[@########L######O######U###############@] [L]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[L] [O]*Legions Of the Underground*********[O] [U]*FUN WITH THE ES-3810 AN ATM REALITY[U] ###*brought to you by optiklenz********### @########################################@ -------------------------------------------------------------------------- NAME: Steve Stakton a.k.a. AFFILIATION: LOU- Legions Of the Underground GOAL: TO KNOW BOTH WHAT EVERYONE ELSE KNOWS, AND DOESN'T KNOW AGE: CAN YOU COUNT TO 24? HEIGHT: WHY DONT I JUST DRAW YOU A FULL SKETCH COMPOSITE FOR YOUR WANTED POSTERS? WHERE: ON THE ROAD DESTINATION: YET TO BE DECIDED INTEREST: PHONE SYSTEMS (WHO DOESN'T USE THE TERM COSMOS ON A DAY TO DAY BASIS), NETWORKS, ELECTRONICS, BEER, RIGGING THE LOCAL NMS TO BREED WITH THE NEIGHBORS PDN. SOUTH PARK, AND GIRLS WITH SLIGHT FACIAL HAIR TURN-OFFS: PEOPLE WHO THINK THEY KNOW THINGS THEY DONT, AND GIRLS WITH TO MUCH FACIAL HAIR. HANGOUTS: Narkotik Illusions, The Abyss & the Electronic Source BBS MUSIC GROUPs: Pink Floyd, and ICP, Rolling Stones (NO SECURITY!) WEB: http://www.legions.org, http://www.t00ned.org/optik/ OS OF CHOICE: *BSD OS'S THAT SUCK: CALDERA, MACOS, AND THAT ONE OS MADE BY THAT BILL GUY. -------------------------------------------------------------------------- "Get out and ride on, baby, ride on, baby Ride on, baby, ride on, baby I could pick your face out in an FBI file You may look pretty but I can't say the same for your mind" -Rolling Stones On with the show... First off there are some definitions, and Acronyms to be familiar with. AMI (ATM Management Interface) - The user interface to switching control software. AMI lets you monitor and change various operating configurations of switches and network module hardware and software, IP connectivity, and SNMP network management Bandwidth- usually identifies the capacity of data that can be sent through a given circuit; may be user-specified in a PVC. CBR (Constant Bit Rate)- A type of traffic that requires a continuous, specific amount of bandwidth over the ATM network (e.g., digital information such as video and digitized voice ANSI (American National Standards Institute)- A private organization that coordinates the setting and approval of some U.S standards. It also represents the U.S ISO BIP (Bit Interleaved Parity)- An error detection technique in which character bit patterns are forced into parity, so that the total number of one bits is always odd or even. DSR (Data Set Ready)- an RS-232 modem interface control signal (sent from the modem to the DTE on pin 6) which indicates that the modem is connected to the telephone circuit. DTE (Data Terminal Equipment)- generally user devices, such as terminals and computers that connect to data circuit terminating equipment. They either generate or capture data sent by the network ATDM (Asynchronous Time Division Multiplexing)- A method of sending information that resembles normal TDM, except that time slots are allocated as needed rather than prearranged to specific transmitters. EM- The CellPath 300 extension module; paired with the system controller and supporting an optional PCMCIA card. FDDI (Fiber distributed Data Interface)- High-speed data network that uses fiber-optic as the physical medium EPROM- Erasable Programmable Read Only Memory. CLP (Cell Loss Priority)- the last bit of byte four in an ATM cell header; indicates the eligibility of the cell for discard by the network under congested conditions. [Introductory to the Management Station ------------------* The ES-3810 is a switching architecture; it provides one with the ability to work with multiple switched Ethernet ports along with high performance ATM server and backbone connections to work with powerful network managing. The management console for the ES-3810 uses a menu based interface that utilizes A VT-100 terminal or VT-100 emulator like ProComm or PC Plus. The serial interface of the ES-3810 connects directly to either the DTE interface of the ASCII terminal or a serial port of the PC or workstation running terminal emulation. Note: If the NMM's SNMP-based management or IGMP support is going to be used, a console connection is required the first time the NMM is brought online since an IP address, subnet mask and possibly a gateway must be defined. [System Specs ------------------* Aggregate Throughput | 720,000 pps (packets per second) Latency | 61 ~s per 64-bp (byte packets) Filter/Forward Speed | 14,881pps Addresses/Port | 4 [workgroup]; 8,192 [segment] Buffering/Port | 256kb Media | UTP Print of settings an ES-3810 ____________________________________________________________________________ | | | ES-3810 Interface Configuration | |____________________________________________________________________________| | | | | Type: SEC-10b | Full Duplex: Disabled | | MAU: 10BaseT | Loopback: Disabled | | Number: 0 | Mode: Workgroup| |_____________________________________|______________________________________| |Media Configuration: Auto-Negotiation In Process | |____________________________________________________________________________| | | | | Link Detected: No | Forced Transmits: Disabled| | Link Polarity: Correct | VLAN Extension: n/a | | | Multicast Filtering: n/a | |_____________________________________|______________________________________| | | Transmitter: Enabled | | Receiver: Enabled | Transmit Buffer: Enabled | | Receive Buffer: Enabled | | |_____________________________________|______________________________________| | | | | Sniff Segment: Disabled | Transmit Sniffed Packets: Disabled| | Blocking: Disabled | Transmit Blocked Packets: Disabled| | Receive Errors: Disabled | Transmit Flagged Packets: Disabled| | Multicast Promiscuous: Disabled | Multicast Hash Upload: Disabled| | Individual Promiscuous: Disabled | | |_____________________________________|______________________________________| |lou%: ef cfg; do 6fde8000 | [VLAN Assignments ------------------------* VLANs are OSI Layer 2 [data link] multicast domains. VLAN membership is not necessarily tied to a physical proximity. The ES-3810 supports three criteria: MAC address based assignment to a VLAN, IP Multicast Group based assignment, and port base assignment. [MAC Address based and Port based VLANs ---------------------------------------* MAC address based VLAN assignments supersedes port based VLAN assignment. By adding an ATM module you can extend any VLAN into ATM by assigning a LEC (Lan Emulation Client) instance to the VLAN. A VLAN extended into ATM must be named with the same NAME and CASE as the ELAN for example, an ELAN called "Lab" exists and you want the station on ES-3810 port 16 to join it. On the #s-3810 you must create a VLAN called "Lab" (case sensitive) and assign port 16 to it. when asked to "configure a LEC" say yes. The ES-3810 will join (in proxy) the ELAN called "Lab" and allows the station port 16 communication rights. [IGMP Based VLANs ---------------------------------------* Some TCP/IP applications use IP multicasts to deliver data to many stations at once. How ever multicasting can cause problems because stations that are not interested in receiving multicast data to see it anyway. This causes Ethernet segment congestion and unnecessary interrupts on workstations. Filtering these multicasts via IGMP can reduce congestion and keep the network moving smoothly. IGMP is designed to add further granularity within a VLAN. If a station from two separate VLANS join the same IP multicast group; the IP multicast stream has to be sourced twice. The IP client of the ES-3810 is reachable from the first configured VLAN, independent of that VLANs name. Since, by default the first VLAN is called "default" [Routerless Network ------------------------* A routerless network is one in which the ES-3810 switches Ethernet attached host to ATM where high speed servers are found. Typically one or several of the following apply * Network has no VLAN-to-VLAN traffic requirement * Primary NOS is client/server based * Security is a MAJOR concern (trust me on this one) * Servers are on ATM for maximum performance Any network matching one or more of the above scenarios would benefit from a routerless network because clients from different VLANs can access the same server but not other VLANs [Centralized Routing Network ----------------------------* A centralized routing network is one in which the ES-3810 switches Ethernet attached host to ATM where high-speed servers and router interfaces are found. Typically the ES-3810 can be utilized in a network that meets one or more of the following criteria * Maintenance of relatively flat network * Some VLAN to VLAN connectivity * Some VLAN to VLAN packet level filtering/firewalling * Traffic is 80% local and 20% routed * Network could collapse into fewer subnets by switching to ATM [Exploiting TFTP/ES-3810 ------------------------* Issuing the command line rs :/cd usr do _filter area_ off will disable POST recognition by other users. Another thing that can be done is gaining remote access this can only happen if TFTP is binded to the system, and on the same subnet as the ES-3810 system. (which it should be by default if utilized). Since there is no password authentication you can use tftp to access the systems password file. Although you have read access to the password file other flags, and restricted privileges keep you from deleting any critical data. Logs maybe? =] .. More will be written on ES-3810 security features/insecurities when time permits. To fix this disable TFTP by issuing the following command lou% tftp dgram udp wait user /etc/tftpd tftpd -n Sources Cited: Fore Systems -optiklenz -D A T A D E S I R E S T O B E F R E E- -----BEGIN PGP PUBLIC KEY BLOCK----- mQGiBDR6E3wRBADHm2aiODOCowgDqXdcFvooCTrQe6tDPqznXChCO1p0t12hhQZe 0C+/xBorkJXlqOaDadmUQVZP3Kij97SOTWU1AS1SPSTzF6VAylHalGz9iUHjxa7g SSAVrLUMngWG7hxnz7lBHFIQ8iQPjWvK5qhEQ9vcBF9ped9StPRsZlljIwCg/02Z XXrVaJUtWAxUaAARUdPt0FsEAKyhGuQA1HgGWM/GQxpvBvmDqHkNGxM9YyrF1Dg1 PWAoNuG8GdJazj18c2AODp68NwPH0dUYTxKc4ejR//OcOfl1HRfE0thJEDpqkSyQ 2iobKGkYdmug666pe0Xr3wkgBE+rnzC3RLlUdnRAu25MuEqlc6yRWAT0YH/Pl9IB eDRGA/4uAuFiEiyfd3Djhi7Wwh8/qiG7SChW0arEXq3RqHQqd3EaVR1FgNzCtvxg kK2mY07XeSX2fjlWo4ynrBdl5QXbOn9X+GzDcw1z9FBVQHaY0EJMoE0fb53bTyCG 0bdCMTid1DUKhJeekW6cPZvRQlu5IjH/+FVT9S38UsAMMwwrCrQlU3RldmUgU3Rh a3RvbiA8b3B0aWtsZW56QGxlZ2lvbnMub3JnPokASwQQEQIACwUCNHoTfAQLAwEC AAoJEGgSVovfJxzQFfcAn0WybtLnFw9jf9agk7xUaikjEjLkAKCYfA1rx/SXP5Je v5R0+ZVMqIGiibkCDQQ0ehN8EAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlL OCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N 286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/ RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2O u1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqV DNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAgf+OCRz2nG+ SSCrgZY2nIGz68SO+2h3weFMzdBSWQDjZ5Fa7GjRBPeTRQvectPvSqcwjeZTq8DE 1AVI/oFw1mChgfV7CgQuC+P0OK+jr6tIwyhM6gdo5NEdD7/uLWJfFi2l/AP4skVv ydmg1KGlxjvtjOFKhOGoV2vSTPRGn1l1lCzBZPRur0xTtNwk5b54o8g/NlMEsO/p /P6CRP4J1WlDkH66jST+ygAYNN0AtRy0eEPUxu7+dYC4OgT0xCcglCqKf7hnMGrf s/I2MHBbhSmdtcW5pLYcEb8iwXEitGN+plAy+OZrygJ4ytFAdnL2r9NmegUPTYz0 3t4M3hiITUmiP4kAPwMFGDR6E3xoElaL3ycc0BECKBQAoKqOQNZ82RmU4rsZRM9l a6QdQeSVAJ469y3cLO1eU5oMYpLdvSGevh0mSg== =cpan -----END PGP PUBLIC KEY BLOCK----- EOF