শুক্রবার, ২৫ নভেম্বর, ২০১১

Resetting Password of Cisco Switch:

Resetting Password of Cisco Switch:
1. Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch.
Use the following terminal settings:
· Bits per second (baud): 9600
· Data bits: 8
· Parity: None
· Stop bits: 1
· Flow Control: Xon/Xoff
2. Unplug the power cable.
3. Power the switch and bring it to the switch: prompt:
For 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches, do this:
Hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch.
Catalyst Switch Series
LED Behavior and Mode Button Release Action
2900XL, 3500XL, 3550
Release the Mode button when the LED above Port1x goes out.
2940, 2950
Release the Mode button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.
2960, 2970
Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.
3560, 3750
Release the Mode button after approximately 15 seconds when the SYST LED turns solid green. When you release the Mode button, the SYST LED blinks green.
For 2955 series switches only:
The Catalyst 2955 series switches do not use an external mode button for password recovery. Instead the switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm running on Windows 2000 uses Ctrl + Break. On a workstation running UNIX, Ctrl-C is the break key.
4. Issue the flash_init command.
5. Issue the load_helper command.
6. Issue the dir flash: command.
Note: Make sure to type a colon ":" after the dir flash.
7. Type rename flash:config.text flash:config.old to rename the configuration file.
8. Issue the boot command to boot the system.
9. Enter "n" at the prompt to abort the initial configuration dialog.
10. At the switch prompt, type en to enter enable mode.
11. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.
12. Copy the configuration file into memory by copy flash:config.text system:running-config
13. Overwrite the current passwords that you do not know. Choose a strong password with at least one capital letter, one number, and one special character.
Note: Overwrite the passwords which are necessary. You need not overwrite all of the mentioned passwords.
14. Write the running configuration to the configuration file with the write memory command.
এর দ্বারা পোস্ট করা এই সময়ে কোন মন্তব্য নেই:
লেবেলসমূহ: , , ,

শনিবার, ১৯ নভেম্বর, ২০১১

Several type attack and mitigation by ACL

VLAN Hopping attack :


In simple words, VLAN Hopping attack, invloves an attacker using a double-encapsulated 802.1Q frames to manipulate the switch operation. As the double-tagged frame enters the switch, switch performs only one level of decapsulation. For better understanding, we use an example:

The attacker sends a double-tagged 802.1Q frames to switch. The outer header has the VLAN of the attacker, which is the same as the native VLAN of the trunk port.(For the purpose of this example, assume VLAN 5). The inner tag is the victim VLAN, VLAN 10.

The frame arrives on the switch, which looks at the first 4-byte 802.1Q tag. The switch sees that the frame is destined for VLAN 5 and sends it out on all VLAN 5 ports(including the trunk), because there is no CAM table entry. At this point the second tag is still intact and has not been inspected by the first switch.

The frame arrives at the second switch but has no knowledge that is was supposed to be for VLAN 5 (native vlan is not tagged by the sending switch as specified in the 802.1Q specification)

The second switch looks at only the 802.1Q tag(the former inner tag that the attacker sent) and sees that the frame is destined for VLAN 10 (the victim VLAN). The second switch sends the packet on to the victim port or floods it, depending on whether there is an existing CAM table entry for the victim host.

HOW TO MITIGATE :

1) if no trunking is required on an interface, disable trunking :
Switch(config-if)# switchport mode access

2) If trunking is necessary, enable it but prevent DTP frames from being generated:
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport nonegotiate

3) if the trunking is required, set the native VLAN on the trunk to an unused VLAN.
Switch(config-if)#switchport trunk native vlan

NOTE : There is no way to execute these kind of attacks unless the switch is misconfigured.


Smurf Attack :

Smurf attack consists of large numbers of ICMP packets sent to a router subnet broadcast address using a spoofed source IP address from the same subnet. You need to use a ACL which blocks all IP packets originating from any host destined for the subnet broadcast addresses. [The router here has a subnet: 16.2.1.0/24]

============================

Router(config)# access-list 110 deny ip any host 16.2.1.255 log

Router(config)# access-list 110 deny ip any host 16.2.1.0 log

Router(config)# access-list 110 permit ip any any

Router(config)# interface e0/0

Router(config)# ip access-group 110 in

Router(config) end

==============================

NOTE : In Cisco IOS Release 12.0 or later, there is a command “no ip directed-broadcast” which is enabled by default and prevents this type of attack. Then you may not need to learn and apply this ACL!!


Mitigating DoS attack by ACL


Considering you know about DoS attacks and their behavior, we take a look at ACLs that can mitigate this kind of attack. The interesting! point about DoS attacks is they can be prevented but can’t be stopped if they have begun. Here we talk about some known tools and the way we can counteract them. These tools include : Trin00, Stacheldraht, Trinity v3, Subseven. Below you can see the tools and their respective ports:

Trin00: TCP/1524- TCP/27665- UDP/27444- UDP/31335

Stacheldraht : TCP/16660- TCP/65000- ICMP/echo- ICMP/echo-reply

Trinity V3: TCP/33270- TCP/6667

Subseven : TCP/2222- TCP/6669- TCP/range 6711 6712- TCP/6776- TCP/7000

We choose “Trinity V3″. The router here has two interfaces, e0/0, e0/1

=============================

Router(config)# access-list 180 deny tcp any any eq 33270 log

Router(config)# access-list 180 deny tcp any any eq 6667 log

Router(config)# access-list 180 permit ip any any

Router(config)#interface e0/0

Router(config)# ip access-group 180 in

Router(config)# end

Router(config)# interface e0/1

Router(config)# ip access-group 180 in

Router(config)# end

=============================

NOTE : we bound the ACL to “in” direction.
এর দ্বারা পোস্ট করা এই সময়ে কোন মন্তব্য নেই:
লেবেলসমূহ: , ,
এতে সদস্যতা: পোস্টগুলি (Atom)