Sunday, November 11, 2018

bogon static list at cymu

https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt

The format of this list output can be used to  quickly rebuild prefix-lists



note:  output cutoff

You can use a script or   for loop and  add these entries into  your  network/security appliance and apply a drop  action for sources from these and any routing information that could be reached for network reachability.









NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \

Posted by at No comments:

Saturday, November 10, 2018

Junos API issues

In  RLS 18.3 I found a issues where the API interface would not  run. No system process or  listen on my  http/https  service ports.

 I 1st I thought it was web-management config





But the problem really was the fact that rest-api process could not  write traceoption to the directory due to it being "RO"  { read-only }

By disable of  the traceoptions the  api process { ligthttpd } could start up and now my  rest explorer runs on the SRX appliance.


Examples of a basic API enablement   and validation in  JunosSRX





I hope this helps for others running the API interface on a juniper SRX. Now with this  process running, I can resume making my  API calls to the  Juniper Device.








NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \
 
Posted by at No comments:

Friday, November 9, 2018

Entrust L1K has two intermediate-certs

On the  Entrust L1K most Security engineers do not know  two L1K  exists and both are  validate subCA. Take this  FireFox   cert-store and the output of these two  intermediates  name L1K

NOTE:  I highlighted some key Identifiers  using  the colored arrows ;




These two  certificates  authorities are signed by Entrust Root CA G2 and the expiration  would always be less than the rootCA which expires  DEC-7-2030


So  keep this in mind when review entrust intermediate  CAs.







NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \
 
Posted by at No comments:

Monday, November 5, 2018















The Top Level CA root for Let's Encrypt is  dictated  in this snapshot.












NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \
  
Posted by at No comments:

Tuesday, October 23, 2018

Monitoring the Event calendar

Here's a few links to  important  events calendar for   security  vendors

PANW  CHKP FTNT  ForcePoint











NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \
  
Posted by at No comments:

Friday, October 19, 2018

Fortimail API access

In this post we will explore  a simple  API login and request for the fortinet fortimail


1st we need to  enable the rest-api function;


   config system global
      set rest-api enable
  end


By using  curl we can test the  API access

       curl  -k  -c  mycookies.txt -d '{ "name":"admin, "password":"apiadminpassword" } ' -X POST  -H  "Content-Type: application/json"   -v https://10.10.1.10/api/v1/AdminLogin/


       curl  -k  -b  mycookies.txt   -v https://10.10.1.10/api/v1/SysStatusSysinfo/ 



Here's the request  from my postman collection

https://www.getpostman.com/


And the headers for Content-Type




{
"name": "FMLapi",
"request": {
"url": "https://10.10.10.10/api/v1/AdminLogin/",
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json",
"description": ""
}
],
"body": {
"mode": "raw",
"raw": "{ \"name\" : \"socpuppetsfml\" , \"password\" : \"myadminpassword\" }"
},
"description": ""
},
"response": []
}
]
}

for more information, use the fortinet  FortiMail API reference

https://docs.fortinet.com/uploaded/files/3416/FortiMail%20REST%20API%20Reference.pdf


FTNT
https://en.wikipedia.org/wiki/Fortinet







NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o

Posted by at No comments:

how to send dhcp options using dhclient

I was testing some suspect dhcp-relay and figure I will show you a  simple dhclient conf file for sending  dhcp-options









NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \
  

Posted by at No comments:
Subscribe to: Posts (Atom)