What is BGP ?

What is BGP ?

BGP stands for Border Gateway Protocol.

When you make a modem connection to your ISP and want to connect to, for instance, www.google.com,
all the routers along the way have to know where to send the packets you’re sending to our Web server,
and the packets from the server have to find their way back to your computer.

For the first few hops, this isn’t much of the problem.
For instance, your computer only knows the packets don’t have a local destination, so they should be sent over the modem connection.
This can continue for a while, but at some point the decision where to send the packet
next becomes more complex than just “local: keep it” / “not local: send it to a smarter router”.
The router making this decision will have to know where to send the packet based on the destination IP address contained in it.
Since IP addresses are distributed fairly randomly around the globe, there aren’t any shortcuts or calculations
that make it possible for the router to decide this for itself.

The only way a router can know where to send a packet, is when another router tells it “send those packets to me,
I know how to deliver them”. The Border Gateway Protocol (BGP) is a protocol that is used between routers to convey this information.
Since the routers that talk BGP to each other aren’t owned by the same organization (that would kind of defeat the purpose of creating global reachability)
this is often called “inter-domain” routing. BGP and Interdomain Routing Terms

AS

Autonomous System.

AS Number
———
Autonomous System Number. Each AS has a unique number that is used to identify it in BGP processing.

Autonomous System
—————–
An Autonomous System is a network that has its own routing policy.
In most cases, customers belong to their ISP’s Autonomous System, but multihomed customers obviously have their own routing policy
that is different from either ISP so they must be a separate AS.

BGP

Border Gateway Protocol.

EGP

Exterior Gateway Protocol: a routing protocol used between organizations/networks. BGP is an EGP, but there is also an older EGP called EGP.

Gateway
——-
Older term for router. Sometimes the word “gateway” is used to describe a system that connects two dissimilar networks or protocols.

IGP

Interior Gateway Protocol: a routing protocol used within an organization/network. Examples are RIP, OSPF, IS-IS and EIGRP.

Multihoming
———–
The practice of connecting to two or more ISPs. Most multihomed networks run BGP so the rest of the Internet knows where to send packets for the multihomed network even if one of the connections fails.
Router
1. Any system that will receive packets over one network connection and then forward them to another by looking at the network address inside the packet.
2. A special-purpose system (like a computer, but usually without a screen, keyboard and harddisks) that forwards packets.

Routing Policy
————–
A policy that defines how a network is connected to other networks and how packets are allowed to flow.

How to Enable Nic Teaming in Windows Server 2012 r2

  • In Server Manager, click Local Server.
  • In the Properties pane locate NIC Teaming, and then click the link Disabled to the right. The NIC Teaming dialog box opens.
  • In Adapters and Interfaces, select the network adapters that you want to add to a NIC Team.
  • Click TASKS or Right Click, and then click Add to New Team.
  • The New team dialog box opens and displays network adapters and team members. In Team name, type a name for the new NIC Team.you can get an option to select interface then click okay
  • after that go and check your network adapters , now you can see a new adapter with Nic team name, change ip in that adapter, done

enjoy

Network Threat : The Trojan Horse

What is a Trojan Horse ?

A trojan horse is used to enter a victim’s computer, granting the attacker ‘wrapped’ into a program meaning that this program may therefore have hidden fuctions that you are not aware of.
unrestricted access to the data stored on that computer and causing great damage to the victim. A trojan can be a hidden program that runs on your system  without your information,
or it can be

Different types of trojans :

1) FTP torjans : These trojans open an FTP server on the victim’s machine that might store and serve illegal software and/or sensitive data, and allow attackers to connect to your machine via FTP.

2) Destructive trojans : The only function of these trojans is to destroy and delete files. This makes them very simple to use. They can automatically delete all the core system files on your machine. The trojan can either be activated by the attacker or can work like a logic bomb that starts on a specific day and time.
A destructive trojan is a danger to any computer network. In many ways, it is similar to a virus, but thedestructive trojan has been created purposely to attack you, and therefore is unlikely to be detected by your antivirus software.

3) Proxy trojans : These trojans turn the victim’s computer into a proxy server, making it available to the whole world or to the attacker alone. It is used for anonymous Telnet, ICQ, etc., to make purchases with stolen credit cards, and for other such illegal activities. This gives the attacker complete anonymity and the opportunity to do everything from YOUR computer, including the possibility to launch attacks from your network.
 
4) Denial of Servce (DoS) attack trojans : These trojans give the attacker the power to start a Distributed Denial of Service  attack if there are enough victims. The main idea is that if you have 500 infected ADSL users and you attack the victim simultaneously from each, this will generate HEAVY traffic, causing its access to the Internet to shut down.

5) Security software disablers : These are special trojans, designed to stop/kill programs such as antivirus software, firewalls, etc. Once these programs are disabled, the hacker is able to attack your machine more easily.

6) Data-sending trojans : The purpose of these trojans is to send data back to the hacker with information such as passwords (ICQ, IRC, FTP, HTTP) or confidential information such as chat logs, address lists, etc. The trojan could look for specific information in particular locations or it could install a key-logger and simply send all recorded keystrokes to the hacker.



7) Remote access trojans :  These are probably the most publicized trojans, because they provide the attacker with total control of the victim’s machine. Example : Back Orifice trojans. The idea behind them is to give the attacker COMPLETE access to someone’s machine, and therefore full access to files, private conversations, accounting data, etc. Some trojans can also automatically connect to IRC and can be controlled through IRC commands almost anonymously, without the attacker and the victim ever making a real TCP/IP connection.

Another question : How can I get infected ?
Generally, attack are being done through :

1) Infection via attachment ( of course emails : the most common way )

2) Infection by downloading files from a website (another common way )

Now most important thing, how to protect your network from trojans ?

Ok, if you think that anti-viruses are really helpful and they’ll protect your system and network  from trojan attacks, then you are wrong. Anti-viruses just help us to some extent.
To effectively protect your network against trojans, you must follow a multi-level security strategy:

1. You need to implement gateway virus scanning and content checking at the perimeter of your network for email, HTTP and FTP – It is no good having email anti-virus protection, if a user can download a trojan from a website and infect your network.

2. You need to implement multiple virus engines at the gateway – Although a good virus engine usually detects all known viruses, it is a fact that multiple virus engines jointly recognize many more known trojans than a single engine.

3. You need to quarantine/check executables entering your network via email and web/FTP at the gateway. You have to analyze what the executable might do.

4. Do not open unsolicited attachments in email messages.

5. Do not follow unsolicited links.

6. Maintain updated anti-virus software.

7. Use an Internet firewall.

8. Securing your web browser.

9. Keep your system patched.

Good Luck !!

How to install Wireshark on your Mac OS X

What is Wireshark ? 

Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
you can download it from this page 
installation method shown below video from my youtube channel 

Features

Wireshark has a rich feature set which includes the following:
Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
Capture files compressed with gzip can be decompressed on the fly
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Coloring rules can be applied to the packet list for quick, intuitive analysis
Output can be exported to XML, PostScript®, CSV, or plain text

Different types of RJ 45 crimping

Difference between Straight 

Through , Crossover And Rollover 

Cables



There are generally three main types of networking cables. Straight-through, Crossover , and rollover cables . Each cables type has a distinct use , and should not be used in place of another.So how do you know which cable to use for what you need ?

The Purpose of Straight-Through Cables

Straight-through cables get their name from how they are made. out of the 8 pins that exist on both ends of an Ethernet cable, each pin connects to the same pin on the opposite side. Review the diagram below for a visual


Notice how each wire corresponds to the same pin. This kind of wiring diagram is part of the 568B  standard achieves the same thing, but through different wiring. it is generally accepted to use the 568A standard as pictured, since it allows compatibility with certain telephone hardware- while 586B doesn’t

Straight-through cables are primarily used for connecting unlike devices. A straight-through cable is typically used in the following situations:

Use a Straight-through cable when:

  • Connecting a router to a hub
  • Connecting a computer to a switch
  • Connecting a LAN port to a switch, hub, or computer


Note that some devices such as routers will have advanced circuitry, which enables them to use both crossover and straight-through cables. in general, however, straight-through cables will not connect a computer and router because they are not “unlike devices.”

The Purpose of Crossover Cables

Crossover cables are very similar to straight-through cables, except that they have pairs of wires that crisscross This allows for that devices to communicate at the same time. unlike straight-through cables, we use crossover cables to connect like devices. A visual example can be seen below:



Notice how all we did was switch the white-orange and white-green wires, then the orange and green wires, This will enables like devices to communicate. Crossover cables are typically used in the following situations:

Use a Crossover Cable when:

  • Connecting a computer to a router
  • Connecting a computer to a Computer
  • Connecting a router to a router
  • Connecting a switch to  a switch
  • Connecting a hub to a hub

While the rule of a thumb is to use crossover cables with like devices, some devices do not follow standards. Others provide support for both types of cables. However, there is still something that both crossover and straight-through cables can’t do.

The Purpose of Rollover Cables

Rollover cables, like other cabling types, got their name from how they are wired. Rollover cables essentially have one end of the cable wired exactly opposite from the other. This essentially “rolls over ” the wires but they would we need to do such thing? Rollover cables, also called Yost cables, usually connect a device to a router or switch’s console port. This allows a programmer to make a connection to a router or switch, and program it as needed. A visual example can be seen below:


Notice that each wire is simply “rolled over.” These types of cables are generally not used very much, so are usually colored differently from other types of cables.

Thanks for reading my article

Pin It on Pinterest