Super-Networking

There are two major Denial-of-Service (DoS) advisories out today.
Cisco IOS SSL Vulnerability
Affects:
Hyper Text Transfer Protocol over SSL (HTTPS). This is the most commonly used protocol that employs SSL.
Cisco Network Security (CNS) Agent with SSL support
Firewall Support of HTTPS Authentication Proxy
Cisco IOS Clientless SSL VPN (WebVPN) support
Cisco Crypto Library Vulnerability
Affects:
Cisco IOS
Cisco IOS XR
Cisco PIX and […]

The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device’s saved configuration. This configuration file may include passwords or other sensitive information.
The IOS FTP Server […]

I have been working on getting netflow working for all traffic going through our 6500 and 7600 series Cisco devices. We are running Supervisor 720/PFC3a blades, native IOS.
Commands added to get Netflow working:
mls aging fast time 8 threshold 127

mls aging normal 32
mls nde sender version 5
ip flow-export destination
ip flow-export version 5
ip flow-export source […]

Tries to go through the maintenance of upgrading our CSM and the IOS on our Sup 720s this past week and ran into some problems. The CSM upgrade went well but after rebooting the CSM with the new software one of our Sup 720s burned out. It was one of those freak things but now […]

When you add a static nat in your Cisco router for one of your servers the router then knows the internal and external IP. When you do a DNS query on that server to an outside DNS server the router will translate your returned address to the internal IP for you. See below for the […]

I have begun planning for an IOS upgrade to our Supervisor 720s in our Cisco 7600.
Here are a few documents on the process including a doc on upgrading a Cisco Content Switch Module or CSM.
CSM Upgrade Doc
Sup 720 Redundancy Doc
Sup 720 Upgrade Doc

I have setup a Snort box on our network to watch for malicious traffic on segments of our network. In a switched network the only way to watch the traffic without throwing in a hub is to use SPANing. Here is a whitepaper on the topic for you to read.
Basically the command on most newer […]

Yesterday I spent most of the day working on racking equipment in my company’s new server room. 5 racks came in and we racked 5 5000VA APC UPSes. These weighed about 250 pounds a piece and because of need to more a lot of stuff around we had to rack them and pull them out […]

Got some Cisco Aironet 1231s in today, moving network from Linksys Wireless bridges to Cisco Aironets. I upgraded the IOS today from 12.2 to 12.3 series of IOS. In the past I have see a large increase in performance of the aironets with is upgrade. The aironets seem to cover a greater distance even though […]