Posts Tagged ‘video’
Configuring PPP over Frame-Relay
Written by jlgaddis on August 4, 2009 – 10:45 pm -I made a quick video showing how to configure PPP over frame-relay. Well, I went a bit farther than that. Here’s the topology:
First, we create two loopbacks on each router, then create a PPP connection between R1 and R3 and another between R1 and R4. Just for fun, we then throw OSPF into the mix, advertising all networks, and verify that we can ping throughout the network.
Tags: cisco, labs, networking, ospf, video | No Comments »
Using a GPO to set killbits for MS KB 972890 and 973472 domain-wide
Written by jlgaddis on July 13, 2009 – 7:34 pm -In case you haven’t been paying attention lately, Microsoft has recently released a couple of security advisories: 972890 and 973472.
Both of them are bad news — unpatched vulnerabilities allowing remote code execution. Microsoft has also stated in each of the security advisories:
We are aware of attacks attempting to exploit the vulnerability.
That’s bad news. At this time I’m writing this, the Internet Storm Center is already reporting more than two million infections in China alone.
While there are currently no patches, Microsoft has published workarounds for these issues. They involve setting a grand total of 47 killbits of Class Identifiers. This might be okay if you have only one PC and a couple hours to kill. For those of us who work in large organizations with hundreds or thousands of PCs, that’s just not feasible.
I have posted two administrative templates that can be used in group policy objects (GPOs) to automate this. They can be downloaded here:
For those who may not be used to using their own administrative templates to push out registry settings like this, I’ve recorded a video for you. I hope it’s helpful!
- If your screen isn’t “wide” enough, you can watch the video here instead.
Tags: hacking, internet, microsoft, security, video | 3 Comments »
Even quicker packet capture data extraction using Wireshark
Written by jlgaddis on July 13, 2009 – 12:28 am -A couple hours ago, Jeremy Stretch posted an article entitled “Quick and dirty packet capture data extraction” in which he shows how one can extract a JPEG image from a packet capture containing the HTTP stream.
Stretch’s method uses “foremost” to recover the original file which works, but… there’s an even quicker way to do it. Actually, just like with Perl, TMTOWTDI.
I made two videos showing how to extract files from data streams within Wireshark. Instead of embedding them in this post, I’m linking to them instead as they are quite large (resolution wise).
- Video 1: Extracting objects from HTTP streams (shows how to extract the same JPEG from the same capture)
- Video 2: Extracting a PDF from an HTTP stream (shows how to extract a PDF file from a different capture)
Hopefully this will be helpful to some others, it definitely has been to me. Thanks to Jeremy Stretch for the idea, and the guys who taught my SANS Comprehensive Packet Analysis (SEC 556) class for originally showing me how to do it!
Tags: hacking, labs, networking, open-source, security, software, video | 1 Comment »
Configuring MD5 Authentication for BGP Peers
Written by jlgaddis on July 10, 2009 – 4:32 am -I got an e-mail recently from a reader who asked me about how to set up MD5 authentication between a pair of BGP peers, so I thought I’d do a quick write-up and example.
Setting up MD5 authentication is really simple. For our example, we’ll use a pair of routers connected over their serial 0/0 interfaces:
In addition to the addressing information in the diagram:
- we’ll configure R5’s loopback 0 interface with IP address 5.5.5.5/24,
- we’ll configure R7’s loopback 0 interface with IP address 7.7.7.7/24,
- we’ll advertise both of those networks in BGP,
- R5 is in AS 65005 and R7 is in AS 65007, and
- we’ll use a password of “8F3NHBrisX”.
This is nearly identical to a previous write-up, “Configuring Basic BGP“, with the authentication added in.
First, let’s configure the loopback 0 interfaces:
R5# configure terminal R5(config)# interface loopback 0 R5(config-if)# ip address 5.5.5.5 255.255.255.0
R7# configure terminal R7(config)# interface loopback 0 R7(config-if)# ip address 7.7.7.7 255.255.255.0
Now bring up the connection between R5 and R7:
R5(config)# interface serial 0/0 R5(config-if)# ip address 172.16.57.5 255.255.255.0 R5(config-if)# no shutdown
R7(config-if)# interface serial 0/0 R7(config-if)# ip address 172.16.57.7 255.255.255.0 R7(config-if)# no shutdown
Make sure we have connectivity:
R5(config-if)# do ping 172.16.57.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.57.7, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Now we can begin configuring BGP. R5 will be in AS 65005, advertise the 5.5.5.0/24 network, and peer with 172.16.57.7 (AS 65007) using our password “8F3NHBrisX”:
R5(config-if)# router bgp 65005 R5(config-router)# network 5.5.5.0 mask 255.255.255.0 R5(config-router)# neighbor 172.16.57.7 remote-as 65007 R5(config-router)# neighbor 172.16.57.7 password 8F3NHBrisX
We’ll configure R7 in a similar manner. It is in AS 65007, will advertise the 7.7.7.0/24 network, and peer with 172.16.57.5 (AS 65005) using the same password:
R7(config-if)# router bgp 65007 R7(config-router)# network 7.7.7.0 mask 255.255.255.0 R7(config-router)# neighbor 172.16.57.5 remote-as 65005 R7(config-router)# neighbor 172.16.57.5 password 8F3NHBrisX
We’ll see the BGP adjacency come up…
R7(config-router)# *Mar 1 00:05:31.191: %BGP-5-ADJCHANGE: neighbor 172.16.57.5 Up
…and can see that we’re exchanging routes:
R7(config-router)# do show ip route bgp
5.0.0.0/24 is subnetted, 1 subnets
B 5.5.5.0 [20/0] via 172.16.57.5, 00:01:07
We should now be able to ping loopback to loopback:
R7(config-router)# do ping 5.5.5.5 source 7.7.7.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Here’s the whole thing, from start to finish:
Tags: bgp, ccnp, cisco, labs, networking, video | 2 Comments »
Configuring Frame Relay, Part 4
Written by jlgaddis on July 8, 2009 – 4:30 am -Alright, we’ve finally made it to the last of the four-part series on configuring frame-relay. If you haven’t been following along, you may want to check out part one, part two, and part three before continuing.
In part four, we’ll continue on where we left off in part three. Our topology is shown here:
OSPF over frame-relay presents some unique challenges, depending on just how your frame-relay network is architected. Ours is pretty straightforward — we have a simple hub-and-spoke network (R1/R2/R3) as well as a point-to-point connection (R1/R4). We need full reachability between all of these routers, so it’s time to add in some OSPF.
NOTE: Arden Packeer, CCIE 20716 wrote up an excellent five-part series entitled “OSPF Network Types & Frame-Relay Series“. If you’re working with frame-relay and OSPF, I would highly recommend you read them. Because Arden did such a wonderful job (thanks!), I won’t bother repeating what he has already said.
In this article, we’re going to use both point-to-multipoint (R1/R2/R3) and point-to-point (R1/R4) to gain us full reachability throughout our routing domain. I’m a big fan of keeping things simple, and we can accomplish our goal with a minimum of effort.
On all routers, we’ll tell OSPF that we want all interfaces to participate in OSPF (in area 0). On R1, R2, and R3’s serial 0/0 interfaces, we’ll also need to specify that we’re using the point-to-multipoint network type. Let’s configure the routers, starting with R1:
R1# configure terminal R1(config-router)# interface serial 0/0 R1(config-if)# ip ospf network point-to-multipoint R1(config)# router ospf 1 R1(config-router)# network 0.0.0.0 255.255.255.255 area 0
R2# configure terminal R2(config-router)# interface serial 0/0 R2(config-if)# ip ospf network point-to-multipoint R2(config)# router ospf 1 R2(config-router)# network 0.0.0.0 255.255.255.255 area 0
R3# configure terminal R3(config-router)# interface serial 0/0 R3(config-if)# ip ospf network point-to-multipoint R3(config)# router ospf 1 R3(config-router)# network 0.0.0.0 255.255.255.255 area 0
After giving time for the adjacencies to come up, we can verify proper operation on R1:
R1(config-if)# do show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172.16.123.3 0 FULL/ - 00:01:59 172.16.123.3 Serial0/0 172.16.123.2 0 FULL/ - 00:01:34 172.16.123.2 Serial0/0
Now, let’s configure OSPF on R4:
R4# configure terminal R4(config)# router ospf 1 R4(config-router)# network 0.0.0.0 255.255.255.255 area 0
On R4, we should now see routes to all other devices and networks:
R4(config-router)# do show ip route | begin Gateway
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.14.0/24 is directly connected, Serial0/0.14
O 172.16.123.3/32 [110/128] via 172.16.14.1, 00:00:42, Serial0/0.14
O 172.16.123.2/32 [110/128] via 172.16.14.1, 00:00:42, Serial0/0.14
O 172.16.123.1/32 [110/64] via 172.16.14.1, 00:00:42, Serial0/0.14
Let’s verify we have full reachability:
R4(config-router)# do ping 172.16.123.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms R4(config-router)# do ping 172.16.123.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R4(config-router)# do ping 172.16.123.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
Success!
Tags: ccna, cisco, labs, networking, ospf, video | No Comments »
