I got the following message when I was attempting to change the DNS address on a few of my VMware Servers today.
The IP address
XXX.XXX.XXX.XXX you have entered for this network adapter is already assigned to
another adapter Name of adapter. Name of adapter is hidden from the network and
Dial-up Connections folder because it is not physically in the computer or is a
legacy adapter that is not working. If the same address is assigned to both
adapters and they become active, only one of them will use this address. This
may result in incorrect system configuration. Do you want to enter a different
IP address for this adapter in the list of IP addresses in the advanced dialog
box? In this message,
XXX.XXX.XXX.XXX is an IP address that you are trying to set and Name of adapter
is the name of a network adapter that is present in the registry but hidden in
Device Manager.
I tried Microsoft's suggestion in this article "http://support.microsoft.com/?kbid=269155" however it didn't work for me. I had to create a "system environment variable" and give it the value of "1". Once that was completed I was able to follow the rest of the article. I removed all hidden adapters except for the "RAS Adapter" and I was then able to add the new IP address.
How to create a system variable:
On a Windows machine right click "My
Computer" --> Properties --> Advanced tab--> Environment
Variables--> System variables -->Click new -->
Specify a "Variable name" (devmgr_show_nonpresent_devices) and the "Variable value" which is 1
If you installed the ESX software and you are unable to ping the host after installation try the following steps.
1.Verify that the required network interface cards are up and the switch port is up and configure correctly.
ESX Command to check network cards:
esxcfg-nics –l
Once you confirmed that your NICS are up verify the duplex setting on both your network switch and your ESX host.
ESX Command to set the speed to 1 Gig / Full duplex to full for NIC 0 esxcfg-nics –s 1000 –d full vmnic0
2.Verify that you have the correct network addressing configuration: less /etc/sysconfig/network
3.Verify your vSwitch configuration. esxcfg-vswitch –l This command is also use to create and update a virtual machine (vswitch) network settings as you will see later one. Here you can see that NIC 0 and 2 are both assigned to vSwitch0
Verify your service console network setting. esxcfg-vswif –l This command is also used to create and update the service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues
You can also use this command to create and update the virtual machine (vswitch) network settings.
If you are still unable to establish connectivity to the hosts, by this time, you can use the following commands to delete and recreate the vSwitch.
Phase two: ChangesAt this point if after verifying the following settings you don’t see anything unusual, you would take note of the above settings, delete them and recreate it.
esxcfg-vswitch –d vSwitch0 --> To remove virtual switch esxcfg-vswitch –a vSwitch0 --> To re-add a virtual switch esxcfg-vswitch -L vmnic0 vSwitch0 --> To assign physical nic0 (repeat and add additional nics) esxcfg-vswif -d vswif0 --> To remove the service console network.
esxcfg-vswif -a vswif0 -p "Service Console" -i 10.100.0.114 -n 255.255.255.128 --> Add a Service Console (vswif0) esxcfg-vswitch -v 69 -p "Service Console" vSwitch0 --> Add Vlan 69 to service console on vSwitch0
After these steps its important to restart the network service with the "service network restart" command.
The idea of this post came about while using the program "cewl" that was created by Robin Wood aka @digininja. I initially started using this application to harvest the email addresses on my company's website so I can compare to a know list of exchange public folders and correct any discrepancy. If you would like to give cewl a try you can find a nice install guide over at @joswr1ght website. However after utilizing some of cewl's functions to download documents while analyzing the email addresses, I then went a step further and used Larry's paper as a guide to analyze some of those documents and the results were shocking. This brought on the realization that a lot of companies just post PDF's/ Word documents online without thinking about sanitizing them first, and thats just making it easy for the bad guys. I am not going to get into all the details of my findings but I would say if you haven't used cewl or read Larry's paper you are doing yourself a great injustice.
Now before you start panicking the are a few things you can do to limit the exposure of personal data your company might inadvertently leak on the internet. The National Security Agency published a paper back in 2008 which I believe is still very useful today. You can use this paper as a guide for sanitizing your PDF's and other documents before publishing them online. I decided to do something new this time, and ask both Authors a few questions:
Robin Wood Q&A:
What prompted you to create cewl?
Cewl is based on a blog post by Larry "HaxorTheMatrix" Pesce from http://www.pauldotcom.com/. He used command line tools,and I put it all in one place.
Do you think that the area of metadata research is not getting a lot of attention?
I think there is a bit of research going on, Larry does some and foca is a great app. It is defense that is lacking.
What was the main usage you had in mind for this tool and is that goal being meet?
The main usage was creating dictionaries for dictionary attacks and it seems to be working from the feedback I've been getting.
What other meta data analysis tools are you working on?
I'm currently not working on any meta data projects at the moment, however I tend to be a spur of the moment developer so if I have an idea you might see a tool the next day.
How can someone contribute or help out with this tools or any other of your projects?
If anyone wants to contribute they can mail me ideas or send code patches. I'm always happy to listen to ideas.
Where can people follow your work and find out more about what you are doing?
For more details on my projects visit http://www.digininja.org/ or follow me on twitter @digininja.
Larry Pesce Q&A:
What made you decided to focus your research and write a paper on the evils of meta data?
It started with they myspace 1.6 gig picture leak, I wanted to see if any of the images contained GPS info so that I could tie the picture to a location.
Do you think everyone is doing their part to bring awareness to this issue?
I think that folks are just starting to come around on the whole "detailed recon" aspect of a test and are starting to educate themselves.
Would you say every company that publishes documents on the web should have a policy in place that addresses sanitizing documents?
I would not say that every company needs to have a policy on it.I know shocking! For some, the effort put forth to sanitize the public documents has no reward in reducing risk. But I think that if you do the analysis, any mid sized or larger company can easily and adequately address the risk that it introduces.
Since the paper have you done any additional work or research in this area?
I have done some, such as looking at some other common stuff for information gathering and recon. I have looked at simcards, and other document types; such as streaming video, stuff like YouTube for GPS tagged videos, and of course automating a lot of the work.
Do you think that more people should be doing research in this field?
Yes, in as much as the attackers are doing the same thing. I think that most of us don't realize how much info is out there with a little bit of digging
I would like to end with a quote which I am sure I have picked up from the PDC crew “no need for a zero day, when all your personal information is in the wild".
I am currently in the middle of working on a project that involves configuring a NetMRI appliance and a accompanying event collector. So far I am finish configuring the appliance along with a test switch "Cisco 3560".This blog posting will briefly go over some of the steps I took to accomplish this task.
What is NetMRI?
NetMRI enables organizations to take control of network configurations
and changes–making it easy to identify hard-to-find configuration
problems that are lurking in the network and meet internal standards and
external compliance requirements. Instead of just logging changes,
NetMRI utilizes built-in subject matter expertise to audit, analyze and
automate network change.
Prior
to starting the configuration process for the NetMRI appliance you need to
install an SSH client and have a cross over cable, or a switch with the correct VLAN configured. NetMRI always listens on the private IP address 169.254.1.1,with
subnet 255.255.255.0. Simply configure your machine to 169.254.1.3 or any
address in that range within this range that’s lower than .254 with a subnet of
255.255.255.0.
Once
you are finish try to ping 169.254.1.1 if you are able to communicate with the
appliance you can use your favorite SSH client and connect to the appliance on
port 22 using the following credentials
admin/admin and from there run the “configure server” command.
During
this process you will be asked several questions:
·Network , Server and Domain name
·Two DNS address
·Time server/ time zone
·Management port IP address and gateway
·Scanning port IP address an gateway if you choose to use both
ports
Once you are
finish you can now login into the appliance using the newly assigned IP address
that was selected during the setup above. Ex http://172.29.19.4
Select next to continue.
Step 1: Chose a new admin password. Choose a
difficult password, since the username cant be changed its advisable to use a password that's not easily guessed.
Step 2:
License file Browse to
the location on your computer where you have the file and click next.
Step 3: IP
Addresses/CIDR Blocks You can
either add a whole subnet or individual IP addresses using a /32 at the end of
the IP address.
Setp 4:
Community Strings Here is
where you will enter the string that you will be configuring on your router and
switches.
Step 5: CLI
Credentials
Here
is where you need to enter the user name and password that the NetMRI appliance
is going to be using to access your infrastructure devices; you will also need
to enter your Enable password here to.
Once
you are done click finish.
After the NetMRI setup process
has been completed, review the Network Explorer tab > Inventory tab
> Devices / Interfaces section > Devices page. If the
Default Gateway, CIDR blocks, SNMP credentials and Telnet/SSH credentials were
entered correctly, you should start to see devices listed in this table within
a few minutes. Periodically refresh your browser to see the progress of the
discovery process.
Troubleshooting
If you don’t see any devices
within a few minutes, you should verify the accuracy of the network information
added during the configuration process as follows:
1. In the NetMRI header panel,
click the Settings button. In the menu along the right side of the Settings
window, click the Setup section, then click Discovery Settings.
Ensure that the given CIDR blocks cover the desired parts of your network.
Also, ensure that the Default Gateway is covered by one of the Included CIDR
blocks, but not by one of the Excluded CIDR blocks.
2. In the menu along the right
side of the Settings window, click Collectors and Groups (just
above Discovery Settings). Ensure that SNMP collection is
Enabled. In the Settings window, click SNMP Credentials and
verify that the community strings for your network devices are entered properly
(e.g., check spelling and case-sensitivity).
3. If NetMRI was configured using
a crossover Ethernet cable and NetMRI was not on the network following
completion of the configuration process, then NetMRI may not have been
successful in its initial probes of the network. Navigate to Settings >
Settings section > Discovery Settings page and click the Reset
Discovery Counters button (below the table) to kick off the initial network
probes again, then continue to monitor the discovery process as before.
Any changes made using the forms described
above will be automatically used by the discovery process. If the new
information is correct, you should start to see devices appearing in the table
at Network Explorer tab > Inventory tab > Devices /
Interfaces section > Devices
Cisco Device Configuration
Create Username on the Cisco 3560
switch
======================================
username mriuser password 7
aaa new-model
aaa authentication login default
local
Configure SNMP Cisco Catalysis
3560
===================================
config t
snmp-server group nmri v2c read mrigp
snmp-server community mr131 RO
snmp-server user mriuser nmri
v2c
snmp-server enable traps syslog
Doing an SNMP Walk
In order to do a SNMP walk you
need to replace the Root OID system with 1.3.6.1.2.1.1.
Posts
