Can I use an 802.11n USB wireless LAN card to hack the network?

I have an 802.11n USB wireless LAN card and I would like to know if this is what hackers use to hack the network. I am starting with Ethical Hacking and I have little knowledge about wireless adapters. Tell me if this can be used to hack?

More information about the device:
clan king 802.11n wlan lan card
cc series

apache2: correct website from outside LAN, but not accessible from inside

I am hosting a private instance of Nextcloud on a Raspberry PI on my network. In the DNS records of the public domain I also have an A record for a subdomain that points to my public (and relatively constant) IP address (let's call it nc.sample.com for the purposes of this question). My router is configured to forward port 443 to my RasPI.

Now the very strange thing is the following:

When I am on my cell phone (not connected to my WLAN) I can access https://nc.sample.com without any problem.

When I connect the cell phone to the WLAN (or from any other computer on my network) I can access https: //, but not https://nc.sample.com!

Usually, you would expect things to go differently, but now I am quite lost, since I have never experienced this problem before.

c ++ – Authentication for multiplayer LAN games

I am working on the authentication scheme for a multiplayer game using only C ++ and SLD2.

It is a role-playing game with a kind of complicated character group / permadeath scheme, and the world instances are destined to be hosted by the players. Therefore, it is important that players have exclusive access to control their characters. I want players to be allowed to save the current status of a global multiplayer instance, close it and return to it later, or set up their own dedicated global instance so that they and their friends join / leave / meet at will. The characters of absent players will simply not be present in the world until their creator returns

The servers will be hosted by player computers. I don't plan on setting this up with a dedicated identity server or punch, so players will only play with people they connect intentionally. I don't want to deal with encryption, so I don't plan to require passwords to log in. I suppose that since there is no formal or encrypted identity server, passwords can do more harm than good. The names of player characters will change over the course of the game, and I don't necessarily care if two players have the same username.

Here is my current authentication strategy:

When a player creates an account in his game instance, the account will only consist of a username and a UUID generated (randomly) automatically. The username and UUID will be stored in an SQLite file that the user can copy to any computer with this game installed and access their unique account. The username and a naive hash UUID will be stored in a connection log on each server that the player connects to (so that the server can assign them to the correct character when they log in again). I recognize that this means that programmers who know what they are doing will be able to hack each other's accounts, but I am not convinced that I should really worry about that in the case of this particular game.

Here are my questions:

  • Is copying the file too much to expect from users who want to change computers?
  • Can you think of any potential problems with this, apart from what I have already pointed out?
  • Is there a better (common) way to achieve what I am trying to do?

Thank you!

algorithms: synchronization of video playback on LAN through UDP (without master, same HW and SW)

I have devices that play video files from your local disk based on a predefined playlist (each device plays exactly the same movie in the same order, each device knows in advance what videos will be played and how long they last). There is no master device, they are all the same (although there is a server, but it is only used to download video files for the first time and can be on a completely different network, and does not play any video).

All devices are exactly the same (all hardware is identical and the operating system (linux) too)
I am using a custom video player based on the GStreamer library (in Qt).

I want to synchronize video playback between all these devices on the same local area network (through UDP packets). I am trying to find the best solution for my circumstances. I tried to do it so that the devices periodically send a package "I am alive" through the UDP transmission, and before starting the video they send a package "I am ready" with a predefined number that other devices decrease periodically (so if a device loses power, for example, the number will drop to 0, if you return there will be a resynchronization). If all devices are ready, they all start playing. There are some small differences, but it is acceptable.

Here are my main points regarding synchronization:

  1. I cannot use a clock synchronized with NTP, because the devices often work on a severed network that does not have access to any NTP server. Even if they had, I think NTP is not a good way to do this (not really synchronized). This also prevents me from using any kind of timestamps, since they can be totally different on each device (they have an RTC module, but in case the battery runs out there will be differences)
  2. I can pause / search the video as needed, but I prefer not to search for the video during playback because that would produce a strange effect.
  3. In case any device is delayed (or restarted), the videos must be synchronized again
  4. I can't do video streaming (I already tried it, it produces many other problems, like artifacts and it doesn't really produce perfect synchronization)
  5. There is (at least there should not be) any visible space between the videos, they are played one after another in a continuous loop.
  6. There is no audio involved, so it is not necessary to synchronize it.

What are your ideas to achieve this?

iptables – Limiting access of Lan Openvpn

I have had some problems to limit LAN access to my clients on my openvpn server. Currently the client can access the entire network. I've been playing with the “ client configuration directory & # 39; & # 39; but I can't seem to make it work properly.

I want the client to only be able to access 10.10.0.118

Here is my server.conf

#Server.Conf



port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
;client-to-client
;duplicate-cn
keepalive 10 120
#tls-auth 
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

customer settings

client
;dev tap
dev tun
;proto tcp
proto udp
remote xx.xx.xx.xxx 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
;mute-replay-warnings
#ca ca.crt
#cert client.crt
#key client.key
remote-cert-tls server
#tls-auth ta.key 1
cipher AES-256-CBC
verb 3
;mute 20

ip routes

default via 10.10.1.1 dev eth0 proto dhcp src 10.10.1.128 metric 100 
10.8.0.0/24 via 10.8.0.2 dev tun0 
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 
10.10.1.0/24 dev eth0 proto kernel scope link src 10.10.1.128 
10.10.1.1 dev eth0 proto dhcp scope link src 10.10.1.128 metric 100 

CCD FILE

ifconfig-push 10.10.0.118 10.8.0.0/24

I am quite new to networks and I have been using numerous guides, but I cannot make this last part work.

Exit after initializing the connection

Mon Feb  3 16:57:18 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Mon Feb  3 16:57:18 2020 TCP/UDP: Preserving recently used remote address: (AF_INET)XX.XX.XX.XXX:1194
Mon Feb  3 16:57:18 2020 Socket Buffers: R=(212992->212992) S=(212992->212992)
Mon Feb  3 16:57:18 2020 UDP link local: (not bound)
Mon Feb  3 16:57:18 2020 UDP link remote: (AF_INET)XX.XX.XX.XXX:1194
Mon Feb  3 16:57:18 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Feb  3 16:57:18 2020 TLS: Initial packet from (AF_INET)XX.XX.XX.XXX:1194, sid=59c69af5 b1a2a0d0
Mon Feb  3 16:57:18 2020 VERIFY OK: depth=1, C=UK, ST=UK, L=London, O=XXX, OU=XXX, CN=XXX, name=server, emailAddress=XXX
Mon Feb  3 16:57:18 2020 VERIFY KU OK
Mon Feb  3 16:57:18 2020 Validating certificate extended key usage
Mon Feb  3 16:57:18 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Feb  3 16:57:18 2020 VERIFY EKU OK
Mon Feb  3 16:57:18 2020 VERIFY OK: depth=0, C=UK, ST=UK, L=XX, O=XXX, OU=XX LMF, CN=server, name=server, emailAddress=XXX
Mon Feb  3 16:57:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Mon Feb  3 16:57:18 2020 (server) Peer Connection Initiated with (AF_INET)XX.XX.XX.XXX:1194
Mon Feb  3 16:57:19 2020 SENT CONTROL (server): 'PUSH_REQUEST' (status=1)
Mon Feb  3 16:57:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM'
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: timers and/or timeouts modified
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: --ifconfig/up options modified
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: route options modified
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: peer-id set
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Feb  3 16:57:19 2020 OPTIONS IMPORT: data channel crypto options modified
Mon Feb  3 16:57:19 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Feb  3 16:57:19 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Feb  3 16:57:19 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Feb  3 16:57:19 2020 ROUTE_GATEWAY 192.168.140.254/255.255.255.0 IFACE=wlp1s0 HWADDR=2c:6e:85:ed:49:19
Mon Feb  3 16:57:19 2020 TUN/TAP device tun0 opened
Mon Feb  3 16:57:19 2020 TUN/TAP TX queue length set to 100
Mon Feb  3 16:57:19 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Feb  3 16:57:19 2020 /sbin/ip link set dev tun0 up mtu 1500
Mon Feb  3 16:57:19 2020 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Mon Feb  3 16:57:19 2020 /sbin/ip route add XX.XX.XX.XXX/32 via 192.168.140.254
RTNETLINK answers: File exists
Mon Feb  3 16:57:19 2020 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Feb  3 16:57:19 2020 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Mon Feb  3 16:57:19 2020 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Mon Feb  3 16:57:19 2020 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Mon Feb  3 16:57:19 2020 GID set to nogroup
Mon Feb  3 16:57:19 2020 UID set to nobody
Mon Feb  3 16:57:19 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Feb  3 16:57:19 2020 Initialization Sequence Completed

If someone could guide me in the right direction, it would be much appreciated.
Thanks in advance.

ip: the domain name cannot be used to access the mail server from an external LAN

Thanks for the help with my latest post, it was able to work well. Now I have another problem …

I have a DNS registration configuration that points mail.melia.tech to my public IP address

I have an MX DNS record configuration that points melia.tech to mail.melia.tech (so you can receive emails to addresses on the user@melia.tech form).

From within the LAN, I can use mail.melia.tech with Thunderbird and write in my browser to access the Citadel web interface. I have ports 80, 110 and 25 sent to the internal IP of my server.

However, I have problems accessing this mail server from outside my LAN. I cannot access the server using mail.melia.tech. I can only use my public IP address!

If I want to access the Citadel interface from my phone, for example, in a mobile data network, I need to use the public IP in Safari, and as an incoming and outgoing mail server in the Mail application. If I try to use the domain name, Safari tells me that the server does not exist.

I appreciate the help in advance, let me know if you need more information or if I could change my post to make it easier to find a solution.

Type of LAN and WAN connections

I've been reading about http (s), ftp, sftp, ssh, … and I'm a little confused about the particular use regarding wan / lan.

Is there any classification of the most common ways to transfer / access data between devices on LAN and WAN? Comparing them would be a good starting point to understand them.

linux: response packet on the same interface as the LAN entry

Currently, I am struggling with the following scenario:

  • I have a server with 2 interfaces on 2 separate LAN subnets. IF1, IF2
  • I have a laptop that has an IP address of the first subnet
  • When I try to connect from this particular laptop to the second IP address of the server, I receive no response.

For example, when I try to ping 172.31.196.185 from the laptop with IP 172.31.190.129, I can see incoming requests in tcpdump on the ens224 interface, but there is no response request on any other interface after that.

Here is my network diagram:

       +-------------------------+
       |                         |
       |  Laptop 172.31.190.129  +---------+
       |                         |         |
       +-------------------------+         |
                                           |                 +-------------------------+
                                           |                 |                         |
                               +-----------+---------+       |       Linux Server      |
                          +----+                     |       |                         |
                          |    | LAN 172.31.190.0/23 +-------+ IF1  -  default gw      |
                   +------+--+ |                     |       | 172.31.190.63           |
    +----------+   |         | +---------------------+       |                         |
    | Internet +---+ Gateway |                               |                         |
    +----------+   |         | +---------------------+       |                         |
                   +------+--+ |                     |       |                         |
                          |    | LAN 172.31.196.0/23 +-------+ IF2                     |
                          +----+                     |       | 172.31.196.185          |
                               +---------------------+       |                         |
                                                             |                         |
                                                             |                         |
                                                             +-------------------------+

Also, I have this script:

IF1=ens160
IF2=ens224

P1_NET=172.31.190.0/23
P2_NET=172.31.196.0/23

IP1=172.31.190.63
IP2=172.31.196.185

P1=172.31.190.1
P2=172.31.196.1

ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

ip rule add from $P1_NET dev $IF1 table T1
ip rule add from $P2_NET dev $IF2 table T2

What is written according to this link: https://lartc.org/howto/lartc.rpdb.multiple-links.html

I have tried many different ways of doing a policy-based routing in my case, but nobody succeeded …

networks: brave browser synchronization over LAN does not respond

I have asked this on the Brave site but there is no answer there.

I am testing the Brave browser and I have problems with the synchronization function that, as I understand it, synchronizes the configuration and references of all the devices connected to the synchronization chain.

However this is not working.

For this attempt, I use two machines connected to a small LAN. These machines communicate through SSH, NFS, telnet, etc. so that there are no communication problems at the top.

  • On the first machine I create the chain and receive a passcode;
  • The dialog box turns on "Searching for device", it seems stuck there after half an hour.
  • On the second machine, I open the synchronization dialog box and paste the key into it. The "Verify" button is clicked, but there is no other answer.

Secure file replication between LAN and DMZ

Our support staff established a remote access connection from jumphosts that are isolated within a DMZ. To provide support, they need project files (up to a few GB in size) that are stored on a file server within our LAN. Currently, the transfer is always done manually, which is time consuming.

Therefore, we think about replicating the files from LAN to DMZ. As I discovered, from a security perspective, it seems to be the best practice to initiate a shipment from the internal file server to the DMZ file server. But the files must also be changed on DMZ hosts. So how about transferring data back?

We plan to start an extraction from the internal LAN server. How does this look from a security point of view? Is there any other way to establish a two-way file replication between DMZ and LAN that can be considered as the best practice?

BR