Uber noob

[imported_chrisso]

Hi all,

Still working my way into linux, and am totally stoked to get into BT when the time is right. However I have a uber noob question...

When I get to the point of gettin ready to test BT and work on my skills towards pen testing, id like to set up a test network within my house. I have a linksys router with dd-wrt on it, and want to set it up as a second network where I can get in there and test it up without really jackin up anything on my current network.

My question for you guys is, whats the best way to set up a second router on my network serving dhcp? should I go Modem/switch/then routers? or whats a good prefered way to set this all up? Ive been browsing around the forums for a month off and on, and havent really come across a question like this...

Reason for wanting a second router is so that incase I do manage to fubar up something bad, I wont affect my wife and her need to work on the nets. In addition to, once I figure out how I can get into a network with minimal securities, I would like to start working on my skill and knowledge by upgrading to a different kind of router setup, and so on. Just keep moving up the pen test ladder..

Again, sorry if this question has been asked before. I just havent found it myself...

PS. I do have an additional crashbox computer I could put on this network to generate traffic and such.

Thanks for your help,
-Chrisso

[ninjarobot]

When I get to the point of gettin ready to test BT and work on my skills towards pen testing, id like to set up a test network within my house. I have a linksys router with dd-wrt on it, and want to set it up as a second network where I can get in there and test it up without really jackin up anything on my current network.

I think it's a good question, but next time you could give the thread a better title. That way more people are likely to read it, and hopefully give you a good answer :)

[Barry]

It would be best to set up a completely separate network. Nothing worse than taking down the wrong computer/router. Especially when it's SHMBO's computer.

[imported_chrisso]

NinjaRobot,

Thanks... Sorry about that. Figured I would set the mood right before one looked at it.

-Chrisso

[thorin]

With dd-wrt you could break your network into different VLANs and not allow communication between them.

[imported_chrisso]

Cant break it into multiple/separate wireless siids though right?

I already have an extra router, just wanted to see what you guys would recommend for setting up a test pen network in your home.

Thanks for all the suggestions,
-Chrisso

[thorin]

Cant break it into multiple/separate wireless siids though right?

I already have an extra router, just wanted to see what you guys would recommend for setting up a test pen network in your home.

Thanks for all the suggestions,
-Chrisso

I believe you can only have a single wireless VLAN. However, you can separate Wired from Wireless. Also assuming you have a 4 port model you can separate each of those 4 into their own VLANs as well as choosing which VLAN(s) to allow access to the WAN port (VLAN).

So as far as I know/understand with dd-wrt on a pretty standard'ish Linksys device you can do 5 VLANs (Wireless + 4 wired), and control which of those 5 gets WAN (Internet) access.

If you have a second router it's probably safest and easiest to have your "lab" completely separate from your everyday use stuff.

[purehate]

easiest thing to do is go into your test router and turn off dhcp and assign it a static IP on your LAN. Then give it a essid you will be sure not to forget like "ddwrt_test_victim" or whatever. add the encryption your testing and the connect one of its lan ports to a switch/router lan port on your working network. Now you have a working router which can reach the net to test on. This is not the safest way to do it but the easiest.

[imported_chrisso]

Cool, so just basically a range expander.

This is not the safest way to do it but the easiest.

Potential damage being?

Would you guys recommend trying a differnt kind of router firmware? Or is dd-wrt ok? or does it really not matter? I figured id set it up on wep first with a simple passphrase, and then move up from there.

Again, this is all awhile away, but just looking forward to messin around with it, and freakin learn this stuff.

Thanks Pureh@te, Thorin!

[Thorn]

It would be best to set up a completely separate network. Nothing worse than taking down the wrong computer/router. Especially when it's SHMBO's computer.

If you have a second router it's probably safest and easiest to have your "lab" completely separate from your everyday use stuff.

I'm with these guys. A pentest lab LAN should be set up as completely separate from your standard LAN. It may be more work, but you'll thank yourself the first time you accidentally DOS or otherwise bork the lab LAN. Plus you won't have to come up with any lame excuse for SHMBO when she wants to know why all your wedding photos are gone from her machine's hard drive.

Not only is mine separate, it has a a couple of major differences from the main LAN:

• Different DHCP schema;
• DHCP is set to a very narrow range;
• Most of the lab machines use manual IP assignments.