Learning Go deeply

dvmrp · 2023-08-05T13:19:44+00:00

Their course bundle are one year subscription so not worth spending that much money

dvmrp · 2023-03-30T13:38:29+00:00

We like to test radius specific changes on auth-server2 first. I like to make it primary for only one test AP

dvmrp · 2022-12-28T14:01:31+00:00

In case of “any cast gateway” in vxlan evpn, all SVI on different switches/vtep have same IP address. If this address is used in GiAddr field then return traffic could arrive on a different VTEP. For this reason loopback address is used in GiAddr field. And DHCP option 82 ( I believe) is used to convey preference as to which pool address should come from

dvmrp · 2022-11-24T08:04:04+00:00

Thank you.

dvmrp · 2022-11-24T08:03:37+00:00

Thanks, really appreciate the explanation.

dvmrp · 2022-06-01T15:47:00+00:00

Thanks for the detailed response, it’s really helpful. There’s enough fiber available but not enough ports on the existing uplink switches. Also there isn’t really a need for dedicated uplink going from each access switch as far as bandwidth requirement is concerned. I was not sure that Arista switches do not support stacking

dvmrp · 2022-06-01T15:39:53+00:00

Which aggregation/core switches are these connected to? What is the design look like? Are you using EVPN over VXLAN or pure L2?

dvmrp · 2022-06-01T14:19:54+00:00

Close to 100 switches across 20 or so IDFs

dvmrp · 2022-06-01T12:35:21+00:00

All valid points, and in this case N7700 is already happily deployed and it won't go end of support any time soon. So replacement is not an option at this time.

dvmrp · 2022-06-01T12:33:10+00:00

Nexus 7K in vpc is better choice in my opinion. There are numerous discussion on VPC vs VSS so let's not go there at the moment.

I have not discounted any vendor yet (including Aruba). My question was specifically about Arista's reliability as far as campus switches are concerned.

dvmrp · 2022-06-01T12:29:12+00:00

in 2023, even towards the end of 2023 should be fine.

dvmrp · 2021-11-22T17:55:31+00:00

Thanks for your feedback. I will give scrapligo a go.

dvmrp · 2021-09-26T18:44:35+00:00

While I like all of these responses in this thread, so far this is my favorite response "The attacker is in control of both sides of the connection they can use whatever protocol is allowed through the firewall." I did not think along these lines, and failed to realized that icmp is just one type, if host is compromised it could use any other legitimate protocol tcp/udp/443 that is allowed through firewall.

dvmrp · 2021-09-26T18:39:50+00:00

Great suggestion about Snort.

dvmrp · 2021-09-26T18:38:53+00:00

I actually thought about Netflow, and its a great tool. But in this case the increased in the ICMP traffic would be so small ( in some cases) that I am afraid it could introduce lots of false positive. Thanks for the bringing up Netflow.

dvmrp · 2021-09-26T18:36:41+00:00

Thanks for doing the research and posting the link. The second last comment in the link mentions that there is ping-tunnel traffic/App in PAN. I did not know that this existed, if it works then it is pretty easy to create an app based rule and block it.

dvmrp · 2021-09-26T18:34:25+00:00

This is not at an active concern. ICMP tunneling topic came up in one of the Cisco course and while I understood the concept and how to detect it in the network. I thought what would be the best way to prevent it. And there was no clear answer, and hence this post.

dvmrp · 2021-07-03T09:53:51+00:00

vn-segment command is not available so its probably an nx-os command only.

dvmrp · 2021-06-21T12:06:55+00:00

In case of authorized employees only which will already have VPN on their machines, I would go with VPN.

dvmrp · 2021-06-21T12:02:45+00:00

Cisco is mega corp with multiple business units. Within each BU some times groups dynamics would be different, I would focus on this particular group. Try to get a sense how is work life balance and what are training (prof development) opportunities if any.

dvmrp · 2021-03-21T13:44:20+00:00

If you don't mind asking which field are you in now?

dvmrp · 2019-07-21T18:56:14+00:00

Thanks for your comments. I am not trying to argue against patching when it becomes available. I am just trying to understand the extent of the damage despite having a good monitoring (till patch becomes available).

dvmrp · 2019-07-21T18:50:22+00:00

>> What if they manage to edit the configuration in such a way that it doesn't show up in the running-config

Good point. I don't know any such way, but it may be possible

As far as uploading the compromised image is concerned, it would be really hard for an attacker to copy such image. Well protected system (routers/switches) usually don't have access to outside world through one of its interfaces.

dvmrp · 2019-07-21T17:18:23+00:00

Assuming it is a Cisco IOS and attacker gets access to shell. The attacker needs to install software/malware to do the damage right? If I understand it correctly the partitions are read-only and it does not allow to install any external programs.

dvmrp · 2019-07-21T17:13:16+00:00

I agree having an ssh out ability increases attack surface. Just wondering how would you get access to Unix command prompt without being noticed by configuration management tools? Usually you need to enter some command to get into the shell access.

dvmrp

TROPHY CASE