Network Stuff
From Knelcorpwiki
KNEL Corporate Network Information
Main rack layout
- TOP OF RACK
- Silver shelf (main server backup usb drive, development ps3, production cisco 1841 router)
- Silver shelf (with 14 wireless access points)
- Power strip
- 48 port cisco switch (3500)
- Cisco 2611
- Cisco 2500
- Cisco 2500
- Cisco 2500
- 3 com
- Production cisco 2924 switch
- Cisco router (3600)
- Main Development Server
- BOTTOM OF RACK
Next to the rack is the printer and the main production server.
VLAN Details
| Classname | Description |
|---|---|
| black | production vlan |
| white | non production vlan |
| green | trusted |
| orange | semi trusted |
| red | non trusted |
| Superclass | Subclass | ID | description | Associated Subnet |
|---|---|---|---|---|
| black | green | 2 | Internal wired production devices (main-server, mythfe-livingroom, printer) | 10.10.4.0/24 |
| black | green | 3 | Internal wireless users (mac filtered, hidden essid and associated blackberrys/ipod touches/laptops) | 10.10.4.0/24 |
| black | orange | 4 | Guest wireless users (thewybles-guest essid) | 10.10.5.0/24 |
| black | green | 5 | Production private DMZ (VPN termination) | 10.10.6.0/24 |
| black | orange | 6 | Production public DMZ (knownelement.com etc) | 10.10.7.0/24 |
| white | green | 7 | Mikes Development VOIP vlan | 10.11.1.0/24 |
| white | green | 8 | OLSR Mesh network | 10.12.1.0/24 |
| white | green | 9 | Batman Mesh network | 10.12.2.0/24 |
| white | green | 10 | Mesh potato network | 10.12.3.0/24 |
| white | green | 11 | lay3r8 voip development vlan | 10.11.2.0/24 |
| white | red | 12 | cisco lab vlan | 10.13.1.0/24 |
| white | orange | 13 | parallel computing lab | 10.10.8.0/24 |
| white | green | 14 | vmware lab | 10.10.9.0/24 |
| white | green | 15 | xen lab | 10.10.10.0/24 |
| white | green | 16 | kvm lab | 10.10.11.0/24 |
| white | red | 600 | windows wireless honey net | 10.14.1.0/24 |
| white | red | 601 | linux wireless honey net | 10.14.2.0/24 |
| white | red | 666 | unprotected windows 2003 (exchange/ad/iis) | 10.15.1.0/24 |
| white | red | 667 | unprotected windows vista (outlook/ie/pdf reader) | 10.15.2.0/24 |
| white | red | 668 | unprotected windows xp (outlook/ie) | 10.15.3.0/24 |
| white | red | 669 | protected windows 2003 (exchange/ad/iis) | 10.15.4.0/24 |
| white | red | 670 | protected windows vista (outlook/ie/pdf reader) | 10.15.5.0/24 |
| white | red | 671 | protected windows xp (outlook/ie) | 10.15.6.0/24 |
| white | red | 672 | protected centos 5 (zimbra/sugarcrm/trac/wordpress/php apps) | 10.16.1.0/24 |
| white | red | 673 | protected ubuntu 9.10 (zimbra/sugarcrm/trac/wordpress/php apps) | 10.16.2.0/24 |
| white | red | 674 | unprotected centos 5 (zimbra/sugarcrm/trac/wordpress/php apps) | 10.16.3.0/24 |
| white | red | 675 | unprotected ubuntu 9.10 (zimbra/sugarcrm/trac/wordpress/php apps) | 10.16.4.0/24 |
| white | red | 676 | unprotected network gear | 10.17.1.0/24 |
Production Network
Traffic flow
Phone line
-> DSL modem (Currently this is a motorola modem provided by at&t in bridge mode. In the near future, I plan to swap the motorolla modem out and place a netgear dsl modem that I can put custom firmware on. Idea is to have a transparent bridging firewall/ids/ips.)
-> Cisco 1841 router (running pppoe stack and doing my port forwarding etc. This is my network border router. Very happy with it so far. )
- external interface is en0/1
- internal interface is en0/0.2
-> Cisco 3548 switch
- -> Main server -> (this is where most external traffic ends up as it hosts xmpp/web/sip/e-mail etc)
- -> Dev server -> (all external non production traffic is directed here (malware stuff for example, voip bits etc)
Switch documentation
| Switch port | System and interface | Description | VLAN |
|---|---|---|---|
| 1 | uplink to 1841 fe0/0.2 | switchport trunk encapsulation dot1q switchport mode trunk | 2 |
| 2 | Linksys WRT54G-TM | thewybles t-mobile wireless ap | 2 |
| 3 | printer | printer-wired | 2 |
| 4 | mythtv livingroom frontend | mythtv livingroom frontend | 2 |
| 5 | main server | server hosting dhcp/dns/e-mail/web/xmpp/sip etc | 2 |
| 6 | dev-server | dev server | 2 |
| 7 | extra port for temp use | extra port for temp use | 2 |
Internal Production Network (physical hosts and virtual machines)
| ip address | hostname | description |
|---|---|---|
| 10.10.4.1 | edge-router | cisco 1841 router (very nice, fully featured router). |
| 10.10.4.2 | wireless-ap | has two high gain antennas providing amazing wifi coverage over my entire property |
| 10.10.4.3 | Main-server_documentation | dell optiplex dns/dhcp, file serving via samba, e-mail, xmpp etc |
| 10.10.4.4 | mythfe-livingroom | myth frontend in the living room hooked to the big screen. has an external dvd player attached. connected to my surround sound system. main hulu viewer also a secondary server for dns/mysql/apache |
| 10.10.4.5 | mythfe-bedroom | myth frontend in the bedroom (used for occasional hulu watching and traffic reports etc) |
| 10.10.4.6 | dev-server | development server rack mount server (a white box system. 4 core, 8 gigs ram, 3tb storage. (used for uec, hadoop, boinc, security research,video/audio editing as a render node) |
| 10.10.4.7 | charles-bb | Charles BB pearl 8120 (UMA) |
| 10.10.4.8 | patti-wireless | Patti HP laptop wifi |
| 10.10.4.9 | patti-wired | Patti HP laptop wired |
| 10.10.4.10 | patti-bb | Patti BB |
| 10.10.4.11 | charles-hp-wifi | Charles HP wifi (my main system) |
| 10.10.4.12 | charles-hp-wired | Charles HP wired |
| 10.10.4.13 | printer-wifi | Photosmart 3300 |
| 10.10.4.14 | printer-wired | Printer wired (this is how it's currently attached to the network, due to proximity to wired switch) |
| 10.10.4.15 | dev-laptop | Development laptop (used for misc hacking tasks) |
| 10.10.4.16 | dev-wifi | RT USB dongle (currently used for kismet, packet injection etc) |
| 10.10.4.16 | charles-hp-wired | Charles HP wired |
| 10.10.4.17 | chalres-ipodtouch | Charles ipodtouch (jailbroken of course) |
| 10.10.4.18 | rufus-ipodtouch | Rufus ipodtouch |
| 10.10.4.19 | phillips-streaming | phillips wireless streaming box |
| 10.10.4.20 | rufus-wifi | Rufus sony laptop |
| 10.10.4.21 | simplenet | simplenet box (linux server that goes everywhere with me) |
| 10.10.4.23 | rufus-ps3 | rufus-ps3 (gaming ps3) |
| 10.10.4.24 | ps3 | ps3 (running ubuntu 9.04. used for boinc/opencl etc. not for gaming) |
| 10.10.4.25 | prod2924 | cisco 2924 switch (main production switch) |
| 10.10.4.26 | patti-ipodtouch | Patti Ipod touch |
| 10.10.4.27 | prod3548xl | production switch |
| 10.10.4.29 | conference-server | bigbluebutton server |
| 10.10.4.30 | opsview-server | opsview vm |
| 10.10.4.156 | w2k8 | windows 2008 server |
External production network (DMZ)
99.59.102.17 is for KNEL production traffic
| port | internal destination ip address |
|---|---|
| 443 | 10.10.4.3 |
| 22 | 10.10.4.3 |
| 80 | 10.10.4.3 |
| 25 | 10.10.4.3 |
| 3000 (redmine) | 10.10.4.3 |
99.59.102.18 is for lay3r8 voip traffic (final production/integration testing for an r&d voip project)
| Protocol | Ports |
|---|---|
| udp | all ports (do not filter anything) |
| tcp | all ports (do not filter anything) |
Development Network
Traffic flow
Switch documentation
All development gear (wired and wireless) is connected to the 48 port cisco switch.
There are two 5 node wireless meshes (one will run batman, one will run oslr), and two honey net nodes (one will be connected to the windows malware network and one will be connected to the linux malware network) for a total of 12 access points.
Key: m1 = mesh1
m2 = mesh2
n1 = node1
and so forth
Wireless Gear
| Switch port | System and interface | Description | Power supply details | WAN MAC | VLAN |
|---|---|---|---|---|---|
| 5 | m1,n1 | Linksys WRT54G v1.1 | 12v | 00 1c 10 27 bf 7B | 8 |
| 6 | m1,n2 | Linksys WRT54G v1.1 | 12v | 00 1e e5 7a 53 cc | 8 |
| 7 | m1,n3 | Linksys WRT54G3G-ST | 12v 1a | 00 1c 10 b7 21 0e | 8 |
| 8 | m1,n4 | Linksys WRT54gl v1.1 | 12v 1a | 00 1e e5 86 01 c3 | 8 |
| 9 | m1,n5 | Buffalo Air Station WHR-G125 | 3.3v 1A | 00 16 01 d6 c8 e4 | 8 |
| 10 | Simplenet | Span port | 8 | ||
| 11 | m2,n1 | linksys wrt160n | 12v 1a | 00 1e e5 4b 77 fa | 9 |
| 12 | m2,n2 | Buffalo Air Station WHR-G125 | 3.3v 1a | 00 16 01 d6 c9 fa | 9 |
| 13 | m2,n3 | Linksys WRT54gv8 | 12v 1a | 00 1d 7e 44 53 f0 | 9 |
| 14 | m2,n4 | Linksys WRT54gl v1.1 | 12v 1a | 00 1a 70 46 ab 56 | 9 |
| 15 | m2,n5 | Linksys WRT54gl v1.1 | 12v 1a | 00 1e e5 7a 57 17 | 9 |
| 16 | Simplenet | Span port | 9 | ||
| 17 | Linux wireless honeypot | Netgear WGR614 v6 | 12v 1a | 00 14 6c 06 99 60 | 601 |
| 18 | Simplenet | Span port | 601 | ||
| 19 | Windows wireless honeypot | D-Link di-624 | 00 0f 3d 4a db f9 | 600 | |
| 20 | Simplenet | Span port | 600 |
Wired gear
| Switch port | System and interface | Description | VLAN |
|---|---|---|---|
| 1 | main server - eth2 | (this is the physical ethernet port for windows malware virtual machines) | |
| 2 | span port | span port for windows malware | |
| 3 | main server - eth1 | this is the physical ethernet port for linux malware virtual machines | |
| 4 | span port | span port for linux malware | |
| 21 | ps3 | ps3 port |
Internal Development Network (physical hosts)
Internal Development Network (virtual hosts)
VOIP
Mikes VOIP Stuff
| ip address | hostname | description | vlan |
|---|---|---|---|
| 10.10.4.150 | voip-host | centos vm | 7 |
| 10.10.4.151 | voip-fs-dev | freeswitch development openvz slice | 7 |
| 10.10.4.152 | voip-fs-qa | (openvz slice) | 7 |
| 10.10.4.153 | voip-fs-lt | (openvz slice) | 7 |
| 10.10.4.154 | voip-fs-stg | (openvz slice) | 7 |
| 10.10.4.155 | voip-fs-prod | (openvz slice) | 7 |
lay3r8
lay3r8 VOIP Stuff
| ip address | hostname | description | vlan |
|---|---|---|---|
| 10.10.4.160 | voip-host.lay3r8 | (ubuntu vm) | 11 |
| 10.10.4.161 | voip-fs-dev.lay3r8 | (openvz slice) | 11 |
| 10.10.4.162 | voip-fs-qa.lay3r8 | (openvz slice) | 11 |
| 10.10.4.163 | voip-fs-lt.lay3r8 | (openvz slice) | 11 |
| 10.10.4.164 | voip-fs-stg.lay3r8 | (openvz slice) | 11 |
| 10.10.4.165 | voip-fs-prod.lay3r8 | (openvz slice) | 11 |
lay3r8 Parallel Computing
| ip address | hostname | description | vlan |
|---|
lay3r8 Malware
Windows
Unprotected Windows 2003
| ip address | hostname | description | vlan | links |
|---|---|---|---|---|
| 10.15.1.1 | w2k3-up-router | router system for unprotected w2k3 net | ||
| 10.15.1.2 | w2k3-ad | active directory machine |
Unprotected Windows Vista
| ip address | hostname | description | vlan | links |
|---|
Unprotected Windows XP
| ip address | hostname | description | vlan | links |
|---|
Protected Windows 2003
| ip address | hostname | description | vlan | links |
|---|
Protected Windows Vista
| ip address | hostname | description | vlan | links |
|---|
Protected Windows XP
| ip address | hostname | description | vlan | links |
|---|
Linux
Unprotected Centos 5
| ip address | hostname | description | vlan | links |
|---|
Unprotected Ubuntu 9.10
| ip address | hostname | description | vlan | links |
|---|
Protected Centos 5
| ip address | hostname | description | vlan | links |
|---|
Protected Ubuntu 9.10
| ip address | hostname | description | vlan | links |
|---|
Network
Unprotected network gear. Got cisco exploits? Try em here.
| ip address | hostname | description | vlan | links |
|---|---|---|---|---|
| 10.17.1.1 | edge-router | cisco 2911 edge router | 676 | |
| 10.17.1.2 | core-switch | 3com switch | 676 | |
| 10.17.1.3 | prod-server (vm) | gotta have a host on the network | 676 |
External Development Network (DMZ)
99.59.102.19 is for mikes voip development traffic
| Protocol | Ports |
|---|---|
| udp | all ports (do not filter anything) |
| tcp | all ports (do not filter anything) |
99.59.102.20 is for lay3r8 development
99.59.102.21 is for windows malware
99.59.102.23 is for linux malware
