qmaw的部落格

在Ethernet II 訊框內，有一個Type/Length欄位

它十分引起我的興趣，在Jumbo Frame裡，它到底會記載什麼值呢？

所以我就拿了我的Intel 930CT來作了一個實驗，看看Jumbo Frame裡究竟裝了些什麼東西，

這次的PCAP檔，可以在https://box.nctu.edu.tw/public.php?service=files&t=56c9ebd5b4310d912358a84fe13c9727&download下載

0. SDN Hub VM的版本

1.下載packeth 1.7.3 & 解壓縮

http://sourceforge.net/projects/packeth/files/，下載1.7.3版

以下內容的PCAP檔，可以在下面連結下載。

https://box.nctu.edu.tw/public.php?service=files&t=0ff82d6fdf0039a2d28f4d76bf0032a5

拓撲：
(Mininet 2.1.0 192.168.100.7)<---->(RYU Controller   192.168.100.8)

OpenStack是新興的網路架構之一，不過它的架構對於初學者來講有一點雜亂，所以根據官方文件，把相關的元件畫成心智圖。

不過我想圖片大家應該是看不清楚，可以到下面的網址看大圖。
https://www.dropbox.com/s/jv1q55ub1lrhmdi/OpenStack%20Services%28Grizzly%29.png 

http://en.wikipedia.org/wiki/EtherType

比較常看到的，應該就是0X8100&0X88a8

1. CISCO 特有
2. 群組中的路由器都參與訊務轉送
3. 所有的用戶都使用相同的閘道器IP，但是MAC Address可能不同
4. AVG，Active Virtual Gateway，負責回應詢問虛擬路由器位址的ARP Request，群組中某一個路由器的虛擬MAC Address會被回覆給Client端。
5. AVF，Active Virtual Forwarder，當作Client的閘道器使用，負責轉送Client訊務。
6. 每個群組最多可使用4個虛擬MAC Address。
7. 群組編號0~1023
8. 優先權0~255，預設值100
9. AVG每三秒發送一次Hello訊息
10. 虛擬MAC Address的格式為0007.b4xx.xxyy，xx.xx為6位元的0加上10位元的GLBP群組編號。yy為AVF的編號。

ttp://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html

cisco的acl 需要給number，上面的網址列出了可能的acl number。提供給需要的人。

https://supportforums.cisco.com/thread/2061103

CCNP的TSHOOT裡，有一題是和Track IP route指令相關的題目，這裡有一個不錯的解釋。

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

這個網頁中介紹了ping指令的各種結果。

1. Routing & Switching http://www.rstut.com/
2. Security http://www.securitytut.com/
3. Trouble Shooting http://www.networktut.com/

https://learningnetwork.cisco.com/docs/DOC-6738

真好，連拓撲都已經給我了的考試

1. Chosen plain-text attack
2. Chosen ciphertext attack
3. Birthday attack
4. Meet-in-the-middle attack
5. Brute-force attack
6. Ciphertext-only attack
7. Known plain-text (the usual brute-force) attack

1. 大約有60~80的網路濫用(misuse)是出自於內部網路
2. 三個安全的目標為
   1. confidentiality (Keep Data Private)
   2. integrity (Data has not been modified in transmit)
   3. availability (A measure of the data’s accessibility)
3. 政府和軍隊使用的機密等級範例
   1. Unclassified
   2. Sensitive but unclassified(SBU)
   3. Confidential
   4. Secret
   5. Top-Secret
4. 美國政府的三種機密等級
   1. Confidential
   2. Secret
   3. Top-Secret
5. 組織使用的機密等級範例
   1. Public
   2. Sensitive
   3. Private
   4. Confidential
6. 可用於資料分級的特徵
   1. 價值 (Value)
   2. 年份 (Age)
   3. 可用期 (Useful life)
   4. 相關者 (Personal association)
7. 分類原則
   1. Owner
   2. Custodian (保管人)
   3. User
8. 安全方案控制
   1. Administrative Control
   2. Physical Control
   3. Technical Control
9. 承8. 以上方法又可以分為下列的控制方案
   1. Preventive
   2. Deterrent (遏止的)
   3. Detective
10. 描述安全事件需要紀錄的項目
    1. Motive
    2. Means
    3. Opportunity.
11. 不同等級的法律規範
    1. Criminal law
    2. Civil law
    3. Administrative law
12. 五種概分的攻擊種類
    1. Passive
    2. Active
    3. Close-in
    4. Insider
    5. Distribution
13. Defense in Depth design philosophy
    1. Defend multiple attack targets in the network
    2. Create overlapping defenses
    3. Let the value of protected resource dictate the strength of the security mechanism
    4. Use strong encryption technologies
       1. AES
       2. PKI
14. NIDS, NIPS, HIPS
    1. NIDS (Network-based Intrusion Detection System)
    2. NIPS (Network-based Intrusion Prevention System)
    3. HIPS (Host-based Intrusion Prevention System)
15. Types of IP Spoofing Attacks
    1. NonBlind Spoofing (攻擊者和目標在同一個subnet)
    2. Blind Spoofing (攻擊者和目標在不同subnet)
16. Source Routing 的二種類型
    1. Loose
    2. Strict
17. 防止IP spoofing Attacking的方法
    1. ACL
    2. IPsec tunnel
    3. cryptographic authentication
18. 機密性攻擊方法
    1. Packet Capture
    2. Ping sweep and port scan
    3. Dumpster diving
    4. EMI interception
    5. Wiretapping
    6. Social engineering
    7. Sending information over overt channels
    8. Sending information over covert channels
19. 完整性攻擊方法
    1. Salami Attack
    2. Data diddling
    3. Trust relationship exploitation
    4. Password attack
       1. Trojan horse
       2. Packet capture
       3. Keylogger
       4. Brute force
       5. Dictionary attack
       6. Botnet
       7. Hijacking a session
20. 可用性攻擊方法
    1. Denial of Service (DoS)
    2. Distributed denial of service (DDoS)
    3. TCP SYN flood
    4. ICMP attacks
    5. Electrical disturbances
       1. Power Spike
       2. Electrical surge
       3. Power fault
       4. Blackout
       5. Power sag
       6. Brownout
    6. Attacks on a system’s physical environment
       1. Temperature
       2. Humidity
       3. Gas

1. 歸類於Network Maintenance的工作
   1. Hardware and software installation and configuration
   2. Troubleshooting problem reports
   3. Monitoring and tuning network performance
   4. Planning for network expansion
   5. Documenting the network and day changes made to the network
   6. Ensuring compliance with legal regulations and corporate policies
   7. Securing the network against internal and external threats
2. 網路維護工作可被分為二類
   1. Structured tasks
   2. Interrupt-driven tasks
3. 眾所皆知的網路維護方法
   1. FCAPS
      1. Fault Management
      2. Configuration Management
      3. Accounting Management
      4. Performance Management
      5. Security Management
   2. ITIL: IT infrastructure Library
   3. TMN
   4. Cisco Lifecycle Services
4. 日常維護工作
   1. Configuration changes
   2. Replacement of older or failed hardware
   3. Scheduled backups
   4. Updating Software
   5. Monitoring network performance
5. 進行網路設定變更應注意事項
   1. Who is responsible for authorizing various types of network changes
   2. Which task should only be performed during scheduled maintenance windows
   3. What procedures should be followed prior to making a change
   4. What measureable criteria determine the success or failure of a network change
   5. How will a network change be documented, and who is responsible for the doucmentation
   6. How will a rollback plan be created, such that a configuration can be restored to its previous state if the changes resulted in unexpected problems
   7. Under what circumstances can formalized change management policies be overriden, and what (if any) authorization is required for an override
6. 通常會紀錄在網路文件中的資訊
   1. Logical topology diagram
   2. Physical topology diagram
   3. Listing of interconnections
   4. Inventory of network equipment
   5. IP address assignments
   6. Configuration Information
   7. Original Design Document
7. 為了快速從設備故障中回復網路，平時應準備好下列材料
   1. 另一台相同的硬體
   2. 相同的軟體，以及設定還有授權檔
   3. 設備的組態檔備份
8. 以下指令可以設定每天備份組態檔
   archive
   path ftp://192.168.1.1/R1-config
   write-memory
   

1. IPsec offers the following protections for VPN Traffic
   1. Confidentiality
   2. Integrity
   3. Authentication
2. IPsec use a collection of protocols to provide its features. One of the primary protocol it use is Internet Key Exchange(IKE).
   1. Main Mode
   2. Aggressive Mode
   3. Quick Mode
3. IPsec relies on
   1. Authentication Header (AH), Protocol 51
   2. Encapsulating Securit Payload (ESP), Protocol 50

1. 使用security password min-length 10可以限制密碼的長度至少要10個字元
2. 除了第一個字元之外，空白也可以被當作密碼的一部分。
3. username username security 5 hash_value，5代表密碼是hash過的
4. no service password-recovery 可以讓機器無法再進行ROMMON密碼恢復的程序。
5. security authentication failure rate numbers，如果輸入密碼的錯誤次數大於numbers，就暫停15秒。

1. 初始(Initiation)
2. 需求與開發(Acquisition and development)
3. 建置(Implementation)
4. 運作和維護(Operations and maintenance)
5. 部署(Disposition)

V1
Get next request
unsolicited alert msg

V2

1. 使用show vlan確定拓撲內的SWITCH都有正確設定VLAN
2. 使用確定trunk links被設定為可以傳送新VLAN。(這裡這Trunk link 應該是指vlan trunk)