Use Talos IP Blacklist on your ASA

Create bash script:

#!/bin/bash
    wget -q https://talosintelligence.com/documents/ip-blacklist
    ipblack=( $(cut -d ';' -f2 ip-blacklist ) )
    echo "conf t"
    for ip in "${ipblack[@]}"
        do
        echo "name $ip TALOS_BLACKLIST_$ip"
    done

    echo "no object-group network TALOS_BLACKLIST"
    echo "object-group network TALOS_BLACKLIST"
    for ip in "${ipblack[@]}"
        do
        echo "network-object host $ip"
    done
    echo "!"
    echo "exit"

Run it, copy-paste output to your ASA:

        ./talos-ipblacklist.sh > talos-blacklist.cfg

Source

SSH not working after upgrade

I upgraded ubuntu to focal 20.04 and SSH was unable to negotiate with network devices I tried to ssh on.
Solution was found here, or simpy editing /etc/ssh/ssh_conf by adding following lines to the end of the file:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,umac-64@openssh.com
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss

Reimage/downgrade Firepower FTD 1100/2100

I had some problems while downgrading so here are my steps.

Documentation is not really clear about this, so here are the steps.

  1. from fxos, reformat system
    firepower-2110# connect local-mgmt
    firepower-2110(local-mgmt)# format everything
    All configuration and bootable images will be lost.
    Do you still want to format? (yes/no):yes
  2. enter rommon and boot via tftp
    rommon 1 > address 10.86.118.4
    rommon 2 > netmask 255.255.250.0
    rommon 3 > server 10.86.118.21
    rommon 4 > gateway 10.86.118.1
    rommon 5 > file cisco-asa-fp2k.9.8.2.SPA
    rommon 6 > set
    rommon 7 > sync
    rommon 8 > tftp -b
  3. everything is erased so you have to reconfigure your mgmt interface
    firepower-2110# scope fabric-interconnect a
    firepower /fabric-interconnect* # set out-of-band static ip 10.86.118.4 netmask 255.255.250.0 gw 10.86.118.21
    firepower /fabric-interconnect* # commit-buffer
  4. download image (could not get USB to mount so I used ftp)
    firepower # scope firmware
    firepower /firmware # download image ftp://user@10.86.118.21/cisco-asa-fp2k.9.8.2.SPA
    check status:
    firepower /firmware # show download-task
  5. install image
    look at version you want to install:
    firepower /firmware # show package
    firepower /firmware # scope auto-install
    firepower /firmware/auto-install # install security-pack version
    check status (wait for Update Software Pack Completed):
    firepower /firmware # show
  6. configure ftd/initial configuration
    firepower /firmware # connect ftd

Debian and grub2 password reset

  • In grub boot screen type “e” for edit, and search for line starting with linux – add “init=/bin/bash” at the end
    • linux /boot/vmlinuz-version root=UUID=hex ro quite init=/bin/bash
  • Press CTRL+X to boot and execute following:
    • mount -o remount,rw /
  • enter “passwd” to change root password (or passwd username)
  • execute “sync” and make reboot