Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 76 views

    Lab - Mitigating Data Plane Attacks by Using ACL

    Uploaded by

    Anderson Bataglini
    This document describes a lab to test network access control lists (ACLs). The lab network includes a router, switch, and three PCs. Tasks include configuring IP addresses, enabling DHCP and SPAN monitoring. Tests involve capturing Telnet, DHCP, and remote desktop traffic. Two ACLs are configured - one to allow remote desktop while blocking other traffic, and another to selectively allow ping, HTTP, DHCP while blocking other traffic sourced from PC1's network. Questions are provided to test the ACL configurations.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd

    Lab - Mitigating Data Plane Attacks by Using ACL

    Uploaded by

    Anderson Bataglini
    76 views10 pages
    This document describes a lab to test network access control lists (ACLs). The lab network includes a router, switch, and three PCs. Tasks include configuring IP addresses, enabling DHCP and SPAN monitoring. Tests involve capturing Telnet, DHCP, and remote desktop traffic. Two ACLs are configured - one to allow remote desktop while blocking other traffic, and another to selectively allow ping, HTTP, DHCP while blocking other traffic sourced from PC1's network. Questions are provided to test the ACL configurations.

    Original Title

    Lab – Mitigating data plane attacks by using ACL

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document describes a lab to test network access control lists (ACLs). The lab network includes a router, switch, and three PCs. Tasks include configuring IP addresses, enabling DHCP and SPAN monitoring. Tests involve capturing Telnet, DHCP, and remote desktop traffic. Two ACLs are configured - one to allow remote desktop while blocking other traffic, and another to selectively allow ping, HTTP, DHCP while blocking other traffic sourced from PC1's network. Questions are provided to test the ACL configurations.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    76 views10 pages

    Lab - Mitigating Data Plane Attacks by Using ACL

    Uploaded by

    Anderson Bataglini
    This document describes a lab to test network access control lists (ACLs). The lab network includes a router, switch, and three PCs. Tasks include configuring IP addresses, enabling DHCP and SPAN monitoring. Tests involve capturing Telnet, DHCP, and remote desktop traffic. Two ACLs are configured - one to allow remote desktop while blocking other traffic, and another to selectively allow ping, HTTP, DHCP while blocking other traffic sourced from PC1's network. Questions are provided to test the ACL configurations.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 10

    Figure 1

    10.1.1.0/24

    SW1
    Fa0/0 10.2.2.0/28
    Fa0/1
    Fa0/5 Fa0/10 .1 .1

    PC1
    DHCP Client Fa0/2 Router PC3
    DHCP server .2
    Pool1: 10.1.1.0/24

    PC2 (Analyzer)
    .100

    Lab – Mitigating data plane attacks by using ACL


    Note:
    Your chosen devices interface type/number may be different than the ones shown in the map, please update the
    map accordingly.
    Lab Work Tasks:
    1. Interlink all the components.
    2. Configure IP interfaces on Router, enable DHCP
    service. Set PC1 as DHCP clients, PC2 (Analyzer),
    PC3 with static IP address/subnet mask/default
    gateway as shown in figure 1.
    IOS Router DHCP server settings:
    ip dhcp pool pool1
    network 10.1.1.0 255.255.255.0
    default-router 10.1.1.1

    3. On switch, issue Show vlan brief to verify if the fa0/5


    and fa0/10 are in the same VLAN. If not, assign the
    two ports into the same VLAN (for example, VLAN1).
    Lab Work Tasks:
    4. Enable SPAN on SW1 so that Analyzer (PC2) can monitor Router’s fa0/0
    ongoing packets.
    On Switch Configuration Mode, issue the following commands to set SPAN:

    monitor session 1 source int fa0/10  the switch port that you want to monitor
    monitor session 1 destination int fa0/2  network analyzer’s port

    5. Enable Telnet service on Router. (Set Username/password as admin1/


    admin1 Cisco)
    Cisco
    Router (conf)# username admin1 password Cisco
    Router (conf)# line vty 0 4
    Router (conf-line)#login local
    Review Question: how to encrypt the above password?
    ___________________________________________________________ .

    6. Capture PC1’s Telnet messages to Router from Analyzer. Set a Display filter so
    as to figure out the telnet Username/password from the captured messages.
    Successful? ___________ .

    7. Can you find out the TCP 3-way handshake messages triggered by Telnet?
    ____________. If yes, fill up the Table 1.
    3Way Handshake Messages
    Table 1.
    1st 2nd 3rd
    Source IP address
    Destination IP address
    TCP source port
    TCP destination port
    TCP Sequence
    number
    TCP Acknowledgment
    number

    Ack bit (0 or 1)
    Syn bit (0 or 1)
    Analyzing Network Traffic
    8. Turn Analyzer Capture session on. Now analyze DHCP messages. Issue
    release/renew commands on PC1 (DOS Window) to renew IP settings.
    Analyze DHCP PDUs, and answer the following:
    How many different types of DHCP PDUs have you observed? ______________.
    List here: _______________________________________________________ .
    Is DHCP UDP or TCP based? _______ .
    DHCP Server end Port Number is _____ .
    DHCP Client end Port Number is ______.

    9. Capture and analyze PC1’s Remote Connection to PC3 (Remote Desktop-


    RDP) traffic. Consult with the next page to configure RDP. How would you
    describe the traffic pattern in Transport Layer? (TCP or UDP, ports fixed,
    etc.) ________________________________________________________ .

    10. Set a Access Control List on router so that Remote Connection to PC3 is allowed,
    the rest traffic flows are blocked.
    Testing
    10. Set an Access Control List on router so that Remote Connection to
    PC3 is allowed, the rest traffic flows are blocked.
    Q1: Your ACL configuration

    Q2: Apply to which interface/direction?

    Q3: How does this ACL affect DHCP service?

    Q4: What happens if PC1 tries to PING PC3?


    The 2 ACL Testing
    nd

    11. Enable the Router’s HTTP service.


    How? _______________________________.
    Remove the filter of previous step from router interface.
    How? ________________________________ .

    Now set a new Access Control List on router so that


    •PC1 can ping PC3,
    •PC1 can HTTP browse Router
    •PC1 can retrieve DHCP offer from Router (DHCP Server)
    •the rest traffic flows ( sourced from PC1’s network) are blocked

    Implement, test and answer questions of the next page.


    Questions
    Q1: Your ACL configuration

    Q2: Apply to which interface/direction?

    Q3: How does this ACL affect PC1 to PC3 Remote Desktop
    Connection (RDP) service?

    Q4: What happens if PC1 tries to Telnet to Router?


    Reflective Question
    • Basic ACL creation rules:

    Note:
    Lab report submission is required.
    Please remove passwords, shutdown systems, and unplug and warp all cables. Thanks!

    You might also like