Archive for August, 2008

17
Aug
08

ISA server detection – Information Leaking

Error 404 – Page not found is often frustrating, but the error page also leak information. Hereby I had attached an Error page generated by Microsoft ISA server.

The information might not seems very useful. But do remember that:

Any information will just bring the hacking closer to success.

Advertisements
08
Aug
08

Route Summarization (CCNA Tips)

When we come to router configuration, it is often required to do route summarization for the subnets on the LAN.

By using route summarization, it helps:

  • reduce the size of routing table held by the router
  • reduce the need to of route updates
  • overcome/neglect network problem (flipping network)

In short, it is an add-up of various narrow routes into wide route(s). By example, we have several subnet in LAN of:
192.168.1.0/26 (64hosts: 192.168.1.0-192.168.1.63)
192.168.1.64/26 (64hosts: 192.168.1.64-192.168.1.127)
192.168.1.128/26 (64 hosts: 192.168.1.128-192.168.1.191)
192.168.1.192/26 (64 hosts: 192.168.1.192-192.168.1.255)

which goes through single router to Internet. Then we can summarize the route to:
192.168.1.0/25 (128 hosts: 192.168.1.0-192.168.1.127)
192.168.1.128/25 (128 hosts: 192.168.1.128-192.168.1.255)

We further summarize it to 192.168.1.0/24 (256hosts: 192.168.1.0-192.168.1.255)

Quite often we make mistake summarizing routes, by using the following example, here we got 2 route:
192.168.1.64/26 (64hosts: 192.168.1.64-192.168.1.127)
192.168.1.128/26 (64 hosts: 192.168.1.128-192.168.191)
we might summarize them to 192.168.1.64/25, which is INCORRECT, because 192.168.1.64/25 have the IP addresses starting from 192.168.1.0 – 192.168.1.127, NOT 192.168.1.64 – 192.168.1.191.

*192.168.1.64/25 doesn’t mean 192.168.1.64 is the starting address, you can just put any address as you like (Yes! Any address as you like, because it doesn’t necessary¬† to be starting address, however for ease of calculation, we encourage first IP to be used).

Here comes a little tip to prevent mis-summarized route, by little calculation. Let’s take the previous incorrect summarized route 192.168.1.64/25.

Take the magic number 32, minus the slash notation (25):
32-25=7

Make it the power of 2:
2 the power of 7 = 128 (2x2x2x2x2x2x2)

Take the last octect from first ip address of the summarized route (192.168.1.64), divided by 128:
64/128 = 0.5

If it is a round number (0, 1, 2, 3…), the route summarization is correct, vice versa!

Let’s have some fun. For instance:

1. 192.168.1.0/29 (8 hosts: 192.168.1.0-192.168.1.7)
2. 192.168.1.8/29 (8 hosts: 192.168.1.8-192.168.1.15)
3. 192.168.1.40/29 (8 hosts: 192.168.1.40-192.168.1.47)
4. 192.168.1.48/29 (8 hosts: 192.168.1.48-192.168.1.55)

We can summarize

Route 1 and 2 into:
A. 192.168.1.0/28 (16 hosts: 192.168.1.0-192.168.1.15)

Route 3 and 4 into:
B. 192.168.1.40/28 (16 hosts: 192.168.1.40-192.168.1.55)

Route A and B can’t be further summarized, because they are not contiguous!

Let check the validity of the route A 192.168.1.0/28 (first IP address: 192.168.1.0):
32-28=4
2 the power of 4 = 16 (2x2x2x2)
0 (last octect) / 16 = 0 (round number!)

So route A is valid!

Let check the validity of the route B 192.168.1.40/28 (first IP address: 192.168.1.40):
32-28=4
2 the power of 4 = 16 (2x2x2x2)
40(last octect) / 16 = 0.25 (not round number!)

So route B is invalid!

At the last, the route summarization of these 4 route are:

192.168.1.0/28
192.168.40/29
192.168.48/29

When you are not sure if your route summarization works, just simply make a count.

* For slash notation < 24, just simply ignore the last octet
Change the magic number to 24, take second last octet in calculation.

* For slash notation <16, we just simply ignore the last and second last octet.
Change the magic number to 16, take the second octet in calculation.