Archive for October, 2010

A couple of bass tabs

Posted: October 31, 2010 in Music

I took 10 minutes out from vulnerability testing to transcribe a couple of old bass tabs. I found these two lines scribbled on a piece of paper I found in my desk drawer at work. I couldn’t quite sound them out in my head, and I don’t play these lines, so I reckon I must have had a moment of inspiration at work some years ago then forgot all about it.

Sorry about the audio quality. I don’t know what’s up with my computer.

This first one is sort of funky. Possibly recorded a little too fast. Big range, some tricky ornamentation and some very odd intervals which I guess you’d just have to learn rather than hear. I’ll try this for real a bit later.

Funky line.mp3

This one’s a bit jazz/funk-fusion-y. Definitely best slapped. Not as difficult to play as it might look and sound.

Slap mayhem.mp3

Hi all,

Just a little tip for you. After installing the HACME Bank application in your XP SP3 VM there is a final configuration step you’ll need to undertake which I haven’t seen documented elsewhere.

By default IIS 5.1 is limited to 10 concurrent HTTP connections. This is because IIS on an XP machine isn’t intended for production use, so Microsoft discourage this by setting the user limit unusably low. You can’t increase the total  number of connections, but you can turn of ‘HTTP keep-alive’ so that persistent connections are not possible. This decreases the likelihood of using up all available connections. If you do use them up you’ll get a 403.9 response.

Just go into Control Panel/Administrative Tools/IIS, nagivate to the top level of your website and right-click/Properties Now turn off ‘HTTP keep-alive enabled’.

I’m getting a little bit bored/frustrated with my network topology. I think I might leave it as it is for a bit and get on with some of the other assignment work.

So far I’ve built a full mesh wan using VPN within GRE for OSPF propagation. My segregation is totally based on subnetting – I might consider VLANs at some point, but I think this might be going a bit beyond the brief. I might even consider a DMZ just for the experience of setting one up, but there’s no firewall device simulation in Packet Tracer so I’d end up getting in knots with ACLs – a prospect that does not melt my butter, I must admit. I’ve got my single PAT/NAT link to the public internet working nicely. Well, as per the brief anyway: poor little Joey in London who wants to post pictures of his drunken friends on The Face Books (is this what it’s called?) has to do so by sqirting all his traffic across the Atlantic and back again. A bit of a pain.

I’ve got a few apps working too. Web server, FTP, HTTP/S, DHCP and DNS. Just makes the simulation a little more realistic. Wifi is working too, but I’m struggling to get DHCP working across subnets. The helper-address hands on packets as expected, but the basic DHCP engine in Packet Tracer is only able to allocate IP addresses based on the perceived source of the request, not the actual source, therefore it always tries to allocate local IP addresses to the remote subnet. I guess in the real world you’d either have a decent DHCP system or wrap the whole thin up in a VLAN so the physical subnets don’t matter.

I also extended my model to include a couple of the suggested six additional remote sites. However, rather than go for full mesh I surmised that HACME Bank Corporation might like to consider a managed service (i.e. hub/spoke) with routing occurring in the Cloud. In the real world this decision would be a trade-off between cost, security, availability and complexity. It is a bank, so security s likely to be high on the agenda, but it’s also very small – fewer than 3,000 staff worldwide – so maybe they don’t have the cash to be so selective.

Anyway, like I said, I’m getting bored of burning time fixing the small problems I have. Fundamentally the topology is good and it works. So for the next week or so I’m going to turn my attention to network monitoring and vulnerability testing.

Then follows the not inconsiderable task of writing this all up. Good luck to my peers who have yet to even read the assignment. (I’m not joking here. There’s a chilling wind of apathy blowing across a faction of my cohort. Considering I’ve been putting in at least 4 hours a day for four weeks on this, I fail to see how it’s possible to do the subject matter justice in the six weeks we have remaining before hand-in.)

Ponders…

Posted: October 30, 2010 in Anglia Ruskin Students

Why is the fifth most popular search on my blog “the coming of the chosen one demands celebration”?

I have a little problem. I can’t work out how to make my default route resilient to various connections going down.

Take the simple example below of a full mesh WAN. Routers 0, 1 and 2 are all private network ips managed via OSPF. Router 0 is connected to Router 3 which is the internet (via NAT/PAT). This is the only route to the internet  for all devices.

Private network communications are kept working in the event of a failure. I.e. if the connection between R0 and R2 fails, R2 can still communicate with R0 via R1 for private traffic. However, what if R1 or R2 needs to get out to the internet?

I have static default routes on R1 and R2 which point to R0. In the event of a failure that static route might not be available, so I’d want it to switch instantly to the other router, which will then forward on the traffic. However, I can’t manager this with OSPF (I think) because it’s unknown, public traffic.

If I set two static default routes then 50% of the traffic will succeed (round robin), but this isn’t what I want. I want my default route to switch when unavailability is detected.

What am I missing?

I cannot say just how glad this makes me:

00:00:10: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.10 on Serial0/0/0 from LOADING to FULL, Loading Done
00:00:40: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.33 on FastEthernet1/0 from LOADING to FULL, Loading Done
00:00:40: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.34 on FastEthernet1/1 from LOADING to FULL, Loading Done
00:00:45: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.29 on FastEthernet0/1 from LOADING to FULL, Loading Done
00:00:48: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.9 on Tunnel0 from LOADING to FULL, Loading Done
00:00:49: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.13 on Tunnel2 from LOADING to FULL, Loading Done

I can’t say not because of some flimsy, ephemeral feeling of overwhelming joy but because I’m currently eating a Chomp bar, an activity which is intrinsically incompatible with speech.

The past week has been mainly spent working on the network topology for my assignment and swearing at Packet Tracer. The former I’ll come on to in a moment, but the latter…Packet Tracer crashed so many times that I started keeping count. Since Monday evening it has fatally crashed 63 times. Frustrating doesn’t even begin to describe it. EVERY action I perform is followed by Ctrl-S. Every.

But back in the land of network topologies, I’ve been working on emulating an internet-based WAN with some half decent security. So far I’ve settled for VPNs within GRE tunnels, effectively producing a secure international private network. The GRE tunnels are to allow OSPF to work its magic. And works it certainly does! Nice. I’m making a case for using a managed service (i.e. ‘leased lines’ in old parlance) for intra-site connectivity, although this isn’t specified in the brief.

The brief does say that the company’s public PAT link to the public internet is in the New York Data Centre. We have office in London and Paris, so in this day and age I suspect local PAT links are more realistic, but I’m not sure. I’ll have to research this. Incidentally, NAT/PAT config is rather easier to achieve than I had imagined. It took me no more than 20 minutes to research, configure, test and corroborate the success of my PAT configuration.

Finally I put some perfunctory encryption on passwords and enable secrets on my devices. Gets in the way a bit for development purposes, but it’s worth extra marks on the assignment, so if I don’t do it now I’ll likely forget and kick myself later. How many times will I have to type ‘cisco’ I wonder?

So now I have to decide: do I bother emulating some > Layer 3 stuff (explicitly not required) or just get on with writing it up? I dunno. Prolly make a little Wireless LAN for shits and giggles. I might think about VLANs too, but considering half of my cohort are yet to even read the assignment brief (apparently) I don’t think I need to worry too much ;)

Steve