Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Uber noob

  1. #1
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default First Pentest network (Home)

    Hi all,

    Still working my way into linux, and am totally stoked to get into BT when the time is right. However I have a uber noob question...

    When I get to the point of gettin ready to test BT and work on my skills towards pen testing, id like to set up a test network within my house. I have a linksys router with dd-wrt on it, and want to set it up as a second network where I can get in there and test it up without really jackin up anything on my current network.

    My question for you guys is, whats the best way to set up a second router on my network serving dhcp? should I go Modem/switch/then routers? or whats a good prefered way to set this all up? Ive been browsing around the forums for a month off and on, and havent really come across a question like this...

    Reason for wanting a second router is so that incase I do manage to fubar up something bad, I wont affect my wife and her need to work on the nets. In addition to, once I figure out how I can get into a network with minimal securities, I would like to start working on my skill and knowledge by upgrading to a different kind of router setup, and so on. Just keep moving up the pen test ladder..

    Again, sorry if this question has been asked before. I just havent found it myself...

    PS. I do have an additional crashbox computer I could put on this network to generate traffic and such.

    Thanks for your help,
    -Chrisso

  2. #2
    Junior Member
    Join Date
    Oct 2008
    Posts
    33

    Default *

    Quote Originally Posted by chrisso View Post
    When I get to the point of gettin ready to test BT and work on my skills towards pen testing, id like to set up a test network within my house. I have a linksys router with dd-wrt on it, and want to set it up as a second network where I can get in there and test it up without really jackin up anything on my current network.
    I think it's a good question, but next time you could give the thread a better title. That way more people are likely to read it, and hopefully give you a good answer :)

  3. #3
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    It would be best to set up a completely separate network. Nothing worse than taking down the wrong computer/router. Especially when it's SHMBO's computer.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  4. #4
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default

    NinjaRobot,

    Thanks... Sorry about that. Figured I would set the mood right before one looked at it.

    -Chrisso

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    With dd-wrt you could break your network into different VLANs and not allow communication between them.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default

    Cant break it into multiple/separate wireless siids though right?

    I already have an extra router, just wanted to see what you guys would recommend for setting up a test pen network in your home.

    Thanks for all the suggestions,
    -Chrisso

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by chrisso View Post
    Cant break it into multiple/separate wireless siids though right?

    I already have an extra router, just wanted to see what you guys would recommend for setting up a test pen network in your home.

    Thanks for all the suggestions,
    -Chrisso
    I believe you can only have a single wireless VLAN. However, you can separate Wired from Wireless. Also assuming you have a 4 port model you can separate each of those 4 into their own VLANs as well as choosing which VLAN(s) to allow access to the WAN port (VLAN).

    So as far as I know/understand with dd-wrt on a pretty standard'ish Linksys device you can do 5 VLANs (Wireless + 4 wired), and control which of those 5 gets WAN (Internet) access.

    If you have a second router it's probably safest and easiest to have your "lab" completely separate from your everyday use stuff.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    easiest thing to do is go into your test router and turn off dhcp and assign it a static IP on your LAN. Then give it a essid you will be sure not to forget like "ddwrt_test_victim" or whatever. add the encryption your testing and the connect one of its lan ports to a switch/router lan port on your working network. Now you have a working router which can reach the net to test on. This is not the safest way to do it but the easiest.

  9. #9
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default

    Cool, so just basically a range expander.

    Quote Originally Posted by pureh@te View Post
    This is not the safest way to do it but the easiest.
    Potential damage being?

    Would you guys recommend trying a differnt kind of router firmware? Or is dd-wrt ok? or does it really not matter? I figured id set it up on wep first with a simple passphrase, and then move up from there.

    Again, this is all awhile away, but just looking forward to messin around with it, and freakin learn this stuff.

    Thanks Pureh@te, Thorin!

  10. #10
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Barry View Post
    It would be best to set up a completely separate network. Nothing worse than taking down the wrong computer/router. Especially when it's SHMBO's computer.
    Quote Originally Posted by thorin View Post
    If you have a second router it's probably safest and easiest to have your "lab" completely separate from your everyday use stuff.
    I'm with these guys. A pentest lab LAN should be set up as completely separate from your standard LAN. It may be more work, but you'll thank yourself the first time you accidentally DOS or otherwise bork the lab LAN. Plus you won't have to come up with any lame excuse for SHMBO when she wants to know why all your wedding photos are gone from her machine's hard drive.

    Not only is mine separate, it has a a couple of major differences from the main LAN:
    • Different DHCP schema;
    • DHCP is set to a very narrow range;
    • Most of the lab machines use manual IP assignments.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •