TCP SYN flooding is often used in conjunction with IP spoofing. The main aim of a TCP SYN flood is to send a TCP SYN packet to a host inside your network from a spoofed IP address. The TCP SYN ACK is then sent to a machine that is not expecting one, or a machine [...]

SubSeven – aka: Sub7 and Sub7Server is a backdoor program, in the form of a Trojan, used mostly for causing trouble on computer networks. It can be used for simple attacks such as hiding the mouse cursor and opening applications, but it can also be used for more serious attacks including retrieving all your personal [...]

The big difference between the enable password and the enable secret is the encryption level. The enable password by default is saved in clear text so when looking at the running-configuration of the router you will be able to read the password. It is possible to encrypt this password using the service password-encryption command.   [...]

Before looking at how to mitigate a Smurf attack, let’s first understand what it is and why it’s such a problem.   A Smurf works on a weakness of IP and ICMP by sending an ICMP packet to the broadcast address of a network. For example, I could send an ICMP (Ping packet) to every [...]

IP spoofing is the act of camouflaging your IP address to make it look like you are someone else. Although IP spoofing is not an attack by itself, it is the starting point of many of the most common attacks found on today’s networks.   Most, but not all, of the spoofing attacks that take [...]

One of the first and most important things to configure on any Cisco device after allowing telnet or SSH, is to restrict who is allowed to access the device. Of course having a password on the lines is the first step but if telnet is the method of communication, all passwords will be sent over [...]

Before looking into the configuration of ACL (Access Control Lists), it’s important to get some of the concepts and understanding of how they work and what they are used for. Firstly, most people believe that ACL’s are used purely for denying or allowing traffic, although this is certainly one of the functions of a ACL [...]

In order for 2 VLANS to be able to communicate, the traffic must be routed. This can be done either by a multi-layer switch which will have routing capabilities, or the packets can be routed by a router.   As an example, I have 2 VLANS, VLAN 10 and VLAN 20 which have subnets 10.0.10.0/24 [...]

VTP (VLAN Trunking protocol) is a protocol used to replicate the VLAN information across switches, however there are a few things that must be made clear…   1/ VLAN information will only be sent on trunk ports 2/ Only the VLAN identity is replicated, NOT which ports are configured to use that VLAN! 3/ Maintains [...]

Although the configuration of both of these functions is incredible easy, the concept behind them is somewhat important.   Duplex defines how traffic will be sent and can be related to a 2-way radio vs. A telephone. With a 2-way radio, more so when there are more than 2 people on the same radio frequency, [...]