26 Thursday Apr 2018
Posted in Cisco, Networking, Shell Scripting, TCL, Uncategorized
So I have had need to quickly build a provisioning server for a lab to auto provision devices as they come online. This is the basic steps to accommodate this. Note there are far more complex and secure methods to utilizing something similar in production. Feel free to use this as a learning tool, but understand in a production environment, this is not recommended as critical pieces of information would be sent in clear text.
15 Tuesday Aug 2017
I had someone question me as to why the router appears to be misreporting its CPU utilization… So as I haven’t written anything around this topic, I figured I would make a note for any future engineers struggling to understand what is going on in their routers.
27 Monday Mar 2017
Posted in Application, Bug / Known Problem, CodeProject, Development, RootAdmin, TCP/IP
A problem currently exists within Solarwinds where 4-byte (32-bit) ASNs overflow into a negative number when utilizing a portion of the private scoped ASN space specifically, the ranges 2,147,483,648 (32768.0) through 4,294,967,296 (65535.65535) overflow into -2,147,483,648 through -1 respectively.
To show the correct data, we created a custom table utilizing the following WSQL to generate the correct information. See past the snippet for an explanation as to how and why this works.
28 Thursday Jan 2016
Tags
We are currently working on a project to implement DMVPN (IWAN) over BGAN. This is the process I went through to discover how to send AT commands from our Cisco IOS Router to the BGAN unit.
29 Wednesday Jul 2015
Posted in Cisco, CodeProject, Networking, TCL
This exceptional bit of code provided by Jónatan Þór Jónasson is a masterpiece. It provides the ability to send Wake On Lan commands out the local interfaces of a router to WakeUp a device. You will need a device that supports UDP Sockets, so you have to be running 15.0+ firmware.
Found this at ipSpace by Ivan Pepelnjak
ROUTER# tclsh
ROUTER(tclsh)#
proc WakeOnLan {broadcastAddr macAddr} {
set net [binary format H* [join [split $macAddr -:] ""]]
set pkt [binary format c* {0xff 0xff 0xff 0xff 0xff 0xff}]
for {set i 0} {$i < 16} {incr i} {
append pkt $net
}
# Open UDP and Send the Magic Paket.
set udpSock [udp_open]
fconfigure $udpSock -translation binary \
-remote [list $broadcastAddr 4580] \
-broadcast 1
puts $udpSock $pkt
flush $udpSock;
close $udpSock
}
ROUTER(tclsh)# WakeOnLan 255.255.255.255 000f13cd80a1
31 Tuesday Mar 2015
Posted in CodeProject, Security, Shell Scripting
So I get extremely frustrated having to change my password every 60 days because the security department has this belief that somehow that is going to prevent the nightmare at Sony from coming down upon our company. Without getting too deep into the politics around security I am a firm believer that it is far better for people to have a password that is highly complex and never changes or better yet high entropy and very simple to remember as opposed to forced rotations of passwords. My reasoning is simple. If I were a hacker and I got your password, I wouldn’t wait 60 days to use it. I would own you in the immediate… as in right now. Continue reading
28 Tuesday Aug 2012
We are currently working on a project to implement a security design around our Industrial Automation Networks in the Field. These range from gas measurement shacks with a single valve all the way up to multi-train gas processing plants. Post the StuxNet incident and the 60 minutes airing that notified the nation of the great dangers in exposing our vital infrastructure to the internet, there have been several regulatory commssions who have or are currently working on updating thier requirements around securing this vital infrastructure. Our goal is to beat them to the punch and be prepared for the worst while doing our Control Technicians a favor or two in providing them further isolation from the Enterprise.
In 2002 FISMA (Federal Information Security Management Act) kicked off a lot of these regulations by requiring each government entity to develop requirements to protect their perspective systems from cyber attack. Due to this, government agencies have become more and more aware of the threats imposed by networked system access to critical systems. In my opinion, this eyeopening will spark the proposal of additional regulation to protect these critical systems. In this first article, I’ll cover some common terms and we’ll note some regulatory bodies and any specific regulations already identified… Continue reading
26 Thursday Apr 2012
Posted in Application, Development, Networking, TCP/IP, Transport Control Protocol (TCP)
Tags
This is in reference to the following article:
http://www.codeproject.com/Articles/85602/PortQry-Implementation-using-TcpClient-Socket-and
It’s been a few years since I’ve looked at this and recently I had received a notification that someone had posted a response. First I would like to agree with emilio_grv’s response in that Application Programmers should be very careful about handling timeouts within the application. As with any application development, make sure you cleanup any non-used resources as soon as possible, especially with sockets, as you’ll extinguish the available source ports that can be used. In windows environments, the default is 3977.
As a connection timeout is not a parameter available within the TcpClient.BeginConnect() or TcpClient.Connect() functions, an issue arises for those who have large scale processes that must be accomplished in a timely fashion.
With the use of firewalls in the network we make a compromise, trading network visibility for security. We often no longer get a response from the TCP stack at the far end or sometimes even the ICMP message back when a packet passes a firewall whether there is a problem or not. Even more frustrating, we may have no choice in the matter, as another group or organization could be managing the firewalls, and so policy change can be difficult if not impossible altogether. Continue reading
