SlideShare a Scribd company logo

Hallowed be thy packets by Paul Coggin

EC-Council
EC-Council

Blue and Red teams are missing the low hanging vulnerabilities that exist in many enterprise networks today. This session will show in detail how the red team can quickly identify and exploit numerous network protocol vulnerabilities that the previous security test team probably missed. Methods for securing routing and switching protocols will be covered. Detailed PCAP examples will be covered. Recommendations for adding visualization and instrumentation to the network to detect network exploits will be covered.

Technology
1 of 22
Download to read offline
Hacker Halted 2016 Hallowed Be Thy Packets Paul Coggin @PaulCoggin
Multicast Source 1 Multicast Overview Multicast Source 2 Multicast uses UDP One-way traffic stream “Fire and Forget” -  Video -  Many other apps Multicast Routing PIM - Reverse Path Forwarding(RPF) Receiver Receiver Receiver IGMP Report to Join Multicast Group Member 1 IGMP Report to Join Multicast Group Member 1 IGMP Report to Join Multicast Group Member 2 - Routers send periodic queries - Host per VLAN per group reports -  Host may send leave messages -  IPv4 – IGMP -  IPv6 - MLD Multicast PIM routing
Multicast - IGMP
Multicast Routing - PIM
Multicast Source 1 Attacking Multicast Multicast Source 2 Receiver Receiver Receiver Multicast PIM routing Craft Router PIM Packets -  SCAPY -  Colasoft Packet Builder -  Possible to use GNS3 or Quagga etc to add PIM router Local VLAN Segement -  Hello packets -  Join/Prune packets -  Assert Unicast PIM Packets -  Register -  Register-Stop -  C-RP-Advertisement Craft IGMP/MLD - SCAPY - Collasoft Packet Builder - IGMP Leaves - IGMP Queries - Spoof IGMP Source
Multicast Source 1 Securing Multicast Multicast Source 2 Receiver Receiver Receiver Multicast PIM routing - Control Plane Policing(CoPP) - Modular Quality of Service - PIM Neighbor Filter (ACL may be defeated by spoofing. L2 spoof protection needed.) -  RP Announce Filter -  Multicast Boundary Filter -  L3 Switch Aggregation Multicast Storm Control on switches L2 port security Secure Multicast Control Protocol Trust Relationships
Cisco Discovery Protocol (CDP) Cisco Discovery Protocol (CDP) -  Great tool for mapping out a network during an audit -  Be sure to disable on connections to external networks such as WAN, MetroE -  VoIP phones use CDP (how to secure info leakage on VoIP net??)
Cisco Discovery Protocol (CDP) – Great for Recon!
Protocol Hacking Tools GSN3 SCAPY Colasoft Packet Builder Many others… (Remember to enable IP forwarding) Reference : http://packetlife.net/media/library/3/First_Hop_Redundancy.pdf Global Load Balancing Protocol (GLBP) Hot Standby Router Protocol (HSRP) Virtual Redundant Router Protocol (VRRP) Active router 192.168.1.1 Backup router 192.168.1.2Virtual router 192.168.1.3 192.168.1.50 Multicast protocol Priority elects role MD5, clear, no authentication V V Rogue Insider First Hop Redundancy Protocols
VRRP – No Authentication VRRP – No Authentication
VRRP – Clear Text Authentication VRRP – No Authentication
FHRP – Crafted HSRP Packets Routers Rogue Insider Crafted HSRP coup packet with higher priority
Hack the Network via OSPF Area 1 Area Border Router (ABR) ABR Area 2 Area 0 Autononynmous System Border Router (ASBR) DR BDR OSPF Exploit Tools -  Quagga -  NRL Core(Network Simulator) -  Nemesis -  Loki -  GSN3Dynamips - Buy a router on eBay -  Hack a router and reconfigure -  Code one with Scapy -  IP Sorcery( IP Magic) -  Cain & Able to crack OSPF MD5 -  MS RRAS -  NetDude -  Collasoft -  Phenoelit IRPAS OSPF Attack Vectors -  Take over as DR - Inject routes to mask source of attack - DoS -  Inject routes for MITM - Add new routes to hacked router - Change interface bandwidth or use IP OSPF Cost for Traffic Engineering on hacked router OSPF typically is implemented without any thought to security. LSA’s are mul<cast on the spoke LAN for any user to sniff without MD5. External Network BGP, EIGRP, ISIS
OSPF – No Authentication
OSPF – Clear Text Authentication
10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 192.168.1.0 255.255.255.0 Hack the Network via EIGRP Similar to OSPF, EIGRP typically is implemented without any thought to security. Network administrators should use authen<ca<on and configure interfaces to be passive in EIGRP. EIGRP Attack Vectors -  Inject routes to mask source of attack -  DoS -  Inject routes for MITM -  Add new routes to hacked router -  Change interface bandwidth for Traffic Engineering on hacked router EIGRP Exploit Tools -  GSN3Dynamips - Buy a router on eBay -  Hack a router and reconfigure -  Phenoelit IRPAS
10.1.2.0 255.255.255.0 EIGRP – No Authentication
VPN_A VPN_A VPN_B 10.3.0.0 10.1.0.0 11.5.0.0 P P P P PE PE CE CE CE VPN_A VPN_B VPN_B 10.1.0.0 10.2.0.0 11.6.0.0 CE PE PECE CE VPN_A 10.2.0.0 CE iBGP sessions •  P Routers (LSRs) are in the Core of the MPLS Cloud •  PE Routers (Edge LSRs or LERs) Use MPLS with the Core and Plain IP with CE Routers •  P and PE Routers Share a Common IGP •  PE Routers are MP-iBGP Fully-meshed MPLS Architecture Overview Service provider may accidentally or intentionally misconfigure VPN’s Utilize IPSEC VPN over MPLS VPN to insure security
MPLS Label PCAP - Service Provider Core 32-bit MPLS Label Format •  Label : 20-bit •  EXP : 3-bit •  Bottom-of-Stack : 1-bit •  TTL : 8-bit CPE to CPE Telnet over Service Provider MPLS VPN
Telnet Username Password – Clear Text Encapsulated in MPLS VPN A Separate Overlay Encrypted VPN is Required to Secure Your Traffic
Questions? @PaulCoggin
References Internet Routing Architectures, Halabi, Cisco Press MPLS VPN Security, Michael H. Behringer, Monique J. Morrow, Cisco Press ISP Essentials, Barry Raveendran Greene, Philip Smith, Cisco Press Router Security Strategies – Securing IP Network Traffic Planes, Gregg Schudel, David J. Smith, Cisco Press MPLS and VPN Architectures, Jim Guichard, Ivan Papelnjak, Cisco Press MPLS Configuration on Cisco IOS Software, Lancy Lobo, Umesh Lakshman, Cisco Press Traffic Engineering with MPLS, Eric Osborne, Ajay Simha, Cisco Press LAN Switch Security – What Hackers Know About Your Switches, Eric Vyncke, Christopher Paggen, Cisco Press RFC 2547 RFC 2547bis RFC 2917 RFC 4364 Attack Trees, Bruce Schneier, https://www.schneier.com/paper-attacktrees-ddj-ft.html hLp://www.nrl.navy.mil/itd/ncs/products/core http://www.cisco.com/go/mpls hLp://www.wired.com/2013/12/bgp-hijacking-belarus-iceland/ hLp://www.blyon.com/hey-aL-customers-your-facebook-data-went-to-china-and-korea-this-morning/ hLp://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/ hLp://www.netop<cs.com/blog/01-07-2011/sample-pcap-files RFC 2236 IGMPv2 RFC 2362 PIM-SM RFC 2588 IP Mul<cast and Firewalls RFC 2113 IP Router Alert Op<on

Recommended

Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...EC-Council
 
LoRaWAN vs Haystack
LoRaWAN vs HaystackLoRaWAN vs Haystack
LoRaWAN vs HaystackHaystack Technologies
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?Stephen Kho
 
LPWAN Technology ~ What is Weightless-P?
LPWAN Technology ~ What is Weightless-P? LPWAN Technology ~ What is Weightless-P?
LPWAN Technology ~ What is Weightless-P? Jay Wey 魏士傑
 
Brief LoRaWAN Overview
Brief LoRaWAN OverviewBrief LoRaWAN Overview
Brief LoRaWAN OverviewAlper Yegin
 
Lo ra
Lo raLo ra
Lo raOded Rotter
 
Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityP1Security
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyStephen Kho
 

Recommended

Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...EC-Council
 
LoRaWAN vs Haystack
LoRaWAN vs HaystackLoRaWAN vs Haystack
LoRaWAN vs HaystackHaystack Technologies
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?Stephen Kho
 
LPWAN Technology ~ What is Weightless-P?
LPWAN Technology ~ What is Weightless-P? LPWAN Technology ~ What is Weightless-P?
LPWAN Technology ~ What is Weightless-P? Jay Wey 魏士傑
 
Brief LoRaWAN Overview
Brief LoRaWAN OverviewBrief LoRaWAN Overview
Brief LoRaWAN OverviewAlper Yegin
 
Lo ra
Lo raLo ra
Lo raOded Rotter
 
Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityP1Security
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyStephen Kho
 
The IoT Hunger Games 2015
The IoT Hunger Games 2015The IoT Hunger Games 2015
The IoT Hunger Games 2015Haystack Technologies
 
3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
3GPP/GSMA technologies for LPWAN in the Licensed Spectrum3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
3GPP/GSMA technologies for LPWAN in the Licensed SpectrumTiE Bangalore
 
City scale and nationwide LoRa network: deployment challenges, best operating...
City scale and nationwide LoRa network: deployment challenges, best operating...City scale and nationwide LoRa network: deployment challenges, best operating...
City scale and nationwide LoRa network: deployment challenges, best operating...Alexander Trubitsin
 
DASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical PresentationDASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical PresentationMaarten Weyn
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
LPWAN for IoT
LPWAN for IoTLPWAN for IoT
LPWAN for IoTDavid Fowler
 
LoRaWAN for IoT
LoRaWAN for IoTLoRaWAN for IoT
LoRaWAN for IoTStavros Kalapothas
 
LoRa Alliance
LoRa AllianceLoRa Alliance
LoRa AllianceSohan Bappy
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksJim Geovedi
 
LPWAN for IoT
LPWAN for IoTLPWAN for IoT
LPWAN for IoTInfiswift Solutions
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to knowPaul Coomans
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRSAntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRSMark Roemers
 
How To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHow To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHaystack Technologies
 
4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell3G4G
 
Procomuns 2016
Procomuns 2016 Procomuns 2016
Procomuns 2016 European Network of Living Labs (ENoLL)
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksOmer Coskun
 
OpenBTS - Building Real Mobile Networks, Big or Small
OpenBTS - Building Real Mobile Networks, Big or SmallOpenBTS - Building Real Mobile Networks, Big or Small
OpenBTS - Building Real Mobile Networks, Big or SmallPaloSanto Solutions
 
LPWAN Cost Webinar
LPWAN Cost WebinarLPWAN Cost Webinar
LPWAN Cost WebinarBrian Ray
 
Intro Lora - Makers.ID Meetup
Intro Lora - Makers.ID MeetupIntro Lora - Makers.ID Meetup
Intro Lora - Makers.ID MeetupMif Masterz
 
I pv4 multicast
I pv4 multicastI pv4 multicast
I pv4 multicastSwapnil Kapate
 
I pv4 multicast
I pv4 multicastI pv4 multicast
I pv4 multicastMohamed Gamel
 

More Related Content

What's hot

3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
3GPP/GSMA technologies for LPWAN in the Licensed Spectrum3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
3GPP/GSMA technologies for LPWAN in the Licensed SpectrumTiE Bangalore
 
City scale and nationwide LoRa network: deployment challenges, best operating...
City scale and nationwide LoRa network: deployment challenges, best operating...City scale and nationwide LoRa network: deployment challenges, best operating...
City scale and nationwide LoRa network: deployment challenges, best operating...Alexander Trubitsin
 
DASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical PresentationDASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical PresentationMaarten Weyn
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksJim Geovedi
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to knowPaul Coomans
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRSAntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRSMark Roemers
 
How To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHow To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHaystack Technologies
 
4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell3G4G
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksOmer Coskun
 
OpenBTS - Building Real Mobile Networks, Big or Small
OpenBTS - Building Real Mobile Networks, Big or SmallOpenBTS - Building Real Mobile Networks, Big or Small
OpenBTS - Building Real Mobile Networks, Big or SmallPaloSanto Solutions
 
LPWAN Cost Webinar
LPWAN Cost WebinarLPWAN Cost Webinar
LPWAN Cost WebinarBrian Ray
 
Intro Lora - Makers.ID Meetup
Intro Lora - Makers.ID MeetupIntro Lora - Makers.ID Meetup
Intro Lora - Makers.ID MeetupMif Masterz
 

What's hot (20)

The IoT Hunger Games 2015
The IoT Hunger Games 2015The IoT Hunger Games 2015
The IoT Hunger Games 2015
 
3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
3GPP/GSMA technologies for LPWAN in the Licensed Spectrum3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
3GPP/GSMA technologies for LPWAN in the Licensed Spectrum
 
City scale and nationwide LoRa network: deployment challenges, best operating...
City scale and nationwide LoRa network: deployment challenges, best operating...City scale and nationwide LoRa network: deployment challenges, best operating...
City scale and nationwide LoRa network: deployment challenges, best operating...
 
DASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical PresentationDASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical Presentation
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchange
 
LPWAN for IoT
LPWAN for IoTLPWAN for IoT
LPWAN for IoT
 
LoRaWAN for IoT
LoRaWAN for IoTLoRaWAN for IoT
LoRaWAN for IoT
 
LoRa Alliance
LoRa AllianceLoRa Alliance
LoRa Alliance
 
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication NetworksHITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
HITB Labs: Practical Attacks Against 3G/4G Telecommunication Networks
 
LPWAN for IoT
LPWAN for IoTLPWAN for IoT
LPWAN for IoT
 
Lorawan: What you need to know
Lorawan: What you need to knowLorawan: What you need to know
Lorawan: What you need to know
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronights
 
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRSAntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
AntTail white paper: Technology scan IoT Datacommunications: LoRa, NB-IoT, GPRS
 
How To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified NetworkingHow To Disrupt The Internet of Things With Unified Networking
How To Disrupt The Internet of Things With Unified Networking
 
4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell4G LTE Man in the Middle Attack with a Hacked Femtocell
4G LTE Man in the Middle Attack with a Hacked Femtocell
 
Procomuns 2016
Procomuns 2016 Procomuns 2016
Procomuns 2016
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
 
OpenBTS - Building Real Mobile Networks, Big or Small
OpenBTS - Building Real Mobile Networks, Big or SmallOpenBTS - Building Real Mobile Networks, Big or Small
OpenBTS - Building Real Mobile Networks, Big or Small
 
LPWAN Cost Webinar
LPWAN Cost WebinarLPWAN Cost Webinar
LPWAN Cost Webinar
 
Intro Lora - Makers.ID Meetup
Intro Lora - Makers.ID MeetupIntro Lora - Makers.ID Meetup
Intro Lora - Makers.ID Meetup
 

Similar to Hallowed be thy packets by Paul Coggin

Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Jisc
 
EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)Netwax Lab
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
Ip services
Ip servicesIp services
Ip servicesStudent
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]Faisal Reza
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerAPNIC
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드Woo Hyung Choi
 
Chapter 2-IP Routing.pdf
Chapter 2-IP Routing.pdfChapter 2-IP Routing.pdf
Chapter 2-IP Routing.pdfBuntha Chhay
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.ripfarhanica
 

Similar to Hallowed be thy packets by Paul Coggin (20)

I pv4 multicast
I pv4 multicastI pv4 multicast
I pv4 multicast
 
I pv4 multicast
I pv4 multicastI pv4 multicast
I pv4 multicast
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)
 
cogiel-OLT.pdf
cogiel-OLT.pdfcogiel-OLT.pdf
cogiel-OLT.pdf
 
EIGRP, DHCP, OSPF, NAT
EIGRP, DHCP, OSPF, NATEIGRP, DHCP, OSPF, NAT
EIGRP, DHCP, OSPF, NAT
 
IP Multicasting
IP MulticastingIP Multicasting
IP Multicasting
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccna
 
Ip services
Ip servicesIp services
Ip services
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
BGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN ControllerBGP Traffic Engineering with SDN Controller
BGP Traffic Engineering with SDN Controller
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드
 
Chapter 2-IP Routing.pdf
Chapter 2-IP Routing.pdfChapter 2-IP Routing.pdf
Chapter 2-IP Routing.pdf
 
Vrrp Alp
Vrrp AlpVrrp Alp
Vrrp Alp
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Hallowed be thy packets by Paul Coggin

  • 2. Multicast Source 1 Multicast Overview Multicast Source 2 Multicast uses UDP One-way traffic stream “Fire and Forget” -  Video -  Many other apps Multicast Routing PIM - Reverse Path Forwarding(RPF) Receiver Receiver Receiver IGMP Report to Join Multicast Group Member 1 IGMP Report to Join Multicast Group Member 1 IGMP Report to Join Multicast Group Member 2 - Routers send periodic queries - Host per VLAN per group reports -  Host may send leave messages -  IPv4 – IGMP -  IPv6 - MLD Multicast PIM routing
  • 5. Multicast Source 1 Attacking Multicast Multicast Source 2 Receiver Receiver Receiver Multicast PIM routing Craft Router PIM Packets -  SCAPY -  Colasoft Packet Builder -  Possible to use GNS3 or Quagga etc to add PIM router Local VLAN Segement -  Hello packets -  Join/Prune packets -  Assert Unicast PIM Packets -  Register -  Register-Stop -  C-RP-Advertisement Craft IGMP/MLD - SCAPY - Collasoft Packet Builder - IGMP Leaves - IGMP Queries - Spoof IGMP Source
  • 6. Multicast Source 1 Securing Multicast Multicast Source 2 Receiver Receiver Receiver Multicast PIM routing - Control Plane Policing(CoPP) - Modular Quality of Service - PIM Neighbor Filter (ACL may be defeated by spoofing. L2 spoof protection needed.) -  RP Announce Filter -  Multicast Boundary Filter -  L3 Switch Aggregation Multicast Storm Control on switches L2 port security Secure Multicast Control Protocol Trust Relationships
  • 7. Cisco Discovery Protocol (CDP) Cisco Discovery Protocol (CDP) -  Great tool for mapping out a network during an audit -  Be sure to disable on connections to external networks such as WAN, MetroE -  VoIP phones use CDP (how to secure info leakage on VoIP net??)
  • 8. Cisco Discovery Protocol (CDP) – Great for Recon!
  • 9. Protocol Hacking Tools GSN3 SCAPY Colasoft Packet Builder Many others… (Remember to enable IP forwarding) Reference : http://packetlife.net/media/library/3/First_Hop_Redundancy.pdf Global Load Balancing Protocol (GLBP) Hot Standby Router Protocol (HSRP) Virtual Redundant Router Protocol (VRRP) Active router 192.168.1.1 Backup router 192.168.1.2Virtual router 192.168.1.3 192.168.1.50 Multicast protocol Priority elects role MD5, clear, no authentication V V Rogue Insider First Hop Redundancy Protocols
  • 10. VRRP – No Authentication VRRP – No Authentication
  • 11. VRRP – Clear Text Authentication VRRP – No Authentication
  • 12. FHRP – Crafted HSRP Packets Routers Rogue Insider Crafted HSRP coup packet with higher priority
  • 13. Hack the Network via OSPF Area 1 Area Border Router (ABR) ABR Area 2 Area 0 Autononynmous System Border Router (ASBR) DR BDR OSPF Exploit Tools -  Quagga -  NRL Core(Network Simulator) -  Nemesis -  Loki -  GSN3Dynamips - Buy a router on eBay -  Hack a router and reconfigure -  Code one with Scapy -  IP Sorcery( IP Magic) -  Cain & Able to crack OSPF MD5 -  MS RRAS -  NetDude -  Collasoft -  Phenoelit IRPAS OSPF Attack Vectors -  Take over as DR - Inject routes to mask source of attack - DoS -  Inject routes for MITM - Add new routes to hacked router - Change interface bandwidth or use IP OSPF Cost for Traffic Engineering on hacked router OSPF typically is implemented without any thought to security. LSA’s are mul<cast on the spoke LAN for any user to sniff without MD5. External Network BGP, EIGRP, ISIS
  • 14. OSPF – No Authentication
  • 15. OSPF – Clear Text Authentication
  • 16. 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 192.168.1.0 255.255.255.0 Hack the Network via EIGRP Similar to OSPF, EIGRP typically is implemented without any thought to security. Network administrators should use authen<ca<on and configure interfaces to be passive in EIGRP. EIGRP Attack Vectors -  Inject routes to mask source of attack -  DoS -  Inject routes for MITM -  Add new routes to hacked router -  Change interface bandwidth for Traffic Engineering on hacked router EIGRP Exploit Tools -  GSN3Dynamips - Buy a router on eBay -  Hack a router and reconfigure -  Phenoelit IRPAS
  • 18. VPN_A VPN_A VPN_B 10.3.0.0 10.1.0.0 11.5.0.0 P P P P PE PE CE CE CE VPN_A VPN_B VPN_B 10.1.0.0 10.2.0.0 11.6.0.0 CE PE PECE CE VPN_A 10.2.0.0 CE iBGP sessions •  P Routers (LSRs) are in the Core of the MPLS Cloud •  PE Routers (Edge LSRs or LERs) Use MPLS with the Core and Plain IP with CE Routers •  P and PE Routers Share a Common IGP •  PE Routers are MP-iBGP Fully-meshed MPLS Architecture Overview Service provider may accidentally or intentionally misconfigure VPN’s Utilize IPSEC VPN over MPLS VPN to insure security
  • 19. MPLS Label PCAP - Service Provider Core 32-bit MPLS Label Format •  Label : 20-bit •  EXP : 3-bit •  Bottom-of-Stack : 1-bit •  TTL : 8-bit CPE to CPE Telnet over Service Provider MPLS VPN
  • 20. Telnet Username Password – Clear Text Encapsulated in MPLS VPN A Separate Overlay Encrypted VPN is Required to Secure Your Traffic
  • 22. References Internet Routing Architectures, Halabi, Cisco Press MPLS VPN Security, Michael H. Behringer, Monique J. Morrow, Cisco Press ISP Essentials, Barry Raveendran Greene, Philip Smith, Cisco Press Router Security Strategies – Securing IP Network Traffic Planes, Gregg Schudel, David J. Smith, Cisco Press MPLS and VPN Architectures, Jim Guichard, Ivan Papelnjak, Cisco Press MPLS Configuration on Cisco IOS Software, Lancy Lobo, Umesh Lakshman, Cisco Press Traffic Engineering with MPLS, Eric Osborne, Ajay Simha, Cisco Press LAN Switch Security – What Hackers Know About Your Switches, Eric Vyncke, Christopher Paggen, Cisco Press RFC 2547 RFC 2547bis RFC 2917 RFC 4364 Attack Trees, Bruce Schneier, https://www.schneier.com/paper-attacktrees-ddj-ft.html hLp://www.nrl.navy.mil/itd/ncs/products/core http://www.cisco.com/go/mpls hLp://www.wired.com/2013/12/bgp-hijacking-belarus-iceland/ hLp://www.blyon.com/hey-aL-customers-your-facebook-data-went-to-china-and-korea-this-morning/ hLp://www.renesys.com/2008/02/pakistan-hijacks-youtube-1/ hLp://www.netop<cs.com/blog/01-07-2011/sample-pcap-files RFC 2236 IGMPv2 RFC 2362 PIM-SM RFC 2588 IP Mul<cast and Firewalls RFC 2113 IP Router Alert Op<on