CDP

Types of Network Attacks

There are four primary classes of attacks.

Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Reconnaissance is similar to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.

System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked

Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack involves simply running a hack or script. For these reasons, DoS attacks are the most feared.

ex : type of attack is characterized by a flood of packets that are requesting a TCP connection to a server.

Worms, Viruses, and Trojan Horses. Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.

link : CNAP, Exploration 4

Types of complex ACLs

Applying standard ACL to interfaces

The any and host keywords on ACL

Example 1 is displaying how to use the any option to substitute 0.0.0.0 for the IP address with a wildcard mask of 255.255.255.255.

Example 2 is displaying how to use the host option to substitute the wildcard mask.

Access List (ACL)

Packet Filtering Example

To understand the concept of how a router uses packet filtering, imagine that a guard has been posted at a locked door. The guard’s instructions are to allow only people whose names appear on a list to pass through the door. The guard is filtering people based on the criterion of having their names on the authorized list.

By default, a router does not have any ACLs configured and therefore does not filter traffic. Traffic that enters the router is routed according to the routing table. If you do not use ACLs on the router, all packets that can be routed through the router pass through the router to the next network segment.

Regarding numbered ACLs, in case you are wondering why numbers 200 to 1299 are skipped, it is because those numbers are used by other protocols. This course focuses only on IP ACLs. For example, numbers 600 to 699 are used by AppleTalk, and numbers 800 to 899 are used by IPX.

There are two types of Cisco ACLs, standard and extended

Standard ACLs

filter IP packets based on the source address only

number (1 to 99) and (1300 to 1999)

===================================================

access-list 10 permit 192.168.30.0 0.0.0.255

===================================================

Extended ACLs

filter IP packets based on several attributes, including the following :

• source and destination addresses
• source and destination TCP and UDP ports
• protocol type (IP, ICMP, UDP, TCP, or protocol number)

number (100 to 199) and (2000 to 2699)

===========================================================

access-list 103 permit tcp 192.168.30.0 0.0.0.255 any eq 80

===========================================================

Recall that there is an unseen implicit deny all statement that is equivalent to adding the line access-list 1 deny 0.0.0.0 255.255.255.255

Introducing to Router

INTRODUCING TO ROUTER

1. Inside Router
   

   inside router

2. Hardware Components of Router
   

   

   hardware components of router

Router Components and their Functions

Like a PC, a router also includes:

Central Processing Unit (CPU)

Random-Access Memory (RAM)

Read-Only Memory (ROM)

The CPU executes operating system instructions, such as system initialization, routing functions, and switching functions.

RAM stores the instructions and data needed to be executed by the CPU. RAM is used to store these components:

• Operating System: The Cisco IOS (Internetwork Operating System) is copied into RAM during bootup.
• Running Configuration File: This is the configuration file that stores the configuration commands that the router IOS is currently using. With few exceptions, all commands configured on the router are stored in the running configuration file, known as running-config.
• IP Routing Table: This file stores information about directly connected and remote networks. It is used to determine the best path to forward the packet.
• ARP Cache: This cache contains the IPv4 address to MAC address mappings, similar to the ARP cache on a PC. The ARP cache is used on routers that have LAN interfaces such as Ethernet interfaces.
• Packet Buffer: Packets are temporarily stored in a buffer when received on an interface or before they exit an interface.
• RAM is volatile memory and loses its content when the router is powered down or restarted. However, the router also contains permanent storage areas, such as ROM, flash and NVRAM.

ROM is a form of permanent storage. Cisco devices use ROM to store:

• The bootstrap instructions
• Basic diagnostic software
• Scaled-down version of IOS.

ROM uses firmware, which is software that is embedded inside the integrated circuit. Firmware includes the software that does not normally need to be modified or upgraded, such as the bootup instructions. Many of these features, including ROM monitor software, will be discussed in a later course. ROM does not lose its contents when the router loses power or is restarte

Flash memory is nonvolatile computer memory that can be electrically stored and erased. Flash is used as permanent storage for the operating system, Cisco IOS. In most models of Cisco routers, the IOS is permanently stored in flash memory and copied into RAM during the bootup process, where it is then executed by the CPU. Some older models of Cisco routers run the IOS directly from flash. Flash consists of SIMMs or PCMCIA cards, which can be upgraded to increase the amount of flash memory.

Flash memory does not lose its contents when the router loses power or is restarted.

NVRAM (Nonvolatile RAM) does not lose its information when power is turned off. This is in contrast to the most common forms of RAM, such as DRAM, that requires continual power to maintain its information. NVRAM is used by the Cisco IOS as permanent storage for the startup configuration file (startup-config). All configuration changes are stored in the running-config file in RAM, and with few exceptions, are implemented immediately by the IOS. To save those changes in case the router is restarted or loses power, the running-config must be copied to NVRAM, where it is stored as the startup-config file. NVRAM retains its contents even when the router reloads or is powered off.

ROM, RAM, NVRAM, and flash are discussed in the following section which introduces the IOS and the bootup process. They are also discussed in more detail in a later course relative to managing the IOS.

It is more important for a networking professional to understand the function of the main internal components of a router than the exact location of those components inside a specific router. The internal physical architecture will differ from model to model.

HOW ROUTER BOOTS UP

boot up

There are four major phases to the bootup process:

1. Performing the POST
2. Loading the bootstrap program
3. Locating and loading the Cisco IOS software
4. Locating and loading the startup configuration file or entering setup mode

Dynamic Routing Protocol

service password-encryption

Question :
The difference between username Johndoe secret CISCO vs service password-encryption ?
username Johndoe secret CISCO only “encrypts” this and only this password for the specified user when you do show run.
But service password-encrytion “encrypts” all the passwords “seeable” when you do sh run.
service password-ecrytion will encrypt all current and future passwords.

ip subnet-zero

If a network address is subnetted, the first subnet obtained after subnetting the network address is called subnet zero.

Consider a Class B address, 172.16.0.0. By default the Class B address 172.16.0.0 has 16 bits reserved for representing the host portion, thus allowing 65534 (2¹⁶-2) valid host addresses. If network 172.16.0.0/16 is subnetted by borrowing three bits from the host portion, eight (2³) subnets are obtained. The table below is an example showing the subnets obtained by subnetting the address 172.16.0.0, the resulting subnet mask, the corresponding broadcast addresses, and the range of valid host addresses

Subnet Address	Subnet Mask	Broadcast Address	Valid Host Range
172.16.0.0	255.255.224.0	172.16.31.255	172.16.0.1 to 172.16.31.254
172.16.32.0	255.255.224.0	172.16.63.255	172.16.32.1 to 172.16.63.254
172.16.64.0	255.255.224.0	172.16.95.255	172.16.64.1 to 172.16.95.254
172.16.96.0	255.255.224.0	172.16.127.255	172.16.96.1 to 172.16.127.254
172.16.128.0	255.255.224.0	172.16.159.255	172.16.128.1 to 172.16.159.254
172.16.160.0	255.255.224.0	172.16.191.255	172.16.160.1 to 172.16.191.254
172.16.192.0	255.255.224.0	172.16.223.255	172.16.192.1 to 172.16.223.254
172.16.224.0	255.255.224.0	172.16.255.255	172.16.224.1 to 172.16.255.254

In the example above, the first subnet (subnet 172.16.0.0/19) is called subnet zero.

The class of the network subnetted and the number of subnets obtained after subnetting have no role in determining subnet zero. It is the first subnet obtained when subnetting the network address. Also, when you write the binary equivalent of the subnet zero address, all the subnet bits (bits 17, 18, and 19 in this case) are zeros. Subnet zero is also known as the all-zeros subnet.

Link : Cisco