Tuesday 4 October 2022

What are Types of hackers? free cybersecurity course.

Types of hackers

Who is a Hacker?

A hacker is basically a person who has highly skilled in information technology. Hacker uses their technical skills to overcome an obstacle or sometimes even achieve a goal within a computerized system and networks. However, nowadays, the term hacker is always associated with a security hacker – someone who is always on the lookout for ways to acquire and exploit sensitive personal, financial and organizational information, which is otherwise not accessible to them. Legitimate figures often use hacking for legal purposes.

{A hacker has knowledge of computer networking, programming, cryptography, database, and other information technologies. for hacking, there is no particular syllabus. normally ethical hacker in the industry works in the scenario to save the data of the company from the hacker, finds bugs in the system, and inform the developer in a company. }

we can classify hackers into different categories such as white hat, black hat, and grey hat, based on their intention of hacking systems we differentiate. These different terms come from the Western style. where a bad guy wears a black cowboy hat and a good guy wears a white hat.

White hat hackers

White hat hackers are also known as ethical hackers and they are professionals with expertise in cybersecurity. They are authorized by the company and certified to hack the systems. They hack systems from the loop to find weaknesses in the system. They never intend to harm the system, rather than try to find out weaknesses in a computer or a network system as a part of penetration testing and vulnerability assessments. well, Ethical hacking is not illegal actually it is one of the most demanding jobs available in the IT Industry. many companies hire ethical hackers for penetration testing and vulnerability assessments. ethical hackers' job is to protect the system network from hackers.

Black hat hackers.

Black hat hackers are highly skilled and knowledgeable in computer networks with the wrong intention. Black hat hackers hack another system to steal private data or destroy the system. They use the stolen data to profit themselves and sell them on the black market or harass their target company. As the intentions of the hacker make the hacker a criminal.

Grey hat hackers

The Gray hat hacker falls between the black and white hat hackers or we can say Grey hat hackers are a blend of both black and white hat hackers. Grey hat hackers are not certified hackers like white hat hackers. Keep in mind the intention behind hacking decides the types of hackers. If the intention is to gain personal data without permission this considers a gray hat hacker. Well, they act without malicious intent but for their fun, they exploit a security weakness in a computer system or network without the owner's permission or knowledge. Their aim is not to rob people and not want to help the owner, their intent is to bring the weakness to the attention of the owners and get appreciation or a little bounty from the owners or find fun in hacking.

Red hat hacker

Red hat hackers are again a blend of both black hat and white hat hackers, they are usually on the top level of hacking government agencies: top secret information hub, and generally anything that falls under the category of sensitive information. The difference between red hat hackers and white hat hackers is that the process of hacking through intention remains the same. Red hat hackers are very ruthless when dealing with black hat hackers or counteracting malware.

Blue hat hackers

A blue hat hacker is someone computer security consulting firm who is used to bug-test a system prior to its launch, they look for loopholes that can be exploited and try to close these gaps. Microsoft also uses the term blue hat to represent a series of security briefing events.

Script kiddies

Script kiddies is a non-expert who breaks into computer systems by using a pre-packaged automated tool written by others, in other words, they try to hack the system with scripts from other fellow hackers. usually with little understating of the underlying concept, hence the term kiddies.

Hacktivist

A hacktivist is a hacker who utilizes technologies to announce a social, ideological, religious, or political message. These types of hackers intend to hack government websites. They pose themselves as activists, so known as a hacktivist. In general, most hacktivist involves website defacement or denial of service attacks.

Neophyte

A neophyte, “noob”, or green hat hacker is someone who is new to hacking or phreaking and has almost no knowledge or experience of the working of technology and hacking.

Sunday 17 July 2022

What is ASA firewall security zones? How to configure security zones?

By default, Cisco routers permit and forward all the packets they receive if the route is matched in their routing table. In case we want to restrict some routes.

We have to configure some access lists but if we have a lot of access-list rules this becomes a nightmare to configure on each interface.

From the above diagram, our router has two incoming access-list to deny some routes from the host's LAN. And also, our router has two access-list to prevent some routes from the internet WAN from entering our LAN network. its means we have to apply an access list to four interfaces in order to protect our LAN network. there is another solution that is better is called a security zone with an ASA firewall.

let's see the example of how a security zone works.

As you can see above, we have two security zones.

1. INSIDE: which is our LAN network.

2. OUTSIDE: Which is our WAN network (internet)

These security zones have two simple rules.

The ASA interface has been assigned to the correct security zone. Security zones have two simple rules:

Traffic coming from a high-security level to a lower security level should be permitted.

The traffic coming from a lower security level to a high-security level is should be denied.

Security levels –

The ASA interface is by default in routed mode, operating at layer 3.

ASA firewall interfaces are assigned security level which is numbers between 0 to 100. The higher number, the more trust in the network connected to the ASA firewall.

Earlier we have seen some names like INSIDE, OUTSIDE, or DMZ

Also, note that we can assign names to the ASA interface like inside, outside, or DMZ. As soon as we assign these names to an interface, it automatically assigns a security level to itself. For example, if we have assigned a name inside an interface, it will assign 100 (Security level) to itself i.e most trusted network. If we assign the name Outside or DMZ or any other name to an interface, it will assign security level 0 automatically. These are default values and can be changed.

It is a good practice to give a security level of 100 (maximum) to inside (most trusted network), 0(least) to outside (untrusted or public network), and 50 to DMZ (organization public device network).

Note –
It is not mandatory to assign a name (INSIDE, OUTSIDE, or DMZ) to the ASA interface but it is good practice to assign these names as they are simple and meaningful.

Our LAN is our trusted network, which would have a high-security level. The WAN is untrusted so it will have a low-security level. This means that traffic from our LAN > WAN will be permitted. Traffic from the WAN to our LAN will be denied. Since the firewall is stateful, it keeps track of outgoing connections and will permit the return traffic from our LAN.

If you want to make an exception and permit traffic from the WAN to the LAN then this can be accomplished with an access list.

Most companies will have one or more servers that should be reachable from the Internet. Perhaps a mail or web server. Instead of placing these on the INSIDE, we use a third zone called the DMZ (Demilitarized Zone).

DMZ security level is between INSIDE and OUTSIDE.

Traffic coming from INSIDE going to OUTSIDE is permitted.

Traffic coming from DMZ going to OUTSIDE is permitted.

Traffic coming from INSIDE going to DMZ is permitted.

Traffic coming from DMZ to going to INSIDE is denied.

Traffic is coming from OUTSIDE going to INSIDE is denied.

In order to provide full connectivity between DMZ and OUTSIDE we will use access list which only permits traffic to the IP or port numbers. If something happened to one of our servers (hacked), our inside network will still secure.

Let’s see the configurations: -

Topology:-

Goal:

configure the topology as per the diagram

configure IP address to their ports

configure gig1/1 to outside zone

configure gig1/3 to the inside zone

configure gig 1/2 to DMZ

ciscoasa(config)#interface gigabitEthernet 1/1

ciscoasa(config-if)#nameif outside

INFO: Security level for "outside" set to 0 by default.

ciscoasa(config-if)#ip address 192.168.30.1 255.255.255.0

ciscoasa(config-if)#no shutdown

ciscoasa(config-if)#exit

ciscoasa(config)#interface gigabitEthernet 1/3

ciscoasa(config-if)#nameif inside

INFO: Security level for "inside" set to 100 by default.

ciscoasa(config-if)#ip address 192.168.10.1 255.255.255.0

ciscoasa(config-if)#no shutdown

ciscoasa(config-if)#exit

ciscoasa(config)#interface gigabitEthernet 1/2

ciscoasa(config-if)#nameif dmz

INFO: Security level for "dmz" set to 0 by default.

ciscoasa(config-if)#ip address 192.168.20.1 255.255.255.0

ciscoasa(config-if)#no shutdown

ciscoasa(config-if)#security-level 50

ciscoasa(config-if)#exit

FROM SERVER

Router(config)#interface fastEthernet 0/0

Router(config-if)#ip address 192.168.30.2 255.255.255.0

Router(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#exit

FROM PC

C:\>IPCONFIG

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::2E0:B0FF:FECD:EE09

IP Address......................: 192.168.10.3

Subnet Mask.....................: 255.255.255.0

Default Gateway.................: 192.168.10.1

Bluetooth Connection:

Link-local IPv6 Address.........: ::

IP Address......................: 0.0.0.0

Subnet Mask.....................: 0.0.0.0

Default Gateway.................: 0.0.0.0

ciscoasa#show ip address

System IP Addresses:

Interface Name IP address Subnet mask Method

GigabitEthernet1/1 outside 192.168.30.1 255.255.255.0 CONFIG

GigabitEthernet1/2 dmz 192.168.20.1 255.255.255.0 DHCP

GigabitEthernet1/3 inside 192.168.10.1 255.255.255.0 unset

Current IP Addresses:

Interface Name IP address Subnet mask Method

GigabitEthernet1/1 outside 192.168.30.1 255.255.255.0 CONFIG

GigabitEthernet1/2 dmz 192.168.20.1 255.255.255.0 DHCP

GigabitEthernet1/3 inside 192.168.10.1 255.255.255.0 unset

ciscoasa#ping 192.168.10.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/11/25 ms

ciscoasa#ping 192.168.20.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/6/16 ms

ciscoasa#ping 192.168.30.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.30.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/10/20 ms

Wednesday 8 June 2022

What is ASA firewall? How to configure Adaptive Security Appliance?

Introduction to firewalls

The firewall is a barrier between LAN and WAN networks (trusted and untrusted networks), we configure the firewall in the forwarding path of the network so each packet have to be checked by our firewall.

There are two kinds of firewalls one is software firewalls just like preinstalled with Microsoft Windows. The second one is the hardware firewall which we are going to see.

From the above diagram, we have LAN with two host PC and a cisco switch. On the other hand, you can see a router that is connected to the ISP for an internet connection. We place our firewall in between to protect our LAN network.

Stateless and stateful filtering.

You can use a router as a firewall but it's not a good choice because most the router does not spend much time on filtering, the router checks the access list for the port number source and destination IP address if it matches in the entry of access-list router is going to permit or deny the packet and router do not keep track of the packet this is called stateless filtering but the firewall uses stateful filtering, the firewall keeps track of all incoming and outgoing connections.

ASA (Adaptive Security Appliance) is a cisco security device that combines the classic firewall with VPN, IPS (Intrusion Prevention System), and antivirus capabilities. ASA is capable of providing threat defense before most of the attacks spread into our LAN network.

I think we have done enough talking rest of the theory we will see in the next section.

let's see how to configure: -

Topology: -

Goal:

Configure the topology as per the diagram
Assign an IP address to the ASA interface
Configure nameif to the ASA interface
Configure the security level to the interface
Configure hostname to ASA Firewall
Configure password

ciscoasa>enable

Password:

ciscoasa(config)#interface gigabitEthernet 1/1

ciscoasa(config-if)#ip address 10.1.1.2 255.0.0.0

ciscoasa(config-if)#no shutdown

ciscoasa(config-if)#nameif inside

ciscoasa(config-if)#security-level 100

ciscoasa(config-if)#exit

ciscoasa(config)#hostname ASA-Firewall

ASA-Firewall(config)#enable password internetworks

ASA-Firewall(config)#username Admin password internetworks

ASA-Firewall(config)#end

Friday 3 June 2022

What is Route Leaking? How to configure Leak-Map?

The leak-map name keyword configures the stub router to advertise selected EIGRP-learned routes which are not ordinarily advertised. The name refers to a route map that matches one or more ACLs or prefix lists and permits the matched subnets or addresses to be leaked.

The EIGRP Stub feature is very useful when we want to prevent unnecessary EIGRP queries and want to filter a few routes that we advertise but when we want to configure our EIGRP router as a stub and still we want to make an exception to some routes (network) to advertise this is possible with the help of Leak-map.

In summary route-

Whenever we configure our EIGRP summary route, all the networks within the range of our summary are no longer advertised on interfacing the only this is left is a summary route, but we want to advertise some networks separately next to our summary route this can also be done with summary leak-map. Let's see how to configure the leak map.

Topology: -

Goal:

Configure the topology as per the diagram.
Assigning the IP addresses to their interfaces.
Configure EIGRP 1234 on all the routers.
Configure EIGRP STUB connected on router 3.
Configure Leak-Map on router 3 with the exception that network 192.168.32.1 network only advertises to all the routers.

R1(config)#interface serial 4/0

R1(config-if)#ip address 1.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface loopback 0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R2(config)#interface serial 4/1

R2(config-if)#ip address 2.2.2.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface loopback 0

R2(config-if)#ip address 20.1.1.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R3(config)#interface serial 4/0

R3(config-if)#ip address 1.1.1.2 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/1

R3(config-if)#ip address 2.2.2.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/2

R3(config-if)#ip address 3.3.3.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R4(config)#interface fastEthernet 2/1

R4(config-if)#ip address 192.168.32.1 255.255.255.0

R4(config-if)#no shutdown

R4(config-if)#no keepalive

R4(config-if)#exit

R4(config)#interface serial 4/2

R4(config-if)#ip address 3.3.3.2 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface fastEthernet 0/0

R4(config-if)#ip address 192.168.30.1 255.255.255.0

R4(config-if)#no shutdown

R4(config-if)#no keepalive

R4(config-if)#exit

R4(config)#interface fastEthernet 2/0

R4(config-if)#ip address 192.168.31.1 255.255.255.0

R4(config-if)#no shutdown

R4(config-if)#no keepalive

R4(config-if)#exit

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Serial4/0 1.1.1.1 YES manual up up

Loopback0 10.1.1.1 YES manual up up

R2#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Serial4/1 2.2.2.2 YES manual up up

Loopback0 20.1.1.1 YES manual up up

R3#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Serial4/0 1.1.1.2 YES manual up up

Serial4/1 2.2.2.1 YES manual up up

Serial4/2 3.3.3.1 YES manual up up

R4#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.30.1 YES manual up up

FastEthernet2/0 192.168.31.1 YES manual up up

FastEthernet2/1 192.168.32.1 YES manual up up

Serial4/2 3.3.3.2 YES manual up up

R1(config)#router eigrp 1234

R1(config-router)#network 0.0.0.0 255.255.255.255

R1(config-router)#no auto-summary

R1(config-router)#exit

*Jun 2 23:22:30.379: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.2 (Serial4/0) is up: new adjacency

R2(config)#router eigrp 1234

R2(config-router)#network 0.0.0.0 255.255.255.255

R2(config-router)#no auto-summary

R2(config-router)#exit

*Jun 2 23:52:39.419: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.1 (Serial4/1) is up: new adjacency

R3(config)#router eigrp 1234

R3(config-router)#network 0.0.0.0 255.255.255.255

R3(config-router)#no auto-summary

R3(config-router)#exit

*Jun 2 23:52:43.191: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is resync: summary configured

*Jun 2 23:52:40.287: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is up: new adjacency

R4(config)#router eigrp 1234.

R4(config-router)#network 0.0.0.0 255.255.255.255

R4(config-router)#no auto-summary

R4(config-router)#exit

*Jun 3 00:14:00.539: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.1 (Serial4/2) is up: new adjacency

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Serial4/0

D 2.0.0.0/8 [90/2681856] via 1.1.1.2, 00:04:44, Serial4/0

D 192.168.31.0/24 [90/2684416] via 1.1.1.2, 00:00:14, Serial4/0

D 3.0.0.0/8 [90/2681856] via 1.1.1.2, 00:03:45, Serial4/0

D 192.168.30.0/24 [90/2684416] via 1.1.1.2, 00:00:14, Serial4/0

D 20.0.0.0/8 [90/2809856] via 1.1.1.2, 00:04:43, Serial4/0

C 10.0.0.0/8 is directly connected, Loopback0

D 192.168.32.0/24 [90/2684416] via 1.1.1.2, 00:00:14, Serial4/0

R3(config)#router eigrp 1234

R3(config-router)#eigrp stub ?

connected Do advertise connected routes

leak-map Allow dynamic prefixes based on the leak-map

receive-only Set IP-EIGRP as receive only neighbor

redistributed Do advertise redistributed routes

static Do advertise static routes

summary Do advertise summary routes

<cr>

R3(config-router)#eigrp stub connected

*Jun 3 00:15:23.055: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is down: peer info changed

*Jun 3 00:15:23.055: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is down: peer info changed

*Jun 3 00:15:23.063: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is down: peer info changed

R3(config-router)#

*Jun 3 00:15:26.391: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is up: new adjacency

*Jun 3 00:15:26.443: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is up: new adjacency

*Jun 3 00:15:26.955: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is up: new adjacency

R3(config-router)#exit

R3(config)#router eigrp 1234

R3(config-router)#eigrp stub connected leak

R3(config-router)#eigrp stub connected leak-map Route-Leak

*Jun 3 00:16:53.475: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is down: peer info changed

*Jun 3 00:16:53.483: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is down: peer info changed

*Jun 3 00:16:53.487: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is down: peer info changed

*Jun 3 00:16:54.003: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is up: new adjacency

R3(config-router)#exit

*Jun 3 00:16:54.783: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is up: new adjacency

R3(config-router)#exit

R3(config)#route-map Route-Leak

R3(config-route-map)#match ip address 1

R3(config-route-map)#exit

*Jun 3 00:18:07.935: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is resync: route configuration changed

*Jun 3 00:18:07.935: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is resync: route configuration changed

*Jun 3 00:18:07.939: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is resync: route configuration changed

R3(config)#access-list 1 permit 192.168.32.0 0.0.0.255

*Jun 3 00:18:51.583: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is down: route configuration changed

*Jun 3 00:18:51.599: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is down: route configuration changed

*Jun 3 00:18:51.603: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is down: route configuration changed

*Jun 3 00:18:52.079: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 2.2.2.2 (Serial4/1) is up: new adjacency

*Jun 3 00:18:52.735: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 1.1.1.1 (Serial4/0) is up: new adjacency

*Jun 3 00:18:55.883: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1234: Neighbor 3.3.3.2 (Serial4/2) is up: new adjacency

R1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 1.0.0.0/8 is directly connected, Serial4/0

D 2.0.0.0/8 [90/2681856] via 1.1.1.2, 00:00:09, Serial4/0

D 3.0.0.0/8 [90/2681856] via 1.1.1.2, 00:00:09, Serial4/0

C 10.0.0.0/8 is directly connected, Loopback0

D 192.168.32.0/24 [90/2684416] via 1.1.1.2, 00:00:08, Serial4/0

R1#ping 192.168.32.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/32/36 ms

R1#traceroute 192.168.32.1

Type escape sequence to abort.

Tracing the route to 192.168.32.1

1 1.1.1.2 8 msec 8 msec 12 msec

2 3.3.3.2 16 msec 12 msec 24 msec

R1#traceroute 192.168.32.1

Type escape sequence to abort.

Tracing the route to 192.168.32.1

1 1.1.1.2 40 msec 20 msec 20 msec

2 3.3.3.2 16 msec 32 msec 40 msec

R2#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D 1.0.0.0/8 [90/2681856] via 2.2.2.1, 00:00:19, Serial4/1

C 2.0.0.0/8 is directly connected, Serial4/1

D 3.0.0.0/8 [90/2681856] via 2.2.2.1, 00:00:19, Serial4/1

C 20.0.0.0/8 is directly connected, Loopback0

D 192.168.32.0/24 [90/2684416] via 2.2.2.1, 00:00:16, Serial4/1

R2#ping 192.168.32.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/27/36 ms

R2#ping 192.168.31.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.31.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R3#show ip protocols

Routing Protocol is "eigrp 1234"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Default networks flagged in outgoing updates

Default networks accepted from incoming updates

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

EIGRP stub, connected, leak-map Route-Leak

Redistributing: eigrp 1234

EIGRP NSF-aware route hold timer is 240s

Automatic network summarization is not in effect

Maximum path: 4

Routing for Networks:

0.0.0.0

Routing Information Sources:

Gateway Distance Last Update

2.2.2.2 90 00:48:15

1.1.1.1 90 00:48:12

3.3.3.2 90 00:48:11

Distance: internal 90 external 170

Friday 20 May 2022

What is BGP Backdoor? How to configure BGP Backdoor?

BGP backdoor it’s a well-known feature of the BGP which is used to change the AD (administrative distance) of eBGP. By default, external BGP (eBGP) has an administrative distance value of 20 with the help of a backdoor command you can set 200 AD. If two routing protocols provide route information for the same destination the administrative distance is the first criterion that a router uses to determine which routing protocol to use for the best path. The lowest AD value is a more reliable protocol and link.

Why do we need to change eBGP AD?

Whenever our router learns about a network (prefix) through eBGP and also with an IGP protocol like OSPF EIGRP or RIP then our router always chooses the Ebgp route because Ebgp uses an administrative distance value of 20 so our router by default prefers eBGP over EIGRP AD 90, RIP AD 120, OSPF AD 110.

In some scenarios this becomes a problem let’s see the configuration.

Topology:

Goal:

configure the topology as per the diagram.
assign the IP addresses
configure EIGRP 100 on router 1 and router 3
advertise the interfaces
configure eBGP peering between router 1 and 2
configure eBGP peering between router 2 and router 3
make sure router 1 gets the 192.168.30.1 route from serial 4/3 link via EIGRP.
configure backdoor in order to get 192.168.30.1 route via serial link 4/3 from router 3.

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#no keepalive

R1(config-if)#exit

R1(config)#interface serial 4/2

R1(config-if)#ip address 3.3.3.2 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#interface loopback 0

R1(config-if)#ip address 192.168.10.1 255.255.255.255

R1(config-if)#no shutdown

R1(config-if)#exit

R2(config)#interface serial 4/0

R2(config-if)#ip address 1.1.1.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface serial 4/1

R2(config-if)#ip address 2.2.2.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

R2(config)#interface fastethernet 0/0

R2(config-if)#ip address 20.1.1.1 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#no keepalive

R2(config-if)#exit

R2(config)#interface loopback 0

R2(config-if)#ip address 192.168.20.1 255.255.255.255

R2(config-if)#no shutdown

R2(config-if)#exit

R3(config)#interface serial 4/1

R3(config-if)#ip address 2.2.2.2 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#exit

R3(config)#interface serial 4/2

R3(config-if)#ip address 3.3.3.1 255.0.0.0

R3(config-if)# no shutdown

R3(config-if)#exit

R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#no shutdown

R3(config-if)#no keepalive

R3(config-if)#exit

R1(config)#router eigrp 100

R1(config-router)#network 192.168.10.0

R1(config-router)#network 3.0.0.0

R1(config-router)#exit

*May 20 13:40:19.679: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 3.3.3.1 (Serial4/2) is up: new adjacency

R1(config)#router bgp 6111

R1(config-router)#neighbor 1.1.1.2 remote-as 6100

R1(config-router)#network 192.168.10.1 mask 255.255.255.255

R1(config-router)#network 10.0.0.0

R1(config-router)#exit

R1(config)#end

*May 20 13:43:29.459: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up

R2(config)#router bgp 6100

R2(config-router)#neighbor 1.1.1.1 remote-as 6111

R2(config-router)#network 192.168.20.1 mask 255.255.255.255

R2(config-router)#neighbor 2.2.2.2 remote-as 6333

R2(config-router)#exit

20 13:43:29.531: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

R3(config)#router eigrp 100

R3(config-router)#network 3.0.0.0

R3(config-router)#network 192.168.30.0

R3(config-router)#exit

*May 20 13:40:19.663: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 3.3.3.2 (Serial4/2) is up: new adjacency

R3(config)#router bgp 6333

R3(config-router)#neighbor 2.2.2.1 remote-as 6100

R3(config-router)#network 30.0.0.0

R3(config-router)#network 192.168.30.1 mask 255.255.255.255

R3(config-router)#exit

R3(config)#end

*May 20 13:42:50.559: %BGP-5-ADJCHANGE: neighbor 2.2.2.1 Up

R3#show ip route 192.168.10.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.10.0/32 is subnetted, 1 subnets

B 192.168.10.1 [20/0] via 2.2.2.1, 00:02:03

( as can see from the above output router 3 is getting (R1) 192.168.10.1 route from route via serial 4/0 to serial 4/1 {2.2.2.1} R2. because of the lower AD value of eBGP )

Let's see on router 1 from where it's getting 192.168.30.1 network

R1#show ip route 192.168.30.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.30.0/32 is subnetted, 1 subnets

B 192.168.30.1 [20/0] via 1.1.1.2, 00:01:44

( router 1 is also installing 192.168.30.1 network from router 1 because of lower AD of eBGP)

We need to fix this with help of the BGP backdoor command.

R1(config)#router bgp 6111

R1(config-router)#network 192.168.30.1 mask 255.255.255.255 backdoor

R1(config-router)#exit

R3(config)#router bgp 6333

R3(config-router)#network 192.168.10.1 mask 255.255.255.255 backdoor

R3#show ip route 192.168.10.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.10.0/32 is subnetted, 1 subnets

D 192.168.10.1 [90/2297856] via 3.3.3.2, 00:38:02, Serial4/2

( as you can see after applying the backdoor command now our routers installing a new path)

A backdoor network is treated as a local network, except that it is not advertised.

R1#show ip route 192.168.30.1 longer-prefixes

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.30.0/32 is subnetted, 1 subnets

D 192.168.30.1 [90/2297856] via 3.3.3.1, 00:02:17, Serial4/2

Wednesday 4 May 2022

What is ARP (Address Resolution Protocol)? How ARP works?

What is ARP (Address Resolution Protocol)?

ARP (Address Resolution Protocol) it’s a communication protocol. Networking devices used for discovering MAC (media access control) addresses, associate with an IPv4 address (internet layer address), and map the MAC addresses to IPv4 addresses this mapping is done dynamically and stored in the ARP cache. ARP works between layer 2 and layer 3 of the OSI because the MAC address exists on the data link layer and the IP address exists on the network layer.

How does ARP work?

Whenever a fresh PC (computer) connects to LAN, it will assign an IP address statically or dynamically to use for identity and for communication. When an incoming packet destined for a host machine on a particular LAN arrives at a gateway, the gateway is going to ask ARP for a MAC address that matches the IP address. There is a table called ARP cache in this table ARP mapping record. Whenever a host asks for a MAC address in order to send a packet to another host in the LAN, ARP looks it the cache to see if their IP to MAC mapping translation is already stored. If it’s already stored then no need for ARP broadcast but if there is no translation stored then ARP sends a request for the network address (does anybody knows this IP address)

ARP sends broadcast a request packet to all the hosts on the LAN network and asks is there any host using this particular IP address please let me know. When a host recognizes oh it’s my IP address it will immediately send a unicast reply so ARP can update and store it in the cache table and now communication can proceed.

What happens if the host (machine) doesn’t know its own IP address?

In this situation, RARP (Reverse ARP) protocol is used for discovery. next chapter we are going to see proxy ARP and RARP.

What is ARP cache?

ARP cache is a table where mapping or translation is stored. The size of the ARP cache is limited and from time to time cleansed its entire entries to free its space. Mappings are stored for a few minutes. ARP frequently updates when a host changes their requested IP address.

ARP Commands

we used arp -a command to display the ARP table. It shows all the entries of the ARP cache or table.