Admin and Email

Well today I have spent trying to tidy up the admin side of things, adding in google analytics’s and tidying up the links pages. Still more to do but I am working as well you know..

One thing I came across was that email is not working. After playing around for a bit I came to two conclusions, First the PHP solution is not for me, so I decided to go SMTP. Only then to remember my wonderful company firewall policy (that I wrote), don’t allow email to be sent. Still at least I know where I stand with it now and been finding out more about this word press as I go. Time to go home now so will have to wait till tomorrow to open up the port for this server. Until then I don’t get email alerts but I am sure I will survive.

Home to study and maybe another post later about Spanning Trees and stuff.

Keep happy people.

DHCP snooping and Option 82

OK time to get on with it. And seeing as I have just been brushing up on switch security what better place to start.

Not going to tell you how to configure DHCP snooping or show you my lab set up, there are plenty of great documents on the net you can find for that, www.cisco.com/dhcp-cconfig for instance.  But I suposes theres no harm in a quick recap about what DHCP snooping is and why it is used.

Really the hint is in the name, when enabled on a Switch, any DHCP packets, (both requests and replies) the switch listens in on and can filter and in some cases altered. The main function is of course to prevent rogue DHCP servers from being placed on the network, so in its most basic set up, you simple enable it on a switch and mark all ports on the uplink path to the DHCP server as trusted, this will allow DHCP responce packets to be sent down this path. Easy hey!? You can add in limiters to how many request packets a untrusted port can send to the DHCP server to prevent DoS attacks on the DHCP servers, and there are other options of course (always is in IT), but prevention of DoS attacks and prevention of Rogue DHCP servers are the two biggie’s.

What DHCP snooping also does of course as it reads the DHCP packets passing through its ports, is to build up a data base of what IP address and  MAC address have been assigned by DHCP to which Switch port. This can then be used for IP source guard, this works by assigning an ACL on a per port basics that restricts the source IP address in packets, to the IP stored in the DHCP snooping database. And for Dynamic ARP inspection, where the ARP packets are filtered by the switch to insure the information contained in them matches the information gained from DHCP snooping.

So by combining DHCP snooping with IP source guard, Dynamic ARP inspection and port-security, you can mitigate many of the Layer 2 switch based attacks.

The one thing that really interested me when I was going through DHCP snooping was the setting to enable option 82. It was kind of mentioned in passing in the CCNP course material, so I had a little look up about what it was. Well this seemed simple enough, when the switch recives an incoming DHCP request packet from the switch it adds in some information. namely the switch port the client is connected on , the vlan it is assigned to and the id of the switch adding the information. This Document sums it up nicely. And then you read that this information can be used by the DHCP server for how it assigns address, and can be stored by the DHCP agent. I thought hey… cool.. So I enable this option, turn on support on the windows 2003 DHCP servers, and BING!! I would have a list of DNS name, IP address, MAC address, and switch and port location.. But sadly it seems windows 2003 does not support this option.. poor form if you ask me.

It got me thinking though, ways to trace a client device to a physical location. Not just what area of a building by down to the switch port it is connected to. This can be very useful for tracing PC’s with problems on the network, or trace back were strange traffic is coming from, and the quicker you can do it the better.

There the manual way of course, use the CAM tables and show commands to trace a MAC address back to its switch port. You first of course have to resolve the DNS name back to the MAC. Then at the other end you could enable 802.1x port-based authentication, and run a CISCO ACS server to do the authentication. Run a report on the ACS server  and it will give you all the information you need.

My personal solution was to use Kiwi cat tools to run an audit on all the switch devices and build up a database of MAC address to switch ports. I already have a data base of DNS names – MAC address from our auditing software and it was a 5 minute job to set up the link between them.

So from looking at DHCP Snooping, to ways to monitor the network. All in a days studying :). Now one more run though of the config for this on my lab and then its on to practising MSTP’s.

Well there you have it, first real post, now to see what the general public think.

Take care all.

Well Looking a bit better

OK so I haven’t really got much further with an actually interesting blog.. But I have spent some constructive time playing word press, working out how to do a few things and started population the links.

For any one interested in the particulars this blog is running on a DELL GX280, running UNBUNTU server. (now don’t you all feel much better for knowing that). My next step is to work out how to back up this site, my old website was simply copy the folder, but I feel with SQL this might not be quite as straight forward. I am also trying to work out how to create posts on multiply pages? if any one knows I would be always grateful.

Well I’m going back to looking at a back up solution, but fear no the first real post will be here soon.

DevilWAH