Contact Me @ +91-9041922099

Mail me at mail@amarjit.info

Wednesday, March 25, 2015

Nmap Project Seeking Talented Programmers for Google Summer of Code

Nmap Project Seeking Talented Programmers for Google Summer of Code

Hi folks.  I'm delighted to report that Nmap has been accepted by Google to participate in this year's Summer of Code internship program.  This innovative and extraordinarily generous program provides $5,500 stipends to college and graduate students anywhere in the world who spend the summer improving Nmap from home! They gain valuable experience, get paid, strengthen their résumés, and write code for millions of users.  We're one of the few orgs which have participated every year since the program began, and we're quite excited for our eleventh year!

Previous SoC students helped create the Nmap Scripting Engine, Zenmap GUI, and the handy Ncat and Nping utilities.  Several of them became top developers!  We're hoping for the same this year, but we need your help to get the word out! If you know any college/grad students (or are one) who
might be interested, please point them to our project ideas page:

http://nmap.org/soc/ 

You must hurry though, as applications are due this Friday at 19:00 UTC. We're absolutely forbidden from accepting any late applications.  You can start an application now though and improve it up until the deadline.

Applications can be submitted using the orange "Log in" button (under "Students", not "Mentors and Administrators") at https://www.google-melange.com/gsoc/homepage/google/gsoc2015

Cheers,
Fyodor

PS: In Nmap news.  We were so busy coding that we forgot to announce our
Nmap 6.46 and 6.47 releases last year.  But they're available at
http://nmap.org/download.html .  And we're also working on a very big
release expected in the next month or two!

Tuesday, March 3, 2015

How To - Layer 3 Routing Loop Poblem - Split Horizon and Route Poisoning

Most of the time, I always be a part of layer 2 routing loop discussion but never heard about the engineers talking about layer 3 routing loop problem. This is being experienced during my recent visit in some company where all engineers knows why to use Spanning Tree Protocol but none of them knew why to use split horizon and route poisoning. 

In layer 3 networks, there might chance of routing loops and split horizon, hold down timers and route poisoning are the techniques which help to prevent the layer 3 routing loop. Below depicted Figure 1 is showing the converge network. Let’s assume in case of failure of 10.4.0.0 network, router C will forward the update to router B and router B will forward the update to router A and router C as well. By doing this the same kind of the update which is being generated by C is received and C might think that he is getting the information of 10.4.0.0 network from B but In fact, 10.4.0.0 network is directly attached to router C. This situation can arise in smaller networks too.











The first work around is the split horizon technique which says not to send the updates to the interfaces from it has been received. It looks like send update information (Number of interfaces – Receiving Interface Updates).
Next one is route poisoning, when the router detects link down, the attached router sends the update to its neighbors. But in this case, the receiving router can send back the received information to the same interface from where it received by setting the route metric to maximum. Definitely this is the violation of split horizon rule but it helps router to understand about that particular network is down or inaccessible which actually help the convergence of routing. Now 10.4.0.0 is poisoned route which is having the maximum metric assigned as the route is not reachable. When the neighbor send the route back to the originator, it becomes reverse poisoned.

What does route poisoning do?
1. Set the hop count to an unreachable state as soon as the failed network is detected
2. Route remains poisoned until the hold-down timer expires.
3. Hold timer depends on the routing protocol; Every protocol is having different hold-down timer.
4. Only uni direction traffic flow.
5. If the route is not back up during the hold down time period expires, that route is removed from the routing table and added in the garbage table.

The last one is Hold Down timers. What does hold-timers do?
1. A router receives an update from a neighbor indicating that a network that previously was accessible is now no longer accessible.
2. The receiving router marks that route possibly down and starts the hold-down timer.
3. If an update with a better metric for that network is received from any neighboring router during the hold-down period, the network is reinstated and the hold-down timer is removed.
4. If an update from any other neighbor is received during the hold-down period with the same or worse metric for that network, that update is ignored. Thus, more time is allowed for the information about the change to be propagated.
5. Routers still forward packets to destination networks that are marked as possibly down. This allows the router to overcome any issues associated with intermittent connectivity. If the destination network truly is unavailable and the packets are forwarded, black hole routing is created and lasts until the hold-down timer expires. (Very Important Point). This could be the reason, administrators look forward to reduce the hold-down timers to increase the convergence time. Definitely if the network is not stable these timers generates lot of messages.

As per section 2.2.2, RFC 1058 explicitly says that “Split horizon with poisoned reverse will prevent any routing loops that involve only two gateways. However, it is still possible to end up with patterns in which three gateways are engaged in mutual deception.” Definitely this could be the case of broadcast of multi-access networks.

Monday, March 2, 2015

Switching Interview Questions - Layer 2 Interview Questions

Switching Interview Questions - Layer 2 Interview Questions 


After IGPBGP and MPLS interview question, Now I am adding switching basic questions. Please read the below questions:-

1. Difference between hub, bridge and switch?
2. What is mac address and why it is required?
3. In layer 2 domain do we need ip address for communication?
4. What is arp and why it is required?
5. What is Spanning Tree Protocol aka STP?
6. What is the difference between STP, MSTP, PVST and RSTP?
7. Can we use the two same paths for same vlan?
8. What is the difference between broadcast and collision domain?
9. Define type of lan traffic.
10. What is destination address of broadcast frame?
11. Can we connect a switch to switch with straight cable?
12. Define functions of switch.
13. What is arp timeout?
14. What is aging process?
15. What is BPDU?
16. What is path cost?
17. Define selection criteria of STP root bridge.
18. How to non bridge decide which port will elect as root port?
19. If a nonroot bridge has two redundant ports with the same root path cost, how does the bridge choose which port will be the root port?
20. Port states of spanning tree protocol.
21. If the users face delay during initial login, what you will suggest to implement?
22. Why spanning tree BPDU filter is used?
23. Can I use BPDU filter on trunk ports?
24. What is port security?
25. I want to learn only a single mac from the port, what need to be configured?
26. Can we use spanning port-fast on trunk ports?
27. If management ip address is changed, will user’s traffic will be dropped?
28. Difference between trunk and access port?
29. What is UDLD and why it is required?
30. What is interface vlan on switch?
31. How to perform inter vlan routing without layer 3 device?
32. How to stop superior bpdu participating in switching domain?
33. How Vlan In Local Switching Domain is selected?
34. How to provide redundancy to MPLSVPN customer?

Sunday, March 1, 2015

MPLS Interview Questions for CCNA and CCNP Engineers

MPLS Interview Questions for CCNA and CCNP Engineers 


After IGP and BGP questions, I prepared basic list of MPLS interview questions which could help you to clear your next level. In the up coming post, I will be covering switching. Below is the list of questions:-

1. What is the difference between VPN and MPLS?
2. What is MPLS and why it is being so popular in short time?
3. What is the protocol used by MPLS?
4. MPLS works on which layer?
5. What is the difference between P and PE router?
6. Can I make my PE router as P?
7. Two routers are having 4 equal cost links, how many ldp sessions will be established?
8. My LDP router id, OSPF router id and BGP router id is different, will it work to forward the traffic of customers or not?
9. What is Penultimate Hop Popping and why it is required? Which router performs the PHP function?
10. I am receiving aggregate label, what does it mean?
11. What are the different types of labels?
12. How to make customer route unique?
13. What is the difference between RD and RT?
14. Can I assign a same RD to two different customers?
15. Is RD travels in route update?
16. My customer is having three branches and all are attached to three different PEs, In this case can I use the different vrf names?
17. What is downstream on demand?
18. How to filter MPLS labels?
19. What is the default range of MPLS labels in Cisco routers? How to extend that range?
20. Without route reflector can I implement MPLS?
21. What is the difference between VPNv4 and IPv4 address family?
22. What is MP-iBGP? Can we use normal BGP in lieu of MP-iBGP?
23. What is LIB, LFIB?
24. What is CEF and without enabling CEF, can we make MPLS work?
25. I am receiving end to end customer routes on various PE but not able to ping those routes, what’s could be the problem?
26. What is explicit null and implicit null?
27. Default timers of LDP?
28. Does LDP require OSPF, IS-IS or BGP?
29. In neighbor discovery command, I am receiving only xmit, what does it mean?
30. What is transport address?
31. What is the RFC of MPLS?
32. Why MPLS is called multi protocol?
33. What is the difference between MPLS, SSL and IPSec?
34. I am using different vendor products and want to implement TDP, what type of challenges will you face?
35. Does MPLS support IPv6?
36. Can I use the existing IPv4 MPLS backbone for IPv6?
37. Define various troubleshooting commands in MPLS?
38. What is forward equivalence class aka FEC?
39. What is adjacency table?
40. Difference between MPLS IP and MPLS Label Protocol LDP command?
41. If MPLS get disable, will it harm my IGP or IPv4 traffic?
Click here for answers
42. What is MPLS-TP?
43. What is downstream and upstream router in MPLS? 44. Difference between MPLS and MPLS-TP?
45. How Does LDP Initializes?
46. What is Cell Mode MPLS Over ATM?
47. Difference Between VC Based Multiplexing And Logical Link Control Encapsulation in ATM?
48. Basics of ATM?
49. ATM is packet or circuit switching?
50. Is LDP Required for VPNv4 Labels?
51. What will happen if you see your PE loopback in vpnv4 table?
52. What is Bidirectional Forwarding Detection?
53. Different types of PseudoWire?
54. Modes of EoMPLS (Ethernet over MPLS)
55. What is L2VPN Over Metro Ethernet?
56. What is E-VPN(Ethernet VPN)?
57. what is FEC in traditional IP routing and MPLS?
58. How does CEF understand overlapping of ip addresses ?
59. What is the difference between Optimum, Fast and CEF Switching?
60. Advantages of MPLS.
61. Define CEF FIB table entries.

Saturday, February 28, 2015

BGP Interview Questions - Interview Questions for BGP

BGP Interview Questions - Interview Questions for BGP 

After IGP interview questions, I am posting BGP interview questions for CCNA and CCNP engineers. These questions are very basic and easy but during interview time no one knows how these will be asked by interviewer. So a good practice is to read it as much as we can so that we could provide the best answer to interviewer. Next post will cover about the basic questions of ip access-lists and prefix list. Read the questions below and in case any problem feel free to contact me.

1. BGP is IGP or EGP?
2. BGP is link state or distance vector protocol?
3. BGP uses which port?
4. When to use BGP?
5. Can I use BGP instead of any IGP?
6. Can I run two BGP process on single router?
7. What is Autonomous System?
8. Types of BGP routing table?
9. What is the BGP path selection criteria?
10. Define various BGP path attributes.
11. Why weight doesn’t fall under path attribute category?
12. What is confederation?
13. What is route reflector and why it is required?
14. What is no-synchronization rule?
15. Default BGP timers.
16. When does BGP use 0.0.0.0 router id?
17. Does route reflector come in actual path during traffic forwarding?
18. What is Site of origin aka SOO?
19. What is the cost of external and internal BGP routes?
20. Can we use local preference outside the autonomous system?
21. Does it require that BGP router-id should reachable in cloud?
22. What is recursive lookup in BGP and how it works?
23. What is the meaning of update source loopback?
24. If a static route is advertised in BGP without using update source what will be the next hop address in update?
25. Define various types of communities and why they are used?
26. If BGP neighbor state is showing idle what does it mean?
27. In Multihoming scenario if primary link gets fail, after how long traffic will be shifted to secondary link.
28. I am having two routes for remote destination but only single route is installing in routing table, what’s the reason for this?
29. How many links can be assigned for load balancing or sharing?
30. In eBGP I am establishing my neighbourship with loopback address but it’s not coming up. Please specify different reasons for not coming up.
31. Can we redistribute BGP in IGP? Please explain your answers.
32. What is cluster id?
33. I am receiving updates from eBGP peer, will the next hop change or not?
34. I am receiving updates from iBGP peer, will the next hop change or not?
35. A router is receiving same route from two different eBGP peers. The AS information contains in peer 1 is {65500, 65550, 65555} and in peer 2 is {65501, 65501}. But I want to make peer 1 preferred.
36. What is the difference between next-hop-self and update source loopback?
37. Define loop prevention mechanism in BGP.
38. What will happen if route reflector is not getting proper updates?
39. What will happen if route reflectors does not synchronize?
40. What is the advantage of using BGP AS Prepend?
41. Can we use BGP as backdoor link for customers instead of OSPF? If yes, please let us know what could the issues BGP create?
42. What is BGP PIC?
43. Use BGP as Link Protection in case of Dual PoP?
44. How to achieve Inter-AS Communication-MP-eBGP?
45. What can happen if Route Reflector(RR) is not getting proper route updates?
46. What is route reflector synchronization?
47. How to use BGP as PE-CE backdoor link?
48. What is Hierarchical FIB - BGP-PIC?
49. BGP Graceful Restart, NSR and NSF
50. BGP Redistribution Vs MPLS, which one you will select?
51. Best practices to define BGP Communities as per RFC 1998.
52. What is BGP RFC 3107 or What is BGP Label Update in IPv4?


Posted by Shivlu Jain

Friday, February 27, 2015

Hacking Exposed Web Applications, Third Edition : EBook PDF Download Free

Hacking Exposed Web Applications, Third Edition

Hacking Exposed Web Applications, Third Edition by Joel Scambray
English | 2010 | ISBN: 0071740643 | 481 Pages | PDF | 7 MB

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker.
Written by recognized security practitioners and thought leaders, is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authentication technologies See how real-world session attacks leak sensitive data and how to fortify your applications Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments Safety deploy XML, social networking, cloud computing, and Web 2.0 services Defend against RIA, Ajax, UGC, and browser-based, client-side exploits Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures


Data Center Access Layer Security Recommendations: Securing Layer-2

Every time I have been asked what kind of security recommendations are required for data center access layer? Let's understand what does Access Layer in data center is used for first. 

The data center access layer provides Layer-2 connectivity for server farms. In most cases the primary role of the access layer is to provide port density for scaling the server farm or a network segment; it could be Physical or Virtual. Security at the access layer is primarily focused on securing Layer-2 flows and communication within the sites.

Recommendations for this layer are:

Use VLANs to segment and isolate traffic where it’s needed. This is the very basic stuff used in almost every data centers but always not consider it as security. Deploy private VLANs (PVLANs) after confirming that traffic flows will not be affected once they are deployed. It is best to ensure that hosts that need to communicate are placed in the same community while hosts that don’t require such connectivity are isolated. Communication of host matrix must be given by customer by clearly defines the traffic flows.

The following layer 2 security mechanisms should be enabled at the access layer :

  1. Address Resolution Protocol (ARP) inspection/Arp Spoofing: Private vlan edge feature will to help mitigate this type of attack. 
  2. Dynamic Host Configuration Protocol (DHCP) Snooping.
  3. IP Source Guard.
  4. Port security where it can be used to lock down a critical server to a specific port
  5. Blocking user-user L2 communication: Private vlan edge/Protected Port feature will to help mitigate this type of attack
  6. Broadcast/Multicast Suppression: Strom Control feature will to help mitigate this type of attack
  7. MAC address hijacking: protected port and port security features will to help mitigate this type of attack
  8. IP source spoofing: uRPF feature will to help mitigate this type of attack
  9. Content-addressable memory (CAM) overflow: This can be mitigated by using port security on customer facing port
  10. Dynamic Host Configuration Protocol (DHCP) DoS: This can be mitigated by using port security/DHCP Snooping on customer facing port
  11. DoS storms: This can be mitigated by using port security/private vlans edge on customer facing port

Thursday, February 26, 2015

IGP Interview Questions - Interview Questions for IGP

IGP Interview Questions - Interview Questions for IGP

Market is on boom and almost every company has opened its door for new positions and everyone is looking for change to grab new positions with new challenges. So make sure that you have prepared the answers for the below questions before your interview. The questions are generic and will make very good impression on interviewer if you answer them in organised and structured manner. The depicted IGP interview questions are for CCNA and CCNP engineers. 

1. Difference between RIPv1 and RIPv2?
2. How many number of routes carried by RIP packet?
3. Is OSPF link state or distance vector or path vector protocol?
4. What is the difference between OSPF and IS-IS and which one is preferred?
5. Can we use BGP instead of any IGP?
6. How many network types available in OSPF?
7. Different type of Link State Advertisements aka LSA?
8. LSA 3 and LSA 4 are generated by which router?
9. When to use Stub and Not So Stubby Area?
10. How to get the external routes without making area Not So Stubby?
11. What is the different type of route summarization available in OSPF?
12. What is the requirement of doing summarization?
13. A major network is advertised as summary in one area and few of the routes from that network is configured in another area. What will happen in that case?
14. If any of the OSPF area is not stabilized, does it impact another area?
15. What is the use of forwarding address in LSA 5 and LSA 7?
16. External routes are available in OSPF database but not installing in routing table?
17. If loopback is not configured, what will be the router-id selected by OSPF process?
18. Can we run multiple OSPF process in single router and what is the advantage of using it?
19. What are timers of OSPF?
20. Multicast address of used by OSPF.
21. OSPF works on which layer?
22. What is backbone area in OSPF?
23. Can we use OSPF without backbone area?
24. Is it required that OSPF router-id must reachable in IGP cloud?
25. After configuring new router-id, automatically it will be used or do we need to use some type of command to get it operational.
26. Why the secondary ip address of interface is not advertising in IGP cloud?
27. OSPF neighbourship is not coming up. Please tell the various steps to troubleshoot it.
28. One side MTU is 1500 and another side MTU is 1600. Does it affect neighbourship?
29. Provide process of DR and BDR election.
30. If DR is down and no BDR is configured what will happen?
31. What is the difference between a neighbor and adjacent neighbor?
32. My OSPF neighbourship is showing 2-way, what does it mean?
33. Define different type of OSPF neighbor states?
34. OSPF external routes are not redistributing?
35. What is Layer 3 routing loop?
36. OSPF LSA and Packet Format
37. How does OSPF Sham Link in different area work?
38. What is Link State Advertisement (LSA) - 1?
39. What is Link State Advertisement (LSA) - 2?
40. What is Link State Advertisement (LSA) - 3?
41. What is Link State Advertisement (LSA) - 4?
42. How to design OSPF Network or OSPF Design Consideration?
43. What to ask from customer if he demands OSPF as PE - CE Routing Protocol?
44. What is C and R in OSPF debug?
45. How does CPE Area 0 & PE Super backbone Communicate?
46. Why OSPF VPNv4 Routes Look As External Routes Instead Of Inter Area Routes?
47. How does ISP hack by using OSPF as PE-CE routing protocol?
48. OSPF High Availability with SSO,NSF and NSR
49. How does OSPF behave with SSO,NSF and NSR? 

50. How does CISCO EIGRP DUAL Algorithm works for selecting successor?
51. Define various tools which participates in OSPF fast convergence
52. How does event propagation tool help OSPF to converge fast?
53. How does OSPF Fast Convergence Tools - Event Processing helps to reduce convergence time?
54. OSPF Fast Convergence Tools - Updating RIB 

55. What is Discard Route or Null0 Route?
56. How does static routing behaves?
57. What are the fundamentals of route redistribution?
58. Which routing protocol is best between OSPF and EIGRP?

Method to deploy VxLAN: Multicast or Unicast - How To

Before deploying VxLAN we have to consider it’s underneath deployment model. It could be multicast or unicast. Now the question arises which one is the best for the network. Should we go with Multicast which is as good as broadcast or unicast?

It should be noted that not all deployment types are supported by all devices both physical and virtual. Despite the available hardware and software the best deployment for a particular scenario often depends on the application that will run within the VXLAN. If the application is based on unicast connectivity, in that case unicast mode is preferable. However if you have very large VXLANS with thousands of VM’s on it with each VM being on a separate physical hypervisor then Multicast mode might be better suited.

If the application within a VXLAN relies heavily on either multicast or broadcast messages to keep hosts in sync then this might be a better use case for multicast mode If multicast heavy application is distributed between two physical hypervisors then multicast mode will see no efficiency benefit and unicast mode would be more efficient than multicast mode

Posted by Shivlu Jain

People who read this post also read :

What is Network Functions Virtualization (NFV) - Virtualizing Network Functions

Network Operators’ networks are populated with a large and increasing variety of proprietary hardware appliances. To launch a new network service often requires yet another variety and finding the space and power to accommodate these boxes is becoming increasingly difficult; compounded by the increasing costs of energy, capital investment challenges and the rarity of skills necessary to design, integrate and operate increasingly complex hardware-based appliances. Moreover, hardware-based appliances rapidly reach end of life, requiring much of the procuredesign-integrate-deploy cycle to be repeated with little or no revenue benefit. Worse, hardware lifecycles are becoming shorter as technology and services innovation accelerates, inhibiting the roll out of new revenue earning network services and constraining innovation in an increasingly network-centric connected world.

Network Functions Visualization(NFV) aims to address these problems by leveraging standard IT virtualisation technology to consolidate many network equipment types onto industry standard high volume servers, switches and storage, which could be located in Datacentres, Network Nodes and in the end user premises. We believe Network Functions Virtualisation is applicable to any data plane packet processing and control plane function in fixed and mobile network infrastructures. NFV decouples the network functions, such as network address translation (NAT), firewalling, intrusion detection, domain name service (DNS), and caching, to name a few, from proprietary hardware appliances so they can run in software.

Virtualizing Network Functions could potentially offer many benefits including, but not limited to:

  1. Reduced equipment costs and reduced power consumption through consolidating equipment and exploiting the economies of scale of the IT industry.
  2. Increased speed of Time to Market by minimising the typical network operator cycle of innovation.
  3. Availability of network appliance multi-version and multi-tenancy, which allows use of a single platform for different applications, users and tenants. This allows network operators to share resources across services and across different customer bases.
  4. Enables a wide variety of eco-systems and encourages openness.
Posted by Shivlu Jain

 
Design by Amarjit Singh | Idea From Blogging Tutorials - Premium Themes | Best Buy Coupons