This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.

CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E


Saturday, February 26, 2011

BackTrack - Wireless

You ever wonder how secure your wireless network really is and whether an intruder can easily gain access; have a look at the presentation below to find out how easy it is to penetrate a wireless network that is not properly secured.

Disclaimer: The techniques in the presentation are to be used on networks that you own and/or have explicit access and permission to perform such activities.


The link below will download the presentation I put together some time ago: 


Give some of the techniques a try and let me know your findings.

BackTrack

BackTrack R2 

Backtrack is the highest rated Linux security distribution used today and is a key piece of arsenal to every security professionals tool belt. I have used Backtrack for many years for the purposes of penetration testing, network security audits, server security audits, and packet analysis just to name a few.

Backtrack is arranged by the following categories (You can use apt-get to get the latest packages)

  • BackTrack
‐
Enumeration
  • BackTrack
‐
Tunneling
  • BackTrack
‐
Bruteforce
  • BackTrack
‐
Spoofing
  • BackTrack
‐
Passwords
  • BackTrack
‐
Wireless
  • BackTrack
‐
Discovery
  • BackTrack
‐
Cisco
  • BackTrack
–
Web
Applications
  • BackTrack
‐
Forensics
  • BackTrack
‐
Fuzzers
  • BackTrack
‐
Bluetooth 
  • BackTrack
‐
Misc
  • BackTrack
‐
Sniffers
  • BackTrack
‐
VOIP
  • BackTrack
‐
Debuggers
  • BackTrack
‐
Penetration
  • BackTrack
‐
Database
  • BackTrack
‐
RFID
  • BackTrack
–
Python4
  • BackTrack
–
Drivers
  • BackTrack
‐
GPU

If you have not had a chance to use BackTrack then download it and give it a try!

Saturday, February 19, 2011

MPLS Scenario

Here is a drawing I put together for MPLS - I was going to configure the scenario and create some troubleshooting scenarios but I have now decided to post it first and let everyone create a working solution.

Once everyone has a chance to create a working solution I will start asking "what ifs"

Feel free to post your solutions



Note: You will not be able to post the entire configuration as I believe there is a limit to the number of characters you can post in the comment field. You can approach it 2 ways

  1. you can email me the solution and I will find a way to post it so everyone can leverage the particular scenario
  2. you can break the solution up by technology. ex: BGP then post MPLS then.......

packets.analyzed@gmail.com

Let me know if this helps with your studies

Sunday, February 13, 2011

Quick Notes - Multicast IPv4 Addressing

Class D - 224.0.0.0 - 239.255.255.255

Special Purpose Ranges

224.0.0.0 - 224.0.0.255 (Reserved link-local)
224.0.2.0 - 238.255.255.255 (Globally Scoped Addresses)
232.0.0.0 - 232.255.255.255 (Source-specific Multicast Addresses)
233.0.0.0 - 233.255.255.255 (GLOP Addresses)
239.0.0.0 - 239.255.255.255 (Administratively Scoped Addresses)

Reserved Link Local
-OSPF 224.0.0.5 and 224.0.0.6
-RIPv2 224.0.0.9
-EIGRP 224.0.0.10
-All multicast hosts 224.0.0.1
-All multicast routers 224.0.0.2

Globally Scoped
-General purpose applications and extends beyond the local AS

Source-Specific Multicast (SSM)
-Used with IGMPv3, allows a host to specify the source of the multicast traffic

GLOP
-Globally unique multicast based on AS numbers

Limited Scope
-Like RFC 1918, this does not leave the AS and is considered a private address range

Quick Notes - QoS - Serialization Delay MLPPP

Mutlilink  PPP fragments traffic by default and this can be leveraged by QOS. To reduce serialization delay perform the following:

Create multilink interface

interface multilink 1
 ip address 1.1.1.1 255.255.255.0
 ppp multilink (this enables fragmentation on the multilink interface)
 ppp multilink interleave (this enables interleaving)
 ppp fragment-delay [delay] (specifies how long the fragment will take to leave the interface in milliseconds)

Assign the virtual template to the physical interface

interface serial 0/0/0
 encapsualtion ppp
 multilink-group 1

R1
__
interface Multilink1
 ip address 1.1.1.1 255.255.255.0
 ppp multilink
 ppp multilink fragment delay 10
 ppp multilink interleave
 ppp multilink group 1
end

interface Serial1/0
 no ip address
 encapsulation ppp
 ppp multilink
 ppp multilink group 1
end

R2
__
interface Multilink1
 ip address 1.1.1.2 255.255.255.0
 ppp multilink
 ppp multilink fragment delay 10
 ppp multilink interleave
 ppp multilink group 1
end

interface Serial1/2
 no ip address
 encapsulation ppp
 ppp multilink
 ppp multilink group 1
end

R2(config-if)#do show ppp multilink

Multilink1, bundle name is R1
  Endpoint discriminator is R1
  Bundle up for 00:01:40, total bandwidth 1544, load 1/255
  Receive buffer limit 12000 bytes, frag timeout 1000 ms
  Interleaving disabled
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 0 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x7 received sequence, 0x7 sent sequence
  Member links: 1 active, 1 inactive (max not set, min not set)
    Se1/0, since 00:01:41, 1930 weight, 1496 frag size
    Vt1 (inactive)
No inactive multilink interfaces

Disabled!! but....... well you have to use a policy map and set the bandwidth.

class-map match-all CMAP
 match any
policy-map PMAP
 class CMAP
  bandwidth 512
interface Multilink1
 service-policy output PMAP

R2(config)#do sh ppp multilink

Multilink1, bundle name is R1
  Endpoint discriminator is R1
  Bundle up for 00:22:25, total bandwidth 1544, load 1/255
  Receive buffer limit 12000 bytes, frag timeout 1000 ms
  Interleaving enabled
    0/0 fragments/bytes in reassembly list
    0 lost fragments, 0 reordered
    0/0 discarded fragments/bytes, 0 lost received
    0x1C received sequence, 0x1C sent sequence
  Member links: 1 active, 1 inactive (max not set, min not set)
    Se1/0, since 00:17:28, 1930 weight, 1496 frag size
    Vt1 (inactive)
No inactive multilink interfaces

Thats better!

Saturday, February 12, 2011

Quick Notes - QOS CB-Shaping

Quick Notes - QoS - Class Based-Shaping

Shape-average - Traffic is sent at the CIR with bursting of Be bits per timing interval.

Shape-peak - Traffic is sent at peak rate. Peak rate - CIR*(1+Be/Bc) - this can result in packet loss.

Example shape-average:



R1(config)#class-map CMAP-FTP
R1(config-cmap)#match protocol ftp
R1(config-cmap)#exit
R1(config)#policy-map PMAP-FTP
R1(config-pmap)#class CMAP-FTP
R1(config-pmap-c)#shape average 512000
R1(config-pmap-c)#bandwidth 256
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1(config)#interface serial 0/0/0
R1(config)#service-policy output PMAP-FTP

This allows the minimum of 256kbps sent with a maximum of 512kbps

Quick Notes - BGP Best Route Selection

BGP Best Route Selection

Once a match is found then the selection process is over

1 - Exclude any route with inaccessible next hop
2 - Prefer highest weight (weight is locally significant)
3 - Prefer highest local preference (globally used in AS)
4 - Prefer routers that were originated by the router
5 - Prefer Shortest AS Path
6 - Prefer lowest origin (IGP, EGP, Incomplete)
7 - Prefer lowest MED (MultiExit Discriminator)
8 - Prefer external paths over internal paths (iBGP)
9 - iBGP path - prefer path through with closest IGP
10 - eBGP path - oldest path
11 - Prefer path with lowest BGP router-id

Monday, February 7, 2011

Carrier Technology

Carrier Technology - I thought I would put a cheat sheet together for some of the carrier technologies used, this is not a comprehensive list but it is a nice start to one. Please feel free to add any technologies to the comment section below.



OC = Optical Carrier - specification for transmission bandwidth using digital signals carried on SONET (Synchronous Optical Networking)
DS = Digital Signal T-Carrier - is a standard in telecommunications in North America and Japan
E = E -carrier - is a standard in telecommunications in Europe and widely used outside of NA and Japan, improves on T-Carrier used in NA and Japan
HSCSD = High-Speed Circuit-Switched Data - faster than GSM  - used in mobile networks
GSM = Global System for Mobile - Worlds most popular standard for mobile networks
EDGE = Enhanced Data rates for GSM Evolution - is considered pre 3G technology - used in mobile networks
UMTS = Universal Mobile Telecommunications System - 3G technology - used in mobile networks
EV-DO =  Evolution-Data Optimized or Evolution-Data only - uses CDMA and TDMA
DSL = Digital Subscriber Line

Quick Notes - OSPF Authentication

OSPF Authentication

-Null, Type 0
-Clear Text, Type 1
-MD5, Type 2
keyid - is used as part of the equation to come up with the MD5 hash, Keyid must be the same on both sides

Note: Ensure that you authenticate virtual links when enabling authentication in area 0

Clear Text

-Under router ospf, "area # authentication"
-Under the interface, "ip ospf authentication-key [password]"

show ip ospf 1 interface
Serial1/2 is up, line protocol is up
  Internet Address 192.168.0.11/24, Area 0
  Process ID 1, Router ID 192.168.0.11, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 192.168.0.14
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled


MD5

-Under router ospf, "area 0 authentication message-digest"
-Under the interface, "ip ospf message-digest-key 1 md5 [password]"


do show ip ospf interface
Serial1/2 is up, line protocol is up
  Internet Address 192.168.0.11/24, Area 0
  Process ID 1, Router ID 192.168.0.11, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 192.168.0.14
  Suppress hello for 0 neighbor(s)
 Message digest authentication enabled
    Youngest key id is 1

Sunday, February 6, 2011

Quick Notes - OSPF LSA Types

LSA Types

Type 1 - Router
Type 2 - Network
Type 3 - Network Summary
Type 4 - ASBR Summary
Type 5 - AS External
Type 7 - NSSA External

Router LSA Type 1 - Includes a list of all routers links and their states. Flooded in the area they are originated in

Network LSA Type 2 - DR produces these LSA on every multi-access network.Includes all routers including the DR. Flooded in the area they are originated in.

Network Summary LSA Type 3 - Generated by ABR and advertises destinations outside of the area. Flooded throughout the AS

ASBR Summary LSA Type 4 - Generated by the ABR, provides a gateway to type 5 LSA. Flooded throughout the AS

AS External LSA Type 5 - Generated bt ASBR, advertises external destinations or a default route to a external destination. Flooded throughout the AS

NSSA External LSA Type 7 - Generated by ASBR in a not-so-stubby area

THE IANA IPV4 Address Free Pool is Now Depleted

Are you getting ready for IPv6?

https://www.arin.net/announcements/2011/20110203.html

http://www.nro.net/news/ipv4-free-pool-depleted

Saturday, February 5, 2011

Quick Notes - NAT (Inside/Outside Local/Global)

If you struggle with what is what in regards to Inside/Outside Local/Global then the following may help.

View it from the following perspectives:
Location of the Packet - LOCAL/GLOBAL
Location of the Device - INSIDE/OUTSIDE

Packet Inside
192.168.0.100 - INSIDE LOCAL
200.200.200.100 - OUTSIDE LOCAL

Packet Outside
200.200.200.1 - INSIDE GLOBAL (this address represents 192.168.0.100)
200.200.200.100 - OUTSIDE GLOBAL

Quick Notes - Layer2 MISC

Layer2 MISC

Loop Guard - Prevents alternate port and root ports from becoming designated ports. IF BPDUs are not received on a NON-DP port then the port is moved into err-disabled state
Global config - "spanning-tree loopguard default"

UDLD - Unidirectional Link Detection
- Both sides need to be configured
- default setting is disabled on copper ports and enabled on fibre ports
Enable on copper ports, interface config - udld enable

Root Guard
- the port that has root guard enabled ensures that if a superior BPDU is received the port is put into "root inconsistent state"
Interface config - "spanning-tree guard root"

BPDU Guard
- Ensures that loops are not formed on ports that are enabled to use portfast, if BPDU is recieved the port is put into error disabled state. Two ways to enable BPDU Guard
Global config - "spanning-tree portfast bpduguard" - All ports that have portfast enabled will also have BPDU guard enabled
Interface config - spanning-tree bpduguard enable"

BPDU Filter
- When enabled globally and a BPDU is received on a port the is enabled with portfast the port loses it portfast status
Global config - "spanning-tree portfast bpdufilter default
-when enabled on the interface the port stops sending and recieveing BPDU. This is dangerous as a loop can form
Interface config - "spanning-tree bpdufilter enable

Quick Notes - RSTP

RSTP 802.1w

States
- Discarding, Learning, and forwarding state

Alternative Port
- backup port to the designated port for fast convergence

Backup Port
- backup port to the root port for fast convergence

BPDUs
- sent every 2 seconds and acts as a keepalive, 3 missed hellos and the portocol information is aged

Implmenting RSTP
- MST automatically enables RSTP - spanning-tree mode mst"
- PVST+ - "spanning-tree mode rapid-pvst"

Quick Notes - STP

STP 802.1D

Portfast
- Ports coming up are put into forwarding states
- TCN are not generated when a port comes up or down

Uplinkfast
- detects a directly connected failure and enables a new root port immediately
- increases the root priority to ensure that the switch will not become the root
- sets the port cost to 3000
- tracks alternate root ports

Backbonefast
- speeds convergence when a failure occurs and is indeireclty located. Reduces convergence from 50 seconds to approx 30 seconds.
- all switches need to bne configured with backbonefast