mike storms cisco bloghttp://blogs.interfacett.com/mike-storm/cisco blog by mike stormen-US2009-01-07T16:51:00ZSquarespace Site Server v5.0.0 (http://www.squarespace.com/)The Living Blog!http://blogs.interfacett.com/mike-storm/2007/9/27/the-living-blog.htmlMike Storm2007-09-27T21:53:39ZThis Blog contains a repository of info on links to technologies, standards, training, useful tools, shortcuts, timesavers and other things of interest to the Technical Community. This is a living Blog. Updated Frequently so check back or subscribe.

3/9/2008 My most recent last recent entry:

Following all rules: What should the first several lines in a CE Edge router really look like?

Assuming my PubNet range is a block of 32 66.238.29.0 - 31. See below

! no fragments
access-list 100 deny tcp any 66.238.29.0 0.0.0.31 log fragments
access-list 100 deny udp any 66.238.29.0 0.0.0.31 log fragments
access-list 100 deny icmp any 66.238.29.0 0.0.0.31 log fragments
! no snmp inbound from the Internet
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq snmptrap
! RFC 2827 Ingress, RFC 3804 Martian Filtering and RFC 1918 private Address Filtering
access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
access-list 100 deny ip 255.0.0.0 0.255.255.255 any log
access-list 100 deny ip 224.0.0.0 31.255.255.255 any log
access-list 100 deny ip host 0.0.0.0 any log
access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
access-list 100 deny ip 192.0.2.0 0.0.0.255 any log
access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
access-list 100 deny ip 14.0.0.0 0.255.255.255 any log
access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
access-list 100 deny ip 198.18.0.0 0.0.255.255 any log
access-list 100 deny ip 66.238.29.0 0.0.0.31 any log
! no routing protocols inbound (unless needed)
access-list 100 deny tcp any any eq bgp log
access-list 100 deny tcp any eq bgp any log
access-list 100 deny ipinip any any
access-list 100 deny gre any any
access-list 100 deny pim any any
access-list 100 deny 90 any any
access-list 100 deny ospf any any log
access-list 100 deny eigrp any any log
access-list 100 deny udp any eq rip any log
access-list 100 deny udp any any eq rip log
access-list 100 permit now begins your permits...if any

Notes:
192.0.2.0 0.0.0.255 any log (range known to be used exploit default pw on WLA devices) 1
4.0.0.0 0.255.255.255 any log (Known as Net-14, a Public use network, possibly used by attackers) 1
69.254.0.0 0.0.255.255 any log (RFC2026 Link Local)
198.18.0.0 0.0.255.255 any log (block for benchmark tests of network interconnect devices, RFC2544)
Storm - Out

3/4/2008 My last entry. The Configs for the Instructor Routers for 220 class. Thanks to you all for a great week!!

Get the Configs Here: ccnp330-config.txt

12/05/2007 Living List of Links: (jc thx)

--> new 1. Most Every hacking tool known to the human race, free and with full instructions: http://www.elhacker.net/hacking.htm
2. Undocumented IOS and Catalyst Commands: http://www.elemental.net/~lf/undoc/
3. 1. Top 100 Security Tools (http://sectools.org/)
2. Switch Inspector (sweet, inexpensive switchport mapper - http://www.switchinspector.com/)
3. MRTG (traffic statistics, free - http://oss.oetiker.ch/mrtg/), PRTG (traffic statistics, cheap - http://www.paessler.com/prtg)
4. Level 7 Password Decryption (http://cfz.ir/ot/?what=ciscocracker) Cain does it too
5. Cain and Abel Security Audit util (http://www.oxid.it/cain.html)
6. Kiwi Syslog (free, good syslog server - http://www.kiwisyslog.com/products.php#syslog)
7. Kiwi CatTools (configuration management / change tracking - http://www.kiwisyslog.com/products.php#cattools)
8. TFTP Server (overcomes 32MB limit - http://tftpd32.jounin.net/tftpd32_download.html)
9. IOS Configuration Editor, fairly cheap (http://www.winagents.com/en/products/cisco-config-editor/)
10. IP Chicken - external IP from anywhere...no pop-up ads (www.ipchicken.com)
-> new 11. Best Speed tester on the net! www.speedtest.net

12. Tera Term - my favorite FREE Windows telnet/SSH client (http://hp.vector.co.jp/authors/VA002416/teraterm.html) Still like SecureCRT better :-P
13. Boson's Free Utils - bunch of handy/goof around utils (http://www.boson.com/FreeUtilities.html)

Router Switch Aliases I Use to save time:

!Status and Management Aliases
!
alias exec sr sh run
alias exec gc config t
alias exec sri sh run | include
alias exec srb sh run | begin
alias exec sre sh run | exclude
alias exec srint sh run int
alias exec si sh int
alias exec sip sh ip proto
alias exec sib sh ip int brief
alias exec cl clear line
alias exec ds disconnect
alias exec ss show sessions
alias exec su show users
!
! Routing and Routing Protocol Related
! General
alias exec sir sh ip route
alias exec cir clear ip route *
alias router net network
alias configure ipr ip route
!
! EIGRP
alias configure re router eigrp
alias exec sen sh ip eigrp neighbors
alias exec set sh ip eigrp topology
alias exec cen clear ip eigrp neigh
alias exec sire show ip route eigrp
!
! OSPF
alias configure ro router ospf
alias exec son sh ip ospf neighbor
alias exec sod sh ip ospf database
alias exec soi sh ip ospf interface
alias exec siro sh ip route ospf
alias exec cop clear ip ospf process
!
! BGP
alias configure rb router bgp
alias exec sb sh ip bgp
alias exec sbs sh ip bgp summary
alias exec sbn sh ip bgp neighbor
alias exec sbp sh ip bgp path
alias exec cbgp clear ip bgp *
!
! Misc Aliases
alias interface ipa ip address
alias configure rr router rip
alias exec sal show access-list
alias exec tr traceroute
alias exec cft copy flash tftp
alias exec ctf copy tftp flash
!

The Components of creating the Cisco Self-Defending "Active Defense System" that you must know:

(In additon to the staples, like ASA5500s, ISR Routers and so on)

CSA 5.2+ (at least on critical Hosts)
IPS 6 (Perfect it in the ASA as the AIP-SSM and the IDSM-2 in the 6500s)
MARS (Without a doubt the BEST security correlation, monitoring and active response system I have ever seen)
Large Enterprises should add Cisco Security Manager for Enterprise-level management

More to come.

Storm - out

]]>Who nedes a slepl chkecer aynawy?http://blogs.interfacett.com/mike-storm/who-nedes-a-slepl-chkecer-aynawy.htmlMike Storm2007-09-26T11:14:33ZAoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by itslef but the wrod as a wlohe.

]]>Pasting Large Cisco Device Configurations in One Stephttp://blogs.interfacett.com/mike-storm/pasting-large-cisco-device-configurations-in-one-step.htmlMike Storm2007-09-26T11:06:56Z(republished from ciscoblog...JC)

If you've been working with Cisco devices for awhile, you know that the fastest way to backup your configuration is:

1. Do a "show run" command
2. Copy all the output to your clipboard
3. Paste it into notepad

Then, if you need to restore the configuration you just move into global configuration mode and paste all the output back in. Voila! Insta-configured Cisco device. Here's the problem...when you paste in larger configuration files, it fails. Somewhere after about 50-80 lines of config, the input begins to get scrambled and jumbled all around. The reason is the Cisco device cannot keep up with the data that you are entering. So...how do fix this? Slow down the input! Here's how:

All terminal programs have a setting called “Transmit delay msec/line” for the serial port. Here’s a view of what it looks like in Tera Term:

By default, this is some absurdly low value somewhere between 0-10 msec, which means your terminal program will just keep flooding the data and not give the receiving device enough pause to apply it. Adjust this value to something between 35-50 msec and your Cisco device will have no problem keeping up with the data.

-out

]]>How Quality Training Directly Relates to Job Performancehttp://blogs.interfacett.com/mike-storm/2007/2/23/how-quality-training-directly-relates-to-job-performance.htmlMike Storm2007-02-23T06:55:24Z

So here it is...the Granddaddy of all discussions with regards to training. Was it worth it?

Was it worth the money? Was it worth the time I spent? Arriving at a difinitive answer for these questions can be difficult; for the student, for the Training Coordinator, Managers, etc.

Why?

Let's set the scenario...

You took a training class somewhere, and well, you learned some stuff,

]]>Interface's HardHat for CCNP Training is LIVE!http://blogs.interfacett.com/mike-storm/2007/2/21/interfaces-hardhat-for-ccnp-training-is-live.htmlMike Storm2007-02-21T15:50:55ZHardHat CCNP classes are. Not only are you working with the latest Cisco gear, like ISRs and 6509s, but you will be building architectures that mimic EXACTLY what Cisco enterprise customers are doing. The program is focused on building solutions that you should actually use, and will use, based on best practices and proper application of technologies and how they blend together, not just on getting practice with isolated technologies on a router in an unrealistic lab environment. We just don't do it that way at Interface.]]>The Ultimate Session at Cisco Networkers 2007http://blogs.interfacett.com/mike-storm/2007/2/21/the-ultimate-session-at-cisco-networkers-2007.htmlMike Storm2007-02-21T15:01:24ZCisco 6500 Switches Added to the Interface Cisco Lab Environmenthttp://blogs.interfacett.com/mike-storm/2007/2/20/cisco-6500-switches-added-to-the-interface-cisco-lab-environ.htmlMike Storm2007-02-20T23:49:45ZYep. You heard it. Interface now has a fully populated pair of Cisco Catalyst 6509 Switches for our Cisco HardHat Training environment. We decided on SUP32s with the 8-port SFP Gig connectors for the Aggregated trunk between the two 6500s. We really couldn't justify the SUP720s for a lab environment, since 99% of the functionality is the same anyway, and well, we just don't generate that much traffic in a classroom environment. We are using 24-ports of Gig uplinks to each pod network and each switch has a 48-port POE 10/100/1000 switching module as well. I am a big advocate of scalability, so plan on seeing IDSM-2s, FWSMs, WiSMs, and my favorite, the NAM, being added in the coming months to some of the empty slots in the chassis.

Interface is in the middle of a $250K hardware refresh (that's at about 70% discount price point), so I am sure the actual list price for what we have added to the lab is in the Million ranges.

]]>Interface Cisco Gear Refresh - You being the beneficiaryhttp://blogs.interfacett.com/mike-storm/2007/2/20/interface-cisco-gear-refresh-you-being-the-beneficiary.htmlMike Storm2007-02-20T23:03:45ZInterface has always been focused on quality of content, extensively experienced educators and exceeding customer expectations at every turn. In the Cisco and Security arena, where we have one of the most extensive hardware labs available in the US, our ability to imitate practically any Enterprise Architecture is what makes Interface the best at what we do....High-end Corporate Technical Training. What you will do during an Interface course, is what you will actually do in real Enterprise environments. It's all real. Done correctly. Solutions-based. Best Practices. You name it.
In order for Interface to remain cutting edge with our classroom delivery, we have to stay cutting edge with our gear as well.

]]>Save Our Internet Bandwidth!!http://blogs.interfacett.com/mike-storm/2006/11/16/save-our-internet-bandwidth.htmlMike Storm2006-11-16T23:18:33ZBlocking Peer-to-Peer and Other Traffic of Interesthttp://blogs.interfacett.com/mike-storm/2006/11/14/blocking-peer-to-peer-and-other-traffic-of-interest.htmlMike Storm2006-11-14T23:13:11Z