4.164	voip-fs-stg.lay3r8	(openvz slice)	11
10.10.4.165	voip-fs-prod.lay3r8	(openvz slice)	11

lay3r8 Parallel Computing

ip address	hostname	description	vlan

lay3r8 Malware

Windows

Unprotected Windows 2003

ip address	hostname	description	vlan	links
10.15.1.1	w2k3-up-router	router system for unprotected w2k3 net
10.15.1.2	w2k3-ad	active directory machine

Unprotected Windows Vista

ip address	hostname	description	vlan	links

Unprotected Windows XP

ip address	hostname	description	vlan	links

Protected Windows 2003

ip address	hostname	description	vlan	links

Protected Windows Vista

ip address	hostname	description	vlan	links

Protected Windows XP

ip address	hostname	description	vlan	links

Linux

Unprotected Centos 5

ip address	hostname	description	vlan	links

Unprotected Ubuntu 9.10

ip address	hostname	description	vlan	links

Protected Centos 5

ip address	hostname	description	vlan	links

Protected Ubuntu 9.10

ip address	hostname	description	vlan	links

Network

Unprotected network gear. Got cisco exploits? Try em here.

ip address	hostname	description	vlan	links
10.17.1.1	edge-router	cisco 2911 edge router	676
10.17.1.2	core-switch	3com switch	676
10.17.1.3	prod-server (vm)	gotta have a host on the network	676

External Development Network (DMZ)

99.59.102.19 is for mikes voip development traffic

Protocol	Ports
udp	all ports (do not filter anything)
tcp	all ports (do not filter anything)

99.59.102.20 is for lay3r8 development

99.59.102.21 is for windows malware

99.59.102.23 is for linux malware