Log for
電訊台
當年我幫Sunnyvision 向政府免費申請左架工作台,好大件,我靠個工作台可以一個人上到部2950去最高既40U(不過都好辛苦)
當年識安局好多野送,鋁梯,工作台,電腦腳踏,都是免費,仲係靚野
Trunk左佢?然後係router度create vlan interface
無啦,啲梯依家話唔可以用黎做野,要搵個工作台,但個巷窄到死
跟住每個 subif 都 ip nat inside
Router set vlan interface
NAT同ACL set返咪ok
個計劃咁耐,應該無架啦,不過可以睇下仲有咩可以拿,有BR就免費送
好易上,先拆晒harddisk 落黎,記得寫返好個次序先,拆後面火牛,咁就唔太重
有啲 Chassis 係背脊有 controller 變 FC
有啲就係要加多部 controller 先變返 FC
為何IP spoofing 會導致 SYN flood攻擊失敗
Because the SYN is Layer 7 , but IP spoofing is at Layer 3 ?
If your IP address is fake, how the SYN can be sent to your MAC-address ?
SYN is a handshace method.
You send SYN to me, I reply your Hello message.
When you send SYN , then you should know the dest. IP address.
If the other side IP address is FAKE, how you delivery your Hello message to other end ?
Buy a Ethernet packet generator first
Do you what , bgp hijacking is the most possible attack nowadays
You can cheat everyone and obtain the traffic
Like Youtube have be hijacked by China before.
the packet cannot carry to the correct destination
all attacks are invalidated
but no one could reach you either
Not blackhole, it’s IP spoofing
Too easy for long Questions
照計ip spoof左,3 way hand shake send左第一次SYN後,目的地server已開定port,然後send返個SYN-ACK比對方,就算個Source ip 是spoof,都唔影響個攻擊,一樣可以令到對方開晒所有port, 用晒佢既resource
spoof 咗,啲 SYN-ACK 會打落去你 spoof 咗個 IP 到,不過就冇 Amplification
但條問題問點解個Attack fail,個attack無fail呀⋯⋯
ISP會filter唔係你真ip既inbound packet
你係x.x.x.x 扮y.y.y.y
isp會隔左你個packet
睇 ISP 有冇開 Reverse Path Filter
b) comm in same network uses mac addr instead of ip
佢之前買咗10米既cat 5e叫我駁, 駁完話太長, 跟住R咗我公司啲2米cat 6黎用
syn flood 係 higher layer 野
Syn flood好易detect,咁舊既技術是旦一隻firewall都detect到,家用既tp-link都有
AAG 駁住 PPC-1 個 ping 應該係最低
比如我係機樓租/拉左條線去某區 其實都可以做到isp?
Fiber 先,再切wavelength, 再sell Ethernet , 再切MPLS , 再切BGP IP