Routing

Loop A routing loop is a serious network problem which happens when a data packet is continually routed through the same routers over and over. The data packets continue to be routed within the network in an endless circle. A routing loop can have a catastrophic impact on a network, and in some cases, completely disabling the network. Normally Routing Loop is a problem associated with Distance Vector Protocols. Routing Loop can happen in large internetworks when a second topology change emerges before the network is able to converge on the first change. Convergence is the term used to describe the condition when all routers in an internetwork have agreed on a common topology. Link state protocols tend to converge very quickly, while distance vector protocols tend to converge slowly. RIP IP RIP (Routing Information Protocol) comes in two different versions: 1 and 2. Version 1 is a distance vector protocol (RFC 1058) and Version 2 is a hybrid protocol (RFCs 1721 and 1722). Routing Information Protocol Version 1 (RIPv1) RIPv1 uses local broadcasts to share routing information. These updates are periodic in nature, occurring, by default, every 30 seconds. To prevent packets from circling around a loop forever, both versions of RIP solve counting to infinity by placing a hop count limit of 15 hops on packets. Any packet that reaches the sixteenth hop will be dropped. RIPv1 is a classful protocol. RIP supports up to six equal-cost paths to a single destination. Equal-cost path are the paths where the metric is same (Hop count). Routing Information Protocol (RIPv2) RIPv2 is a distance vector protocol with routing enhancements built into it, and it is based on RIPV1. Therefore, it is commonly called a hybrid protocol. RIPv2 uses multicasts instead of broadcasts. RIPv2 supports triggered updates. when a change occurs, a RIPv2 router will immediately propagate its routing information to its connected neighbours. RIPv2 is a classless protocol and it supports variable-length subnet masking (VLSM). Both RIPv1 and RIPv2 uses hop count as the metric. Differences between RIPv1 and RIPv2 RIPv1 Supports only classful routing (Does not support VLSM).

 No authentication. RIPv1 uses Broadcast. RIPv2 Supports classless routing (Supports VLSM). RIPv2 incorporates the addition of the network mask in the update to allow classless routing advertisements. Authentication is available. RIPv2 uses multi-cast instead of broadcast. multicast communication reduces the burden on the network devices that do not need to listen to RIP updates. OSPF The Open Shortest Path First (OSPF) protocol is a link state protocol that handles routing for IP traffic. Its newest implementation, version 2, which is explained in RFC 2328, is an open standard. Open Shortest Path First (OSPF) is an open standard (not proprietary) and it will run on most routers independent of make. Open Shortest Path First (OSPF) uses the Shortest Path First (SPF) algorithm, developed by Dijkstra, to provide a loop-free topology. Open Shortest Path First (OSPF) provides fast convergence with triggered, incremental updates via Link State Advertisements (LSAs). Open Shortest Path First (OSPF) is a classless protocol and allows for a hierarchical design with VLSM and route summarization The main disadvantages of Open Shortest Path First (OSPF) are Open Shortest Path First (OSPF) requires more memory to hold the adjacency (list of OSPF neighbors), topology (a link state database containing all of the routers and their routes), and routing tables, Open Shortest Path First (OSPF) requires extra CPU processing to run the SPF algorithm and Open Shortest Path First (OSPF) is a complex routing protocol. BGP Border Gateway Protocol (BGP) The most common Exterior Gateway Protocol protocol in use on the Internet is the Border Gateway Protocol (BGP), ensuring that packets get to their destination network regardless of current network conditions. Like RIP, the BGP algorithm provides great network stability, guaranteeing that if one Internet network line goes down, BGP routers can quickly adapt to send packets through another connection.

How BGP works. When a BGP router first comes up on the Internet, either for the first time or after being turned off, it establishes connections with the other BGP routers with which it directly communicates. The first thing it does is download the entire routing table of each neighboring router. After that it only exchanges much shorter update messages with other routers. BGP routers send and receive update messages to indicate a change in the preferred path to reach a computer with a given IP address. If the router decides to update its own routing tables because this new path is better, then it will subsequently propagate this information to all of the other neighboring BGP routers to which it is connected, and they will in turn decide whether to update their own tables and propagate the information further. SSH FEATURES SSH is a very flexible protocol, and many different types of services can run on top of it. Additionally, the protocol's open architecture allows these services to run all at the same time without impeding each other.

secure remote logins, secure file copying, and secure invocation of remote commands
port forwarding, or TCP/IP connection tunneling What is ARP? ARP stands for Address Resolution Protocol. It is used to associate a layer 3 (Network layer) address (such as an IP address) with a layer 2 (Data Link layer) address (MAC address). Layer 2 vs. Layer 3 addressing I think where a lot of confusion with ARP comes from is in regards to how the IP address and the MAC address work together. The IP address is a layer 3 (network layer) address. The MAC address is a layer 2 (data link) address. The layer 3 address is a logical address. It will pertain to a single protocol (such as IP, IPX, or Appletalk). The layer 2 address is a physical address. It pertains to the actual hardware interface (NIC) in the computer. A computer can have any number of layer 3 addresses but it will only have 1 layer 2 address per LAN interface. At layer 3, the data is addressed to the host that the data is destined for. At layer 2 though, the data is addressed to the next hop. This is handy because you only need to know a host's layer 3 address (which can be found out by using DNS for instance) but you won't need to know the hardware address (and you won't have to bog down the network by sending an ARP request across the internet to find it out). The layer 3 packet

 (addressed to the destination host) will be encapsulated within a layer 2 frame (addressed to the next hop). Man in the middle attack

Intercept messages between two victims (i.e. a user and a website) and injects new ones Victims believe the communication is private, but the manin-the-middle is in control Most forms of two-factor authentication do not offer protection With a man-in-the-middle attack, Trojans and other malware lie in wait for a user to access a targeted website, primarily banking and financial services. When the site is accessed, the man-in-the-middle inserts himself into the users session. The user logs in as they normally would with a username and password. If the website requires two-factor authentication during the login process, such as a security

token, the user would enter the one-time password from the token completely unaware that an attack is in progress. Once the user is authenticated, so is the man-in-the-middle. The attacker can initiate new transactions, such as creating ACH and wire transfers, and reroute the users valid transactions to mule accounts. In some cases, the attacker just takes over the users authenticated session and displays a message to the end user that the website is currently unavailable.

A form of electronic eavesdropping two victims think they are talking to each other but both are actually talking to an attacker.

Man in the middle attacks are often used to: - steal sensitive information from both victims - execute fraudulent transactions - inject advertisements and spam Secure cryptography and strong authentication can prevent most man in the middle attacks.

Prevention Out-of-band authentication with transaction verification is the only way to protect against man-in-the-middle attacks. When a transaction is initiated, an automated phone call is placed to the users registered phone number. During the call, the user is asked to verify the specific transaction. For example, This is Your Bank calling to verify the transfer of $50,000 to account 10015 at Bank of Nigeria. If the

transaction is valid, the user simply presses # (or a PIN) to approve the transaction. If the transaction is not valid, the user can press 911# to lock their account and notify the company that an attack is in progress. DOS ATTACK A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target.
How a "denial of service" attack works
In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server. In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.

How to block a "denial of service" attack One of the more common methods of blocking a "denial of service" attack is to set up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers. The filter can look for attacks by noticing patterns or identifiers contained in the information. If a pattern comes in frequently, the filter can be instructed to block messages containing that pattern, protecting the Web servers from having their lines tied up.