Cisco Auto-Provisioning Lab

26 Thursday Apr 2018

Posted by C. M. Stephan in Cisco, Networking, Shell Scripting, TCL, Uncategorized

So I have had need to quickly build a provisioning server for a lab to auto provision devices as they come online. This is the basic steps to accommodate this. Note there are far more complex and secure methods to utilizing something similar in production. Feel free to use this as a learning tool, but understand in a production environment, this is not recommended as critical pieces of information would be sent in clear text.

Continue reading →

Troubleshooting High CPU Utilization on Cisco Routers

15 Tuesday Aug 2017

Posted by C. M. Stephan in RootAdmin, Routing

≈ Leave a comment

I had someone question me as to why the router appears to be misreporting its CPU utilization… So as I haven’t written anything around this topic, I figured I would make a note for any future engineers struggling to understand what is going on in their routers.

Continue reading →

Negative Overflow of 4-byte AS in Solarwinds Orion Output

27 Monday Mar 2017

Posted by C. M. Stephan in Application, Bug / Known Problem, CodeProject, Development, RootAdmin, TCP/IP

≈ 2 Comments

4-byte (32-bit) BGP Neighbor Information with AsDotNotation

A problem currently exists within Solarwinds where 4-byte (32-bit) ASNs overflow into a negative number when utilizing a portion of the private scoped ASN space specifically, the ranges 2,147,483,648 (32768.0) through 4,294,967,296 (65535.65535) overflow into -2,147,483,648 through -1 respectively.

To show the correct data, we created a custom table utilizing the following WSQL to generate the correct information. See past the snippet for an explanation as to how and why this works.

Continue reading →

INMARSAT BGAN Service Automation

28 Thursday Jan 2016

Posted by C. M. Stephan in BGAN, Control, Messaging, and Testing, Dynamic Multipoint Virtual Private Network (DMVPN), RootAdmin, Serial Tunneling (STUN), TCL, Telnet, Uncategorized

≈ 2 Comments

Tags

Hughes 9502

We are currently working on a project to implement DMVPN (IWAN) over BGAN. This is the process I went through to discover how to send AT commands from our Cisco IOS Router to the BGAN unit.

Continue reading →

Using TCL to provide WoL Services from a Cisco Router

29 Wednesday Jul 2015

Posted by C. M. Stephan in Cisco, CodeProject, Networking, TCL

≈ 5 Comments

This exceptional bit of code provided by Jónatan Þór Jónasson is a masterpiece. It provides the ability to send Wake On Lan commands out the local interfaces of a router to WakeUp a device. You will need a device that supports UDP Sockets, so you have to be running 15.0+ firmware.

Found this at ipSpace by Ivan Pepelnjak

ROUTER# tclsh
ROUTER(tclsh)#

proc WakeOnLan {broadcastAddr macAddr} {
     set net [binary format H* [join [split $macAddr -:] ""]]
     set pkt [binary format c* {0xff 0xff 0xff 0xff 0xff 0xff}]

     for {set i 0} {$i < 16} {incr i} {
        append pkt $net
     }

     # Open UDP and Send the Magic Paket.
     set udpSock [udp_open]
     fconfigure $udpSock -translation binary \
          -remote [list $broadcastAddr 4580] \
          -broadcast 1
     puts $udpSock $pkt
     flush $udpSock;
     close $udpSock
}

ROUTER(tclsh)# WakeOnLan 255.255.255.255 000f13cd80a1

Rolling a Domain Password

31 Tuesday Mar 2015

Posted by C. M. Stephan in CodeProject, Security, Shell Scripting

≈ Leave a comment

So I get extremely frustrated having to change my password every 60 days because the security department has this belief that somehow that is going to prevent the nightmare at Sony from coming down upon our company. Without getting too deep into the politics around security I am a firm believer that it is far better for people to have a password that is highly complex and never changes or better yet high entropy and very simple to remember as opposed to forced rotations of passwords. My reasoning is simple. If I were a hacker and I got your password, I wouldn’t wait 60 days to use it. I would own you in the immediate… as in right now. Continue reading →

Securing Industrial Automation Networks – Part 1: Lingo and Regulation

28 Tuesday Aug 2012

Posted by C. M. Stephan in RootAdmin, Security, System Control and Data Aquisition (SCADA)

≈ Leave a comment

Tags

Automation, CIP, IACS, ISA-99, NERC, NERCCIP, SCADA, Security, StuxNet

We are currently working on a project to implement a security design around our Industrial Automation Networks in the Field. These range from gas measurement shacks with a single valve all the way up to multi-train gas processing plants. Post the StuxNet incident and the 60 minutes airing that notified the nation of the great dangers in exposing our vital infrastructure to the internet, there have been several regulatory commssions who have or are currently working on updating thier requirements around securing this vital infrastructure. Our goal is to beat them to the punch and be prepared for the worst while doing our Control Technicians a favor or two in providing them further isolation from the Enterprise.

In 2002 FISMA (Federal Information Security Management Act) kicked off a lot of these regulations by requiring each government entity to develop requirements to protect their perspective systems from cyber attack. Due to this, government agencies have become more and more aware of the threats imposed by networked system access to critical systems. In my opinion, this eyeopening will spark the proposal of additional regulation to protect these critical systems. In this first article, I’ll cover some common terms and we’ll note some regulatory bodies and any specific regulations already identified… Continue reading →

TCP and Port Filtering / Firewalls with WinSock

26 Thursday Apr 2012

Posted by C. M. Stephan in Application, Development, Networking, TCP/IP, Transport Control Protocol (TCP)

≈ 1 Comment

Tags

Programming, TCP, Timeout, Winsock

Introduction

This is in reference to the following article:
http://www.codeproject.com/Articles/85602/PortQry-Implementation-using-TcpClient-Socket-and

It’s been a few years since I’ve looked at this and recently I had received a notification that someone had posted a response. First I would like to agree with emilio_grv’s response in that Application Programmers should be very careful about handling timeouts within the application. As with any application development, make sure you cleanup any non-used resources as soon as possible, especially with sockets, as you’ll extinguish the available source ports that can be used. In windows environments, the default is 3977.

Background

As a connection timeout is not a parameter available within the TcpClient.BeginConnect() or TcpClient.Connect() functions, an issue arises for those who have large scale processes that must be accomplished in a timely fashion.

With the use of firewalls in the network we make a compromise, trading network visibility for security. We often no longer get a response from the TCP stack at the far end or sometimes even the ICMP message back when a packet passes a firewall whether there is a problem or not. Even more frustrating, we may have no choice in the matter, as another group or organization could be managing the firewalls, and so policy change can be difficult if not impossible altogether. Continue reading →

protocolSyntax

~ We put the 'P' in the Internet

Category Archives: Networking

Cisco Auto-Provisioning Lab

Troubleshooting High CPU Utilization on Cisco Routers

Negative Overflow of 4-byte AS in Solarwinds Orion Output

4-byte (32-bit) BGP Neighbor Information with AsDotNotation

INMARSAT BGAN Service Automation

Using TCL to provide WoL Services from a Cisco Router

Rolling a Domain Password

Securing Industrial Automation Networks – Part 1: Lingo and Regulation

TCP and Port Filtering / Firewalls with WinSock

Introduction

Background