Update 1
Last night finished doing section 1 (Implement Layer 2 Technologies). So many times in the past i had just ignored this whole section and had moved on. I always used to think that this section is RIDICULOUSLY EASY but it is not and i have learnt a lot of new things in this section. This time i made sure that i finish the whole Section.
1)Read the whole section from the Exam Certification Guide.
2)Watched the VOD from IPEXPERT BLS
3)Did the First 4 Labs from the IPEXPERT RS VOL1-WB-LAB1
Now the next Section is Implement IPV4
Sunday, December 20, 2009
Monday, December 7, 2009
Narbik's Bootcamp
I am really disappointed with Narbik. Not as a tutor but in replying emails. I am close to my lab and wanted to attend (This is retake not a new) his bootcamp in Sydney. First the bootcamp was on but Narbik wanted me to wait and then again it was confirmed that it is on. I was about to pay for my tickets but just thought i will check with him that whether it is on or not. He said he is not sure as few students are from the same company and they have a project on so they will confirm with him. So i asked him to please confirm it in next day or so (Mind you i asked him to confirm it on Dec 1 for which he said he will confirm it in a day or two. Today its 8th December, 8.00 AM (NZ time) and still havent received any confirmations. So all in all i have decided i wont go as to get tickets at the last minute for the 13 th Dec Bootcamp will be very expensive. I dont want to send him another email as i feel bad because i have been sending him quite a lot emails (all of them were about bootcamps anyway) and i also feel bad because i am taking a retake and not paying for the bootcamp again. I am sure a lot of you have been to Narbik's bootcamps and have done retakes and all of you have had great experience, but i think i am not happy the way the whole thing has been dealt with. I have no doubts about Narbik's teaching capabilities and his style of teaching, i just loved it and i got to learn a lot of new things.
I am sure a lot of you will disagree with me as my case might be one off but if you had any experience like that then feel free to contact me and we will talk to Narbik. I am sure he will love all the feedback.
I am sure a lot of you will disagree with me as my case might be one off but if you had any experience like that then feel free to contact me and we will talk to Narbik. I am sure he will love all the feedback.
Sunday, November 22, 2009
My EIGRP Troubleshooting Flashcard
Key things about EIGRP Neighbour Process
The following should match:
EIGRP DUAL Routing Algorithm Concepts
EIGRP DUAL Routing Algorithm – Active Process
May Attempt to get a reply from a neighbour for a total of 6 minutes.
If still no Reply by the end of this process, consider the route stuck through this neighbour.
Likely causes of Stuck-in Active (SIA)
The following should match:
- Hello Types
- K-value
- AS Number
- IP Subnet
- Hello Interval
- 60 Seconds for low speed NBMA
- 5 Seconds for all other interfaces
- 224.0.0.10 ( 0100.5e00.000a)
EIGRP DUAL Routing Algorithm Concepts
- Feasible Distance ( FD) is the minimum distance (Metric) along a path to a destination Network.
- Reported Distance (RD) is the distance towards a destination as advertised by an upstream neighbour.
- A neighbour meets the feasibility condition (FC) if the reported distance by a the neighbour is smaller than the feasible distance (FD ) of this router.
- Command Used to find out FD
- Show ip eigrp topology all-links
EIGRP DUAL Routing Algorithm – Active Process
- Normal (stable) state of a route is passive
- Going active is the normal process for resolving network topology changes
Route becomes active if it is lost (or metric increases) and there aren’t any feasible successors
Going active means sending Queries to neighbours looking for an alternative path.- SIA-Queries are sent to a neighbour up to three times
May Attempt to get a reply from a neighbour for a total of 6 minutes.
If still no Reply by the end of this process, consider the route stuck through this neighbour.
- On the router that doesn’t get a reply after 3 SIA-queries:
Reinitialize neighbour who dint answer.
Goes active on all routes kown through bounced neighbour.
Re-advertises to bounced neighbour all routes that we were advertising.
Goes active on all routes kown through bounced neighbour.
Re-advertises to bounced neighbour all routes that we were advertising.
Likely causes of Stuck-in Active (SIA)
- Bad or congested links.
- Query Range is too long
- Excessive redundancy
- Overloaded router (high CPU)
- Router memory shortage
- Software defects
- Minimising SIA Routes
- Decrease query scope (involve fewer routers in the query process)
- Summarisation (manual or auto)
- Distribute-lists
- Define remote routers as stubs
- Run a Cisco IOS which includes the fix for CSCdp33034
Monday, September 7, 2009
Cisco Security Advisory
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20090826-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
Revision 1.0
For Public Release 2009 August 26 1600 UTC (GMT)
Summary
Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities.
Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml.
Affected Products
Vulnerable Products
The following products are affected by vulnerabilities described in this advisory:
* Cisco Unified Communications Manager 4.x
* Cisco Unified Communications Manager 5.x
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
Products Confirmed Not Vulnerable
Cisco Unified Communications Manager Express is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.
Malformed SIP Message Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP packets. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities.
The first SIP DoS vulnerability is documented in Cisco Bug ID CSCsi46466 and has been assigned the CVE identifier CVE-2009-2050. The first vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(1) and later.
Cisco Unified Communications Manager 4.x versions are only affected by the first SIP DoS vulnerability if a SIP trunk is explicitly configured. To determine if a SIP truck is configured on a Cisco Unified Communications Manager version 4.x system, navigate to Device > Trunk and choose the option SIP Trunk in the Cisco Unified Communications Manager administration interface. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points.
The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. The second vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), and 7.1(2).
Network Connection Tracking Vulnerability
Cisco Unified Communications Manager contains a DoS vulnerability that involves the tracking of network connections by the embedded operating system firewall. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP.
This vulnerability is documented in Cisco Bug ID CSCsq22534 and has been assigned the CVE identifier CVE-2009-2052. The vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2), and 7.1(2).
Related SIP and SCCP DoS Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities involving the processing of SIP and SCCP packets. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected.
The SCCP vulnerability is documented in Cisco Bug ID CSCsx32236 and has been assigned the CVE identifier CVE-2009-2053. The SCCP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2).
The SIP vulnerability is documented in Cisco Bug ID CSCsx23689 and has been assigned the CVE identifier CVE-2009-2054. The SIP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2a)su1.
Top of the section Close Section
Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.
Workarounds
There are no workarounds for the vulnerabilities in this advisory. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
Advisory ID: cisco-sa-20090826-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
Revision 1.0
For Public Release 2009 August 26 1600 UTC (GMT)
Summary
Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities.
Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml.
Affected Products
Vulnerable Products
The following products are affected by vulnerabilities described in this advisory:
* Cisco Unified Communications Manager 4.x
* Cisco Unified Communications Manager 5.x
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
Products Confirmed Not Vulnerable
Cisco Unified Communications Manager Express is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.
Malformed SIP Message Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP packets. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities.
The first SIP DoS vulnerability is documented in Cisco Bug ID CSCsi46466 and has been assigned the CVE identifier CVE-2009-2050. The first vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(1) and later.
Cisco Unified Communications Manager 4.x versions are only affected by the first SIP DoS vulnerability if a SIP trunk is explicitly configured. To determine if a SIP truck is configured on a Cisco Unified Communications Manager version 4.x system, navigate to Device > Trunk and choose the option SIP Trunk in the Cisco Unified Communications Manager administration interface. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points.
The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. The second vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), and 7.1(2).
Network Connection Tracking Vulnerability
Cisco Unified Communications Manager contains a DoS vulnerability that involves the tracking of network connections by the embedded operating system firewall. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP.
This vulnerability is documented in Cisco Bug ID CSCsq22534 and has been assigned the CVE identifier CVE-2009-2052. The vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2), and 7.1(2).
Related SIP and SCCP DoS Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities involving the processing of SIP and SCCP packets. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected.
The SCCP vulnerability is documented in Cisco Bug ID CSCsx32236 and has been assigned the CVE identifier CVE-2009-2053. The SCCP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2).
The SIP vulnerability is documented in Cisco Bug ID CSCsx23689 and has been assigned the CVE identifier CVE-2009-2054. The SIP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2a)su1.
Top of the section Close Section
Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.
Workarounds
There are no workarounds for the vulnerabilities in this advisory. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
Wednesday, July 29, 2009
Final Day of F5 Training
I know this post is not related to cisco but i was sitting here in the course and had a break so thought that i havent been able to blog for a while as been really busy at work. Last 3 days i have been on the F5 LTM Course. We have few F5's at work so work finally decided to pay for our F5 training.
The course was divided in 2 parts.
1) BIG-IP LTM V9.4 Essentials
2) BIG-IP LTM V9.4 Advanced.
The first two days were basic stuff where we learnt how the F5 works and how does it do Load Balancing. Then we did some labs on the different methods of Load Balancing. The second day we did irules, NAT'S, SNAT's. I think the F5 is quite a smart box and can do a lot of things
The next two days were the advanced ones where we worked on what we learnt from the Essentials course. We did some advanced Irules and advanced SNAT's and NAT's. Then we did how to create Virtual Servers and assigning some Pools to that and getting the Load Balancing work on the way Pools work. Today being the last day we are working on the Administration and some Advanced Profiles and then we have a final lab project where all of what we have learnt will be put to test.
Its been a great week of learning. i know you guys must be getting bored. So i am signing off for the day and i promise to keep my blog updated as much i can.
The course was divided in 2 parts.
1) BIG-IP LTM V9.4 Essentials
2) BIG-IP LTM V9.4 Advanced.
The first two days were basic stuff where we learnt how the F5 works and how does it do Load Balancing. Then we did some labs on the different methods of Load Balancing. The second day we did irules, NAT'S, SNAT's. I think the F5 is quite a smart box and can do a lot of things
The next two days were the advanced ones where we worked on what we learnt from the Essentials course. We did some advanced Irules and advanced SNAT's and NAT's. Then we did how to create Virtual Servers and assigning some Pools to that and getting the Load Balancing work on the way Pools work. Today being the last day we are working on the Administration and some Advanced Profiles and then we have a final lab project where all of what we have learnt will be put to test.
Its been a great week of learning. i know you guys must be getting bored. So i am signing off for the day and i promise to keep my blog updated as much i can.
Sunday, July 19, 2009
Well Done Omkar
On Saturday go an email from Omkar Tambalkar ( We did Narbik's Bootcamp together) and he has passed his CCIE R & S. Here is what OMKAR had to say.
I took the test at San Jose this week and it was an surreal experience, I passed and got #####. The whole experience has been great. I was planning to take the test in Feb 09 but work comittments and deadlines caused me to drop the ball and I rescheduled it for July 09.
Narbik, your bootcamp was awesome, it really helped me solidify the concepts and pass the lab!!
Cheers,
Omkar
Thursday, July 2, 2009
Got an update from IPEXPERT
Got an update from Drew at IPEXPERT and here is what they say
Hello Vivek,
We went ahead and re added the updated R&S files. We are aware of an issue with the by section files that our developers are working as fast as possible to fix. In the mean time we ask that customers download the full volume 1 PDF until the by section files are working.
So hopefully the issue will be fixed soon. Thanks Drew. Will keep everyone posted when i have full access to the new files.
Subscribe to:
Posts (Atom)
