Articles
The Malicious Use of Artificial Intelligence in Cybersecurity
Cybersecurity is a crucial consideration for any business or organization operating today. Those who are somewhat familiar with the cybersecurity industry will know that, until recently, there was a generally...
Highlights from DEFCON 25
DEFCON 25 is now over. The largest hacking conference in the world continues to grow larger each year. Previous years there were 18-22,000 attendees. This year over 23,000 people made...
How to edit iptables so it persists through reboot CentOS
Usually iptables are controlled by the root user or someone with sudoer privs.
When is a company ready for a SOC?
More and more companies are deciding to outsource their information security to another company. A Managed Security Service Provider (MSSP) is exactly that, a company that will handle the security...
Cisco ASA Drop Reason: Unexpected-Packet
Today I was trying to send management traffic over a VPN tunnel to a Cisco ASA that terminated the tunnel. I ran into some problems doing this and I want...
How to Upgrade a Cisco ASA Firewall
To upgrade the OS of a Cisco ASA firewall follow these basic steps:
Python Cheat Sheet
Need a quick cheat sheet for using the Python programming language? Here is a quick reference guide.
YAESU-FT60 Cheat Sheet
Need a quick reference guide for the YAESU FT60 ham radio? Here is a cheat sheet for using it.
Linux TTY and Terminal Commands
A few notes for using the Linux TTY terminal.
Juniper SRX Configurations for Route Based and Policy Based VPN
There are two types site-to-site of VPNs on a Juniper SRX, policy based and route based. The policy based puts the traffic in a tunnel that is defined by a...
Juniper SRX - ALG and Screen Options
What is ALG? What are screen options? When would I use this and why? This post will give you an introduction to these terms.
ASA5506x Fits In A 5505 Rack Mount
The rack mount kits for a Cisco ASA 5506x (Part number ASA-5506-RACK-MNT=) are going for over $250! That’s almost as much as the firewall itself! This is ridiculously high.
Using The Built-In macOS FTP, TFTP, SFTP, and HTTP Servers
The macOS and OSX operating systems come with built in FTP, TFTP, SFTP, and HTTP servers. Here is how to enable them and use them.
Differences between spam and phishing emails
Sometimes people send me spam mail and tell me they are being phished. Sometimes people ignore phishing emails thinking they are spam. Let’s try to understand the differences of the...
How to Create SSH Tunnels
Besides sending ssh data, the ssh protocol can tunnel other traffic between two hosts. The most common tunnels are remote and local. Knowing how to spin up an ssh tunnel...
Upgrading ESXi to 5.5 and 6.0 Using a Bootable USB drive and macOS
I’m not a VMWare expert so when it came time to upgrade my personal free ESXi host it took me a long time to figure it out. I didn’t have...
How to remove meta data from a Visio document
If you create a Visio diagram and either save it or convert it to a PDF, it will contain personal meta data in it. It will try to insert your...
How to remove meta data from a PDF document
Some PDF documents contain meta data which may contain the user’s name that made it, the company they work for, their address, and more. This is sort of like exif...
Cisco ASA command to show listening ports
Do you wish there was a netstat command for a Cisco ASA? Are you looking to see what ports the ASA has open and is listening on? Try this command:...
Metasploit Cheat Sheet and Video
Need a quick handy reference guide for Metasploit? I’ve put together a bunch of the most common commands in a cheat sheet style for quick reference.
Mac OSX How to Lock the Screen
To lock the screen of a Macbook or Mac running OSX use the following key combination:
How to set a static IP on Mac OSX
Are you using a Macbook Pro or Macbook Air and want to know how to show the change the interface to use a static IP? Follow the steps below to...
How to see the routing table on Mac OSX
Do you have a Macbook Pro or Macbook Air and want to know how to show the routes it has in the routing table? Are you looking for the Windows...
Using For and While Loops in Python
Here are some tools to use to do loops in the Python language.
Using Regular Expressions in Python
If you need to do pattern matching on a string within Python, using a regular expression will be the best way to do it. Here are some basic examples to...
Raspberry Pi Zero: Blink an LED using GPIO pins
Want to use the GPIO pins to blink an LED using a Raspberry Pi Zero? Here’s a quick guide to get you started.
How to set a static IP in linux
The following will work for any debian base linux distro. That includes Ubuntu, Kali, Raspberry Pi (Raspian Jessie), TAILS, and many more.
Getting Started Cracking Password Hashes with John the Ripper
Want to get started with password cracking and not sure where to begin? In this post we’ll explore how to get started with it.
How to do an SNMP walk
Sometimes you need to manually SNMP poll a device. Here is how to do that.
How to show and clear user sessions on a Cisco ASA
Sometimes you need to disconnect someone’s ssh session to a Cisco ASA. This may be needed because users haven’t logged out properly and have taken up all the sessions allowed....
Tips For Attending a Security Conference
If you’re in the InfoSec industry and haven’t attended a security conference, you simply aren’t taking your career seriously. Attending one will inspire you and motivate you to learn new...
Who Makes up a Computer Security Incident Response Team
The incident response team is who is engaged when an network security incident has occurred in your network. There are two types of IR teams, SWAT style and dedicated.
Things You Can Do to Make Security Worse
Organizations go out of their way to make security worse in their network. Are you one of these organizations? Watch the video to find out.
Free Security Awareness Training Posters
Something that is helpful for ongoing security awareness training programs is to print out security awareness posters and put them in areas where people hang out around the office. The...
Using the Linux Watch Command
A somewhat lesser known linux command is watch. It will display the output of a regular command and update the screen if that output changes. Here are some helpful use...
8 Ways to Defend Against Denial of Service Attacks
Protecting against Denial of Service attacks is difficult and takes numerous steps to protect the network. Unfortunately, even with all these steps it’s still possibly to have a DoS scenario...
Different Types of DoS Attacks
A Denial of Service attack or DoS attack is where the adversary disrupts the target’s cyber application. This could be taking down their server, overwhelming a network, or causing a...
Contents of a Physical Pen Tester's Backpack
Some companies pay for a security assessment to see if their physical building and office are secure. When they secure a building they want to test it to make sure...
Route Add Windows - A Guide to Windows Routing
Sometimes you need to manually add, change, or remove a route on a Windows machine. Here is quick guide to help you accomplish these tasks.
What is the Diamond Model?
The Diamond Model of Intusion Analysis is a great tool to help threat intelligence teams determine the capabilities, opportunities, and hostile intent of an adversary.
How to test an NTP server using ntpdate
Do you want to check if an NTP server is alive and responding to NTP queries? Do you need to manually check an NTP server to see if the clock...
Sample Juniper JunOS Config for SRX210
Need a quick template to get you started deploying a Juniper SRX 210? These are usually firewalls that go into a small office or home office. In our configuration below,...
Starter Config for Cisco ASA 5506
Are you trying to set up a Cisco ASA 5506 for the first time and want to see a sample config to get you started? Well then here’s a good...
Six Ways to Protect Your Corporate Network Against Phishing Scams
It has been said that a company is one email away from a huge breach disaster. In today’s landscape, people can serve as the greatest vulnerability to the network. How...
The 40 Year Old Vulnerabilities
I recently did a security audit on a device and found it was using default credentials. Usually I like to check when a vulnerabilty was released to include in my...
Actors Behind the W2 Tax Phishing Scams
This year, Seagate, Snapchat and GCI all reported that hackers have stolen thousands of W-2 from their employees.
Hacker Challenges
Want to get started hacking things but don’t want to do anything illegal? Here are some challenges others have made to help you practice some hacking skills. By participating in...
Effective Security Awareness Training
Because humans are sometimes the biggest security vulnerability in your network, it’s important to implement a security awareness training program to help mitigate their weaknesses.
Helpful TippingPoint CLI Commands
Below are some helpful TippingPoint commands I use frequently.
Who should decide what policies are applied to the firewall?
Firewall rules determine what IPs and ports are allowed through the firewall. We can also consider NAT rules which determine what IPs get translated as they go through the firewall....
Cisco ASA TCP Randomization Issue
You may sometimes see this syslog message from a Cisco ASA:
Helpful Linux Commands for CTFs
When playing certain CTF games there are often challenges that require you to do crypto analysis, packet analysis, deciphering text, or file manipulation. There are some really powerful linux command...
IP Vanish
Top 5 reasons why you should use private a VPN and how to choose the right one
Using a private VPN has many great reasons. Here are a list of 5 reasons why using a personal VPN to surf the web is good for your online privacy....
Online Security Conferences
Every month there are numerous cyber security conferences somewhere in the world. Many of them post their talks on YouTube after the conference. Below is a list of talks from...
First Steps to Securing a Network
The first step in securing a network is creating an inventory of what is in the network. You should know the following:
Cisco ASA Best Practices
Here are a list of best practices that can be applied to a Cisco ASA.
Packet capture for Cisco IOS Router
Having the ability to conduct packet captures is a valuable tool for troubleshooting connectivity issues within a network. IOS routers 12.4(20)T and up has the Embedded Packet Capture (EPC) built...
Cisco Nexus Packet Captures with Ethanalyzer
There is a lesser known built in packet capture tool in Nexus OS called Ethanalyzer.
Cisco ASA Troubleshooting Intermittent Connectivity Issues
Normally a Cisco ASA firewall either permits or denies traffic. It’s very rare that traffic works sometimes but not all the time. Here are some troubleshooting tips for when the...
Cisco ASA Understanding the show blocks command
The show blocks command is a handy command for checking the memory usage on a Cisco PIX or ASA. But what does the output mean?
Cisco ASA API
Requires ASA 9.3(1) or higher which requires the 5500-X line or ASAv.
Cisco MARS how to get logs off it
Below is the procedure below explains how to get logs off Mars Box from expert mode using FTP.
Cisco ASA Max ACL Limit
The Cisco ASA firewall doesn’t have any hard limits for the number of Access Control Entries (ACEs). However, this is bound by the memory of the model. Each ACE uses...
MSSQL auto populate creation time
It’s good practice to add a creation time to every record in your database which marks the time and date when the record was created. This is ridiculously easy since...
Troubleshooting high CPU on Juniper SRX Junos devices
Occasionally a Juniper SRX device running Junos will have a high CPU. Here are some tips for troubleshooting these incidents.
Delete IPv6 Translation methods for IPv6 in Windows OS
The Windows operating system likes to turn on the IPV6 transition methods by default. There are some transition methods that don’t work like 6to4, ISATPA, and Teredo. If you run...
Useful Juniper SRX Troubleshooting Commands
Here’s a list of my favorite Juniper SRX Junos commands I use for troubleshooting.
Cisco MARS SIEM expert password
The Cisco MARS SIEM devices are built on a linux OS. It’s possible to get to that linux shell but Cisco tries to keep that method private. I’ve learned over...
How to determine the current EPS for Cisco MARS
There are two ways to determine the events per second for a Cisco MARS SIEM system.
Firefox - Secure Connection Failed - ssl_error_weak_server_ephemeral_dh_key
Have you seen the following error?
How to use Firefox to check if a website uses SSLv3
We should all know by now that SSLv3 is a broken security protocol due to the POODLE vulnerability. Firefox tries to connect to a website using the strongest security that...
How to SCP transfer a file off of a Checkpoint Firewall
Sometimes there is a need to move a file off a Checkpoint firewall. Often what I try first is to go into expert mode on the Checkpoint CLI and see...
How to do a Javascript Redirect
The best way to do a Javascript redirect is with the following code:
Cisco ASA and SLA Monitoring
The Cisco ASA firewall can do three basic SLA monitoring tasks. They are:
Games to test your coding skills
Ever since I started playing my first video game on a computer I’ve been fascinated with using my programming skills to help me achieve victory. Here are some really fun...
Adding a wildcard SSL certificate to a Cisco ASA
A wildcard SSL certificate is where the SSL certificate is good for both the root domain and all subdomains. If we had a wildcard certificate for example.com it means the...
Error: AnyConnect is not enabled on VPN server
Problem: When a user tries to connect to a Cisco ASA using the Cisco AnyConnect client the following error appears:
Cisco ASA Upgrade Path
The table below describes the upgrade path required when upgrading a Cisco ASA from an older code to a newer one.
ssh Remote Host Identification Has Changed
Sometimes when you are trying to do ssh from a linux machine you may see this message:
SMTP error 451
SMTP error 451 will occur on a mail server when there is a local error to the mail server that is processing the message. This error may also be referenced...
SMTP error 550
When email is rejected due to SMTP error 550 (also known as SMTP error 5.5.0), this usually means the message could not be delivered because the mailbox is unavailable. This...
Making Postfix RFC Compliant
By default Postfix is not RFC compliant. Here are some helpful tips to getting your Postfix installation conform to the email RFCs.
How to change the output color when using ls in bash
Sometimes when using Linux in bash or zsh you may have a hard time seeing directories. If you have ANSI colors turned on and your terminal background color is black...
SMTP Error Codes
The following table displays the SMTP error or response codes. This is sometimes written like “512” and sometimes written like “5.1.2”. These two ways of writing the code are synonymous....
Securing an Ubuntu Linux Server
Some great aritcles on how to secure an Ubuntu Linux Server.
vim Editor: How to Add a Colored Theme
The vim editor can take advantage of color schemes to help emphasize specific elements of code.
Using salted SHA hashes with Dovecot authentication
I’ve finally figured out how to do this. The Dovecot documentation is absolutely horrible which is sad because it should be encouraged to always salt your password hashes yet they...
SSH Without Password
It is possible to ssh from one Linux or Mac machine to another Linux server by using only cryptographic keys instead of using a password.
Troubleshooting Dovecot Error Messages
If you receive either of the following errors:
Rails ActiveRecord Console Commands
It is possible to interact with the database of a Ruby on Rails project from the console. To enter the console execute this command from the command line within your...
Bash Prompt Color
By using the export PS1 command you can alter the way the bash prompt looks. You can do this right at the command line which will change it just for...
HTML Entities and URL Escape Codes
HTML escape codes are used in place of a normal character to avoid using illegal characters, ambiguity, or when you want to express the literal character.
Adding Swiftype to Octopress
You may have seen Doug’s post on how to add Swiftype to Octopress. I originally followed it to get things working too. But I wanted a slightly different experience and...
Creating a custom 404 page in Heroku and Octopress
A 404 page not found error occurs when the webserver cannot find the webpage or URL the user requested. Here are some benefits to having an error 404 not found...
hosts file
The ‘hosts’ file is a hostname to IP address map used for local DNS resolution. When a computer needs to talk to another computer it needs to first know the...
What does ISO mean?
ISO could stand for any of the following:
recv errors Cisco ASA VPN tunnel
When I was troubleshooting a VPN tunnel on a Cisco ASA, 100% of the packets coming over the tunnel were being counted as #recv errors. It turns out that these...
192.168.1.1 Set up your home network
You are probably here because you’re trying to setup your home network. In order to access your home router you should go to the following link:
192.168.0.1 Set up your home network
You are probably here because you’re trying to setup your home network. In order to access your home router you should go to the following link:
jQuery Checkbox Checked - Reading and Setting
If you have a checkbox in a form you can use jQuery to read and set the data in the checkbox. Here is the HTML we’ll use an example for...
Sending Google Analytics data from Meteor.js server side
Recently I’ve created a website that responds with HTML and also has an API that responds with JSON data. The website was create in Meteor.js and I wanted to integrate...
What is ping?
A “ping” is a way for one computer to check if it can reach another computer using the networking IP protocol. The source computer can do a ping command to...
Canonical and DNS settings for www, non-www, and https for Heroku and Cloudflare
When deploying a web application it’s important that the URL responds to both www and non-www as well as both http and https. However it’s also very important that only...
Networking commands for the VMWare ESXi host command line
If you have ssh access to a VMWare ESXi server these commands can help you navigate the different networking settings on the server.
Helpful Websites for Webmasters
As a webmaster I find myself bookmarking a lot of sites that help me. Here’s a list of the most helpful ones. Each of the websites listed are free or...
Deploying Meteor 1.0 to Heroku
Heroku doesn’t have an official document as of yet for deploying a meteor application on their platform. However meteor does just use node.js under the hood, so a specailly crafted...
Customer Service on the web
Is it possible for a website to have good customer service? How can that be defined? I recently attended a lecture that attempted to define what good customer service is....
Inside the Blizzard NOC and Datacenter
Blizzard Entertainment, creators of World of Warcraft, Starcraft and Diablo have long kept knowledge of their datacenter and NOC a secrect. But now a recent documentary called World of Warcraft...
7 Security Podcasts You Should be Listening to
Here’s a list of the 7 best security podcasts on network security and hacking.
Troubleshooting AnyConnect and Eclipse IDE
Eclipse is an IDE used to build Android applications. One of our developers was trying to use the CVS connection within Eclipse to push their code to a server over...
Troubleshooting VPN between Cisco ASA and Amazon AWS
Recently I had to create a VPN tunnel from a Cisco ASA running 9.2.2 code to an Amazon AWS instance.
Setting up PostgreSQL on Mac OSX
Here are the steps I used to set up Postgres in Mac OSX. Most of what is written here was learned from this blog post. I am saving my notes...
Personal setup of my Macbook
There are certain things I need to do to a Mac before it feels like home to me. Here is my personal setup.
What is a Firewall?
A firewall is a physical device or software that provides a layer of security into a network or computer. Its primary task is to only permit traffic that is required...
What is VPN?
A Virtual Private Network is a technology used by computers to securely connect two networks together across an insecure network such as the internet. It is often used to connect...
How to open Sublime Text from the command line using Mac OSX
To open Sublime Text from a command line or terminal in Mac OSX requires a small configuration change but is possible.
Remove ^M Newline Character using vim
Sometimes when opening a file in vim there are a lot of ^M characters at the end of everyline. This is probably because the file was saved in Windows which...
The best free screen recording software for Mac OSX
The QuickTime video player that comes installed in OSX by default can also do screen recording. It does a decent job at screen recording and since it’s free and already...
How to take a screenshot on Mac OSX
Mac OSX has multiple ways to take a screenshot depending on what you need to capture.
Cisco ASA Troubleshooting failover when failover is off
Sometimes two firewalls will be in failover pair but for some reason one or both will turn failover off. What happens to the firewalls in this situation? Do both go...
Juniper Netscreen troubleshooting NSRP and HA
Some basic commands to help troubleshoot NSRP (failover/high availability) with Juniper Netscreen SSG devices.
Juniper SRX troubleshooting SNMP polling
Having trouble doing an SNMP walk on a Juniper SRX? Here are some troubleshooting tips to help solve the problem.
Cisco ASA VPN - Authorize user based on LDAP group
It is possible to authenticate to LDAP but then only allow a user in if they are in the right LDAP group. This post will explain how to authorize a...
Find Linux Version
Are you in a linux/unix machine and curious what flavor or distro of OS it is? There isn’t one simple way to get this information since many OSs have different...
Find a file in Linux
Are you trying to understand how to search for a file in Linux? Sometimes the command isn’t easy to remember. Try these tips to help you find the file.
Default Router Passwords
AnyConnect Hostscan results exceed default limit
I have a user who is unable to login using AnyConnect. Their screen hangs at the AnyConnect message: “Hostscan is waiting for the next scan”. Looking at the logs on...
Conducting Failover for Cisco NAC appliances
When conducting a failover of a Cisco NAC cluster, first determine the status of the node you’re currently on:
Troubleshooting High CPU on a Cisco ASA
Is your ASA having a High CPU issue? Here’s some methods for troubleshooting the issue.
Getting Postfix to send incoming mail to Rails
Goal: Let’s build a ruby on rails email web app that interfaces with postfix to send and receive email.
Git Remote Branches
Git is a powerful document repository and version control system. This page will show you how to handle git remote branches. This page assumes you know the basics of git...
View Interface Statistics on ScreenOS
Get command to see interface statistics on a SSG/ScreenOS
Understanding Cisco ASA interface counters and statistics
Upon doing a show interface command a lot of valuable information is displayed regarding the packets and errors on that interface.
Raspberry Pi boots into emergency kernel when loading raspian
Recently I tried updating my Raspian OS on my Pi. After writing the OS to the card and popping it into the Pi, the Pi would only boot into the...
Locating the Cisco AnyConnect profiles
Local AnyConnect Profiles XML and profile files are stored locally to the users machine. The location varies based on OS.
Installing Cisco CX ASA
The Cisco ASA 5500-X series firewalls can utilize the new CX features that will enable it to be a “next gen firewall” or “context aware”.
Cisco IOS VPN error: peer does not do paranoid keepalives
Recently I was troubleshooting a VPN tunnel and the tunnel appeared to be at MM_NO_STATE whenever I’d try to bring the tunnel up. I turned on debug crypto isakmp and...
Understanding Cisco ASA Connection Flags
Have you ever wondered what the flags meant when you issued the show conn or show connections command? This post will demystify that for you.
Cisco ASA Licensing Quick Reference Guide
One of the most confusing things about Cisco ASA’s is the licensing structure. While it is very nice to have a single train of OS files to deal with, it...
Configuring HA on Juniper SRX through JunOS
This post will cover how to conduct HA (high availability) failover configurations for the Juniper SRX. This post will only cover a simple active/passive configuration. It will not cover more...
Configuring NAT in Juniper SRX Platforms using JunOS
There are 3 kinds of NAT for the JunOS SRX devices. Source NAT, destination NAT, and static NAT. We will also cover Proxy ARP. This post will only cover the...
Using the Windows Command line like a pro
In this post I will be answering such question as: What is the ‘cat’ equivalent in Windows? What is the ‘grep’ equivalent in Windows? Yes that’s right, we are visiting...
How an ASA determines what interface to send a packet out of
Sometimes I see the question “Why is NAT choosing what interface to send the packet out of on a Cisco ASA?” or “Since when do NAT rules make routing decisions?”...
Cisco ASA Order of Operation
This post will cover the order of operation that takes place in a Cisco ASA. Specifically the packet flow and each step that is conducted.
Juniper front panel LED color meanings
How to do a password recovery on a Cisco ASA firewall
Perhaps you’ve forgotten the password to your firewall? This post will answer the question: How do I restore the password on a Cisco ASA?
Encrypt Passwords on Cisco Router
By default, when adding a username and password to a Cisco router or switch, the password will show up as clear text. So the question then becomes: How do you...
Chromaterm
About Chromaterm is a terminal colorization tool that runs on linux and is produced by TunnelsUp.com. It essentially acts as a wrapper for the linux shell. Once it starts it...
How to SSH like a Pro
A few tips and tricks about sshing.
Cisco ASA Identity Firewall
The Cisco ASA software 8.4.2 introduced something called Identity Firewall. The IDFW gives a new level of control to ACLs.
Using PHP and the Sharepoint 2013 Wiki API
Sharepoint has the ability to create a Wiki within it. It also has the ability for web developers to query these wiki pages and interact with them using the API....
Restarting the AnalysisEngine on a Cisco IPS
Sometimes the analysis engine goes down on a Cisco IPS (Intrusion Prevention System) or IDS (Intrusion Detection System). In that case the analysis engine can be restarted from the service...
How to Release Subscriptions on a Cisco IPS
The Cisco IPS (Intrusion Prevension System) can handle up to 5 SDEE connections and sometimes holds on to old ones or gets stuck. It is possible to clear these connections...
Default Password Cisco Firewall
Question: What is the default username and password for Cisco ASA firewall?
How to do a Continuous Ping
Below are methods to create a continuous ping in different environments.
SSL VPN access is not allowed
Recently I tried installing WebVPN usability onto a Cisco ASA firewall. When trying to login I received the following error: Clientless (browser) SSL VPN access is not allowed
Packet Captures on Cisco ASA
One of my favorite troubleshooting tools on the Cisco ASA firewall is doing a packet capture. An incoming packet will hit the capture before any ACL or NAT or other...
MARS hard drive issues
Possible results from the raidstatus command for MARS 55, 110R, 110, 210, GC2R, and GC2 Use the raidstatus CLI command to view the status of the RAID array (virtual disk)...
Configure Ironport to act as a smarthost
Ironport Email Appliance (ESA) can act as a smarthost to relay email outbound to the internet. The trick to doing this is to have two interfaces on the Ironport, one...
Raspberry Pi: Phoning home using a reverse remote ssh tunnel
What’s this? Just an ordinary powerbrick? Read on to find out why this is an incredibly dangerous thing to see in your office.
Cisco ASA Botnet License
Information regarding the Cisco ASA Botnet License. What is it? Botnet Traffic Filter is an extra license that can be applied to a Cisco ASA firewall that provides detection and...
Providing a username and password in one line when copying a FTP file to a Cisco ASA firewall
To copy a file from an FTP server to the flash of a ASA you could do the following:
ARPing for non-connected subnets on a Cisco ASA
Consider the following network.
Initial configuration of a Cisco ASA and Ironport WSA using WCCP
Today we are going to set up a Cisco ASA firewall to send WCCP (port 80) web inspection traffic to a Cisco Ironport WSA (Web Security Appliance).
How to move a window that is off the screen into view in Windows 7
Sometimes when you are using a laptop with multiple displays and then unplug from those displays there will be windows that are outside the viewing area of your laptop. Sometimes...
Cisco IPS - Turning off ssh version 1
Vulnerability scanners are reporting that ssh version 1 is on by default for Cisco IPS units. It is fairly simple to turn this off on the IPS if you have...
Cisco VPN troubleshooting - encaps but no decaps
Suppose you are trying to troubleshoot a site to site VPN tunnel that is designed like this:
Sublime Text 2 - Cisco Syntax and Snippets
I am a bit of a geek when it comes to workflow and that means I have tried out many text editors. Notepad, Notepad++, TextMate, Crimson Editor and VIM were...
Vegan Recipe: Erin's Famous Chocolate Chip Cookies
What you need: 1 cup Earth Balance margarine 3/4 cups brown sugar 3/4 cups sugar 1 TB ground flax seeds blended vigorously with 3 TB water until goopy vanilla extract...
Site to Site VPN Tunnel Between Cisco ASA and Juniper SRX JunOS
TCPDump port, host, and interface
TCPDump is an extremely handy tool for verifying if packets are getting to the linux box or not. Here are the commands I use most often:
Recovering the password when No Service Password-Recovery is enabled on a router
Goal: Get into an 1811 that has the No Service Password-Recovery feature enabled.
XBee S2 Quick Reference Guide/Cheat Sheet and Video Tutorials to Getting Started
When I first got started with XBee I had a hard time getting the right information to help me on the projects I was working on. I put my project...
MX Record problem: Reverse DNS does not match SMTP Banner
Today I was given a problem that our Cisco Ironport was not accepting email from outside people sending mail to inside people (backstory: this occurred right after we moved our...
Adding an SSL certificate on an ASA
This tutorial is to show you how to install a HTTPS/SSL certificate on an ASA. This is often used when WebVPN or AnyConnect is configured which uses SSL. Without a...
Understanding Cisco ASA AnyConnect Licensing
This post will try to help understand the differences between anyconnect premium and anyconnect essentials licenses.
Upgrade a Cisco PIX 506E to run 7.1 PIX code
The Cisco PIX 506E is only supposed to run code up to 6.3.5. It is however possible to go higher. In order to do this you need to have your...
Site to Site VPN tunnel config between a Cisco ASA and a Juniper SSG ScreenOS
Below is a config to create a VPN tunnel between a Cisco ASA (Blue side) to a Juniper SSG ScreenOS (Red Side).
Cisco ASA to Juniper ScreenOS to Juniper JunOS Command Reference Cheat Sheet
Vegan Recipe: Grilled Tempeh Reuben Sandwich
This is an amazingly great sandwich. Perhaps the best sandwich I’ve ever eaten! This recipe was originally posted by Rachel at this link: http://theveeword.blogspot.com/2012/06/tempeh-reuben-sandwiches.html
Vegan Recipe: Chorizo and sweet potato enchilada cesserole
This recipe uses the crock pot to make enchiladas. It’s a fantastic meal and easy to make!
Vegan Recipe: Chocolate Mousse
This wonderful dessert is super easy to make and will wow your friends.
Vegan Recipe: Best Mac and Cheese
This is the best vegan mac and cheese I’ve had. This was originally posted by VegNews here: http://vegnews.com/articles/page.do?catId=10&pageId=40 What You Need: Macaroni Veggies Sauce Spices 4 quarts water 1 TBSP...
VPN tunnel between an Ubuntu Linux machine and a Cisco ASA firewall
Config on the Cisco ASA (running 8.4) side. This config is identical to a normal remote access VPN:
Using just a Cisco ASA to block specific websites
When doing web traffic monitoring, policing and blocking it is best to use a web proxy like Ironport WSA, BlueCoat, WebSense or something that is good at doing it. However...
Learning about ASP tables, SPI and VPN contexts
After a lengthy phone call with Cisco TAC I learned an interesting link between a few commands on an ASA for analyzing tunnels.
Arduino Power Usage Project
I wanted to see how much power I am consuming in my home at any given moment, so I created this project using arduino. It features a simple display of...
NAT for Cisco ASA's version 8.3+
There are two major kinds of NAT in 8.3+ Auto NAT and Manual NAT. Auto is done inside the object and cannot take into consideration the destination of the traffic....
L2L Tunnel Failed at MM_WAIT_MSG4
First be sure to read this post on MM WAIT MSG numbers. It goes over all of the ISAKMP states.
Video: Zen of VPN - Concepts on how VPN's work
This video explains the concepts behind how and why Cisco VPN’s work.
Site to Site VPN configuration script between PIX and ASA
This script can be used to get you started on a site to site vpn using the older Cisco PIX code.
Dynamic/DHCP VPN tunnel between two Cisco ASA's
This script will create a vpn tunnel between one Cisco ASA that has a statically assigned IP and one Cisco ASA that has DHCP assigned IP which will change.
WebVPN or SSL VPN on an ASA
Troubleshooting Tips from Cisco.com
I have found this page to be handy from time to time:
Tips on troubleshooting VPN's in general
Debugs And Show Commands To gain more info on where the problem might be, try these show commands and debugs. show crypto isakmp sa Showing status of ISAKMP negotiations show...
Site to site VPN between two ASAs
Site to site VPN tunnel between ASA and Router
Remote access VPN connection using ASA
Remote access VPN connection using Cisco Router
ISAKMP (IKE Phase 1) status messages MM_WAIT_MSG#
ISAKMP (IKE Phase 1) Negotiations States The MM_WAIT_MSG state can be an excellent clue into why a tunnel is not forming. If your firewall is hanging at a specific state...
Configuring Netflow on ASA's
Netflow is data that the ASA will send to a netflow collector which will then give details regarding bandwith used, top talkers, number of connections, etc. Unfortunately there aren’t any...
Debug messages from successful L2L tunnel ASA
This post is what a SUCCESSFUL debug output looks like during a site to site VPN connection on a Cisco ASA.