Friday, May 28, 2010

V Lecture On OER/PfR - From Ndiaye Malick

Here is a great lecture on another technology under CCIE R&S version 4 lab which still scare students.

http://classroom.internetworkexpert.com/p99701461/ 

Regards,
Deepak Arora

VX Heavens - The virus collection library





I am not sure about you guys if you were ever been interested in virus re-search but there is a friend of mine VIKAS TANEJA who was and still is. He is a very different kind of guy in terms of learning and exploring technologies. He earned his Bachelor in Computer Science and since his collage days he has been involved in understanding and developing virus and anti-virus codes along with stuff of similar nature or stuff that falls under category of Ethical Hacking. So here let me share a website which he told me about once - VX HEAVEN. This website contains lots of collection of virus, worms, trojans etc. I mean if you ever thought to  get into that stuff then you gonna love this. 

Here is a quick URL  - http://vx.netlux.org/

In case you want to know more about Vikas or what kind of stuff he does then please visit - http://annysoft.wordpress.com/

Best Regards,
Deepak Arora

Some More V lecture on CCIE from Gr8 IP Expert

CCIE Service Provider
CCIE Security
CCIE Routing & Switching

Wednesday, May 19, 2010

Some Basic Troubleshooting Tips & Tools

So here I am with my second post today. Again I wanna talk about troubleshooting. I want to share some online troubleshooting tools which I use all the time for better understanding and to find proper cause of the issue. The idea here to list basic troubleshooting which at least every CCNA should know before diving into real world problems. However advance troubleshooting skills requires in depth understanding of technology, proper troubleshooting plan, experience , lots of hands on skills and much more. But ultimately troubleshooting is a science as described by Another great blogger Jeremy here:
http://packetlife.net/blog/2010/mar/10/the-science-of-network-troubleshooting/

lets first talk about some normal network troubleshooting. I guess all of us are very well know about network troubleshooting utilities like "Ping", "traceroute" etc. But before jumping into that I would like to mention here that this blog post will get little longer in every few days as I am gonna add something here and there. Also there are lots of basic troubleshooting needs to be covered which will take time to be documented.


So lets begin with Ping and Traceroute:


I am not gonna cover here about how ping and traceroute works because that will take too long. But here is a quick story of ping:

http://en.wikipedia.org/wiki/Ping

http://ftp.arl.army.mil/~mike/ping.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml 


http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008020a42a.shtml

So it's all good if ping is working fine from Inside network. But what if you want to see if the server inside company is reachable from internet?

And the answer is that there are many websites out there which allows us to run various basic network troubleshooting tests like Ping, Traceroute, DNS Lookup etc. Here are some examples:






Now apart from that sometimes you see under IPS alarms and Firewall Logs the few IP addresses from internet are targeting your network. So what if you want to know who Own that ip address (Source IP).

The simple way to find it is to check "WHO IS" of that IP address. It will tell you the name of the company , Admin , Block of IPs own by them, ISP who assigned it to them etc. You can find lots of info about "who is" over wiki. In short who is tool is part of Ethical Hackers tool belt and gets covered under category of tools called "Foot printing". Here is a another good website URL to find Who Is of an IP address

http://samspade.org/

But let me tell you guys that you can disallow you Static IP information being shown up in who is result by talking to your ISP.


Now lets talk about another common issue like internet is not working or some website is not opening where as everything else is working fine.

Now basically for internet to work properly, make sure following services are enabled to pass through your firewall or IOS based device like - DNS, http, htttps.


If these services are open then there could be many other reasons. The first thing you can try is to try to ping global DNS servers like 4.2.2.2, now if that is pingable then you can try to telnet on any website address on destination port 80 or 443 (if it's https). But how we can find ip address of website?


Hmmm, try windows cmd based utilities like "nslookup". Lets say we want to find ip address of www.yahoo.com


Jump on to the CLI of windows and perform following steps, but there are some situations where your local ISP or Local DNS have some issues. To confirm if local DNS is not able to resolve some URL is actually down or it's problem with local DNS/ISP, you can point your DNS query to global DNS like 4.2.2.2. Here is a quick example:




Here you can see that local DNS was not able to resolve yahoo.com, so instead I pointed out my DNS to different Server(global DNS) and it resolved it. Which confirms that either my Local ISP or Local DNS have some issue.


Now now next test you can make to verify if http port 80 is opened up on firewall is by telnet the destination ip over destination port 80. Here is a quick look at that:




And as you can see I was able to telnet yahoo.com ip address on destination port 80 which confirms that http is allowed to pass through firewall. Same way by telnet on destination port 443 you can verify if https is enabled to reach secure site.


There is another tool which can be used to find if website is reachable from internet and that is:
 
http://downforeveryoneorjustme.com/


Also if you some local DNS issues or ISP issues to reach some website, you can confirm it by using some proxy websites like  -  www.orkuch.com or www.vtunnel.com to see if those are opening up from rest of internet.


That's it for today :-)


I'll continue with some SMTP and Mail troubleshooting tomorrow.





BGP Troubleshooting Tools

After Spending Lots of time on BGP in last few months, I decided to write something on BGP troubleshooting. 

I would like to start by talking about "BGP Looking Glass" first. "BGP Looking Glass" is basically a category of Internet Gateways (Cisco Routers, Unix/linux based platforms, Juniper Routers etc) running BGP. The idea is simple, many service providers hosts these internet gateways and gives limited access to CLI/GUI of those to the customers and sometimes even to anyone who needs it's access. This is a great tool when some network engineer wants to see if the routes advertised in BGP at customer site are reaching to internet and also if prefixes looks to Internet world same way as expected. It's also good tool to practice the wonderful world of regular expressions. I mean as you have access to a ISP router running full blown BGP config so what can be better than that to test your BGP regular expression skills and to see how other "show bgp" commands gives you tons of output on live BGP router.

Here is the address of one BGP Looking Glass Server which I use most of the time these days "telnet route-views.routeviews.org"

There are many more, even they can be categorized in terms of Service Provider who hosts this. Like if you want to see how your routes looks like when they reach inside network of SPRINT.  In such case you can search through your favorite search engine for the BGP looking glass server hosted by SPRINT.

Also there is a great document on BGP Troubleshooting by friend Ruhnn which can be found at :



For more understanding of BGP from vendor independent point of view, you can visit : http://www.bgp4.as/


Hope this will help, more on troubleshooting will arrive soon :-)

Regards,
Deepak Arora

Friday, May 7, 2010

Limited CLI Access - Role Based CLI


Few Days back I have been asked by one of our customer for which I implemented Cisco Router Based PPPoE Server - "Hey we need to give some command access to few of our Engineers, but they shouldn't be able to use other commands available under same config prompt".

Okay...I thought it will be simple before he told me one more thing... " We can't buy AAA Server for this Job" :-(

Hmmm... It's quite simple to do with a AAA Server like Cisco ACS. But how about doing this without that.

It reminded me other two ways which I know but I never implemented those before. The one was setting up "Privilege Levels" and other which I learned during my CCNA Security Preparation was " Role Based CLI".

So I choose the Second Way. Because there is a little problem with setting up Privilege levels. In case of Privilege levels the user will have access to all the command available under privilege level Less than the current one. 

On the other hand in case of Role based CLI the user will have access to the commands only which were configured under the VIEW.

Although I see there is a third option which is not so flexible called "MENU"

So here is the list of command that I was given. All the Guest Admins should have access to these commands only.

"show users"
"show pppoe sessions"
"clear pppoe rmac"

and here is the quick config that I did for this. The view created here is named as "FIVE"

Cisco_NAS(config)#username radiusadmin secret radiusadmin
Cisco_NAS(config)#parser view five
Cisco_NAS(config-view)#secret guestadmin
Cisco_NAS(config-view)#command exec include show users
Cisco_NAS(config-view)#command exec include show pppoe session
Cisco_NAS(config-view)#command exec include clear pppoe rmac 
Cisco_NAS(config-view)#exit

and that's it. Next time the guest admin wants to login have to enter username "radiusadmin" and password as "radiusadmin". After that instead of typing "enable" they have to type "enable view five" and then have to provide password for authentication as "guestadmin".


They won't have access to any other commands except the 3 commands that I mentioned in my config.


Thanks!
Deepak Arora