Monday, August 24, 2009

Configuring Router Interfaces

In this post I'll cover the configuration of an ethernet interface on the router, and I'll demonstrate commands to interrogate and help troubleshoot the interfaces.

Lab Setup

In this lab I'll have two router and I'll configure them to talk to each other



To start with you might want to clarify exactly which interfaces your router might have. This can be done visually (by looking at the device) or by using some of the excellent show commands.

The show version command will print to the screen exactly which interfaces are installed.

R0>en
Ro#show version




The show interfaces command gives details on the configuration of the interface, setting such as duplex and speed, and it will also show traffic statistics.

R0#show interfaces



If you have many interfaces in your router you can just focus on a single interface using the interface number (remember, slot/port):

R0#show interfaces fastethernet 0/0


From the output I can see that the interface isn't configured. I'll configure that port and then take another look. I'll go into configuration mode select the interface, give it an IP address and subnet mask then tell it not to be in the shutdown state. Remember, by default all ports are in a shutdown state. Another import thing to remember is if you restore your config from a backup the ports will need to be taken out of the shutdown state manually.

R0>enable
R0#
configure terminal
R0(config)#
interface fastethernet 0/0
R0(config-if)#ip address 192.168.1.1 255.255.255.252
R0(config-if)#no shut

R0(config-if)#exit




I saw the line come up when I was setting the port up, so now i'll ping my other router.



Wel the ping came back fine and after another look at the interface I can see it has the right IP address and the counters are updating nicely.


Another great command for looking at the interface is:

R0#show ip interface fastethernet 0/0



This shows me absolutely everything that is set or can be set on the interface.

And finally one last command for looking at the interface status in a nice condensed format is:

R0#show ip interface brief

Here I see all interfaces, what there IP addresses are and whether they are up or not.



So this has been a quick post on setting up an interface with an IP address and using some handy show commands to check the interface.

Sunday, August 16, 2009

Securing My Router

In this post i'll cover the following:

  • Giving the router a name
  • Setting up a enable (privilege) mode password
  • Setting the domain name, the clock and pointing it to a DNS server
  • Securing the Console and Aux ports
  • Creating a banner
  • Saving the config
  • Removing unnecessary services

Right. So I've got my test lab set up. To start with i'll just have one router called R0. I'll demonstrate how to configure the router and secure it.


I bring up the console after starting R0 and Terminal (on the Mac by the way) acts as if I was physically connected to the console port on the router itself. After the IOS decompresses and is loaded into RAM I'm prompted to enter the initial configuration setup. I say no to this as I will be manually configuring the router.

The first thing I want to do is give my router an Enable password. The reason for doing so is after I give the interface an IP address there is a window of opportunity for someone to look at the configuration and glean some information that I might not necessarily want them to see.

I enter the Enable mode by typing:

Router>enable

This will change the prompt from a > symbol to a hash #. Before you enter into the Enable mode there are only limited commands available, these can be viewed by typing ? at the prompt as shown in the previous post.

Remember, the hash symbol will be present whenever I am in the Enable mode, and it's from here that I can perform configuration and diagnostic tasks.

Router#configure terminal

To configure an enable password as "letmein" I type:

Router(config)#enable secret letmein

This will create a password for the Enable mode and within the configuration it will be encrypted. The password is encrypted with Type 5 encryption (I'll come back to this in a bit).

After this I'll give my router a name and a DNS domain name, set the clock and tell it what DNS Servers to use:


Router(config)#hostname R0
R0(config)#ip domain name home.local
R0(config)#ip name-server 10.0.1.1
R0(config)#exit
R0#clock set 22:00:00 16 aug 2009

Notice that my prompt changed to reflect my new name.



Okay, right now I have a Console port and an Auxilary port I want to configure.

To start with I'll secure the Console port. From the Enable mode I want to enter into Configuration mode and then into console port configuration mode. To do this i use the following commands:

R0(config)#line con 0

R0(config-line)#logging synchronous
R0(config-line)#exec-timeout 10 0
R0(config-line)#password flipper
R0(config-line)#login
R0(config-line)#exit

R0(config)#

What I have done here is selected to configure line con 0 which is the console port. The prompt changed to indicate which configuration mode I am in. I told it to set logging to synchronous, which means when the informational messages or debugging messages hit the screen it wont screw with my command. I have then set the exec-timeout to 30 minutes and 0 seconds which means my console session will be disconnected after 30 minutes of inactivity. I could have set this to not time out by using 0 minutes and 0 seconds. I have then set my console password to flipper and told it to prompt me to log in by issuing the login command. After entering those I used the exit command to come out of the line con 0 configuration and get back to the configuration mode.

I'll do the same for the Aux port as this can be used to access the router as well.

R0(config)#line aux 0

R0(config-line)#logging synchronous
R0(config-line)#exec-timeout 30 0
R0(config-line)#password flipper
R0(config-line)#login
R0(config-line)#exit

R0(config)#

After securing the ports I want to set up a banner on my router to warn any unauthorised people that they should not be accessing the router. I do this with the following:

R0(config)#banner motd % No unauthorised access %
R0(config)#exit


Different banners can be created for events such as prompt timeout, login, exec or for SLIP/PPP. They can also be real fancy and have ASCII art if you so wish.

After all this configuration I look at the running config to check all is as it should be.

R0#show running-config


Here I am able to see all the commands I have entered. Now it's important to remember that the commands take effect as soon as they are typed (and you have pressed enter of course!).

One thing that bothers me about the running config as shown in the screenshot is my console passwords and aux port passwords are in clear text. Anyone looking over my shoulder (the wife or dog) could see these and they would be well on there way to owning my router. I can fix this by turning on the password encryption service, showing the config again and then turning it off. But remember, when we configure the VTY (Telnet) ports in a later post I need to do this again otherwise the new VTY ports passwords will be clear text.


R0#configure terminal
R0(config)#service password-encryption
R0(config)#exit
R0#show running-config
R0(config)#no service password-encryption
R0(config)#end


So I have entered configuration mode, turned on the password encryption service, looked at the config, then I turned the service off.

Now looking at the config I see that the passwords are encrypted with Type 7 encryption. Now one thing about Type 7 encryption, its a piece of piss to crack, Cape in will do it as will many websites. All that Type 7 will do is stop the casual observer from seeing an easily remembered password (if thats what you use). Obviously its goes without saying that your Enable password should be different from the port passwords you set.


One last thing I noticed is the IP http server is enabled by default.


As I dont plan to use this I disable it using the "no" command

R0(config)#no ip http server

I check this has worked with another show running-config

R0#show running-config


After finally setting up my router so it is secure i save the settings from running-config to startup-config.


R0#copy running-config startup-config
R0#show startup-config


What I have done here is copied the running-config in RAM to the startup-config in NVRAM. The router will prompt me to give the configuration a name but I just press enter to select the default option that is shown in square brackets. After that completed I checked the startup-config.


In my next post I'll be looking at getting telnet and SSH set up.

Saturday, August 15, 2009

Getting To Know The IOS & The Device

I'll just quickly explain in the best way I can a few things about Cisco IOS. Cisco IOS is loaded from flash into RAM when the router boots (thats all the ##### you see). After the IOS has loaded you have have yourself a nice little OS running in memory. By typing a ? at whichever prompt you are at you will see the commands available. And by typing a ? after a command you will see all the subcommands available. This is super cool if you get stuck and need to know what comes next.


After IOS loads it will look in a number of places for the startup-config (NVRAM, Network), but generally it will load this from NVRAM. If it's a new router with no startup-config you'll be prompted to configure the router (don't do this though, it's boring!). As you type commands and change the configuration the changes are entered into the running-config which is in RAM. It's only when you save the running-config that this configuration overwrites the startup-config. So if a mistake is made and you mess up bad and you haven't saved the running-config to the startup-config the router can be simply rebooted to revert back to the startup-config or to a blank configuration.

So i've heard, during the CCNA exam the whole command needs to be typed (or use tab to complete) so i'll be doing that here to get familiar with the commands. In reality only enough of the command needs to be typed to make it unambiguous. So for example:

conf t
configure terminal

These are both the same command. You could press tab after typing "conf" and it would complete the command for you. The commands are not case sensitive and if you screw up IOS will tell you and show you where with a ^ symbol. I know what your thinking, sweet!

Also, IOS is really helpful, if you don't know what to type next just type ? at the end of the command and it will tell you what can come next. Have a play, you'll soon get the hang of it. I suggest though that if your going to take a Cisco exam just get used to using the tab key because if you use "sh run" instead of "show running-config" in the exam they'll have you for it!

Right, after connecting to the device, in GSN3 this is as simple as starting the device and clicking the console option. If your in Windows and physically connecting to a device you will need one of the blue cisco console cables connected to the console port on the device and HyperTerminal. HyperTerminal needs to be configured with:

Bits per second: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None


Once the device boots, just type no when prompted to enter the initial configuration dialog and you'll be sitting at a > prompt. By typing ? at the prompt you'll see available options. From here you can use network diagnostic tools such as Ping and Traceroute as well as a few others.

From here we can look at the some information on the device.

Router>show version


As you can see from the output we can see all sorts of details on the device such as the types of interfaces, the memory, the configuration register (we'll get back to this later),

Also by typing show ? you will see a list of the other settings you can view, such as SNMP Statistics, Telnet user sessions, memory, IP information, Flash etc...

Router>show ?


From the user mode we are currently at you can't really do much in the way of changing the config on the device. You need to enter into Enable mode to do that. To enter into Enable mode just type enable. Notice that the prompt changes from the > to a # . This is a good indicator of what mode your in. From here type ? to see the additional options available.

Router#?



Have a look around at the additional options and the new show options ( show ? ) and to return to user mode just type disable.


In this post we have just looked at the IOS and started to get familiar with it. Notice how we have been able to navigate round the IOS pretty freely without needing any credentials. In the next post i'll be locking the router down.

And On The Cisco Menu Tonight.....

This post will act as my main link page to my up and coming posts. As I post an entry I'll link the entries below. This will make things much easier to find.


Routers

13. Standard ACLs
14. Extended ACLs
15. Time Based ACLs
16. NAT - Overload




Switches

1. Initial switch configuration
2. VLAN configuration
3. Port security
4. Logging
More to follow soon.........

Friday, August 14, 2009

A Bit Of A Change - Yet Another Update

In the immortal words of Peter Doherty "Promises promises, I know, you've heard them all before...."



Okay, let me start with an apology to anyone who takes the time to visit my blog. Recently I've been crap at getting stuff out on the blog, and I've explained the reasons as being my spare time, which there's little when you have a 10 month old daughter to prioritise, is mostly spent with my head in my CCNA study book. So trying to find time to play with all the great tools on BackTrack has really taken a hit. So i've decided to change my plan slightly.

For the foreseeable future, or at least until I have passed the CCNA and maybe the Security specialisation after that, I'm going to focus on Cisco related posts. Originally The aim of this blog was for me to spend time learning something and then blog about it which then hopefully might help anyone who stumbles across it. Blogging what I have been learning also helps me to remember stuff and an added bonus is my blog serves as an accessible reference for me to use when i need to refer back to something in the future.

Great, that out the way i'll just describe my setup and then i'll get down to some nitty gritty Cisco IOS fun.

The book I am using to study for the CCNA is CCNA - Cisco Certified Network Associate Study Guide by Todd Lammle. This book was recommended to me by a mate and I really couldn't recommend it enough. The book was worth every penny and his writing style makes a joy to read.


What I'm using for my lab is a Cisco 2950 switch (that I got out of a bin!) and the GNS3 software. GNS3 is a program (windows, linux and Mac) that allows you to take a IOS image from a router or pix firewall and sort of run it in an emulator so you can access it and configure it just like the real device. Within the software you can build networks of routers, switches, Firewalls and PC's. Very cool stuff and very free too. Which is always nice! Getting up and running is pretty easy with GNS3 but there are plenty of videos on YouTube if you get stuck. You'll also need a couple of IOS's as well (cough cough bittorrent cough)

So once you have GNS3 up and a IOS to play with, you can get down to building your virtual test lab to get your feet wet without screwing up any physical devices.


All you then need to do is right click on a device, start it up and then select Console.


Bingo! Your very own Cisco test lab to play with whilst you learn.
OK, thats it for this quick update post, I will be posting again within the next few days on configuring a router.

I really hope this set of posts are useful to someone other than myself.

Cheers

Syn

Monday, August 3, 2009

Backtrack 4. MSF - Part 1

A couple of emails have come just at the right time to help me get back into the swing of things. They were both regarding Metasploit which fits nicely into my planned blog entries about tools from the BackTrack disto.

I plan to focus the next series of post on the basics of Metasploit then i hope to be moving into more advanced features that I think are cool within the framework. Please bear in mind though that I am in no way an expert on the MSF so I'll be learning as I go along, which is the whole point of my blog anyway. To learn and to share. I have covered some of the stuff i'll be blogging about in previous posts but as I don't use MSF every day i'll go over some of it again as a reminder for myself.



Part 1 - Which Metasploit looks good on me?


As I'm basing these posts on Metasploit and as I mentioned previously I wanted to focus on the new BackTrack 4 tools i'll dispense with the installation instruction. Metasploit can be found under BackTrack > Penetration > Framework Version 3.



Now you have a few options here:

  • msfcli
  • msfconsole
  • msfgui
  • msfweb


All the flavours of the framework have a purpose but as far as i'm concerned as you get familiar with the framework you'll probably find one that works best for you. When I first started with the Framework I liked to use msfgui and msfweb. Both of these were pretty similar wen used locally but msfweb does have the benefit of being able to run remotely because as indicated in the name it's a web server version. Whenever I go back to Metasploit after some time I often like to use msfgui, as this allows me to easily navigate through the list of exploits, payloads or auxiliary modules and to read the descriptions of them to find exactly what will work best for the thing i'm doing rather than just throwing anything and everything at a target. That type of behavior is very uncool and will get you noticed.

Now before I go any further I should take a few minutes to explain what the Metasploit Framework is and what it can do. The framework is a collection of programs and scripts that can be used amongst other things to identify, exploit targets. Apart from the 4 options listed above there are many other tools such as msfpayload that can be used for creating standalone executables or msfencode that can be used to bypass antivirus with those executables. These might are fantastic tools that might not be obvious if you don't have a look for them. The framework is written in Ruby and is open source so it can be extended and tweaked to suit individual needs. Other script such as those written by Dark Operator can be integrated into the framework to enhance the functionality.


I really encourage anyone interested in Metasploit to have a good look around in the /pentest/exploits/framework3/ directory. There is also documentation and samples available.


Okay, back to the versions. I'm sure there are many other uses but here's what I have used them for so far:

msfcli

If your very familiar with the syntax and know exactly what is you want to do then msfcli might be the option for you. I have used this in the past to create msfpayloads and it works very well.

An example of using msfcli might be:

./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/bind_tcp LPORT=2482 RHOST=192.168.1.110 DisableCourtesyShell=TRUE E


msfconsole

I really like the working in the console, it's pretty intuitive and i always feel cooler working from the commandline. Navigating through the console is pretty easy with the tab completion and help options. After becoming familiar with metasploit I found that I can work most effectively in the console.



msfgui

As mentioned above I like to use msfgui to familiarize myself with exploits, payloads and options. But if you find yourself living in msfgui you really need to "Man up Nancy Boy!" and get to msfconsole, you'll feel much better about yourself if you do.



msfweb

Similar thoughts as msfgui but it can also be configured to connect to remotely (as can msfd as i'll show in a later post). First launch msfweb and then point a browser at at (as described in the console message).






Okay, so this was brief overview because I wanted to get a post out and it may be a bit boring for anyone already familiar with MSF. I'll be going into more detail in upcoming posts and I hope things will get a lot more exciting as I cover the following:

  • Updating the Framework.
  • Navigating through msfconsole.
  • Using Auxiliary modules, Exploits and Payloads.
  • Launch successful attacks against a vulnerable host.
  • Adding new functionality with external scripts.
  • Integrating other tools with MSF
  • Anything else i can think of.........

Back soon.......