Seguridad por Niveles

Hace un tiempo me encontré con este excelente libro electrónico sobre Seguridad Informática bajo licencia Creative Commons y de distribución gratuita de la empresa española DarFe. Un extenso repaso del modelo de 7 capas OSI, con ejemplos de analisis muy detallados de cada protcolo con tcpdump, wireshark y otras herramientas muy interesantes hasta adentrarse en el rubro de la seguridad en las comunicaciones.

Vale la pena darle un vistaso…

Descargar Seguridad por Niveles

:wq!

 

Pfsense

Ya van a ser 3 años los que vengo utilizando esta hermosa, sencilla y potente distribución de routing basada en FreeBSD, y pensé finalmente en escribir algo ya que ha alcanzado una madurez envidiable como proyecto, habiendo superado por lejos la mayoria de las alternativas libres que existen hoy por hoy.

Tan solo 50MB pesa la ISO de esta maravilla que incluye, entre otras cosas que seguramente me olvide, las siguientes características:

  • Statefull Firewall (con toda la potencia de PF)
  • VPN (PPTP, OpenVPN, IPSec, L2TP)
  • Portal Captivo
  • Balanceo de Carga
  • Fail Over
  • Servidor DNS
  • Protocolos de enrutamiento como BGP, RIP, OSPF
  • Servidor DHCP
  • Servidor Proxy Squid
  • Servidor Radius
  • Wake On Lan
  • VLAN
  • Posibilidad de instalar plugins como Nmap, Ntop, Snort, etc, etc, etc
  • Una GUI WEB impresionante a la hora de administrar una red
  • QoS
  • Gráficas con RRD de tráfico, latencia, etc
  • Gráficos en tiempo real del BW de las interfaces
  • NAT/PAT (1:1, manual, etc)
  • etc…

Los backups son muy sencillos de realizar y además siempre esta la posibilidad de la configuración a traves de la consola.

Logs Squid

Gráficos RRD

Para el que necesite una solución seria y confiable para entornos de Pyme, ISP y hogareños le recomiendo esta excelente herramienta 100% OpenSource 🙂

http://www.pfsense.org/

http://doc.pfsense.org/index.php/Main_Page

Saludos!

Rethinking Information Diversity in Networks

Un artículo publicado por Eytan Bakshy en Data Facebook donde hablan con data socavada de la red social sobre las fuentes de la brand new information y la relación que esta información tiene con contactos lejanos y cercanos tomando como partida el trabajo de Granovetter sobre la fortaleza de los vínculos débiles (Strenght of weak ties).

How do your friends shape the information you see and read online? Social networking technologies like Facebook let us connect to hundreds, even thousands of people — and have fundamentally changed how people get their information.

 

While much of our time is spent communicating with close friends about events in our personal lives [1], we also use online networks to share breaking news, discuss political issues and learn about new trends.  In 2010, my colleagues Itamar Rosenn, Cameron Marlow, Lada Adamic and I conducted a study on Facebook to understand the nature of information spread in social networks.

 

Some claim that social networks act like echo chambers in which people only consume and share information from likeminded close friends, stifling the spread of diverse information. Our study paints a different picture of the world.

 

Instead, we found that even though people are more likely to consume and share information that comes from close contacts that they interact with frequently (like discussing a photo from last night’s party), the vast majority of information comes from contacts that they interact with infrequently.  These distant contacts are also more likely to share novel information, demonstrating that social networks can act as a powerful medium for sharing new ideas, highlighting new products and discussing current events.

 

The research suggests that Facebook isn’t the echo chamber that some might expect – online social networks may actually increase the spread of novel information and diverse viewpoints.

Social Networks as Information Pathways

Economic sociologist Mark Granovetter was one of the first to popularize the use of social networks in understanding the spread of information.  In his seminal 1973 paper, The Strength of Weak Ties [2], Granovetter found that surprisingly, people are more likely to acquire jobs that they learned about through individuals they interact with infrequently rather than their close personal contacts. 

To explain this phenomenon Granovetter used social graphs to illustrate how networks relate to information access (Figure 1). When a person interacts with two individuals frequently, those individuals are also likely to interact with one another.  It follows that people tend to form dense clusters of strong ties who are all connected.

 

Figure 1: We are connected to core groups of strong ties that we interact with frequently and weak ties that we interact with infrequently. Granovetter’s hypothesis about the “strength of weak ties” states that weak ties facilitate information flow from disparate clusters of people.

 

 

What do these structures have to do with information access? Since people in these clusters all know each other, any information that is available to one individual spreads quickly to others within the cluster. These tight-knit social circles tend to be small relative to people’s entire social network, and when it comes to information about future job opportunities, it can be hard to find new leads.

 

Granovetter used the relationship between interaction frequency and social structure to explain why information about jobs is instead found through weak ties that we interact with infrequently.  Weak ties help spread novel information by bridging the gap between clusters of strong tie contacts.  The strength of weak ties informs much of the popular understanding of information spread in social networks.

 

Birds of a Feather Surf Together

But what about information that is more widely available, like news on the Internet? To understand the flow of more general types of information in society, it’s important not only to take into account how people are connected, but also the commonalities that promote the spread of information.  One of the most robust findings in social networks is that of homophily [3], the tendency of individuals with similar characteristics to associate with one another.  Individuals are connected to each other through workplaces, professions, schools, clubs, hobbies, political beliefs and other affiliations.  The homophily principle holds true for any kind of social network you can think of: close friends, professional contacts, classmates and even the people you ride the bus with. 

 

Today, these commonalities not only shape how often people interact and what they talk about, but also what kinds of information they as individuals seek on the Web.  Homophily suggests that people who interact frequently are similar and may consume more of the same information.  Individuals that interact less often tend to be dissimilar and may consume more diverse information.  This view of the world is illustrated in Figure 2 below.

 

Figure 2: Information spread in online social networks. Our study suggests that strong ties are similar and more likely to be tuned into the same web sites. Weak ties, being more dissimilar, tend to visit different websites.

Interest and Novelty

To understand how online social networks affect the spread of information, we used random variation in the News Feed to determine how likely a person is to share Web content if she did or did not see the content shared by her friends.  We found that people are more likely to share the information they were exposed to by their strong ties than by their weak ties on Facebook (Figure 3).   

 

Figure 3: People are more likely to share information (links to Web pages) that they were exposed to by strong ties in their News Feed [4]. Tie strength between two individuals is measured by the number of comments a person received from their friend on Facebook. Other measurements of tie strength, like the number of messages, co-appearances in photos, and discussion on posts are discussed in our paper [5].

There are many possible explanations for the increased flow of information across strong ties. One reason is that close contacts are more likely to be similar to one another, and therefore find content shared by their close friends more interesting.  An alternative explanation is that strong ties are more “influential”, so that people are more likely to be persuaded to share information from their close contacts. 

 

We also investigate how Facebook amplifies information distribution. That is, if a friend shares something on Facebook, how many times more likely are you to share that information as a result of seeing it in the News Feed? The figure below shows how this multiplicative effect depends on the strength of your tie with that friend.

 

Figure 4: Weak ties spread novel information that people are unlikely to otherwise see. The figure above shows how many times more likely people are to share a page because of exposure via the News Feed from strong and weak ties.

 

 We found that information shared by a person’s weak ties is unlikely to be shared at a later point in time independently of those friends. Therefore, seeing content from a weak tie leads to a nearly tenfold increase in the likelihood that a person will share a link. In contrast, seeing information shared by a strong tie in News Feed makes people just six times as likely to share. In short, weak ties have the greatest potential to expose their friends to information that they would not have otherwise discovered.

 

The Collective Influence of Weak Ties

Ultimately, we are interested in how these network effects shape information spread as a whole.  Even though a person is more likely to share a single piece of information from one of their close contacts, it turns out that weak ties are collectively responsible for the majority of information spread. 

Let’s consider a hypothetical example (illustrated in Figure 5). Let’s say a person has 100 contacts that are weak tie friends, and 10 that are strong tie friends.  Suppose the chance that you’ll share something is very high for strong tie friends, say 50%, but the weak tie friends tend to share less interesting stuff, so the likelihood of sharing is only 15%. Therefore the amount of information spread due to weak and strong ties would be 100*0.15 = 15, and 10*0.50 = 5 respectively, so in total, people would end up sharing more from their weak tie friends.

Figure 5: People are more likely to share information from their strong ties, but because of their abundance, weak ties are primarily responsible for the majority of information spread on Facebook. The figure above illustrates how a majority of influence (orange) can be generated by weak ties, even if strong ties are individually more influential.

 

It turns out that the mathematics of information spread on Facebook is quite similar to our hypothetical example: the majority of people’s contacts are weak tie friends, and if we carry out this same computation using the empirical distribution of tie strengths and their corresponding probabilities, we find that weak ties generate the majority of information spread.

 

Conclusion

The information we consume and share on Facebook is actually much more diverse in nature than conventional wisdom might suggest.  We are exposed to and spread more information from our distant contacts than our close friends.  Since these distant contacts tend to be different from us, the bulk of information we consume and share comes from people with different perspectives. This may provide some comfort to those who worry that social networks are simply an echo chamber where people are only exposed to those who share the same opinions.  Our work is among the first to rigorously quantify influence at a mass scale, and shows that online social networks can serve as an important medium for sharing new perspectives, products and world events. 

 

Footnotes

[1] Common experience would suggest that we spend most of our time communicating with only a few individuals on Facebook.  To a large extent, this is true, and documented in Backstrom, et al. Center of Attention: How Facebook Users allocate Attention. ICWSM, 2011.

[2] M. Granovetter. The Strength of Weak Ties. American Journal of Sociology, 1973.

[3] An extensive and accessible introduction to homophily can be found in McPherson et al.  Birds of a Feather Flock Together. Annual Review of Sociology, 2001.

[4] It is important to note that very often, information does not “cascade” very far along the network.  This phenomenon has been observed in earlier research on Twitter in Everyone’s an Influencer: Quantifying Influence on Twitter and has been studied across other networks more extensively in upcoming work by Sharad Goel and Duncan Watts at Yahoo! Research, NY.

[5] The Role of Social Networks in Information Diffusion. E. Bakshy, I. Rosenn, C.A. Marlow, L.A. Adamic, ACM WWW 2012

ad-hoc EIGRP (CCNP Route)

Como mencione en algùn lugar del post anterior, habìa omitido jugar un poco con las rutas y la distribución de las mismas. Resulta que EIGRP, al igual que la mayoria de los protocolos de enrutamiento, tiene la opción de filtrar el envío de rutas específicas a routers y la de filtrar rutas que vienen desde otros.

Como realizamos esto? con el comando distribute-list de EIGRP y listas de acceso.

Supongamos que tenemos la misma topología del post anterior y queremos que: La ruta 172.17.5.0/24 no sea publicada desde #R1 en #R2 y que la ruta 199.0.0.0/24 en el AS100 (#R2) no llegue a #R6. Entonces..

Primero configuramos la Lo8 con la ruta 199.0.0.0/24 y luego la ingresamos en el AS100 de #R2

R2(config)#interface lo8
R2(config-if)#ip add
R2(config-if)#ip address 199.0.0.1 255.255.255.0
R2(config-if)#exi
R2(config)#access-list 51 den
R2(config)#access-list 51 deny 199.0.0.0 0.0.0.255
R2(config)#access-list 51 permit any
R2(config)#router eigrp 100
R2(config-router)#network 199.0.0.0 0.0.0.255

Corroboramos que la ruta este en #R6

C 200.0.3.0/24 is directly connected, Loopback2
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/0
C 10.0.0.4 is directly connected, Serial0/1
D EX 199.0.0.0/24 [170/3200000] via 10.0.0.1, 00:00:05, Serial0/0
[170/2297856] via 10.0.0.5, 00:00:05, Serial0/1
192.168.0.0/30 is subnetted, 1 subnets
D EX 192.168.0.0 [170/3097600] via 10.0.0.1, 00:02:31, Serial0/0
[170/2195456] via 10.0.0.5, 00:02:31, Serial0/1
D 200.0.0.0/21 is a summary, 00:02:32, Null0
R6#

Ahora creamos la lista de acceso correspondiente y la aplicamos en el AS200 de #R2 con el comando distribute-list

R2(config)#access-list 51 deny 199.0.0.0 0.0.0.255
R2(config)#access-list 51 permit any
------------------------------------------------
R2(config)#router eigrp 200
R2(config-router)#distribute-list 51 out

Observamos luego de esto que las adyacencias con los peers se reinician

00:05:56: %SYS-5-CONFIG_I: Configured from console by admin on console
00:06:00: %SEC-6-IPACCESSLOGS: list 50 denied 172.17.5.0 1 packet
00:06:03: %DUAL-5-NBRCHANGE: IP-EIGRP 200: Neighbor 10.0.0.6 (Serial0/1) is down: route configuration changed
00:06:03: %DUAL-5-NBRCHANGE: IP-EIGRP 200: Neighbor 10.0.0.2 (Serial0/0) is down: route configuration changed
00:06:03: %DUAL-5-NBRCHANGE: IP-EIGRP 200: Neighbor 10.0.0.6 (Serial0/1) is up: new adjacency
00:06:07: %DUAL-5-NBRCHANGE: IP-EIGRP 200: Neighbor 10.0.0.2 (Serial0/0) is up:

Y ahora corroboramos que #R6 no vea mas la ruta hacia 199.0.0.0/24 🙂

R6#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 200.0.4.0/24 is directly connected, Loopback3
C 200.0.5.0/24 is directly connected, Loopback4
C 200.0.6.0/24 is directly connected, Loopback5
C 200.0.1.0/24 is directly connected, Loopback0
C 200.0.2.0/24 is directly connected, Loopback1
172.17.0.0/20 is subnetted, 1 subnets
D 172.17.0.0 [90/2323456] via 10.0.0.5, 00:01:17, Serial0/1
[90/3225600] via 10.0.0.1, 00:01:17, Serial0/0
C 200.0.3.0/24 is directly connected, Loopback2
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/0
C 10.0.0.4 is directly connected, Serial0/1
192.168.0.0/30 is subnetted, 1 subnets
D EX 192.168.0.0 [170/2195456] via 10.0.0.5, 00:01:18, Serial0/1
[170/3097600] via 10.0.0.1, 00:01:18, Serial0/0
D 200.0.0.0/21 is a summary, 00:01:18, Null0

De manera análoga pero con el sentido inverso en la ACL y en el AS100 se bloquea la publicación de 172.17.5.0/24 en #R2. Adjunto configuraciones y los logs de las ACL donde se puede ver el bloqueo de las actualizaciones de esas rutas

router eigrp 200
variance 2
redistribute eigrp 100
network 10.0.0.0 0.0.0.3
network 10.0.0.4 0.0.0.3
distribute-list 51 out
no auto-summary
!
router eigrp 100
redistribute static
network 192.168.0.0 0.0.0.3
network 199.0.0.0
distribute-list 50 in
no auto-summary

Logs de las ACL

Standard IP access list 50
deny 172.17.5.0, wildcard bits 0.0.0.255 log (2 matches)
permit any (21 matches)
Standard IP access list 51
deny 199.0.0.0, wildcard bits 0.0.0.255 (7 matches)
permit any (59 matches)

:wq!

EIGRP (CCNP Route)

En este laboratorio me propuse implementar todas las configuraciones posibles dentro del protocolo EIGRP, entre las que se encuentran:

  • Configurar Router como STUB en un sistema autónomo aislado (imitando el diseño por areas de OSPF) inyectandole una ruta default para mantener lo más chica posible su tabla de enrutamiento
  • Autenticación con MD5 de los neighbors EIGRP
  • Sumarización en el borde del sistema autónomo
  • Implementación del comando variance para hacer balanceo de carga entre enlaces de distinto ancho de banda
  • Redistribución de un proceso EIGRP dentro de otro
  • Redistribución de rutas estáticas dentro de EIGRP

Me falto jugar un poco con el cálculo de métricas, pero eso lo dejo para otro post. Esta vez opte por usar el software GNS3 VirtualBox Edition ya que el packet tracer queda chico para la mayoria de estas tareas y se necesita un IOS de verdad.

Topología del laboratorio

Algunas configuraciones a destacar

EIGRP R2

router eigrp 200
variance 2
redistribute eigrp 100
network 10.0.0.0 0.0.0.3
network 10.0.0.4 0.0.0.3
no auto-summary
!
router eigrp 100
redistribute static
network 192.168.0.0 0.0.0.3
no auto-summary

EIGRP R1

router eigrp 100
network 172.17.1.0 0.0.0.255
network 172.17.2.0 0.0.0.255
network 172.17.3.0 0.0.0.255
network 172.17.4.0 0.0.0.255
network 172.17.5.0 0.0.0.255
network 172.17.6.0 0.0.0.255
network 192.168.0.0 0.0.0.3
no auto-summary
eigrp stub connected summary

Autenticación neighbors

interface Ethernet1/0
ip address 192.168.0.1 255.255.255.252
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 123
half-duplex
!
key chain 123
key 10
key-string cisco

Sumarización en borde

interface Serial0/0
bandwidth 1000
ip address 10.0.0.1 255.255.255.252
ip summary-address eigrp 200 172.17.0.0 255.255.240.0 5

interface Serial0/1
ip address 10.0.0.5 255.255.255.252
ip summary-address eigrp 200 172.17.0.0 255.255.240.0 5

Comprobación de las configuraciones
R7

R1#sh ip route
172.17.0.0/24 is subnetted, 6 subnets
C 172.17.5.0 is directly connected, Loopback4
C 172.17.4.0 is directly connected, Loopback3
C 172.17.6.0 is directly connected, Loopback5
C 172.17.1.0 is directly connected, Loopback0
C 172.17.3.0 is directly connected, Loopback2
C 172.17.2.0 is directly connected, Loopback1
192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, Ethernet1/0
D*EX 0.0.0.0/0 [170/3097600] via 192.168.0.1, 00:11:46, Ethernet1/0 #Aqui se ve que la tabla de enrutamiento del router stub ha quedado solo con la ruta default y las directamente conectadas

R2

R2#sh ip eigrp neighbors
IP-EIGRP neighbors for process #200
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 10.0.0.6 Se0/1 13 00:07:38 424 2544 0 16
1 10.0.0.2 Se0/0 12 00:07:57 441 2646 0 15
IP-EIGRP neighbors for process #100
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 192.168.0.2 Et1/0 13 00:12:50 1217 5000 0 2

R2#sh ip route
172.17.0.0/16 is variably subnetted, 13 subnets, 2 masks
C 172.17.12.0/24 is directly connected, Loopback5
C 172.17.9.0/24 is directly connected, Loopback2
C 172.17.8.0/24 is directly connected, Loopback1
C 172.17.11.0/24 is directly connected, Loopback4
C 172.17.10.0/24 is directly connected, Loopback3
D 172.17.5.0/24 [90/409600] via 192.168.0.2, 00:13:02, Ethernet1/0
D 172.17.4.0/24 [90/409600] via 192.168.0.2, 00:13:02, Ethernet1/0
C 172.17.7.0/24 is directly connected, Loopback0
D 172.17.6.0/24 [90/409600] via 192.168.0.2, 00:13:04, Ethernet1/0
D 172.17.1.0/24 [90/409600] via 192.168.0.2, 00:13:04, Ethernet1/0
D 172.17.0.0/20 is a summary, 00:07:53, Null0
D 172.17.3.0/24 [90/409600] via 192.168.0.2, 00:13:04, Ethernet1/0
D 172.17.2.0/24 [90/409600] via 192.168.0.2, 00:13:04, Ethernet1/0
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/0
C 10.0.0.4 is directly connected, Serial0/1
192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, Ethernet1/0
S* 0.0.0.0/0 is directly connected, Serial0/0
is directly connected, Serial0/1
D 200.0.0.0/21 [90/3200000] via 10.0.0.2, 00:07:54, Serial0/0 #Aqui se observa la sumarizacion y el variance
[90/2297856] via 10.0.0.6, 00:07:54, Serial0/1  #Aqui se observa la sumarizacion y el variance

Una tabla de topología por cada sistema autónomo

R2#sh ip eigrp topology
IP-EIGRP Topology Table for AS(200)/ID(172.17.12.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 10.0.0.0/30, 1 successors, FD is 3072000
via Connected, Serial0/0
P 10.0.0.4/30, 1 successors, FD is 2169856
via Connected, Serial0/1
P 192.168.0.0/30, 1 successors, FD is 281600
via Redistributed (281600/0)
P 172.17.5.0/24, 1 successors, FD is 409600
via Redistributed (409600/0)
P 172.17.4.0/24, 1 successors, FD is 409600
via Redistributed (409600/0)
P 172.17.6.0/24, 1 successors, FD is 409600
via Redistributed (409600/0)
P 172.17.1.0/24, 1 successors, FD is 409600
via Redistributed (409600/0)
P 172.17.0.0/20, 1 successors, FD is 409600
via Summary (409600/0), Null0
P 172.17.3.0/24, 1 successors, FD is 409600
via Redistributed (409600/0)
P 172.17.2.0/24, 1 successors, FD is 409600
via Redistributed (409600/0)
P 200.0.0.0/21, 1 successors, FD is 2297856
via 10.0.0.6 (2297856/128256), Serial0/1
via 10.0.0.2 (3200000/128256), Serial0/0
IP-EIGRP Topology Table for AS(100)/ID(172.17.12.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 0.0.0.0/0, 1 successors, FD is 3072000
via Rstatic (3072000/0)
P 192.168.0.0/30, 1 successors, FD is 281600
via Connected, Ethernet1/0
P 172.17.5.0/24, 1 successors, FD is 409600
via 192.168.0.2 (409600/128256), Ethernet1/0
P 172.17.4.0/24, 1 successors, FD is 409600
via 192.168.0.2 (409600/128256), Ethernet1/0
P 172.17.6.0/24, 1 successors, FD is 409600
via 192.168.0.2 (409600/128256), Ethernet1/0
P 172.17.1.0/24, 1 successors, FD is 409600
via 192.168.0.2 (409600/128256), Ethernet1/0
P 172.17.3.0/24, 1 successors, FD is 409600
via 192.168.0.2 (409600/128256), Ethernet1/0
P 172.17.2.0/24, 1 successors, FD is 409600
via 192.168.0.2 (409600/128256), Ethernet1/0

R2#sh ip eigrp interfaces
IP-EIGRP interfaces for process 200

Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Se0/0 1 0/0 441 0/24 1796 0
Se0/1 1 0/0 424 0/15 1599 0
IP-EIGRP interfaces for process 100

Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Et1/0 1 0/0 1217 0/10 6068 0

R2#sh ip eigrp traffic
IP-EIGRP Traffic Statistics for process 200
Hellos sent/received: 356/355
Updates sent/received: 17/20
Queries sent/received: 1/0
Replies sent/received: 0/1
Acks sent/received: 8/8
Input queue high water mark 2, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0

IP-EIGRP Traffic Statistics for process 100
Hellos sent/received: 180/178
Updates sent/received: 4/3
Queries sent/received: 0/0
Replies sent/received: 0/0
Acks sent/received: 1/2
Input queue high water mark 1, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0

Pruebas con ping y traceroute

R6#ping 172.17.7.1 repeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 172.17.7.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/22/44 ms
R6#trace
R6#traceroute 172.17.5.1

Type escape sequence to abort.
Tracing the route to 172.17.5.1

1 10.0.0.5 16 msec
10.0.0.1 8 msec
10.0.0.5 20 msec
2 192.168.0.2 84 msec 52 msec *

Descargar archivos de configuración

:wq!

Against SOPA/PIPA/ACTA day…

Parece que a partir de hoy nadie desconoce SOPA. Un buen comienzo para la primer movilización de los grandes de Silicon Valley en contra de una ley tan nefasta que pone en juego basicamente la dinámica del intercambio de la información que ha hecho de la red lo que es, proponiendo un marco de acción legal que deja muchas preguntas en el camino. Me parece interesante hacer un compilado de las movilizaciones que se realizaron el día de hoy en contra de un conjunto de leyes en favor de la “regularización” de Internet.

SOPA (Stop Online Piracy Act)

El proyecto de ley tiene repercusiones gravísimas para la estructura actual de internet en todos sus sentidos pues permite al Departamento de Justicia y a los propietarios de derechos intelectuales, obtener órdenes judiciales contra aquellas webs o servicios que permitan o faciliten supuesto el infringimiento de los derechos de autor, que incluyen:

  1. Bloqueo por parte de los proveedores de internet a la web o servicio en cuestión, incluyendo hosting, e inclusive a nivel DNS (aunque esto ha sido puesto a discusión.
  2. Empresas facilitadoras de cobro en internet (como PayPal) deben congelar fondos y restringir el uso del servicio.
  3. Servicios de publicidad deben bloquear la web o servicio. Por ejemplo Google Adsense no puede ofrecer servicio en webs denunciadas si esta ley llegara a aprobarse.
  4. Se deben de eliminar enlaces a la web o servicio denunciado.

Efectos Colaterales

  1. Las redes de navegación anónimas se volverían ilegales (la anonimidad en internet es importantísima para millones de personas en situaciones de peligro por parte de gobiernos totalitarios).
  2. Nuestras comunicaciones serían oficialmente espiadas para poder determinar si incumplimos (o no) la ley.
  3. Sitios donde se incentiva el contenido generado por el usuario no podrían operar porque sería sumamente impráctico vigilar cada cosa publicada con el miedo de recibir una demanda desproporcionada pues la ley no distingue entre proveedor o usuario en estos casos.
  4. Uno de los aspectos básicos de la web se vería afectado: enlazar por medio a hacerlo a un sitio que tal vez sea sospechoso de violar la propiedad intelectual de una obra. Al enlazar también se estaría incumpliendo la ley SOPA.

Google

Wikpedia (Ingles)

GNU.org y FSF.org ( GNU y Free Software Foundation )

Facebook ( Mark Zuckerberg )

WordPress

Taringa

Cuevana

ALT1040

Via Libre

Algunos datos importantes de la Bussiness Software Alliance sobre la pirateria en los ultimos años que dejan ver la magnitud de los intereses que se ponen en juego teniendo en cuenta que estas cifras son solo de Software:

Octavo Estudio Anual de la bsa(Bussiness Software Alliance) sobre
PIRATERÍA DE SOFTWARE
GLOBAL DE 2010
MAY0 2011

El valor comercial de la piratería del software para PC aumentó un 14% a nivel mundial en 2010, lo que
significó un total de US$59 billones. Esta cifra prácticamente se ha duplicado en términos reales desde
2003. La fuerza impulsora detrás de la tendencia es la piratería en las economías emergentes del mundo,
donde el mercado de las computadoras personales crece con mayor rapidez.

Conclusiones Claves:
• El índice de piratería a nivel global cayó 1 punto
porcentual con respecto a 2009 a un 42% — siendo
el segundo índice global más elevado en la historia
del estudio.
• La mitad de las 116 economías estudiadas en 2010
tenía índices de piratería del 62% o mayores, y dos
tercios tenían por lo menos un programa de software
pirateado por cada uno instalado legalmente.
• Las economías emergentes en la actualidad
representan más de la mitad del valor global del
software para PC robado, US$31.9 miles de billones.
• La opinión pública apoya enfáticamente los derechos
de propiedad intelectual (IP, por sus siglas en inglés):
siete de cada 10 usuarios de PC están de acuerdo
en pagar a los innovadores por sus creaciones para
promover mayores avances tecnológicos.
Una gran cantidad de usuarios de PC no tienen un
entendimiento claro acerca de si las maneras más comunes
de adquirir software son legales o ilegales, especialmente
en mercados con elevados índices de piratería.
• Los usuarios de PC de todo el mundo reconocen
que el software con licencia es mejor que el software
pirateado, y un 81% sostiene que es más seguro y
confiable.

 

El Programa (Blueprint) de BSA para
Reducir la Piratería de Software
El progreso gradual que realizan muchos países
en disminuir los índices de piratería demuestra el
valor de los esfuerzos constantes anti-piratería que
generan capital a lo largo del tiempo. Existen medidas
comprobadas que los gobiernos en todo el mundo
pueden adoptar para reducir en forma eficaz el robo
de software:
• Aumentar la educación pública y concientizar
acerca de la piratería de software y del valor de la
propiedad intelectual (IP, en inglés) en cooperación
con la industria y la aplicación de la ley.
Implementar el Tratado sobre Derechos de Autor de
la Organización Mundial de Propiedad Intelectual
(World Intellectual Property Organization’s Copyright
Treaty) para crear un ambiente legislativo eficaz para
la protección de los derechos de autor.
• Crear mecanismos de protección de la propiedad
intelectual sólidos y factibles, como requiere el
Acuerdo de la OMC sobre los Aspectos de los
Derechos de Propiedad Intelectual relacionados con
el Comercio.
• Reforzar la aplicación de las leyes de propiedad
intelectual con recursos específicos, incluyendo
unidades especializadas de implementación,
capacitación para funcionarios de aplicación de la ley
y judiciales, y mejorar la cooperación internacional
entre agencias de aplicación de la ley.
• Liderar con el ejemplo demostrando un compromiso
respecto del uso del software legal, a través de
políticas activas de administración de activos de
software (SAM, por sus siglas en inglés).

(Dejo para descargar el informe completo en formato PDF al final del post)

Protect IP (Cortesia de Google)

Por ultimo, una canción pegajosa 🙂

Descargar  2010 Global Piracy Study (En Español)

Descargar Resumen 2011 Global Piracy Study (Español)

Descargar H.R. 3261, “Stop Online Piracy Act” (“SOPA”) Explanation of Bill and Summary of Concerns

http://es.wikipedia.org/wiki/Stop_Online_Piracy_Act

^C

SOPA NO!

Hace tiempo ya que quiero escribir algo sobre S.O.P.A, una de las leyes más polémicas con las cuales se pretende ‘regular’ el uso de la red de redes. Como tiempo todavia no tuve dejo esta excelente infografía del sitio derechoaleer.org, donde el personaje favorito de Quino nos explica un poco de que se trata esta ley.

eBGP básico – Neighbors

En este laboratorio se configuran 3 routers como neighbors eBGP entre si, redistribuyendo algunas redes configuradas como loopback en los equipos.

Mostramos algunos comandos básicos para corroborar que la sesión BGP quedo establecida:

R3#sh ip bgp summary

BGP router identifier 10.200.0.1, local AS number 300
BGP table version is 11, main routing table version 6
10 network entries using 1320 bytes of memory
10 path entries using 520 bytes of memory
8/8 BGP path/bestpath attribute entries using 1472 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 3416 total bytes of memory
BGP activity 6/0 prefixes, 10/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.100.0.2 4 100 89 83 11 0 0 01:21:29 4
10.200.0.2 4 200 90 84 11 0 0 01:22:12 4

R3#sh ip bgp neighbors

BGP neighbor is 10.100.0.2, remote AS 100, external link
BGP version 4, remote router ID 199.1.0.1
BGP state = Established, up for 01:22:09
Last read 01:22:09, last write 01:22:09, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0

Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 8 6
Keepalives: 83 83
Route Refresh: 0 0
Total: 92 90
Default minimum time between advertisements runs is 30 seconds

For address family: IPv4 Unicast
BGP table version 11, neighbor version 6/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 8 6 (Consumes 322 bytes)
Prefixes total: 8 6
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 1
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 3, min 1

Address tracking is enabled, the RIB does have a route to 10.100.0.2
Connections established 1; dropped 0
Last reset never
Transport(tcp) path-mtu-discovery is enabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Minimum incoming TTL 0, Outgoing TTL 1
Local host: 10.100.0.1, Local port: 179
Foreign host: 10.100.0.2, Foreign port: 1029
Connection tableid (VRF): 0

Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)

Event Timers (current time is 0xC69F4):
Timer Starts Wakeups Next
Retrans 0 0 0x0
TimeWait 0 0 0x0
AckHold 89 0 0x0
SendWnd 0 0 0x0
KeepAlive 83 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0

iss: 2057115318 snduna: 2057115748 sndnxt: 2057115748 sndwnd: 15955
irs: 3480424370 rcvnxt: 3480424751 rcvwnd: 16004 delrcvwnd: 380

SRTT: 259 ms, RTTO: 579 ms, RTV: 320 ms, KRTT: 0 ms
minRTT: 16 ms, maxRTT: 300 ms, ACK hold: 200 ms
Status Flags: passive open, gen tcbs
Option Flags: nagle, path mtu capable
IP Precedence value : 6

Datagrams (max data segment is 1460 bytes):
Rcvd: 90 (out of order: 0), with data: 0, total data bytes: 0
Sent: 84 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 8, total data bytes: 192
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0

BGP neighbor is 10.200.0.2, remote AS 200, external link
BGP version 4, remote router ID 200.1.0.1
BGP state = Established, up for 01:22:51
Last read 01:22:51, last write 01:22:51, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0

Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 6 6
Keepalives: 83 83
Route Refresh: 0 0
Total: 90 90
Default minimum time between advertisements runs is 30 seconds

For address family: IPv4 Unicast
BGP table version 11, neighbor version 6/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 6 6 (Consumes 276 bytes)
Prefixes total: 6 6
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 1
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 3, min 1

Address tracking is enabled, the RIB does have a route to 10.200.0.2
Connections established 1; dropped 0
Last reset never
Transport(tcp) path-mtu-discovery is enabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Minimum incoming TTL 0, Outgoing TTL 1
Local host: 10.200.0.1, Local port: 1030
Foreign host: 10.200.0.2, Foreign port: 179
Connection tableid (VRF): 0

Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)

Event Timers (current time is 0xC69F4):
Timer Starts Wakeups Next
Retrans 0 0 0x0
TimeWait 0 0 0x0
AckHold 89 0 0x0
SendWnd 0 0 0x0
KeepAlive 83 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0

iss: 2057115318 snduna: 2057115748 sndnxt: 2057115748 sndwnd: 15955
irs: 3480424370 rcvnxt: 3480424751 rcvwnd: 16004 delrcvwnd: 380

SRTT: 259 ms, RTTO: 579 ms, RTV: 320 ms, KRTT: 0 ms
minRTT: 16 ms, maxRTT: 300 ms, ACK hold: 200 ms
Status Flags: passive open, gen tcbs
Option Flags: nagle, path mtu capable
IP Precedence value : 6

Datagrams (max data segment is 1460 bytes):
Rcvd: 90 (out of order: 0), with data: 0, total data bytes: 0
Sent: 84 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 6, total data bytes: 144
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0

R3#sh ip route

10.0.0.0/30 is subnetted, 2 subnets
C 10.100.0.0 is directly connected, FastEthernet0/0
C 10.200.0.0 is directly connected, FastEthernet0/1
B 199.0.0.0/24 [20/0] via 10.100.0.2, 01:27:55
B 199.1.0.0/24 [20/0] via 10.100.0.2, 01:27:55
B 200.0.0.0/24 [20/0] via 10.200.0.2, 01:27:55
B 200.1.0.0/24 [20/0] via 10.200.0.2, 01:27:55

R3#sh ip bgp

BGP table version is 11, local router ID is 10.200.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.100.0.0/30 0.0.0.0 0 0 32768 i
*> 10.200.0.0/30 0.0.0.0 0 0 32768 i
* 199.0.0.0/24 10.200.0.2 0 0 0 100 200 i
*> 10.100.0.2 0 0 0 100 i
* 199.1.0.0/24 10.200.0.2 0 0 0 100 200 i
*> 10.100.0.2 0 0 0 100 i
*> 200.0.0.0/24 10.200.0.2 0 0 0 200 i
* 10.100.0.2 0 0 0 200 100 i
*> 200.1.0.0/24 10.200.0.2 0 0 0 200 i
* 10.100.0.2 0 0 0 200 100 i

Adjunto a continuación el .pkt para descargar y una presentación sobre BGP de LACNIC (Latin American & Caribbean Internet Addresses Registry ):

BGP.ppt

Laboratorio BGP .pkt

:wq!

Laboratorio OSPF Multiarea

En este laboratorio se configura un sistema autónomo con OSPF como IGP. Se implementa sobre OSPF autenticación en texto plano y MD5, un área Stub, un area totalmente Stub y se hace redistribución de estáticas y del protocolo RIPv2 en el sistema autónomo original. También, al final del post, dejo el enlace de descarga del laboratorio en .pkt y una lectura llamada “OSPF Design Guide” que hace un extenso recorrido sobre las distintas propiedades de este protocolo.

Descargar laboratorio .pkt

Descargar OSPF Design Guide

wq!

Problema con links GNS3

Resulta que intentadno instalar las versiones

de este excelente simulador me econtre con el siguiente problema: Cada vez que intentaba agregar un enlace entre dos dispositivos la consola de dinamyps arrojaba el siguiente error:

File "GNS3/Scene.pyo", line 713, in Slotaddlink
File "GNS3/scene.pyo", line 675, in_addlink
File "GNS3/Topology.pyo", line 851, in addlinkfromscene
File "GNS3/undoframework.pyo", line123, in_init_

Type Error: not all arguments converted during string formatting.

Sin importar el sistema operativo que estuviese corriendo.
La solución la encontré finalmente en los foros de GNS3, al parecer tiene que ver con un problema en la traduccion al español del mismo, por lo que cambiando el idioma de la aplicación al ingles queda solucionado 🙂

Compensan estos bugs el echo de que estas nuevas versiones soportan VBox y existen appliances con switches.

Enjoy!