Cybersecurity student holed up in NYC during the pandemic. Stubborn hobbyist. Chromebook enthusiast. Quintessential middle child. Privacy nerd. Sole admin of a very DIY public hotspot.
1,321 words
jeremypetersen.link

Time to Learn VLANs

A buddy of mine is moving somewhere with slow internet, so I'll be inheriting the hosting duties of his media server. Since it will be public facing, and my current home router only allows for wireless network segmentation, I decided to pick up an edge router.

Here's a chart of the current home network, sans personal devices. We're up to five routers now!




Back Online

So stoked that the red.libre routers have Uboot.

My journey down the networking road started with a spotty usb LTE modem and a travel router I bricked after a few months. I still have both, but from what I gather the debricking process involves a serial interface and cracking the case open.

Thankfully, for my current screw-ups all that's required is a button push and an ethernet cable.

Still not sure what went wrong; after flashing a fresh firmware image, the old Wifi SSID popped up and I was able to access the admin login without problem. It wasn't until I power cycled it that it completely reinitialized.

From there, it was simply a matter of double checking the DHCP settings and reentering the VPN configuration. Linux is such a well-oiled machine.

Both of my Chromebooks are still out for the count; apparently they don't like recovery images made on macOS. To make things worse, Chromebook Recovery Utility doesn't run on Linux. I've had problems with specific USB drives being spotty, so I'll have to try a few more before I go all in on blaming Apple (and staying mad at Google).

For a victory lap, I installed Arch for the first time on an old Craigslist desktop. I put off trying Arch for at least 3 years, so I'm very excited take it out for a spin. It's mind-blowing how quick the installation process was.

Hoping to build out a visual representation of the current network setup. I want to experiment with running services behind the VPN; maybe a chat server?

Double Crash

I noticed that the network had been running slower than expected the past few days, and today had ground to a complete halt. I rebooted the OpenWrt router to be met with the LED message that something was off. I took the access point down until I could further diagnose the issue.

Immediately after, my Chromebook failed to boot due to Chrome OS being missing or damaged. I'm sure this is a coincidence, but I feel paranoid nonetheless. Although I took many preliminary steps to harden and segment the public facing components from the rest of my home network, I haven't been terribly vigilant about updates or logging. Making these automated and consolidated is now a top priority.

The OpenWrt router is almost 3 years old and by no means a substantial piece of hardware. This may be a decent excuse to upgrade the infrastructure.

Some goals ordered by increasing ambitiousness:

  • Diagnose the OpenWrt router / get it back online
  • Learn some basic CSS and get this blog looking sprucy
  • Create a rudimentary status dashboard for the network
  • Automate email notifications for log events
  • Consolidate log streams into Splunk or something similar
  • Find the ethical balance between security and privacy

Cert Life

Out of the hundreds of security certifications to set my eyes on, I've narrowed my current pursuits down to four:

Lacking any formal education prior to my bootcamp experience, I hope these will be enough to bring me up to speed.

A Working List of Formative Software in Roughly Linear Order

-A Peanuts MS-DOS floppy disk game
-Freddy Fish
-Windows Media Player
-Limewire
-Limewire Pro, downloaded via Limeware
-iTunes running on Windows XP
-Zune
-Runescape
-Myspace
-Facebook
-Tumblr
-Dropbox (Beta)
-StumbleUpon
-Something that let me join all my IM software under the umbrella of Google Talk
-Chrome (Beta)
-A pirated version of a Spiderman game
-Spotify (Beta)
-Firefox
-Flux
-Google Voice
-Linux Mint
-Gimp
-Darkroom
-Something that let me play Star Wars Galactic Battlegrounds against other people online
-Instagram
-------ROOter by Of Modems and Men-------
-OpenWRT
-Debian
-StandardNotes
-User-Agent Switcher
-Signal
-GalliumOS
-Nano
-Ublock Origin
-Decentraleyes
-Mr Chromebox
-Chromebook Recovery Utility
-Resurrection Remix OS
-LineageOS
-Discord
-F-Droid
-Aurora Store
-Micro-G
-Dimmer
-Nextcloud
-Manyverse
-Amaze
-ZeroTier
-OpenVPN
-Wireguard
-i3
-ProtonVPN
-Raspbian
-Pihole
-DNSCrypt
-Docker
-Unbound
-Manjaro Linux
-X2Go
-Grav
-Dark Reader
-Atom
-Hubzilla
-Mastodon
-Riot
-Conversations
-Delta Chat
-Bitwarden
-Fakespot
-fruux
-Jitsi
-Shelter
-Netguard
-Mullvad
-ErgData
-Jellyfin
-Duet
-Kodi
-Connection Forwarder
-Proxy SwitchyOmega
-------------------Kali Linux------------------
-Python
-wget
-curl
-dig
-git
-Vim
-Nmap
-Nikto
-Wireshark
-Burp
-Hydra
-John the Ripper
-Metasploit
-Autorecon
-Xclip
-Snort
-Splunk

My Ever Evolving Increasingly Whacky Kali Setup

***REDACTED***

Until I can successfully replicate what I thought I had pulled off, this space is reserved.

In short:

  • VirtualBox wasn't cutting it on my old MacBook
  • I exhausted the trial periods for both VMware and Parallels
  • QEMU seemed too much to stomach at the moment
  • So I turned to my trusty Chromebook Pixel:
    • I created a Kali LXC Container
    • Forwarded incoming SSH connections to it
    • Installed X2go server in the container
    • Installed X2go client on my MacBook utilizing XQuartz
    • I piped the desktop environment between devices for an exhilarating experience
    • Keyboard input disappeared almost immediately
  • I returned to Virtualbox but switched to a more resource-efficient desktop environment
  • I'm happy for now

Black Lives Matter

I decided to postpone my OSCP exam, for the simple fact that I would rather go to protests. Someone mentioned a 93% fail rate for the exam. Whether or not that's accurate, I don't want to look back at this time and see myself indoors, half-heartedly studying for something I'm underprepared to attempt. On a different timeline, it would be fun to give it a go for the experience alone. But I'm not willing to let this week slip by in the name of fun.

Today I was in a crowd addressed by politicians who told us New York would repeal 50-A tomorrow. We were assured that this will happen, citing the 40 democrats who take up the 63 senate seats in Albany as proof. We've been waiting for justice for Eric Garner for six years. They've held that hopeful majority for a year and a half. We will have to keep marching, regardless.

Note 1329

This is the start of something new. It's been years since I've written consistently, and I can already feel how tinny the words are coming out. On paper this is supposed to be about branding---my brand, specifically. But I will need to get warmed up before we get to any of that.

I'm a cybersecurity bootcamper living in Manhattan two months into the COVID-19 quarantine. I only know how much time has passed because one of my roommates is keeping track. By other metrics, we had at least one day of snow since the lockdown. I'm now running my air conditioner at 10pm.

Hopefully this gets easier.

red.libre Launch

24 Hours after launching the public wifi, I've had 19 unique devices utilize the network. Here are some rudimentary stats about the types of devices:

  • 1 HTC
  • 1 LG
  • 2 Samsung
  • 1 Amazon
  • 14 Apple

For some reason this is what I expected by way of limiting the channel to 5Ghz. From my anecdotal experience, more iPhone's have a 5Ghz radio compared to Androids. This may also be completely a demographic factor.

Amazing how quickly people can find and trust an open channel. Due to my multiplicitous inexperiences, this seems to be a bit of a forever project that I will be working on for a while. Here are some major goals:

1) Create a monitoring station to analyze bandwidth usage and record events
2) Build a proper captive portal page in both English and Spanish
3) Build an informational website for red.libre
4) More thoroughly document the process thus far, standardize steps

Here's some immediate troubleshooting:

1) My old windows laptop isn't able to pull up the captive portal over ethernet
2) ProtonVPN currently can't connect over the network, even with the firewall disabled