Skip to main content

IPV6 Tricks

Have you ever faced with a situation where you where stuck out of your server due to a IP Address Change, well if you didn't you might one day, let me tell you how IPv6 Saved me. I have several Linux Servers in My Company and Due to some maintenance I needed to change the IP Address on on of them, simple task although it went bad due to a miss spelling on the ifcfg-eth0 file. and like I love to go fast with configuration I did a stupid mistake and restarted the network service well needless to say that as soon as I did that I was left outside, started yelling and spelling out some wired brrrrrrr hmmmm grrrrrrr and all sort of mad words. but then I said to my self hey i am an almost Expert I know Networking, how do I solve this, well the port is still listening on the Ethernet Network so If I had some way of login via ARP or MAC or Other Protocol then I was good to go, and then it pupped out to me IPv6 use in link local address based on MAC address and I have the MAC address of my Linux also I remembered that Linux from Kernel 2.6 is using IPv6 Nativity mean that if i will take the MAC address and convert it to IPv6 link local address FE80:: and do not forget to inverse the 7th bit of the MAC address if you have MAC 1234:5678:1111 0001 0010 now it is 0001 0000 1034:5678:1111 and you add to it FE80:: FE80::1034:5678:1111 --> TADA then I will be able to ping it and log in from one of my other servers so that is what I did and there you go a rescue backdoor to your network when your IPv4 network is down. also you could login from remote if you set on your Cisco a 6to4 tunnel, but that is for next article, leave the good stuff for later :-)
Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …