. - , .

,
.
2
.
TCP/IP , .
I.
1. VLAN
VLANs (Virtual Local Area Network) ,
,
. ,
VLAN .
.
VLAN , . ,
, ,
DTP (Dynamic Trunking Protocol). ,
trunk . Trunk
(),
VLAN-. 802.1Q .
,
DTP ( 5 , - ).
DTP

On

trunk.

Off

(access port)
trunk.

Auto

.
trunk, trunk.

Desirable

auto, ,
, trunk.

 DTP

Nonegotiate DTP
trunk. .

trunk VLAN-. 802.1Q ,
DTP, Ethernet
VLAN
( - QoS ,
).
trunk. trunk , 802.1Q
, CRC
. [1]
VLAN VLAN
DTP. DTP ,
,
. DTP , , ,
trunk.
, trunk,
trunk .
1:

1 VLAN
. ,
trunks, access .
DTP , ,
. Cisco Catalyst
:
access:
Switch(config-if)#switchport mode access

 trunk:
Switch(config-if)#switchport mode nonegotiate
Switch(config-if)#switchport trunk allowed vlans [vlan range]
DTP trunk

. VLAN-
trunk . [2]
Spanning-tree
Spanning Tree Protocol (STP) ,
[3].
-
. STP
. BPDU
(Bridge Protocol Data Unit) . BPDU
, bridge ID (
+ MAC ). - bridge ID
(root bridge).
, ,
, (
- , MAC
). .
, BPDU
, ,
(3-50
). [1]
STP
. BPDU
, ,
, - bridge ID,
, STP .
,
, .
BPDU Guard
Cisco Catalyst . BPDU Guard
PortFast ( ,
, ).
BPDU , .
:
Switch(config)#spanning-tree portfast bpduguard

2. MAC (Media Access Control)

,
(
).
. ,
,
, .
.. MAC ,
MAC .
-
MAC , ,
.
.
, ,
. MAC Cache,
CAM (content addressable memory) .
128 . , . [1]
[2] [3]
,
, .
Linux Macof.
, .
: port security
( ).
, , MAC ,
. ,
, .
:
1) Switch(config)#mac address-table static 09-00-0D-31-00-5F vlan 4
interface fastethernet 0/0
VLAN.
, MAC 09-00-0D-31-00-5F,
VLAN 4, fastethernet0/0.
2) Switch(config)#switchport port-security violation shutdown
, .
.
3. ARP
ARP ,
. ARP
(IP) (MAC). ARP (requests)
, IP , MAC
host. ARP (replay),
MAC .

 ARP (IP MAC

). ARP (reply),
MAC , host .
ARP ,
.
2 ARP :

2 ARP

, .
( MAC ).
ARP
IP MAC .

4. VTP
VLAN Trunking Protocol (VTP) ,
.
VLAN- .
, ,
(VTP domain).
VTP Transparent
(), Server () Client (). , VLAN
,
,
. - VLAN
, .. configuration revision number.
. [1]
,
,

. VLAN 1
, VLAN- .
VLAN,

trunk .
:
1) VTP ( ) -
VLAN
:
Switch#vlan database
Switch(vlan)#vtp transparent
Switch(vlan)#vlan 2 name TU-Sofia
2) , VTP
vtp , ,
:
Switch(vlan)#vtp password tu-s0fia

5. ,

CDP (Cisco Discovery Protocol). CDP

Cisco Systems
( ).
, ,

. CDP
.
Cisco
, .. . -
Cisco IOS ( , ) ,
,
, CDP . [1] [2]
:
1) - CDP ,
:
Router(config)#no cdp run
2) , CDP
:
Router(config-if)#no cdp enable

II.
,
.
.
1. ,


. - : (Telnet,
SSH); ; SNMP (Simple Network
Management Protocol); , HTTP (
HTTPS secure HTTP).
HTTP . ,
80 , .
, - Cisco ,
.
, ,
,
.
:
http://ip address/level/99/exec/show/config

3.

 3
. MD5
( enable password, service password-encryption) .
MD5 , , Cisco (
- IOS) MD5 ,
. ,
, Boson GetPass! 4
:

4 Boson GetPass
, HTTP:
Router(config)#no ip http server
, :
Router(config)#access-list 1 permit host 10.0.0.5
Router(config)#ip http server 1

Telnet , .
, . [1] [4]
2. ,
- (RIP v1)
,
. ,

. ,
(route poisoning) RIP v1
5:

 5 route poisoning

. RIP v2 :
- (key-chain)
:
Router(config)#key chain MYCHAIN
Router(config-keychain)#key 1
Router(config-keychain-key)#key-string cisco
-
, RIP MD5 :
Router(config)#interface fastethernet 0/0
Router(config-if)#ip rip authentication key-chain MYCHAIN
Router(config-if)#ip rip authentication mode MD5
Router(config)#interface serial 0/0
Router(config-if)#ip rip authentication key-chain MYCHAIN
Router(config-if)#ip rip authentication mode MD5
- IP
spoofing.

III. DoS
DoS (Denial of Service) ,
.
,
,
(drop).
.
,
. - DoS
TCP . ICMP UDP .
, ,
.
DoS [3] [5]:
-

TCP SYN ;

Land.c ;

Smurf .

1. TCP SYN
TCP
(TCP three-way handshake). TCP
, 6:

6 Three-way handshake
.
SYN ()
TCP ,
. SYN ISN (initial sequence numbers)
SYN=1, ACK=0.
, ISN ,
ISN (SYN=1, ACK=1).
, , (ACK
) . .

 7 TCP SYN
TCP SYN (. 7)
(spoofed) SYN
( IP IP spoofing) ,
. ,
SYN-ACK ,
( ACK ) . ..
. SYN ,
,
, .
. SYN -
,
, ,
.
, , , IP
,
.
( )
, .
, ,
.
SYN ,
. :
-

SYN ,
;

SYN
, ..
;

, ,
.
. [3] [15]

 SYN
[6]:
-

,
, .
,
.

SYN cookies. SYN ,

SYN/ACK (Sequence
Number). .
three
way hand shake .

2. Land.c
DoS .
SYN
.
. -
.
. [5]
3. Smurf
,
. ICMP (Internet
Control Message Protocol) echo-request broadcast ,
.
ICMP (
) 3 . ping
(Windows ICMP ping, Unix, Linux, Cisco IOS, UDP
).
Smurf , ICMP echo-request broadcast
,
. 8 :

 8 Smurf
ICMP echo-reply
. ,
,
(spoofing). , .
Smurf Fraggle , UDP (userdatagram protocol) ICMP. Fraggle CHARGEN ECHO
, UDP 19 7.
ICMP ping . CHARGEN ECHO,
, ,
. ,
, .
[3] [5]
4.
DDoS (Distributed Denial-of-Service) -
. ,
,
. ,

, . ,
, , ,
, .
, .
. ,
( -

) .
(
), .
9 :

9 DDoS
5. (Session Hijacking)
(Session Hijacking),
[5]. -
TCP ,
.

, . ip
spoofing-a, , ,
.

.
,
,
( ).
,
.
:
-

, .

. ,

 (.10).

(ISN Initial Sequence Number),
.
DoS , ,
(. 11).

10

11

:
-

- .
.
.
.
Cisco Switch Port

Analyzer (SPAN) .
VLAN- SPAN .
SPAN
. Linux MACOF
,
, HUB (
Cisco ).

, .

(seq ack) . :
-

, ;

seq ack .

DoS ;

- seq ack .
32 TCP ( 1 4 294
967 295; 0 ). ,
TCP .
RFC 793 seq 4
.
. BSD Linux
128,000 (
9:32 ). , seq ,
TCP ,
. TCP 12:

12 TCP
,
.

Cisco Adaptive Security Appliance (Cisco ASA), -

Cisco Systems ,
. seq ack (
,
ASA ) , ,
,
LAN .
. [3] [5].
IV.
DoS : Datapool, Hgod,
Jolt2 [7].

Datapool Linux 100 DoS .

13 ,
:

13 Datapool
,
(). ,
192.168.10.10,
- 192.168.10.9 :

#./datapool.sh -d 192.168.10.10 -p 1-1024 -v results.log -l T1 -I 192.168.10.9 -c -t

100
- v , ;
- l ( 1);
- c , ;
- t .
.

Jolt 2 Linux Windows.

spoofing. 14
, :

14 Jolt2
- P : , (ICMP, UDP)
- p :
- n : ,
- d :

Hgod , Windows XP.

.
,
(TCP/UDP/ICMP/IGMP) ( TCP/UDP).
DoS , TCP SYN . 15
:

 15 Hgod
,
192.168.10.10 80 (
HTTP), 192.168.10.9, :
Hgod 192.168.10.10 80 s 192.168.10.9

:
[1]

Cisco Network Associate Curriculum (CCNA), 2006

[2]

Cisco Security Appliance Command Reference

[3]

Cisco Network Security Curriculum, 2006

[4]

Frahim J., Cisco ASA All-in-One Firewall IPS and VPN Adaptive Security
Appliance, Cisco Press, 2005

[5]

Network Security Video Training, CBT Nuggets, 2006

[6]

, ,
, , , 2005 .

[7]

: google.com, en.wikipedia.org