How to attack a Full CCIE Security Lab with solutions
Jun 20th, 2008 by andy
Hi everybody,
I finally had the time to finish a 8 hours CCIE Security Lab and then I went through all the lab explaning how I’d do that, I was using only emulated routers, ips, pix (using udp tunnel mode) this seems to be the more stable version so far available and the only product I could not emulate so I own one is the VPN Concentrator 3005.
Well the videos will be available here for download for free (they are huge in size so please be patience when downloading, I’m also giving the Lab with Initial Configs, so if anyone wants to do that using real equipments or machine just change a little bit the initial config and Good Luck !!!!
I hope you all like the lab and for those who wants to lab it up, ENJOY IT !!!
To download the lab click here:
Here you can find the INITIAL Configs
The Videos are available by Sections: (to save them click on “Save Target as”)
Section 1: Firewall - Part I download , Part II download , Part III download
Section 2: IPS - Part I download , Part II download
Section 3: VPN - (Part 1) Part I - download , Part II download
VPN - (Part 2) Part I - download , Part II download , Part III download and Part IV download
Section 4: Identity Management - Part I download , Part II download
Section 5: Advanced Security - Part I download
Section 6: Network Attacks - Part I download
To see the videos I recommend using Camtasia Player, this will increase the quality of the video dramatically
Here is the link to download it:
Really interesting to find a professional work like this with this amazing details.
Thank you for giving me this opportunity to have a guide for my preparation toward the CCIE Security.
Regards,
Fadi
well done….
Thanx
Great tutorials!
Thanks a lot!
Just a suggestion: *.avi files are too big. Would you rar or zip those *.avi file in order to reduce the size and to easily download them.
Thanks Jairo, sure I will do that to see if it will help in any good in reducing the size of the files.
Hey Andy. Great stuff here. On Task 6.4 it seems to me that you would have to reverse the ace for UDP echo and also add icmp echo reply for the input rate-limit entry. The ACL you used in the video would not match inbound fraggle or smurf traffic. Do I see this right?
Hi Joe,
Question says that R1 has been used as reflector in a Smurf and Fraggle attack so the Reflector means echo for ICMP (Smurf) and UDP (Fraggle).
If R1 was also a Victim in the Smurf attack then echo-reply for ICMP would be needed.
If the question did not specify anything about reflector or victim then filter both echo and echo-reply.
But am I right in saying that using a input entry with the ACL you used would accomplish nothing because of the format? I understand it would work for the output.
For example you did:
access-list 156 permit icmp any 158.1.6.255 0.0.0.0 echo
and applied it to the input and output of the same interface. This would not match for both directions in the case of a reflector because traffic coming from 158.1.6.x would be echo replies right?
Yes, you are right question was clear that this was supposed to be applied on interfaces Eth0/0.10 and Eth0/0.20 so applying the same ACL on both direction would not accomplish anything.
Because you being a reflector means that you send a lot of ICMP echo and UDP echo for fraggle so for the ACL it should be an output entry for echo only applied on both interfaces, since the Victims would reply with ICMP echo-replies as you said. Good point I was finishing this lab at 4 o’clock I think in the morning and couldn’t think straight at that time.. Cheers
When you are the reflector I believe you are sending large mounts of echo replies and the victim is the forged address the attached used to generate the echo but none the less thank you for confirming my questions. Very good work here. Thanks
Hi Joe,
Just recheck that and here is a Cisco link where it says that they consider this attack with two options: “Ultimate Target” and “Reflector” and the reflector being the Victim of the attack, which it’s true Reflector will receive a bunch of echo-replies, because the attacker will be sending icmp echo sourcing with the ip address of the Reflector machine, so reflector will receive a bunch of echo replies.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080149ad6.shtml
Thanks
Andy,
The way I read it is the “target” is the victim. The target would be the spoofed address. The reflector network is used to generate several icmp requests back towards the target. The reflector is not really the victim although it will be generating more traffic than it received. The overall point of the attack is to use several reflectors to attack one target.
I’ve just been through your website, good work right now I’m in the process of changing the aspects of this blog plus changing the theme and include some reading aspects rather than just videos but since my knownledge in PHP is almost null so I’m kind of studying how to do it the way I want to…
Nice work there with security I really liked it.
Good style. Added message about you on my site
Andy
Thanks for put such nice website and I am keep coming back to check new learning stuff.
On the other hand, I am having difficulty to download CCIE Security lab video becuase your server terminates connection after 30 to 35 mb download. Please check it. Or can you have mirror site to host those video??
Kind regards
Riz
Hi,
I’ve already sent an email to my webhost about the problem which video in specific are you having problem with when downloading?
Cheers,
Andy
Hi Andy
I have problem with all of them. I have tried many times and gave up downloading them. They almost finish at 35mb or 40mb or even less then that. If you want you can post them to other sites, if you are still experience issues with your ISP.
Oh! Do you have any resouces for new ASA Firewall Specialist exams?
Cheers
Riz
P.S: I will try it again after two-three days.
I’m studying the possibility to change to another ISP the problem is that I’ve paid 2 years in advance and they won’t refund me any of the money paid.
An iterim solution would be to put them in rapidshare using my account but this would impose to split the files into 100 megas each.
Do you know any webpage I could upload a 200 or 300 megas without splititng it into 100 megas each?
Cheers,
About the new ASA Firewall Specialist exam I don’t have any resources on it, sorry.
Hi Andy
There is no harm to split those video through WinRar. I think you better move those videos to rapid share or megaupload.com. Megaupload gives 500Mb upload file size to free members. So you shouldn’t have problem to move those files. I would recommend you to use Winrar with repaire option.
I can’t wait to see your videos.
Oh! I can’t find much of training resouces for Cisco ASA and no labs too.
Thanks
Riz
Hi Andy,
Thanks a lot for your labs and vidoes.
I’ve a question concerning the Task 6.2 (about configure a RPF check).
Unfortunately I can not understand the task.
Would you so kind to say the same but in other words?
Regards
Hi Andy,
As a triple CCIE, what is the correct way to start preparing to ccie security lab exam? is it required to buy any workbook? I’ve the opportunity to build lab environment at my work. I know about firewall, ACS, general security and attack concept.
Regards.
Hi Taha,
For CCIE security I’ve used the workbook from Netmetric Solutions at that time to learn all the tasks needed for the lab. If you already have general security concept it won’t take that long for you to clear the lab.
If you need to learn some emulation tips check this blog, I’m about to release new stuff about security as soon as I get some spare time from my CCIE voice studies.
Cheers