mark hess | THE TOOLSHED

Icon

On the Wild Woolly Web, insightful and timely open-source intelligence analysis is critical for maintaining the necessary situational awareness to stay ahead of emerging security threats. Mark Hess' BEHIND THE LINES covers trends, tactics and strategies, combined with third-party research, speculations, real-time cyberintelligence assessments, and the occassional conspiracy theory.

June 29, 2010 • 1:22 pm 0

Configure EIGRP

What do you need to know about EIGRP?

Before you configure EIGRP, there are some things you should know about it first. Here they are:

  • EIGRP is the Enhanced Interior Gateway Routing Protocol.
  • EIGRP is a Cisco proprietary routing protocol based on their original Interior Gateway Routing Protocol.
  • EIGRP can only be used on networks where all routers are Cisco routers.
  • The administrative distance for EIGRP is 90 and 170 for internal and external EIGRP, respectively.

What features does EIGRP offer?

  • Automatic redistribution of routes between IGRP and EIGRP.
  • Ability to turn off and on EIGRP and IGRP on individual interfaces of the router.
  • Fast network convergence thanks to EIGRP’s DUAL algorithm (convergence is when all routers know about all the networks that every other router is offering).
  • Incremental Updates that save network bandwidth and speed convergence.
  • Reduced router CPU load, as compared to IGRP.
  • EIGRP uses neighbor discovery to find and keep track of neighboring routers. Neighbor discovery uses multicast IP and is not tied to whether or not the the IP network is properly configured.
  • EIGRP prevents routing loops on the network
  • Supports variable length subnet masks (VLSM)
  • Automatic Route Summarization

How do you configure EIGRP in the Cisco IOS?

To configure EIGRP in the Cisco IOS, just follow these steps:

1.  Set the bandwidth on your interfaces using the bandwidth command

Router (config-if)# bandwidth XX

(where XX signify the bandwidth of the WAN connection)

2.  Start the EIGRP routing process and specify your AS number

Router (config)# router eigrp AS

Where the “AS” in the above-mentioned command stands for Autonomous System number. This number should be the same on all routers.

3.  Once you are through this stage, next step is to instruct the router in order to advertise the networks that are directly linked to it. You can do it with the help of command

Router (config-router)# network X.X.X.X

Where X.X.X.X is the network id of a network that is linked directly to the router. You should enter this command for each network directly attached to the router. However, you can, in a single statement, enter the supernet of a group of subnets. When you do that, the router will automatically identify the subnets.

Optionally, you can configure the amount of WAN link bandwidth that an EIGRP router will use with this command:

Router(config-if)# ip bandwidth-percent eigrp XX

Once EIGRP is configured, you can check the status using the show ip route and show ip eigrp commands. Here are some examples:

Router# show ip route

207.71.26.0/28 is subnetted, 1 subnets D 207.71.26.128 [90/8199936] via 10.6.199.1, 1w1d, Serial0/0 10.0.0.0/8 is variably subnetted, 217 subnets, 4 masks D 10.110.100.0/30 [90/6535936] via 10.6.199.1, 5w1d, Serial0/0

Notice the “D” on the left side of the output. All “D” routes are EIGRP routes.

There are a number of show ip eigrp xxxx commands. Here is an example of the “neighbors” version:

Router# show ip eigrp neighbors

IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 10.6.199.1 Se0/0 11 5w1d 20 282 0 887645 Router#

Summary

While some of you might say that EIGRP is past its prime or has been replaced by OSPF, it remains an excellent routing protocol and is the protocol of choice in most enterprise networks today.

For a more granular insight into EIGRP, visit Cisco IOS IP Configuration Guide, Release 12.2 – Configuring EIGRP.

Filed under: Cisco, Network, Routing, , , ,

June 28, 2010 • 3:15 pm 0

Load Balancer vs. Reverse Proxy

Load Balancer

A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase capacity (concurrent users) and reliability of applications. They improve the overall performance of applications by decreasing the burden on servers associated with managing and maintaining application and network sessions, as well as by performing application-specific tasks.

Load balancers are generally grouped into two categories: Layer 4 and Layer 7. Layer 4 load balancers act upon data found in network and transport layer protocols (IP, TCP, FTP, UDP). Layer 7 load balancers distribute requests based upon data found in application layer protocols such as HTTP.

Requests are received by both types of load balancers and they are distributed to a particular server based on a configured algorithm. Some industry standard algorithms are:

* Round robin
* Weighted round robin
* Least connections
* Least response time

Layer 7 load balancers can further distribute requests based on application specific data such as HTTP headers, cookies, or data within the application message itself, such as the value of a specific parameter.

Load balancers ensure reliability and availability by monitoring the “health” of applications and only sending requests to servers and applications that can respond in a timely manner.

Reverse Proxy

A reverse proxy is a device or server placed in front of a Web server. Incoming requests are handled by the proxy sever, which retrieves information from the Web server and then forwards it to the user. A reverse proxy can also be deployed to handle SSL acceleration, load balancing, intelligent compression, and caching.

Filed under: Network, ,

November 16, 2009 • 3:32 pm 0

CIDR Conversion

 CIDR Conversion / IP Addressing Management

CIDR Length Masks # Networks # Hosts
  /1 128.0.0.0 128 A     2,147,483,392  
  /2 192.0.0.0 64 A     1,073,741,696  
  /3 224.0.0.0 32 A     536,870,848  
  /4 240.0.0.0 16 A     268,435,424  
  /5 248.0.0.0 8 A     134,217,712  
  /6 252.0.0.0 4 A   67,108,856  
  /7 254.0.0.0 2 A   33,554,428  
  /8 255.0.0.0 1 A     16,777,214  
  /9 255.128.0.0 128 B   8,388,352  
  /10 255.192.0.0 64 B   4,194,176  
  /11 255.224.0.0 32 B   2,097,088  
  /12 255.240.0.0 16 B   1,048,544  
  /13 255.248.0.0 8 B   524,272  
  /14 255.252.0.0 4 B   262,136  
  /15 255.254.0.0 2 B   131,068  
  /16 255.255.0.0 1 B   65,024  
  /17 255.255.128.0 128 C   32,512  
  /18 255.255.192.0 64 C     16,256  
  /19 255.255.224.0 32 C     8,128  
  /20 255.255.240.0 16 C     4,064  
  /21 255.255.248.0 8 C     2,032  
  /22 255.255.252.0 4 C     1,016  
  /23 255.255.254.0 2 C     508  
  /24 255.255.255.0 1 C     254  
  /25 255.255.255.128   2 subnets   124  
  /26 255.255.255.192   4 subnets   62  
  /27 255.255.255.224   8 subnets   30  
  /28 255.255.255.240   16 subnets   14  
  /29 255.255.255.248 32 subnets   6  
  /30 255.255.255.252 64 subnets   2  
  /31   255.255.255.254     none   none
  /32 255.255.255.255   1/256 C 1  

 

A network is called a supernet when the prefix boundary contains fewer bits than the network’s natural (i.e. classful) mask. A network is called a subnet when the prefix boundary contains more bits than the network’s natural mask.

Examples

209.60.128.0 is a class C network address with a natural mask of /24.

209.60.128.0 /22 is a supernet which yields:

209.60.128.0 /24
209.60.129.0 /24
209.60.130.0 /24
209.60.131.0 /24

192.0.0.0 /25
Subnet    Host Range
  0        192.0.0.1      -  192.0.0.126
  1        192.0.0.129  -  192.0.0.254

192.0.0.0 /26
Subnet Host Range
0 192.0.0.1 – 192.0.0.62
1 192.0.0.65 – 192.0.0.126
2 192.0.0.129 – 192.0.0.190
3 192.0.0.193 – 192.0.0.254

192.0.0.0 /27
Subnet Host Range
0 192.0.0.1 – 192.0.0.30
1 192.0.0.33 – 192.0.0.62
2 192.0.0.65 – 192.0.0.94
3 192.0.0.97 – 192.0.0.126
4 192.0.0.129 – 192.0.0.158
5 192.0.0.161 – 192.0.0.190
6 192.0.0.193 – 192.0.0.222
7 192.0.0.225 – 192.0.0.254

 Reserved Network Numbers

Class Start End # Hosts Comment
  A   10.0.0.0   10.255.255.255   16,777,216   a single Class A network number
  B   172.16.0.0   172.31.255.255 1,048,544   16 contiguous Class B network numbers
  C   192.168.0.0     192.168.255.255   65,534   256 contiguous Class C network numbers  

Filed under: Network, ,

November 13, 2009 • 7:29 am 0

OSI Model

Layer Name Common Protocols
7 Application SSH, telnet, FTP
6 Presentation HTTP, SMTP, SNMP
5 Session RPC, Named Pipes, NETBIOS
4 Transport TCP, UDP
3 Network IP
2 Data Link Ethernet
1 Physical Cat-5

 

The functions of the seven layers of the OSI model are:

Layer Seven of the OSI Model

The Application Layer of the OSI model is responsible for providing end-user services, such as file transfers, electronic messaging, e-mail, virtual terminal access, and network management. This is the layer with which the user interacts.

Layer Six of the OSI Model

The Presentation Layer of the OSI model is responsible for defining the syntax which two network hosts use to communicate. Encryption and compression should be Presentation Layer functions.

Layer Five of the OSI Model

The Session Layer of the OSI model is responsible for establishing process-to-process commnunications between networked hosts.

Layer Four of the OSI Model

The Transport Layer of the OSI model is responsible for delivering messages between networked hosts. The Transport Layer should be responsible for fragmentation and reassembly.

Layer Three of the OSI Model

The Network Layer of the OSI model is responsible for establishing paths for data transfer through the network. Routers operate at the Network Layer.

Layer Two of the OSI Model

The Data Link Layer of the OSI model is responsible for communications between adjacent network nodes. Hubs and switches operate at the Data Link Layer.

Layer One of the OSI Model

The Physical Layer of the OSI model is responsible for bit-level transmission between network nodes. The Physical Layer defines items such as: connector types, cable types, voltages, and pin-outs.

Filed under: Network,

November 13, 2009 • 3:38 am 0

Common ports

20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH (Secure Shell)
23 Telnet
25 SMTP (Send Mail Transfer Protocol)
43 whois
53 DNS (Domain Name Service)
68 DHCP (Dynamic Host Control Protocol)
79 Finger
80 HTTP (HyperText Transfer Protocol)
110 POP3 (Post Office Protocol, version 3)
115 SFTP (Secure File Transfer Protocol)
119 NNTP (Network New Transfer Protocol)
123 NTP (Network Time Protocol)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP (Lightweight Directory Access Protocol)
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)
666 Doom
993 SIMAP (Secure Internet Message Access Protocol)
995 SPOP (Secure Post Office Protocol)

Ports between 1024 and 29151 are known as the Registered Ports. Basically, programs are supposed to register their use of these ports and thereby try to be careful and avoid stomping on each other. Here are some common ports and their programs.

1243 SubSeven (Trojan – security risk!)
1352 Lotus Notes
1433 Microsoft SQL Server
1494 Citrix ICA Protocol
1521 Oracle SQL
1604 Citrix ICA / Microsoft Terminal Server
2049 NFS (Network File System)
3306 mySQL
4000 ICQ
5010 Yahoo! Messenger
5190 AOL Instant Messenger
5632 PCAnywhere
5800 VNC
5900 VNC
6000 X Windowing System
6699 Napster
6776 SubSeven (Trojan – security risk!)
7070 RealServer / QuickTime
7778 Unreal
8080 HTTP
26000 Quake
27010 Half-Life
27960 Quake III
31337 BackOrifice (Trojan – security risk!)

Filed under: Network, ,

 

June 2012
M T W T F S S
« Jun    
 123
45678910
11121314151617
18192021222324
252627282930  

Meta

Blogroll

Follow

Get every new post delivered to your Inbox.