EdgeRouter Fail2Ban Persistence Through Upgrades

My last post detailed how to install and configure Fail2Ban on a Ubiquiti EdgeRouter to thwart brute force attacks against an OpenVPN server. Unfortunately, programs installed on EdgeRouters do not persist through upgrades because new images overwrite the filesystem. However, using a trick outlined here, we can set up the router to automatically install Fail2Ban and restore the settings.

Continue reading “EdgeRouter Fail2Ban Persistence Through Upgrades”

Mitigating an OpenVPN Brute Force Attack with Fail2Ban on EdgeRouter

Tonight, I noticed numerous attempts from a variety of sources to log in to my OpenVPN server that I run on my EdgeRouter (ER-X-SFP) at home. Unfortunately EdgeRouter doesn’t support any sort of blacklisting for OpenVPN natively, but it does allow the installation of Debian packages.

After playing a bit with Fail2Ban configuration, I’ve configured my router to block these repeated attempts automatically.

Continue reading “Mitigating an OpenVPN Brute Force Attack with Fail2Ban on EdgeRouter”

Home Network DNS Infrastructure

Today, I stumbled upon Pi-hole, a DNS server designed for home deployments to block ads for a network. Unlike Adblock Plus or other browser-based adblockers, this applies to all devices on the network, including phones and tablets. Pi-hole also provides a web GUI with a nice dashboard to visualize your network’s use of the system (depicted below). This pet project cascaded into revisiting DNS across my home networks.

Continue reading “Home Network DNS Infrastructure”

Cisco, the Master Troll (of CCDE Candidates)

This May, I took my CCDE Practical Exam, and didn’t quite realize all the nuances of how the system worked. Until the day before the test, I hadn’t realized that recently Cisco had changed their policy so that they do not report CCDE Practical results upon exiting the test, or even shortly thereafter. CCDE candidates now receive their results 10 to 12 weeks after taking their exam due to new anti-cheating procedures. I’m happy that they’re doing everything they can to combat cheating, but 10 to 12 weeks is a very long time to stress and wonder over a $1600 exam. Also, that timeline is not conducive to taking the exam the next time, since it’s only offered 4 times each year.

Continue reading “Cisco, the Master Troll (of CCDE Candidates)”

Output Filtering IOS Commands with Regular Expressions

Want to navigate Cisco IOS, IOS-XR, and IOS-XE routers faster?  Don’t search through tons of text visually to find specific information.  View just the relevant information by expanding your | include usage to include regex (regular expressions).

Cisco IOS and IOS-XR support filtering output using regular expressions.  Cisco’s documentation on their regular expression format is available here, but we’ll go through some of the fundamentals and some useful tricks.  Regex can be used to find just the specific information you’re looking for from usually long output.

Continue reading “Output Filtering IOS Commands with Regular Expressions”