For week 10, I was expected to complete this TryHackMe room.

Firstly, it took me far to long to log in. I was rushing, and I failed to click the "I'm not a robot" radio button for capatcha and it locked me out for "five minutes" which was much, much longer than five minutes. I eventually had to change my password to get access. The whole experience was very annoying and left me feeling just a little paranoid.

The room starts with a description of Nessus: Nmap deluxe. 

Before joining the room, I checked the installation instructions. The documentation on the tenable website was a bit confusing (I'm in a hurry to complete a mountain of homework). It was talking about virtual machines and so I jumped back to the TryHackMe room. It talked about downloading a .deb package. I'm not running a Debian distro, so I found the Fedora one and downloaded. I clicked on the file, and My package manager installed it, which is something I'm not used to. I usually run a really stripped down version of Linux and install only the software I absolutely need. But I've been using a modified version of Fedora 36 recently and it's really easy to like.

Installation complete, I opened a terminal and started the service by entering:

sudo /bin/systemctl start nessusd.service

Then I tried to follow the hyperlink on TryhackMe to open https://localhost:8834/, but Firefox gave me the following message:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead, please use the HTTPS scheme to access this URL.

So I typed it in manually. Firefox warned me about the potential security risk. I don't fully understand why an https address isn't secure and I wish TryHackMe would take a moment to explain it beyond the picture with the text about certificates. Mozilla has this to say:

SEC_ERROR_UNKNOWN_ISSUER

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

This feels like famous last words, but I was in a hurry, so I accepted the risk and proceeded. 

Following the instructions on TryHackMe, I clicked the radio button for Nessus Essentials, I entered a passcode emailed to me by Nessus, and set up an account. I waited for plugins to compile and prepared some tea.

And at this point I realized that TryHackMe expected me to be using this on a VM. Damn. So I looked through the rest of the instructions and decided that running it natively would not be a significantly greater risk than running it in a VM. Fingers crossed 😬

So I finally joined the room and went back and checked the assignments I have already done.

The room asked me various questions about the GUI, and I immediately felt confused because I was looking for a button I already clicked. After that, I answered all the questions without much effort. But I do like something like this, because it makes me engage with the application rather than just telling me about it like a textbook does. I think most CompTIA subjects would benefit from this style of instruction.

The next section was much the same, with a question about scheduling, one about scanning all ports, and one about scanning with low bandwidth links.

Then is said to launch a scan, but Nessus wants a name and a target, but I don't know what name and target I am supposed to be scanning. So I ran it on the AttackBox and hoped that was what I was supposed to do.

TryHackMe, like most people with technical expertise, suffer from the curse of knowledge: They seem to have forgotten what it was like to not know something. This leads them to omit critical details in their instructions. Sure, it makes me figure something out for myself, but that is like teaching somebody to swim by pushing them out of a boat and saying, "You better figure it out or I'm going to regret not learning CPR."

And I got the results back from the scan... Nothing. Great. Another frustrating TryHackMe room.

I'm so frustrated with this website. I couldn't answer the next question. I terminated the machine and left the room.

At least I downloaded a really useful piece of software.

 For week nine, I am to define the following terms using one sentence each:

    3G (third generation)

Third Generation mobile phone network featuring data rates up to 384Kbps.

    4G (fourth generation)

Fourth generation mobile phone network featuring data rates between 100 Mbps and 1Gbps.

 
    5G (fifth generation)

Fifth, and currently the most up to date, mobile phone network featuring data rates between 1 Gbps and 20 Gbps download speeds and  up to 10 Gbps upload speeds.

    active-active redundancy

All redundant resources (routers in the textbook) are active at all times, with work distributed among them.

 
    active-passive redundancy

Some redundant resources (routers in the textbook) are inactive until they are needed.

    AD (administrative distance)

A value indicating a routing protocol's reliability.

    AS (autonomous system)

A network or group of networks controlled, exclusively, by an organization.

    asymmetrical

A term applied to connectivity indicating differences between upload speeds and download speeds.

    asymmetrical routing

Incoming data follows a different routing path than outgoing data, leading to unwanted firewall intervention.

    bandwidth speed tester

A cloud based resource for testing bandwidth speed such as Speed Test dot Net.

    best path

The most efficient route as calculated by a router.

    BGP (Border Gateway Protocol)

An Exterior Gateway Protocol capable of scouting outside of an Autonomous System.

    border router

A router connecting an Autonomous System with an outside network.

    broadband

Asymmetrical, Asynchronous Internet connectivity provided by an Internet Service Provider shared between multiple customers.

    cable broadband

Brodband internet connection supplied by a cable company typically over coax.

    cable modem

Modem, typically supplied by a cable company Internet Service Provider, to translate digital signals to analogue and vice versa.

    CDMA (Code Division Multiple Access)

Cellular connectivity in which the signal is spread over a wider spectrum than the Global System for Mobile communications and multiple users share the same channel.

    cell site

Antenna array and base station for supporting a cellular network.

 
    convergence time

The time it takes a router to calculate the best path in the event of a topology change.

    core router

Router operating within an Autonomous System.

    CRC error

A Cycle Redundancy Checksum error indicates that a message was damaged in transit.

    default route

If a router doesn't find a matching entry in its routing table during a route-search, it uses a generic predetermined route.

    DIA (dedicated Internet access) 

Internet access for a single customer which usually includes a Service-Level Agreement guaranteeing minimum uptime percentages and maximum recovery times.

 
    distance-vector routing protocol

Routing protocol that calculates best route based on distance and requires exchanging entire routing tables with neighboring systems.

    DOCSIS (Data Over Cable Service Interface Specifications)

A suite of standardized specifications pertaining to cable internet from CableLabs.

    DSL (digital subscriber line)

Internet connectivity over phone lines with a maximum download speed of 100Mbps (when using Very high bit rate Digital Subscriber Line).

    DSL modem

Translates between your network, the phone lines and vice versa.

    dynamic route

A router calculating the best path dynamically.

    edge router

Connects an Autonomous System with an outside network and usually use Exterior Gateway Protocols.

    EGP (exterior gateway protocol)

Protocols for edge routers, (almost certainly Boarder Gateway Protocol)

    EIGRP (Enhanced Interior Gateway Routing Protocol)

A hybrid protocol developed by Cisco featuring fast convergence and low network overhead.

    exterior router

Any router outside an organization's Autonomous System

    FHRP (First Hop Redundancy Protocol)

Configuring a virtual IP address as the default gateway which points to multiple routers.

    gateway of last resort

The router that accepts unroutable messages from other routers.

    giant

Frames that are too large.

    GSM (Global System for Mobile Communications)

An open standard, used worldwide using Time Division Multiple Access.
    HFC (hybrid fiber coaxial)

Fiber to nodes, Coax to the modem.

    hybrid routing protocol

Hybrid between Distance-Vector routing and Link-State routing.

    IGP (interior gateway protocol)

Routing protocols used within an Autonomous System.

    interconnection

Interconnection, or Private-Direct Connection is when a client leases a line from the client's Internet Service Provider to the client's cloud service provider.

    interior router

Routers within the Autonomous System (also called core routers).

    IS-IS (Intermediate System to Intermediate System)

A link-state routing protocol using a best-path algorithm.

    leased line

An ISP to customer line featuring dedicated, symmetrical bandwidth, with an Service Level Agreement-backed guarantee.

    link-state routing protocol

Routers connect information from each other in order to build their own routing tables and map the network accordingly.

    local loop

The part of a Digital Subscriber Line network between the customer's demarcation point the the Central Office.

    long-haul connection

Like long-haul trucking, but for cable runs.

    LTE (Long-Term Evolution)

A marketing debacle that eventually made good on the promises of early 4G claims.

    LTE-A (LTE-Advanced)

4G's last iteration featuring a speeds between 100 Mbps and 1 Gbps.

    modem

Like a two-way version of the circuit that allowed an Atari 2600 a T.V., it modulates/demodulates a signal so analogue and digital can communicate effectively.

    MON (metropolitan optical network)

A fiber network made available to the people (assuming the people can afford to live in the right zip code), usually built by, or with the help of a local municipality.

 
    MPLS (multiprotocol label switching)

Multiple Layer 3 protocols traveling over any number of Layer 2 protocols, allowing organizations to find the best connections for any specific need.

    OSPF (Open Shortest Path First)

A link-state protocol featuring support for large networks, efficient, complex algorithms, shared databases, low-overhead, fast, convergence, good stability, and is supported by all modern routers.

    overhead

The burden placed on a network to support a protocol.

    private-direct connection

Interconnection, or Private-Direct Connection is when a client leases a line from the client's Internet Service Provider to the client's cloud service provider.

    PSTN (public switched telephone network)

Land-line networks like the one my grandmother used to operate a switch board for and the one I used to use when my phone bill was $15 per month.

    QoS (quality of service)

A Client-determined standard for prioritizing certain types of traffic over others (like your Internet Service Provider does after overturning the protections that governed net neutrality).

 
    RIP (Routing Information Protocol)

 Routing Information Protocol is oldest routing protocol and is distance-vector based and outdated.

    RIPv2 (Routing Information Protocol, version 2)

An update to the original Routing Information Protocol which features, less broadcast traffic and is more secure, but still outdated.

    route

A cross-platform utility for viewing a host's routing table.

    routing cost

A value assigned to a route in which lower cost is better.

    routing loop

When a packet is stuck in a loop, caused by bad routing, and does not reach its intended destination, causing congestion until its Time To Live expires.

    routing metric

Like the name says, measurable information about a route.

    routing protocol

The standards a group of routers follow in order to send data to one anther effectively.

    routing table

A database routers use to determine where and how to send data.

    runt

Frames that are too small

    SD-WAN (software-defined wide area network)

A centrally controlled, software defined abstraction of a wide area network.

    SIM (Subscriber Identity Module) card

A microchip required for Global System for Mobile communications Networks containing information about a subscriber and his or her carrier.

    smartjack

An intelligent version of a Network Interface Unit that connects a customer's network to their Internet Service Provider's local loop, capable of providing information about the interface and sounds like it was named by William Gibson.

    static route

A route, defined by a network administrator that doesn't change.

    symmetrical

An internet connection that has the same upload/download speeds available.

    TDMA (time division multiple access)

 Data from any number of sources split into timeslots for transport across a mobile network.

 Subnetting

I suspect that many networking students find this week's subject difficult. I certainly have. Subnetting isn't too difficult conceptually, but internalizing all the steps in a week is an incredible undertaking. If someone told me, "I can learn segmentation, including IPv6, VLSM, and various VLAN configurations in a single week, while taking other classes", I would think they were arrogant. And that's exactly the position I find myself in.

I tried a different strategy for studying this week: I started with the lab and then read the textbook. I find that this makes the dry, dense material of the textbook easier to make meaningful.

Before moving on with this weeks assignment, I just want to take a moment to talk about octets. In decimal, an IP address might look like the following: 

192.168.89.126

These four numbers separated by periods are called octets. Why octets? Because they are each made up of one byte, or 8 bits. So an octet of 255 in decimal translates to 11111111. This is also the highest number for an octet because all eight bits are in the on position. And 128 translates to 10000000 and is another useful one to memorize... All of this is important to conceptualize so talk of borrowing bits is easier to wrap one's head around.

 

I have been tasked with watching all the videos on this page: https://subnetipv4.com/#learn

After which, I am to do ten practice questions from the same page.

Using what I have learned, I draw up a cheat sheet using the following procedure:

Step one: Starting at the bottom/left corner of your sheet, write /1 /2 /3 /4 /5 /6 /7 /8 evenly spaced across the bottom.

Step two: Add another row above the previous one starting where the last row left off. Each number should be 8 more than the number in the column below it.

Step three: Follow step two 2 more times.

We now have our complete CIDR notation with the bottom row applying to the first octet and the fourth row applying to the fourth octet of any IP address.

Step four: Skip one row and from right to left, start with 1 and proceed to double for each column created by steps one - three. It will end on 128. This gives us our group size.

Step five: In the row we skipped from the previous step, now subtract the number above for each column from 256. The rightmost column will be 255 which I covered above (8 bits, all turned on), and the leftmost column will match the number (128) in the column above it. This gives us our subnet.

Steps four and five work like a reverse process of identifying the interesting octet (an octet that is not 255 or 0), and finding the magic number (group size) by subtracting it from 256. However, for the purposes of writing up a cheat sheet, it is easier to follow steps four and five as described above.

For most subnetting problems, the first step is to locate the CIDR notation in the cheat sheet corresponding to the IP address in question. This will tell us what column we are working in. The row the CIDR number is in will tell us what octet we are working on.

Then we increment by the number in the top row (group size) until we pass the number in the corresponding octet of the given IP address by one increment.

We now have all the information we need to answer subnetting questions.

The subnet can be found by locating the correct octet and filling it out using the second row. Any octets to the left will be 255 and any to the right will be 0.

The last two numbers in our incremental list will give us our Network ID (the lower of the two numbers) and the Next Network (the higher of the two numbers)

 

This started easy enough. 4th octet:

 

 

 

 

Another 4th octet problem:

 

 

 

 

Then a 3rd octet problem:

At this point, I had to review and relearn. Getting the network and first host was trivial enough, but I had not understood, when watching the videos, the next three rows. A quick review cleared it up.

 

 

 

 

Another 3rd octet problem and again, I had to check my notes, but I worked it out:

A Second octet problem

First Host caught me off guard on this one, but I quickly figured out which column I was supposed to be working in. Then a typo in Next Subnet left me scratching my head for a long time.

The next three were easy:

 

 

 

 

 

 

 

 

 

 

 

 

I kept rolling until I got a first octet problem. It felt like I was playing an old-school CRPG, rolling for good stats.

And that's it. I have rarely felt so insecure about something I've spent a week studying, but if there's one thing I learned from my acting class it's this, "Go before you're ready." Because for someone like me, I can't be allowed to wait until I feel comfortable. Ain't no one gonna wait that long for me.

 This week I am tasked with completing the following room at TryHackMe:

Active Reconnaissance

This is the second room in their Network Security Module, so I decided to do the first one in the module first.

Passive Reconnaissance

I had to do quite a bit of work to figure out how to connect via OpenVPN. There are a large number of tutorials on YouTube, telling you how to connect and confirm your connection, but they all neglect to mention how you actually use it after connecting. In the time it took to do the research, my attackbox expired. I will try again.

I completed the Active room before returning to this one. And again this website frustrates me. Despite following numerous steps to set up the network. The terminal on the AttackBox can't ping google, and I can't run # whois tryhackme.com; I receive the following error:

connect: Network is unreachable

If I was more misanthropic, I would assume they are trying to frustrate me into paying for a subscription. I'm not wasting any more time on this today.

Active Reconnaissance

After a brief introduction and a list of tools used this room begins with a description of ports used by web browsers. A brief explanation of how to inspect elements of a website using Developers Tools was followed by a list of browser extensions to help with pen testing. A question about an element of another website was easy to suss out using the Developers Toolkit and some poking around.

Then we went over the ping command. The questions required me to break out the man page. Until now I've only ever used ping to test if my system can connect to the world wide web on a new, minimal Linux installation.

Next we are introduced to tracerout and a much-needed refresher on TTL. Using my connection between the AttackBox and a target machine I ran traceroute on the target machine to find how many licks it takes to get to the tootsie-roll-center of a tootsie-pop.

Next I probed the target machine's port 80 with telnet. The instructions for this section are clear enough to execute, but there is a lot of information in just a few sentences (almost as dense as my networking textbook). When I'm not neck deep in schoolwork, I'm going to come back and work through this whole module.

Then I used netcat to probe port 21 on the target machine. EverythingISaidAboutTheLastSection = 1

EverythingISaidAboutTheLastSection * 2 

The room wrapped up with a summary and some links to tools and resources.

 

Week 6

This week I am to complete Project 6-1 from CompTia Network+ Guide to Networks by Jill West (Cengage 2022, 2019). I am to use the following online simulator:

https://emulator.tp-link.com/EMULATOR_wr810nv2_eu/userRpm/LoginRpm.htm

Upon following the link, I am greeted with a login prompt. After rereading NOTE 6-9 from the textbook, I see that the rather easy to remember username is admin, and the very secure password is also admin. I'd be very amused if I didn't have administrative privileges after logging in.

And that's where the fun ended. Every setting I change resets itself when I hit save. Turns out I am not, in fact, amused that I don't have administrative privileges.

It seems like the textbook is working off the assumption that I am doing this to my actual network (despite its suggestion to use a simulator), which is not an option for me in my current situation.

In all seriousness, I have no idea what I'm meant to do. I can't, for instance, connect an Ethernet cable to an imaginary router. So the following is my best attempt to describe how I would use this software if I were actually setting up a SOHO router using this interface.

First step, let's look at quick setup to see if we can establish sane defaults.

 

 

I would need a very good reason not to use Dynamic IP.

Then I just looked through every tab, and I really didn't need to change anything. By default, it is pretty secure (as far as I can tell).

There are a couple of questions at the end of the exercise:

a. What is the public IP address of the router on the ISP network?

It's dynamic between these two numbers:

b. Why is it necessary for the router to have two IP addresses?

    One is for the LAN one is for the internet at large. Which is to say that one is for the LAN and the other is so the Internet on the other side of the gateway can communicate with the LAN on this side of the gateway.

And unless I'm missing something obvious. That's it.