Security

ISIS Security part 2 – Video

A while ago I wrote a post on ISIS security. Here is a video to accompany the post.
Consider the topology below.

There are five ways to configure ISIS authentication.  The methods differ in which packets they authenticate.  Some authentication methods will tear down ISIS adjacencies if there is an authentication mismatch, others will remove any [...]

Prefix Lists

IP Prefix lists can be used with BGP to permit or deny specific prefixes from being advertised or learnt to or from a neighbor.
Consider the topology below.

We will carry out three exercises.

configure a prefix list to match 192.168.1.0/24
configure a prefix list to match 192.168.1.0/24, 192.168.1.0/25, 192.168.1.0/26.
configure a prefix list to match 192.168.1.0/25 and 192.168.1.0/26

Exercise 1
We [...]

Source Based RTBH

Consider the topology below.

PC1 sends a syn flood attack using source IP 192.168.1.1 to PC2 destination address 172.16.1.1.
The network engineer at ZeeNet spots the attack and quickly logs onto the trigger router.  He adds a static route to the trigger router which states that the next hop for 192.168.1.1/32 is Null0.  This static route is [...]

Destination Based RTBH

Chirag, this ones for you dude.
Consider the topology below.

PC1 sends a syn flood attack using source IP 192.168.1.1 to PC2 destination address 172.16.1.1.
The network engineer at ZeeNet spots the attack and quickly logs onto the trigger router.  He adds a static route to the trigger router which states that the next hop for 172.16.1.1/32 is [...]

Remotely Triggered Black Hole (RTBH) destination and source based introduction

RTBH is a method of creating black holes in your network, preferably at your network edge to drop any unwanted incoming traffic usually some kind of attack traffic.
There are two types of black holes you can configure in RTBH, one is source based and the other is destination based.
The black holes are created by simply [...]