I am very glad to have this ip power 9258. This is Network based power controller - I am able to power on and off all my cisco routers and switches from anywhere in the world. Because this simple unit, I am saving on electricity and cut off my phone calls to my wife and daughter . I used to call them to turn on devices when I am at starbucks studying.
But there is something I discovered with this ip power that very SCARY. It mapped my ip address to a public ip service server located 122.116.138.126 - Anybody in the world could access my network and turn on and off all my devices. Can you imagine if I plug my production servers into this device?
http://122.116.138.129/test/ip_search.asp
I found lot of ip addresses (ip power devices) with default username and password. I could turn off and on if I wanted to scare people specialy on this halloween days.
SO - PLEASE MAKE SURE YOU CHANGED THE PASSWORD AND DENY ANY TRAFFIC TO 122.116.138.129
You can put it to the test. Change the name of your IP 9258 and go to the website and enter the new hostname. You will be scared.
Thursday, October 28, 2010
Thursday, October 14, 2010
VPN filtering using ASDM 6.3 with ASA 8.3
1. You are the new admin of the YAKIMA Company. You decide to filter traffic coming from Oregon to your company. All you want is to allow your users to access only the AS400 server in Oregon.
2. Easy job! You said to yourself. You called the Oregon admin to change the interesting traffic from (10.10.10.0—192.168.1.0) to (10.10.10.100-192.168.1.0) on his side and you are going to do the same from (192.168.1.0 – 10.10.10.0) to (192.168.1.0 – 10.10.10.100).
3. Bummer!!!! The Oregon admin refused saying I don’t want touch that cisco thing. I am not a cisco guy and our cisco consultant is way too expensive. I am sorry I can’t let you touch our device. SO, you are stuck.
4. And then you find me online – another fellow who went to the same dilemma.
5. The solution : VPN filtering using ASDM 6.3 ASA 8.3.4
5.1 Go to Configuration, site-to-site vpn, group policy, click add and internal group policy
Pic1
5.2 Give your policy a name, Uncheck inherit on tunnel protocol and ipv4 filter.
Pc2
Pc2
5.3 click manage and extended ACL, click add ACL, give it a name and then click add ACE – please be careful with the source and destination address – pc3
5.4 click ok twice and you should be back to the internal group policy- click ok - pic4
5.5 Now go to Advanced Tunnel groups, select the correct tunnel , click edit – in the group policy select your new filter policy.pic5
5.6 Click ok and apply –
5.7 It will seems like nothing is working – Now you need to log out the tunnel and ping the server and see the difference
Go to monitoring, vpn, session and choose site-to-site, choose the correct tunnel and click logout.
Pc6
Voila test it and let me know the result.
5.4 click ok twice and you should be back to the internal group policy- click ok - pic4
5.5 Now go to Advanced Tunnel groups, select the correct tunnel , click edit – in the group policy select your new filter policy.pic5
5.6 Click ok and apply –
5.7 It will seems like nothing is working – Now you need to log out the tunnel and ping the server and see the difference
Go to monitoring, vpn, session and choose site-to-site, choose the correct tunnel and click logout.
Pc6
Voila test it and let me know the result.
Subscribe to:
Posts (Atom)
