PFSense 2.4.4 on an ACEPC T11

I bought a sil­ver ACEPC T11 for doing some lab work for $127 (link). It sports an Intel Cher­ry Trail Atom Z8350, quad-core CPU, 4GB of RAM, and 64GB emmc, and a dual-band 2.4ghz and 5ghz wire­less card. I tried boot­ing off the pfsense media and it kept hang­ing at ppc0: cannot reserve I/O port range. After pok­ing around, I ran across this arti­cle: https://forum.netgate.com/topic/109447/zotac-ci323-installation-controller-failures/16

I reboot­ed and select­ed 3. [Esc]ape to loader prompt on the boot menu. At the OK prompt, I entered:

set hint.uart.0.disabled="1"
set hint.uart.1.disabled="1"
boot

It boot­ed right up and pfsense installed with­out any issues.

Next, I’ll be rip­ping it open and installing exter­nal wire­less adapters and an SSD for stor­ing pcaps.

dns.msftncsi.com DNS Requests Every Few Seconds

Over the week­end, I updat­ed my wire­less router to the lat­est revi­sion of ASUSWRT-Mer­lin. I also decid­ed to update my Diet­Pi Pi-hole to their lat­est builds. Due to a full code rewrite of Diet­pi, it meant a com­plete rebuild for that sys­tem. The release of ASUSWRT-Mer­lin also sug­gest­ed reset­ting to fac­to­ry defaults due to some major changes. Every­thing was about to be new again.

Once I got every­thing rebuilt and run­ning, I noticed requests com­ing from my fire­wall to my diet­pi every 10 sec­onds or so for dns.msftncsi.com. I imme­di­ate­ly assumed this was some Microsoft teleme­try noise on my net­work from MS NLA. How­ev­er, the queries were com­ing direct­ly from my fire­wall which seemed odd. Anoth­er search led me to a post on the Pi-hole dis­course. After I ran nvram show | grep dns_probe, it was clear I found the cul­prit.

admin@gw:/tmp/home/root# nvram show | grep dns_probe
dns_probe_host=dns.msftncsi.com
dns_probe_content=131.107.255.255 fd3e:4f5a:5b81::1

I ran the fol­low­ing three lines and con­firmed the traf­fic stopped. No reboot was nec­es­sary. The first post I read rec­om­mend­ed set­ting dns_probe_content to 0.0.0.0 and dns_probe_host to “” (effec­tive­ly blank). I lat­er found a post by RMer­lin that explains set­ting dns_probe_content to blank dis­ables the watch­dog ser­vice but effec­tive­ly dis­ables the dual WAN fea­ture. It would make sense that dual WAN would require a watch­dog ser­vice. So, if you use dual WAN, don’t do this. Oth­er­wise, you should be fine.

admin@gw:/tmp/home/root# nvram set dns_probe_content=
admin@gw:/tmp/home/root# nvram set dns_probe_host=
admin@gw:/tmp/home/root# nvram commit

RPM/yum Database Corruption

Jumped onto my serv­er and noticed a few out of date pack­ages. A quick % sudo yum update report­ed the fol­low­ing:

error: rpmdb: BDB0113 Thread/process 12323/139745043400512 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 - (-30973)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:

For­tu­nate­ly, the fix was easy:
% sudo rpm --rebuilddb

Once com­plete, yum update worked like new.

Weekend Reading - April 22, 2016

Blogs / News

Weekend Reading - April 15, 2016

Blogs / News

Weekend Reading - March 25, 2016

Con­fer­ence / Mee­tups

Blogs / News

Announcing New YouTube Channel: InfoSecTech Tools

infosectech-logoFor a while, I’ve been trolling the rich world of infos­ec tools offered in dis­tri­b­u­tions like Kali Lin­ux and BlackArch. Many of these tools have been a huge boost to my pro­duc­tiv­i­ty and effi­cien­cy. Whether look­ing to defend a net­work, do net­work dis­cov­ery, or just get a bet­ter idea of what tools adver­saries use, learn­ing these tool sets is crit­i­cal to the suc­cess of today’s IT pros.

I’ll be cov­er­ing tuto­ri­als on some of the more rel­e­vant infos­ec tools, scripts, and appli­ca­tions to the every day IT pro­fes­sion­al. For starters, I’ll be doing tuto­ri­als and demos of infor­ma­tion gath­er­ing tools direct­ly list­ed on the Kali Lin­ux tools web­site. As I build out a stream­lined process and home stu­dio, I hope to improve the for­mat and pro­duc­tion qual­i­ty, even­tu­al­ly intro­duc­ing per­son­al nar­ra­tion instead of text only, onscreen guides.

I’d love your input and feed­back as I start down this path.

Fol­low along here on my blog or sub­scribe to the Info­S­ecTech YouTube chan­nel.

Thanks for your sup­port. I’m hop­ing this becomes a valu­able con­tri­bu­tion to the rich com­mu­ni­ty of exist­ing IT and infos­ec pros.

Weekend Reading - March 18, 2016

Blogs / News

Weekend Reading - March 11, 2016

Conference / Meetups

Blogs / News