For the third year, I’ll be presenting at PSU MacAdmins Conference! This year I’m lucky enough to be able to present two talks, “Backup, Front to Back” and “Enough Networking to be Dangerous”. But I’m really looking forward to what I can learn from those speaking for the first time, like Pepijn Bruienne and Graham Gilbert among others. The setting and venue is top-notch. It’s taking place May 22nd through the 24th, with a Boot Camp for more foundational topics May 21st. Hope you can join us!
Posts Tagged ‘Networking’
Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a router. You can configure access lists on your ASA router to control access to a network: access lists can prevent certain traffic from entering or exiting a network. You can do this by port or IP address.
The access control list (ACL) methodology on the Cisco ASA is interface-based. Therefore, each interface must have a specified security level (0-100), with 100 being most secure and 0 being least secure. Once configurations are in place, traffic from a more secure interface is allowed to access less secure interfaces by default. Conversely, less secure interfaces are blocked from accessing more secure interfaces.
Some common commands used to configure Cisco ASA interfaces include:
- nameif – used to name the interface
- security-level – used to configure the interface’s security level
- access-list – used to permit or deny traffic
- access-group – applies an ACL to an interface
We can configure an access list to permit or deny traffic, based on a specific port or protocol. With deny-by-default, everything is automatically blocked and must be explicitly allowed (on Routers it is the opposite where everything is allowed and you have to deny ports or protocols to block them).
Let’s say we want to configure an ACL on an ASA to permit all FTP traffic from any host to 192.168.1.10. To do this, we must input the following ACL:
ASA(config)# access-list OUTBOUND permit tcp any host 192.168.1.10 eq ftp
Now let’s say we want to configure an ACL on an ASA to deny all FTP traffic from any host to 192.168.1.10. To do this, we must input the following ACL:
ASA(config)# access-list OUTBOUND deny tcp any host 192.168.1.10 eq ftp
Access lists are also used in defining rate limit’s when defining QOS settings. Here is a helpful guide to assist in choosing the right number to associate to an ACL:
Protocols with Access Lists Specified by Numbers
- Protocol Range
- IP 1-99, 1300-1999
- Extended IP 100-199, 2000-2699
- Ethernet type code 200-299
- Ethernet address 700-799
- Transparent bridging (protocol type) 200-299
- Transparent bridging (vendor code) 700-799
- Extended transparent bridging 1100-1199
- DECnet and extended DECnet 300-399
- XNS 400-499
- Extended XNS 500-599
- AppleTalk 600-699
- Source-route bridging (protocol type) 200-299
- Source-route bridging (vendor code) 700-799
- IPX 800-899
- Extended IPX 900-999
- IPX SAP 1000-1099
- Standard VINES 1-100
- Extended VINES 101-200
- Simple VINES 201-300
Blacklisting an IP from the WAN on a SonicWALL
1. Login to SonicWALL 2. Go to Firewall Rules 3. Go to Matrix 4. Go to WAN -> LAN 5. Create Rule 6. For Source, choose Create Network. 7. Change Zone to WAN 8. Name it whatever you want (ie. Blacklisted IP1) 9. Enter in IP 10. Save it 11. On the firewall rule, make sure to click on the check box for Deny 12. Source is Blacklisted IP 13. Destination is ANY 14. Service ANY (if you want to block all traffic). 15. Save it. 16. Move it up in the chain to be the first rule. 17. Test it.
To enable the Firewall on Mac OS X Server:
* Open Server Admin from /Utilities/Server.
* Click on the Firewall listing under the Computers and Services pane.
* Click on the Settings tab.
* Click on the Services tab (see Figure 13.x).
* Enable any services that should be allowed on the server by checking their box. If the service isn’t listed in the table, add it using the + box.
* Once all of your services have been added click on the Start Service button.
Once you have started the Firewall, you can use the Active Rules button to view what is running on your server. If you use Perl or some shell scripts to update your active rules, you will need to use the Refresh button in Server Admin before you see those rules updated if Server Admin is open when you update the rules. You cal also use the Logging tab to view what is being allowed and/or denied on the server.
Figure 13.x Enabling the Firewall on Mac OS X Server
While attending DefCon, a hacking conference in Las Vegas, Three18 staff members learned of Ciscogate. Ciscogate revolves around the plight of Mike Lynn. He was a researcher for Internet Security Systems Inc (ISS) until he resigned last week after giving a speech at Black Hat, an Information Technology security conference in Las Vegas. Due to the presentation and the speech Lynn gave a suit was filed against him by ISS and Cisco.
Cisco hired people to go through the CDs given out by Black Hat containing all of the presentations and replace them with CDs absent the presentation. The first appearances of the case in the media were taken down, reportedly by Cisco. Cisco began to cover up the flaws Lynn exposed in their operating system, claiming that they were not as serious as Lynn had reported. In a bold move, Cisco also had Lynn slapped with a gag order and settled the case out of court with the stipulation that Lynn never talk of the vulnerabilities again.
The presentation exposes serious security vulnerabilities to the Cisco operating system. Theoretically it is possible to exploit this flaw in order to bring entire legs of the Internet dark. Due to the scale of the exploit and the anti-trust issues surrounding the case, the FBI and Justice Department are now investigating Lynn for criminal charges. If the flaws to Cisco’s operating system were not as serious as Lynn reported then why is the federal government involved?
We were amazed at the solidarity of the Hacker community around Lynn. A defense fund was started for him, copies of his speech were plastered across the Internet and shirts were printed overnight that read Ciscogate, the name given for the reported cover-up.
After returning home, Three18 worked hard at ensuring all of our clients’ routers were fully patched, which reportedly fixed the flaw Lynn uncovered. The point of Lynn’s disclosure of the seriousness of the vulnerabilities is to get System Administrators to patch their routers, which many of them might not have done otherwise.
In emergency or critical situations it is sometime necessary to quickly power down an entire network of servers. This could be due to a natural disaster, planned maintenance, or a variety of unforeseen circumstances. This document attempts to scope a quick yet safe method of powering down all servers and network devices, then walking through powering everything back up.
Part I – Shutting Down
Methodology and Theory
This section will explain the general principles of an emergency shutdown. The general procedure is as follows:
1) Notify everyone of the shutdown. Have everyone (ideally) turn off his or her computer.
2) Have all server logins and passwords handy.
3) The shutdown sequence is: Servers, then RAID arrays and attached storage,
then network devices.
4) Make sure every device is completely powered off, and not in stand-by mode.
The most essential part of this is making sure you turn off the servers BEFORE you turn off any storage devices. Most operating systems store often-used files and settings in memory, so shutting servers down first allows the OS to write/update any files beforehand. Once the servers are shutdown and off, generally speaking, it is fine to power down storage.
Shutting Down a Windows-Based Server
1) If you are on a locked screen, and at the desktop, press CTRL-ALT-DEL
at the same time.
2) Enter the administrator login and password. This should put you on a desktop screen.
3) Click on the Start button, then click on “Shut Down”
4) Make sure the option for “Shut down” is selected. On some Windows servers,
you may have to enter a reason before you’re able to press ok.
Type “emergency shutdown” if there is a box asking for a reason. Press OK.
5) Depending on your sever setup, there might be several applications that need
to be shut down. Once Windows tells every application that the machine is turning off,
the applications may ask for permission to quit. Just click “Yes” or “Ok” if any
6) WATCH AND MAKE SURE THE SERVER SHUTS DOWN. Servers can take
a long time to shutdown/start up due to all the programs and services they need to
keep track of, so this may take up to 3-5 minutes.
7) The server should power down completely. Look at the server and make sure there are
no lights on (which would indicate that the server is in stand-by mode). The surest way
to verify power-off is to check the fan in the back of the box. If the fans are off,
the server is off.
8) If the system has been shut down, but there are still lights on it, you can force
the machine to turn off by pressing the power button, and holding it down
for 10 seconds. This will force the system to lose power. Every PC created after 1997
has this ability.
9) Repeat this procedure for every Windows Server you have.
Shutting down a Mac OS X Server
1) If you are seeing a locked screen, or a screen saver, press a key on the keyboard.
This will wake the system.
2) In the login box, enter the administrator login and password. It should take you to
3) Click on the Apple symbol in the top left corner of the screen.
4) Click on Shut Down.
5) The server will ask if you are sure you want to do this. Click “yes”
6) Depending on your sever setup, there might be several applications that need to
be shut down. Once OSX tells every application that the machine is turning off,
the applications may ask for permission to quit. Just click “Yes” or “Ok” if
any boxes appear.
7) WATCH AND MAKE SURE THE SERVER SHUTS DOWN. Servers can take
a long time to shutdown/start up due to all the programs and services they need
to keep track of, so this may take up to 3-5 minutes.
8) If the system has been shut down, but there are still lights on it, you can force
the machine to turn off by pressing the power button, and holding it down for 10 seconds.
This will force the system to lose power. Every computer created after 1997 has
9) Repeat this procedure for every Apple OSX Server you have.
Shutting Down a Linux Server
Note: In order to do this, you will need both the administrator login/password, AND an additional password known as the “root” password. The root password is the King-Of-All-Kings password. It allows you to do ANYTHING to the server, without restriction. Be VERY careful what you type when you are using “root” mode.
1) If you are not at a command line prompt, you are probably looking at a “login:” prompt.
Enter the admin login and password.
2) You will be looking at command line prompt now. Type “su” and press enter.
This means “I want to be a SuperUser”
3) It will ask you for the root password. Enter it here. NOTE: When you type this
password, it will not display it on the screen. This is for security reasons (so nobody
can peek over your shoulder)
4) If you typed it correctly, the prompt should change to a # at the end of it.
5) Type “shutdown now” and press enter.
6) The screen should automatically fill with information about the server shutting down,
and the various services that are being turned off.
7) The machine should shut down completely.
Shutting Down Arrays and Storage
Once the servers are down, most of the hard work is done. Look at the arrays, or network storage. There should be no disk activity on them (ie: no lights should be blinking) If there are posted procedures for a specific method of shutdown, please follow them. If not, once the servers are shut down, as a general rule, it is ok to find the power switch and turn them off.
Shutting Down Routers and Network Devices
Most routers, firewalls, and network devices have no moving parts, and are designed to handle a power outage gracefully. In an emergency, it would be ok to just quickly unplug them after the servers, storage, and workstations are shut down. This is not the best policy, nor is it inclusive for every network device out there. But it is acceptable in a critical situation, where time is of the essence.
Part II – Starting up the network.
Methodology and Principles.
The only concern when starting everything up is the sequence. When shutting down, the order was workstations, servers, storage, then network devices. When starting everything back up, the process is REVERSED.
Plug all routers, firewalls and switches back in. Wait at last 2 minutes for everything to come back online, and for all the lights to start blinking again.
Now power the RAID arrays and storage on. Let the drives spin up and let the systems prepare themselves for use. Wait at least 3-5 minutes for this, even if it looks like everything is done.
One the storage is up and running, it time to power up each server…ONE BY ONE. It is critical to not only turn each server on, but to WATCH each one boot up and get to the login screen. Each machine may take as long as 5 minutes to do this, due to the programs and services being loaded. If any messages appear, write them down and call Three18 (310-581-9500) immediately.
After everything in the server room is up and running, have the users turn on their workstations and attempt to use their usual programs (ie: email, web, filemaker, etc) Make note of any errors or unusual messages. Be sure to write them all down, and call Three18. For the most part, essential services should be good to go (email, internet)
And, as always, call Three18 if you have any questions or concerns. We are available 24 hours a day for emergency situations. 310-581-9500.
Three18 Network Backbone Glossary
Gigabit Ethernet over fibre optic cable
1000Mbps, All four pairs of Cat6 cable utilized at 250Mbps per pair
100 Mbps Ethernet data transmissions over Fibre optic cable
Long wavelength fibre optic transmissions at 100 Mbps.
Short wavelength fibre optic transmissions at 100 Mbps.
100 Mbps Ethernet running over two twisted pairs
Four pairs of Cat3 or better cable. Transmits at 25Mbps on all four pairs.
100 Mbps Ethernet running over twisted pair copper. Full duplex
Thin Ethernet, called thin net or coax
Thick Ethernet cable capable of data transmissions up to 500 meters.
10 Mbps Ethernet running over twisted pair copper cable
Crosstalk from an adjacent cable or cables
American National Standards Institute.
American Standard Code for Information Interchange. Originally a 7 bit code later 8 bit for communication interfaces
Loss of signal strength and integrity over a given length of cable
The capacity to carry data
The raw data is transmitted using the full bandwidth of the cable with no modulation.
Number of signal or voltage changes per second. Sometimes relates to Bps but not always.
Bayonet connector used with RG58 coaxial cable networks. Thin Ethernet
Bits per second
The bandwidth of the cable is split into multiple modulated channels. Guard bands are used to separate the channels
To send data to more than one device at a time
A network with all devices sharing one common cable.
Category 1, Cat1
Unshielded Twisted Pair for use as speaker or door bell wire.
Category 2, Cat2
UTP for frequencies up to 1.5Mhz. Used in analogue telephone applications.
Category 3, Cat3
UTP for frequencies up to 16Mhz
Category 4, Cat4
UTP 100 ohm for frequencies up to 20Mbs
Category 5, Cat5
UTP 100 ohm for frequencies up to 100Mbs
Category 5E, Cat5E
Enhanced Cat5. Similar to Cat5 with improved specifications
Proposed cabling standard to support up to 250 Mhz over UTP. Not yet ratified.
Category 7, Cat7
Proposed cabling standard to support up to 600 Mhz over UTP.
Copper Distributed Data Interface as defined by (ANSI X3T12) for 100Mbs token passing over copper twisted pair.
Coaxial cable with a copper screen carrying unbalanced signals
All the nodes on an Ethernet segment that are affected by data collisions. Switches and bridges break up networks into individual collision domains
Centre of a fibre optic cable
interference picked up from an adjacent wire pair within the same cable (see also alien crosstalk)
Carrier Sense Multiple Access with Collision Detect. A NIC transceiver “listens” to the network before transmission and can detect collisions.
Single cable outlet
The cable from the wall socket to the network device, usually a PC or DTE
Electronics Industry Association in America
Electro Magnetic Interference. Unwanted noise from a source such as fluorescent lighting and electric motors
A LAN protocol and/or cable. Invented by Rank Xerox
Fibre Distributed Data Interface for 100Mbs token passing over Fibre.
Efficient method of packaging data into frames for transmission over networks
Allows data transmissions in two directions at once. Transmit and receive simultaneously
1000Mbps, 1 Billion bits per second over copper cabling
Single way transmission. Capable of both Transmitting and Receiving but not simultaneously
Institute of Electrical & Electronic Engineers
The IEEE project number dealing with LAN technologies
Physical cabling layer standards for Ethernet
Physical cabling layer standards for Token Ring
Measurement of the opposition to the flow of electrons in a cable. The combination of Resistance, Capacitance & Inductance.
The collection of communication components that together provide support for the distribution of information within a building or campus
The attenuation of a signal as it passes through a connector
A large private company network often spanning many countries
Internet Protocol. Along with TCP is used to track and deliver data packets over a network
Internet Packet Exchange. A Novell networking protocol
Integrated Digital Network Services.
International Standards Organization.
Internet Service Provider. The company who providing a connection to the internet.
A transceiver on an Ethernet network that has failed and is transmitting continuously. May have “locked up” the network with constant storms of packets
Local Area Network
A slow form of LAN linked to AppleTalk network
Media Access Control.
Multiple Access Unit. A token ring hub
The physical wire of fibre for the transmission of signals
Where the single wires in a UTP cable have been attached to the connector in the wrong sequence.
Each wave travelling in an optical fibre.
A device which modulates & demodulates the signals between digital to analogue circuits.
Fibre optic cable thatsupports multiple wavelengths. Can use inexpensive LED light sources.
Connectors used for thick Ethernet 10Base-5 cable
Network Interface Card
The angle a fibre cable will gather light and propagate it down the core.
A string of bits containing command information, destination and source addresses and data
The cable connecting the network panel and the switch or hub
An array of connectors in the network cabinet for plugging in patch cords
Plain Old Telephone System
The complete cabling infrastructure for the transmission of voice, data and video in a given building.
A data transfer mode using Bit codes, Start Stop bits, Parity. Both transmitter and receiver must use the same protocols.
Public Switched Networks. The telephone system.
A device, usually a network hub or switch that recieves and resends the data boosting the signal
The most common miss wire where the single wires in a pair have been reversed.
Radio Frequency Interference.
Describes a network in a complete ring
Registered Jack number 11. Small line plug and socket used on telephone handsets and modem connections.
Registered Jack number 45. 8 pin plug and socket used on Ethernet cables
Robust but outdated signalling protocol using 2 pairs.
Small Connector used for fibre optic terminations
Small Computer Systems Interface. Connects peripherals to a computer
The area of a network that all node can see each other
Cable with a braided or foil shield to keep out RFI and EMI.
Simple Network Management Protocol. A protocol governing network management and device handling.
Where the single wires from two different pairs have been swapped. If the same at both ends will not affect short cable transmissions, but will fail over longer distance
Straight Tip. A connector for fibre optic terminations
Network Topology where all devices are attached to a central hub in a star configuration.
Shielded Twisted Pair copper cable
An Ethernet active repeater which reads MAC addresses and routes data to the individual node or network hub. Switches split up networks into smaller individual collision domains. A switch can route data at wire speed through all it’s ports simultaniously.
Transmission Control Protocol. Used with IP to track and deliver packets of data over a network.
An electrical connector attached to the end of a cable to reduce signal reflections and unwanted noise.
Telecommunication Industry Association
A network where a single token is passed around a network between computers. A computer must grab and hold onto the token before it can transmit. After transmission it releases the token back onto the network.
Network architecture, circuit design and transmission protocols
Circuit that transmits and receives data over a network. A NIC contains a transceiver as does a hub and a switch
Pairs of 26 AWG wires twisted together the reduce RFI and Crosstalk.
Universal Serial Bus. 12 Mbs connection port
Universal Service Ordering Codes Cabling system original used in the American telephone systems.
Unshielded Twisted Pair. 4 twisted pairs in one sheath.
Wide Area Network
When you first place a hard drive into a machine, you need to run fdisk. This is a menu driven application for partitioning a drive. It requires a reboot to complete.
Following an fdisk, you would typically run a “format
Dir is the command for list contents. You can list by type by specifying a parameter immediately following, like “dir autoexec.bat”. You can also use switches to find hidden and archived files or to separate the output by pages (“dir /p”). This command is a lot like the ls command in UNIX.
To change your current directory, use the cd command. To go backwards use “cd ..” (yes, there is a space after cd just like in UNIX). To go back to the root directory, type “cd \”.
To make folders, use the md command. The proper syntax to create a folder called i386 (typical name for Windows 2000 setup file directory) would be “md i386”
“Copy *.* c:\i386” – For this command, the * represents a wildcard. If I said *.exe, it would copy all executable files or autoexec.bat would just copy that one file. The syntax is such that it is “copy
From the i386 folder, run “winnt” if you want to start an installation of windows 2000.
Using these commands you can navigate through a file system in DOS and install windows 2000 or windows 98 (setup file is called setup) from scratch onto a new hard drive. Other usefull commands to know are
“Ipconfig /release” or /renew or /flushdns or /all– This command is especially nice b/c it gives you complete control over the DHCP status of your machine – only from 2000
“winipcfg” – Displays a GUI of the TCP IP stack – 98 only
“Arp –a” – This will show you a cached list of all machines that have connected to yours in the past few minutes
“winnt /sos” – When run from an i386 folder, this command will tell you why your 2k box isn’t booting sometimes.
“ping 127.0.0.1” – 127.0.0.1 is a loopback IP address. You’re just testing if your NIC works, but if you go in order, from NIC, to Router, to DNS servers, to a URL, you can pinpoint where your computer is receiving internet issues, if you’re having them.
“sys a:” – Makes a bootable floppy (no CDROM drivers) – only from 98
“dcpromo” – adds a 2K server to a domain or creates a domain, or unjoins from a domain – 2K server only
“net use * //server/volume” – map the next available (once again using the * as a wildcard) drive letter to that volume on that server
“net use z: /delete” – delete’s that network drive
“xcopy *.* destination /e” The beauty of this little comman is that it gives the user the ability to transfer subdirectories, a feature not part of copy. The /d switch will copy only changed files. The /y files will copy without asking for verification. Xcopy is not always available.
Start and stop are the final ones. These I use rarely, but you can use them to kill a process (like the kill statement in UNIX)
Anyway, just thought the Mac users would like some commands. If you want