DOC PREVIEW
GT ECE 4112 - Bypass a VPN, ACL, and VLAN

This preview shows page 1-2-24-25 out of 25 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Bypass a VPN, ACL, and VLANGoalMethodHowSub 7In our caseVPN BypassedVLANsVLAN MembershipVLAN CommunicationVLAN TrunkingVLAN TaggingVLAN Network SetupAccess Control ListACL DemonstrationSwitch Default ConfigurationVLAN Hopping AttacksSlide 18Slide 19Identification of VLAN Tags Using EtherealVLAN Hopping Attack Using TcpreplaySlide 22Slide 23Slide 24Slide 25Bypass a VPN, ACL, Bypass a VPN, ACL, and VLAN and VLAN ECE 4112 ECE 4112 Alaric Craig and Pritesh PatelAlaric Craig and Pritesh PatelGoalGoalBypass three layers of securityBypass three layers of securityVPNVPNRouter ACLsRouter ACLsVLANVLANEffectively, an outsider could bring an Effectively, an outsider could bring an internal network down with a DOS.internal network down with a DOS.MethodMethodExploit authenticated remote machineExploit authenticated remote machineUse the established VPN tunnelUse the established VPN tunnelSend traffic that bypasses Router ACLs Send traffic that bypasses Router ACLs and cross VLANs.and cross VLANs.HowHowUse Sub7 to create a backdoor to the Use Sub7 to create a backdoor to the remote machine.remote machine.From remote machine, use existing vpn From remote machine, use existing vpn tunnel to communicate inside the network.tunnel to communicate inside the network.Now have access, perform VLAN Hopping Now have access, perform VLAN Hopping attack.attack.Sub 7Sub 7Trojan Horse use to gain root level accessTrojan Horse use to gain root level accessMany fun modulesMany fun modulesKeyloggingKeyloggingEnable telnet and ftpEnable telnet and ftpTic tac toeTic tac toeRealistic MatrixRealistic MatrixIn our caseIn our caseVPN BypassedVPN BypassedOnce into the remote machine, telnet to Once into the remote machine, telnet to VLAN 1 machine. A send vlan hopping VLAN 1 machine. A send vlan hopping traffictrafficVPN’s used: Cisco VPN concentrator and VPN’s used: Cisco VPN concentrator and OpenVpn. Once connection setup, the OpenVpn. Once connection setup, the prompt can be used to send traffic to the prompt can be used to send traffic to the internal machine.internal machine.VLANsVLANsVirtual Local Area NetworksVirtual Local Area NetworksA logical grouping of devices or usersA logical grouping of devices or usersUsers can be grouped by function, Users can be grouped by function, department, application, regardless of department, application, regardless of physical segment locationphysical segment locationVLAN configuration is done at the switch VLAN configuration is done at the switch (Layer 2)(Layer 2)VLAN MembershipVLAN MembershipStatic VLAN AssignmentStatic VLAN Assignment- Port based membership: Membership is - Port based membership: Membership is determined by the port on the switch on determined by the port on the switch on not by the host.not by the host.Dynamic VLAN AssignmentDynamic VLAN Assignment- Membership is determined by the host’s - Membership is determined by the host’s MAC address. Administrator has to MAC address. Administrator has to create a database with MAC addresses andcreate a database with MAC addresses and VLAN mappings VLAN mappingsVLAN CommunicationVLAN Communication•VLANS cannot communicate with each other VLANS cannot communicate with each other even when they exist on the same switcheven when they exist on the same switch•For VLANS to communicate they must pass For VLANS to communicate they must pass through a routerthrough a router•Each VLAN is required to have at least one Each VLAN is required to have at least one gateway to route packets in and out of the gateway to route packets in and out of the networknetworkVLAN TrunkingVLAN TrunkingTrunking allows us to cascade multiple Trunking allows us to cascade multiple switches using the trunk ports to switches using the trunk ports to interconnect theminterconnect themTrunk ports act as a dedicated path for Trunk ports act as a dedicated path for each VLAN between switcheseach VLAN between switchesThe trunk port is a member of all configured The trunk port is a member of all configured VLANsVLANsVLAN TaggingVLAN TaggingTwo dominant tagging technologies:Two dominant tagging technologies: - Inter Switch Link (ISL) (Cisco Proprietary - Inter Switch Link (ISL) (Cisco Proprietary Technology)Technology) - IEEE 802.1q (Industry Adopted - IEEE 802.1q (Industry Adopted Standard)Standard)VLAN Network SetupVLAN Network SetupAccess Control ListAccess Control ListRouter ACLs:Router ACLs:Standard IP access list ADMINStandard IP access list ADMIN 10 permit 192.168.0.0, wildcard bits 0.0.151.255 10 permit 192.168.0.0, wildcard bits 0.0.151.255 20 permit 57.35.0.0, wildcard bits 0.0.159.255 20 permit 57.35.0.0, wildcard bits 0.0.159.255 30 deny any log30 deny any logExtended IP access list ACCTExtended IP access list ACCT 10 permit icmp any any echo-reply 10 permit icmp any any echo-reply 20 deny ip 10.1.10.0 0.0.0.255 192.168.0.0 0.0.151.255 20 deny ip 10.1.10.0 0.0.0.255 192.168.0.0 0.0.151.255 30 permit ip 57.35.0.0 0.0.159.255 192.168.0.0 0.0.151.25530 permit ip 57.35.0.0 0.0.159.255 192.168.0.0 0.0.151.255 40 deny ip any any log40 deny ip any any logExtended IP access list ITExtended IP access list IT 10 permit icmp any any echo-reply (24 matches)10 permit icmp any any echo-reply (24 matches) 90 deny ip 10.1.10.0 0.0.0.255 57.35.0.0 0.0.159.25590 deny ip 10.1.10.0 0.0.0.255 57.35.0.0 0.0.159.255 100 deny ip 192.168.0.0 0.0.151.255 57.35.0.0 0.0.159.255100 deny ip 192.168.0.0 0.0.151.255 57.35.0.0 0.0.159.255 110 deny ip any any log110 deny ip any any logACL DemonstrationACL DemonstrationSwitch Default ConfigurationSwitch Default ConfigurationDynamic Trunking Protocol (DTP) automates ISL/802.1q trunk Dynamic Trunking Protocol (DTP) automates ISL/802.1q trunk configurationsconfigurationsDTP States:DTP States: On:On: "I want to be a trunk and I don't care what you think!" State used "I want to be a trunk and I don't care what you think!" State used when the other switch does not understand DTP. when the other switch does not understand DTP. Off:Off: "I don't want to be a trunk and I don't care what you think!" State "I don't want to be a trunk and I don't care what you think!" State used when the configured port is not intended to be a trunk used when the configured port is not intended to be a trunk port. port. Desirable:Desirable: "I'm willing to become a VLAN trunk; are you


View Full Document

GT ECE 4112 - Bypass a VPN, ACL, and VLAN

Documents in this Course
Firewalls

Firewalls

40 pages

Firewalls

Firewalls

126 pages

Load more
Download Bypass a VPN, ACL, and VLAN
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Bypass a VPN, ACL, and VLAN and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Bypass a VPN, ACL, and VLAN 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?