You can perform a ping sweep of a directly connected network by pinging the broadcast or Network address.

Example:

Router#ping 192.168.1.255

The output is as follows :
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.255, timeout is 2 sec

Reply to request 0 from 192.168.1.19, 4 ms
Reply to request 0 from 192.168.1.59, 40 ms
Reply to request 0 from 192.168.1.57, 40 ms
Reply to request 0 from 192.168.1.56, 40 ms
...

This is incredibly useful for doing discovery and populating the routers ARP table after a reboot.

UDP:
-> Connectionless | Limit Error checking | Best-effort delivery | no data recovery

TCP:
-> Connetion Oriented | Full Duplex mode operation | Error checking | Sequencing data packets |
Acknowledgement of receipt | Data recovery

RIP:
-> Routing IP protocol (Distance vector protocol)
-> Kijkt de route op basis van hops
-> per 30 seconden een broadcast van de bekend zijnde netwerken (veel broadcast)

RIP V1:
-> Broadcast | Classfull | No VLMS | Auto Summary | NO Authentication | Send no mask |

RIP V2:
-> Multicast | Classless | VLMS    | No Auto summary | Authentication | Send mask |

STP:
-> Spanning Tree Protocol

OSPF:
-> Routing protocol (Link state routing protocol)
-> Open Shortes Path First
-> Kijkt route op basis van cost (de bandbreedte)
-> Gebruikt het Dijkstra algoritme

EIGRP:
-> Enhanced Interior Gateway Routing Protocol (ontwikkeld door Cisco)
-> Zal bij meerdere routing protocolen de voorkeur krijgen afhankelijk van de Administrator distance)
-> Maakt gebruik van zowel het Link-state routing als van het Distance vector protocol

IS-IS:
-> Routing protocol (link-state protocol)

Spanning tree:
-> protocol voorkomt loopt (broadcast storm) op switch (als redundancy is uitgevoerd)

ARP:
-> Adress Resiolution Protocol (is een broadcast)

CDP:
-> Cisco Discovery Protocol (Discover de Cisco neighbors -> als laag 1 + 2 OK zijn werkt CDP)

802.1x:
-> Authentication protocol

HDLC:
-> Laag 2 protocol

PPP:
-> Point to point Laag 2 protocol

Frame Relay:
-> Laag 2 protocol

ATM:
-> Laag 2 protocol

IP Classes
__________

IP Class A -> 1 t/m 126   (private range 10.0.0.0)
IP Class B -> 128 t/m 191 (private range 172.16.0.0 t/m 172.31.0.0)
IP Class C -> 192 t/m 223 (Private range 192.168.0.0)
IP Class D -> Multicast adressen
IP Class E  -> Expirimental (adressen worden niet uitgegeven)\

Class A -> Network.host.host.host
Class B -> Network.network.host.host
Class C -> Network.network.network.host
Loopback Range  -> 127.0.0.0

RFC pagina's

An A-Z Index of the Windows XP command line

ADDUSERS Add or list users to/from a CSV file
ARP      Address Resolution Protocol
ASSOC    Change file extension associations
ASSOCIAT One step file association
AT       Schedule a command to run at a later time
ATTRIB   Change file attributes

BOOTCFG  Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS    Change file permissions
CALL     Call one batch program from another
CD       Change Directory - move to a specific Folder
CHANGE   Change Terminal Server Session properties
CHKDSK   Check Disk - check and repair disk problems
CHKNTFS  Check the NTFS file system
CHOICE   Accept keyboard input to a batch file
CIPHER   Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP     Copy STDIN to the Windows clipboard.
CLS      Clear the screen
CLUSTER  Windows Clustering
CMD      Start a new CMD shell
COLOR    Change colors of the CMD window
COMP     Compare the contents of two files or sets of files
COMPACT  Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT  Connect or disconnect a Printer
CONVERT  Convert a FAT drive to NTFS.
COPY     Copy one or more files to another location
CSCcmd   Client-side caching (Offline Files)
CSVDE    Import or Export Active Directory data 

DATE     Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG   Defragment hard drive
DEL      Delete one or more files
DELPROF  Delete NT user profiles
DELTREE  Delete a folder and all subfolders
DevCon   Device Manager Command Line Utility
DIR      Display a list of files and folders
DIRUSE   Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT  DNS Statistics
DOSKEY   Edit command line, recall commands, and create macros
DSADD    Add user (computer, group..) to active directory
DSQUERY  List items in active directory
DSMOD    Modify user (computer, group..) in active directory

ECHO     Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE    Delete one or more files
EXIT     Quit the current script/routine and set an errorlevel.
EXPAND   Uncompress files
EXTRACT  Uncompress CAB files

FC       Compare two files
FDISK    Disk Format and partition
FIND     Search for a text string in a file
FINDSTR  Search for strings in files
FOR /F   Loop command: against a set of files
FOR /F   Loop command: against the results of another command
FOR      Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT   Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL   File and Volume utilities
FTP      File Transfer Protocol
FTYPE    Display or modify file types used in file extension associations

GLOBAL   Display membership of global groups
GOTO     Direct a batch program to jump to a labelled line

HELP     Online Help
HFNETCHK Network Security Hotfix Checker 

IF       Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL     Remove a program from memory

LABEL    Edit a disk label
LOCAL    Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF   Log a user off
LOGTIME  Log the date and time in a file

MAPISEND Send email from the command line
MEM      Display memory usage
MD       Create new folders
MKLINK   Create a symbolic link (linkd)
MODE     Configure a system device
MORE     Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE     Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG      Send a message
MSIEXEC  Microsoft Windows Installer
MSINFO   Windows NT diagnostics
MSTSC    Terminal Server Connection (Remote Desktop Protocol)
MUNGE    Find and Replace text within file(s)
MV       Copy in-use files

NET      Manage network resources
NETDOM   Domain Manager
NETSH    Configure network protocols
NETSVC   Command-line Service Controller
NBTSTAT  Display networking statistics (NetBIOS over TCP/IP)
NETSTAT  Display networking statistics (TCP/IP)
NOW      Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH     Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE    Suspend processing of a batch file and display a message
PERMS    Show permissions for a user
PERFMON  Performance Monitor
PING     Test a network connection
POPD     Restore the previous value of the current directory saved by PUSHD
PORTQRY  Display the status of ports and services
PRINT    Print a text file
PRNCNFG  Display, configure or rename a printer
PRNMNGR  Add, delete, list printers set the default printer
PROMPT   Change the command prompt
PsExec     Execute process remotely
PsFile     Show files opened remotely
PsGetSid   Display the SID of a computer or a user
PsInfo     List information about a system
PsKill     Kill processes by name or process ID
PsList     List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList  Event log records
PsPasswd   Change account password
PsService  View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend  Suspend processes
PUSHD    Save and then change the current directory

QGREP    Search file(s) for lines that match a given pattern.

RASDIAL  Manage RAS connections
RASPHONE Manage RAS connections
RECOVER  Recover a damaged file from a defective disk.
REG      Registry: Read, Set, Export, Delete keys and values
REGEDIT  Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI   Change Registry Permissions
REM      Record comments (remarks) in a batch file
REN      Rename a file or files.
REPLACE  Replace or update one file with another
RD       Delete folder(s)
RDISK    Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE    Manipulate network routing tables
RUNAS    Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC       Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST   Display NT Services
ScriptIt Control GUI applications
SET      Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX     Set environment variables permanently
SHARE    List or edit a file share or print share
SHIFT    Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP    Wait for x seconds
SOON     Schedule a command to run in the near future
SORT     Sort input
START    Start a separate window to run a specified program or command
SU       Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST    Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME     Display or set the system time
TIMEOUT  Delay processing of a batch file
TITLE    Set the window title for a CMD.EXE session
TOUCH    Change file timestamps
TRACERT  Trace route to a remote host
TREE     Graphical display of folder structure
TYPE     Display the contents of a text file

USRSTAT  List domain usernames and last login

VER      Display version information
VERIFY   Verify that files have been saved
VOL      Display a disk label

WHERE    Locate and display files in a directory tree
WHOAMI   Output the current UserName and domain
WINDIFF  Compare the contents of two files or sets of files
WINMSD   Windows system diagnostics
WINMSDP  Windows system diagnostics II
WMIC     WMI Commands

XCACLS   Change file permissions
XCOPY    Copy files and folders

source:http://www.ss64.com/index.html

du doch auch, zweitklausens!

wir waren beide da?

aber ja: es war doch dieses symposium.

welches denn?

dieses symposium zu den güssen bzw. abgüssen von skulpturen berühmter künstler bzw. von künstlern überhaupt.

es gibt echte abgüsse und falsche?

das ist ja gerade die frage. es gibt auf jeden fall abgüsse nach dem tod des künstlers: posthume güsse.

aha.

und darum ging es, weil doch das museum arp so in verruf gekommen war.

wieso?

... weil die museumsleute und das land rheinland-pfalz doch vom arp-verein (es geht um einen privaten verein, den 1978 gegründeten verein „Stiftung Hans Arp und Sophie Taeuber-Arp e.V.“) da sachen angeschafft (dauerleihgaben) hatten und dann zu stehen hatten, die nach dem tode von hans arp entstanden sind: und da fragt man sich, ob das alles korrekt ist ... und war und jemals sein wird.

ich denke, die haben sich nun geeinigt: die rheinland-pfälzische landesregierung und jener verein ... und nun läuft alles etwas ruhiger.

sicher, sicher, man wollte schaden durch dauerprozesse vermeiden - aber das museum hat nun den ruf weg, voller wertloser oder nur halb wertvoller kunstsachen von hans arp zu sein, zumal einige von arp weder in auftrag gegeben wurden, noch von ihm authorisiert gewesen sind.

das ist doch der klassiker.

was?

die ewige frage nach kunst und original und werk und werktreue.

ja, ja, das taucht immer wieder auf.

eben: die welt ist voller fälschungen.

bei der kunst scheint es aber kompliziert.

warum?

... weil die erbengemeinschaft das urheberrecht weiterträgt und eigentlich alles machen kann: nachgießen, zugießen, umgießen.

die erbengemeinschaft?

ja, ja, sie ist oft die große gefahr, weil sie doch geld generien will.

das ist ja jammer!

dann gibt es noch künstler, die - noch lebend - geld brauchen, und alles mit ihren sachen machen lassen.

es gibt auch künstler, die sehen die abgüsse nicht mal mehr.

eben! die sagen: gießt schön und verkauft es dann!

es gibt auch künstler, die wollen eine besondere patina.

und es gibt andere, denen ist das unwichtig.

manche sind in der gießerei jeden dritten tag ...

... und andere nie.

diese vielfalt macht alles so schwer.

und dann eben die alte frage: wann ist kunst kunst? wann ist ein original ein original.

eben: und dann heißt es: wenn der künstler das kunstwerk authorisiert hat.

ja, ja, es können auch andere in seinem sinne, und dann ...

dann ist es echt!

ja, ja, wenn alles klar und deutlich ist.

aha.

beim immendorff, bei seinen letzten werken, da zweifeln schon leute, ob sie noch von ihm authorisiert wurden.

du meinst, die leute malen etwas und sagen nachher: der immendorff hat es authorisiert.

so ungefähr, ja, ja, er konnte ja am ende nur noch anweisungen geben. seine letzten bilder waren anweisungsbilder - aber doch von ihm, weil er sagte, wie es sein muss.

immer?

wer weiß es? ... und dann kann man sagen: das bild hier stammt auch von seinen anweisungen. UND NUN DER GEDANKE: es ist dann aber gar nicht so. man behauptet einfach, immendorff habe gesagt: das sei sein kunstwerk. das könnte ja alles sein. aber wir wollen hier niemandem nichts vorwerfen. wir spielen nur in gedanken.

und diese abgüsse?

die kann ich ewig gießen.

wirklich?

nein, nein, denn die form verändert sich durch die häufigkeit der abgüsse. und damit das resultat.

das ist ja komplex.

eben, eben: ich kann dann noch etwas reinmachen: ein gießerzeichen, oder so.

aber das kann ich doch auch fälschen.

eben, die kunst leidet am mythos des originals. und eben deshalb wird gefälscht, bis es kaum noch geht.

sind abgüsse eine fälschung?

nein, nein, das ist es ja: der künstler weiß nichts und soll doch seinen namen hergeben.

aber es ist doch von ihm.

ja, ja, aber nicht gewollt. kafka wollte ja auch, dass seine texte zerstört werden ... und die sind alle gedruckt ... wegen ...

... diesem max brod.

ja, wegen diesem.

ach, ist das kompliziert.

eben: man müsste einen stempel haben ORIGINAL und FÄLSCHUNG.

aber den kann ich doch auch fälschen.

eben. das ist ja das schöne. alles wird immer seltsamer und bizarrer.

dann müssen wir die lebensläufe jeder skulptur exakt recherchieren.

ja, ja, wir brauchen eine stelle, die wie ein archiv und detektivbüro in einem alles erfasst.

und diese stelle könnte doch jenem büro ähneln, welches schon jetzt diese vermissten und gestohlenen kunstwerke aufspüren will,

die sollen ein archiv mit 190.00 erfassten werken haben.

so ein büro könnte man doch auch für güsse und abgüsse aufmachen.

dieses büro könnte dann clearingbescheide oder klärungsbescheide für alle umstrittenen skulpturen ausgeben.

ja, das wäre unser vorschlag.

und dann müsste man das thema noch breiter diskutieren.

noch breiter?

aber sicher: wenn kenia elfenbein verbrennen oder plattfahren lässt, ... oder wenn gefälschte rolex-uhren vor den augen der presse und der medien unter dampfwalzen kommen ... alles nach dem motto: wir wehren uns gegen fälschungen und untaten aller art ...

... dann sollte das der kunstsektor das auch mal beginnen.

vieleicht, vielleicht: man müsste unauthorisierte güsse einfach einschmelzen.

aber wir haben doch geklärt, dass es so einfach nicht ist. und dieser verein da ... ist sich doch keiner schuld bewusst.

die haben aber etwas nachhauen lassen, aus marmor, diesen weißen "stern" von arp.

aber war das böswillig oder gutwillig?

du meinst: wollten sie den reichtum mehren oder nur die rezeption von arp befördern?

eben, eben, alles ist doch sehr arg verstrickt und vergossen. das thema stinkt, auch posthum.

wer hat denn gestern darüber diskutiert?

gestern, bei dem symposium? wo wir waren?

ja, genau!

also, lange liste:

SYMPOSIUM "Posthume Güsse"
Montag, 8. September 2008 im Arp Museum Bahnhof Rolandseck

PROGRAMM

11 Uhr Begrüßung

Prof. Dr. Klaus Gallwitz, Direktor des Arp Museums Bahnhof Rolandseck

Dr. Gottlieb Leinz, Vorsitzender der Arbeitsgemeinschaft Bildhauermuseen und Skulpturensammlungen e.V., zugleich stellvertretender Direktor an der Stiftung Wilhelm Lehmbruck Museum-Zentrum Internationale Skulptur, Duisburg

STATEMENTS mit anschl. Diskussion

Dr. Eduard Beaucamp: Hans Arp im Kreuzfeuer

Dr. Ursel Berger: Vom Umgang mit posthumen Güssen

Prof. Dr. Henrik Hanstein: Die Regeln des Marktes

Prof. Dr. Gerhard Pfennig: Urheber- und Verwertungsrechte

Dr. Felix Ganteführer: Sonstige Rechsfragen posthumer Güsse

Dr. Gert Reising: Arp / nach Arp

Dr. Gottlieb Leinz: Posthume Güsse in deutschen Museen

13.30 Uhr bis 15.00 Uhr Mittagspause

PODIUMSGESPRÄCH mit Diskussion aus dem Publikum

Moderation: Prof. Dr. Klaus Gallwitz

Prof. Dr. Joachim Hofmann-Göttig, Kulturstaatssekretär des Landes Rheinland-Pfalz

Prof. Dr. Peter Raue, Rechtsanwalt

Isabell Pfeiffer-Poensgen, Generalsekretärin der Kulturstiftung der Länder

Johannes Brus, Bildhauer

und deine LIVE-gedichte?

die sind hier anzuklicken: www.klausens.com
http://www.klausens.com/gedichte_vom_sym...

übrigens: noch ein gedanke: der künstler soll immer eine genprobe in den abguss einschweißen lassen!

tolle idee: aber übersteht die genprobe die hitze? kann sie nicht auch gefälscht werden? sind reliquien wahre reliquien? und war der mann von ansbach wirklich der mann von ansbach?

du meinst kaspar hauser?

ja, ja, war er der erbprinz von baden oder nicht?

man sollte schriftstellern und künstlern das denken verbieten!

warum?

wir waren eben noch bei einer lösung der probleme, und nun steht wieder alles zur disposition.

ist dieser text eigentlich ORIGINAL von dir?

ich dachte: von uns, zweitklausens!

ORIGINALVERSION mit Fettdruck und allen Bildern
und allen Links bei KLAUSENS BLOGG (mit 2 G !!!)
KLAU|S|ENS - LOG - W E L T L I N G
http://klausens.blogg.de

HOMEPAGE VON KLAU|S|ENS: http://www.klausens.com

Porém, como o dadaísta alemão George Grosz, aqueles poucos artistas estavam dispostos a se levantar e dizer "Não!" ao extremo materialismo da civilização ocidental. Filósofos tinham, de maneiras diferentes, já condenado as desigualdades dessa existência, do mesmo jeito que os anarquistas tentaram bombardear a ordem antiga. Os dois foram tomados pela matança da primeira guerra mundial (1914-18), o que trouxe dúvidas para várias pessoas se o progresso mundial era esse.

Mais do que deplorar a guerra, os dadaístas, e os que depois se tornaram surrealistas, tiveram uma posição ideológica. Eles não deram apenas um espelho para sociedade, eles exigiram atenção. Eles exploram a sua decadência moral com uma ferocidade inédita na arte. Eles estavam contra a guerra, contra o materialismo, contra o nacionalismo e conformismo. Mas suas raízes estão bem profundas.

Nessa fantasia, Hugo Ball declamou um "poema-fonético" no Cabaret Voltaire, ponto de encontro dos dadaístas. Ele recitou um poema dando ênfase nas vogais, imitando o som dos elefantes.

gadji beri bimba

glandridi lauli lonni cadori

gadjama bim beri glassala

glandridi glassala tuffm i zimbrabim

blassa galassasa tuffm i zimbrabim...

Esse poema teve um efeito extraordinário, a aparente falta de sentido teve um impacto durante muito tempo. Virou uma arma contra convenções e abriu a possibilidade de uma revisão total de valores aceitos. Arp, Tzara e Huelsenbeck logo depois estavam escrevendo e atuando seus próprios poemas-sonóros.

Chega de rima, chega de sonetos. O mundo está louco e vamos ficar dançando ao "som" de poemas de amor? Que se exploda a lógica, que se exploda o materialismo, a arte pra venda, que se exploda o nacionalismo, que se exploda Bach, Da Vinci, a arte clássica. Olha ao redor. Essa é sua arte! O absurdo, pois o mundo está absurdo! E que se exploda a arte também! O dadaísmo é, afinal, a arte anti-arte. (Isso eu que escrevi, num impulso dadaísta (rs)).

Em cidades diferentes como Zurique, Nova Iorque, Berlim, Paris, eles embarcaram numa reconsideração total da base da arte. Eles abraçaram o novo, em qualquer forma que estava adequado para suas metas ou objetivos pessoais. A ênfase na liberdade individual para encontrar cada um sua própria maneira de se expressar é uma característica chave no dadaísmo. Embora um número de poetas e artistas dominaram um pouco (como Hugo Ball e Tristan Tzara em Zurique, Richard Huelsenbeck e Raoul Hausmann em Berlim, Francis Picabia e André Breton em Paris) não existia nenhum estilo consistente no senso comum. Artistas produziam como "frutas nas árvores" como disse Hans Arp, ao invés de com uma formula pre-determinada. O surrealismo porém, já tinha um caminho mais traçado, mais planejado.

Nesse quadro George Grosz expõe todos os vícios, os males, da cidade; é como se a rua tivesse um raio-x, e toda sujeira escondida aparecesse. A mensagem é clara: a sociedade teve um colapso, numa corrupção sanguinária por aqueles que proclamaram sua defensa. A igreja, os presidentes, os ditadores. O uso de óleo, que é uma "high art" (é o melhor material para pintar) é sozinho muito importante. Grosz com certeza gostava do paradoxo dos valores tradicionais atribuído as pinturas de óleo, geralmente comprado pela classe alta, junto com a agressão desse trabalho com o obejtivo de derrubar esse sistema de classes. Embora a pintura de óleo era evitada pelos dadaístas, um número de outros pintores (principalmente Otto Dix) também empregavam esses contrastes. Clique na foto para vê-la maior, ela é maravilhosa.

Fonte de fotos e fatos: Dada & Surrealism do Matthew Gale

With this issue briefly addressed in the PCA this summer (sadly they decided to send it back to the Presbyteries rather than study it) Tim Keller has written an article entitled The Case of Commissioning (Not Ordaining) Deaconesses.   His article explains this much better than I ever could.

This is a view that upholds male headship (complementarianism) while seeking to honestly understand Scripture on this issue.  He presents historical as well as  biblical and theological evidence that we have to deal with before making a wise decision in this matter.

I particularly like this section:

Many opponents of deaconesses today are operating out of a “decline narrative.” They claim that having deaconesses is the first step on the way to liberalism. But Jim Boice and John Piper, the RPCNA and the ARP, B.B. Warfield and John Calvin, believed in deaconing women or deaconesses. Are (or were) all these men or churches on the way to liberalism? I don’t think so. Nevertheless, one person put it to me like this recently: “Sure, the RPCNA has had women deacons for over a century. Sure, a biblical case can be made. But in our cultural climate, allowing deaconesses would be disastrous. It’s a slippery slope.”

In other words, the Bible probably allows it, but let’s not do it because of the culture. Isn’t that also responding to the culture rather than to the text? If the PCA is driven either by reaction to or adaptation to the culture, it is being controlled by the culture instead of the Word. Let’s allow presbyteries and sessions to use women in diaconal work with the freedom they have historically had in our communion.

I agree completely with Ligon Duncan when he says that the current debate in the PCA is “to determine what its complementarianism is going to look like in the future.” That’s right. His article and mine represent an intramural debate within a strong commitment to biblical complementarianism. While we argue and discuss this let’s keep that in mind.

As those who claim to be "reformed and reforming" we should not dismiss this under the accusation of feminism or liberalism.  Let's try to work together to better understand what the Bible really does teach on this matter and how best to implement it in our communities of faith.

Creo que es interesante conocer cómo hacerlo, sobre todo para demostrar que las conexiones a Internet no son tan seguras como algunos podrían pensar y sentar la base para tratar una serie de artículos en los que ayudar a tomar precauciones ante los ataques de seguridad más habituales.

Quizás de este modo se comprenda que no es buena idea permitir que el vecino acceda a nuestra wifi alegremente... o quizás si ;)

Instalar Ettercap

Utilizaremos la técnica de ARP Poisoning (también conocida como ARP Spoofing) y por su simplicidad usaremos el programa Ettercap que puede ser instalado directamente desde Synaptic o lanzando un

sudo apt-get-install ettercap-gtk

Una vez instalado editamos el fichero /usr/local/etc/etter.conf; para ello ejecuta en la terminal un

sudo nano /usr/local/etc/etter.conf

Busca las entradas

# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”

# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”

Y quita los comentarios (#) que hay al comienzo de cada una de ellas.

Guarda (CTRL+O) y sal del editor de textos (CTRL+X)

Iniciar Ettercap

Aunque tras instalar ettercap aparecerá una entrada en el menu Aplicaciones > Internet te recomiendo que lo invoques desde la terminal del siguiente modo

sudo ettercap --gtk

Si lo haces desde el menú no se invocará el programa como root y por tanto lo más probable es que no te permita seleccionar la tarjeta de red a utilizar para capturar paquetes.

"Snifar" paquetes de red

Realmente es sencillo

1. Seleccionamos nuestra tarjeta de red activa (la que estamos utilizando actualmente) pulsando Mayus+U



2. Pulsamos CTRL+S para buscar posibles víctimas en la red (equipos que estén utilizando nuestra conexión a Internet)
3. Comenzamos el ataque por ARP Poisoning



4. Parametrizamos el ataque (para que escanee los equipos que no son el nuestro)

Eso es todo amigos

Ahora sólo queda esperar que alguno de nuestros "visitantes" se conecte, utilizando la misma red que nosotros a alguna página que requiera usuario y clave.

Independientemente del tipo de conexión (las https también caen) verás como las claves y los usuarios comienzan a aparecer en la ventana de Ettercap junto con la URL de la página en las que han sido utilizados.

Espero que con este artículo comprendáis lo importante que es asegurar nuestras conexiones de red y lo fácil que puede resultar para gente, con pocos conocimientos de seguridad, acceder a información sensible de sus víctimas (cuentas de correo, bancos, ...).

• When routing to a next-hop value the router performs L2 to L3 resolution on the next-hop address. (e.g. ip route 150.1.4.4 255.255.255.255 155.1.146.4). So in the arp table, you'll see the MAC for ip address: 155.1.146.4.
• When routing to an INTERFACE, the router performs L2 to L3 resolution on the FINAL destination (not on the next hop). (e.g. ip route 150.1.6.6 255.255.255.255 fa0/0 configured on Router1). Let's assume 150.1.6.6 is a Loopback interface on Router6 and Router 6 is connected to the LAN via Fa0/6. When we configure the ip route mentioned above on R1, on R1's ARP table, you'll see the MAC address of Fa0/6 interface for the loopback of R6 (i.e. 150.1.6.6). This is because, PROXY ARP is enabled by default on the routers. If we were to disable proxy arp on Fa0/6, you'd notice that you won't be able to ping the loopback of R6 anymore, since the router does not know the correct l2 address to use when building the L2 frame. You'll see "encapsulation failed" message in the debugs:

*Mar  5 02:18:49.733: IP ARP: creating incomplete entry for IP address: 150.1.6.6 interface FastEthernet0/0
*Mar  5 02:18:49.733: IP ARP: sent req src 155.1.146.1 000f.f756.6560,
                 dst 150.1.6.6 0000.0000.0000 FastEthernet0/0
*Mar  5 02:18:49.733: IP: s=155.1.146.1 (local), d=150.1.6.6 (FastEthernet0/0), len 100, encapsulation failed.

• Resolution: 1) change the ip routing so it uses next hop rather than ARPing on Final destination. 2)statically configure the MAC address to use when sending packet to the loopback of R6 by using: router(config)"arp 150.1.6.6 <mac> arpa command.

Q-OSPF

First of all, ping the remote host, then run an

arp -a

at the command line.  This will give you the MAC details.  The catch is that this only works on the same subnet - when trying to do this on a remote subnet (on the other side of a router, etc) you won't get a response...there is a solution for this though, as long as the remote host you want to determine the MAC for is a Windows host.

NBTscan is a tool that can do this (and is available from the repositories on most linux distros (or at least on Debian, Ubuntu and Fedora, and is  also downloadable for Windows ;))

A moving art installation has been making its rounds on the streets of New York City and TRASH is behind it.   I was walking in the west village and saw a bunch of pink bags that I mistook for a new variety for Glad. I discovered after stopping and reading the tag that it was project intended to beautify New York City and raise the public awareness of the arts and the environment".  

The project will consist of certain city block's piled trash being replaced with the bright colorful bags.  Each ARP (Art Related Project) TRASH bag is 100% biodegradable and is scented to ward of pests.  The artist, Adrian works between NYC and Berlin Germany exploring the combination of art and enterprise.  To learn more about the artist and TRASH check out the website here.

-Ken Marcelle

ARP are la baza o larga experienta in consultanta si a aplicat instrumente de cercetare si de masurare a spatiului politic in pachetele de consultanta politica. Plecand de aici, Agentia a dezvoltat o arie completa de servicii de consultanta, in jurul conceptului de masurare politica.

O astfel de campanie a Agentiei urmareste sa implineasca necesitatea crearii acelei legaturi directe intre politician si electorat, in sistemul uninominal. In realizarea campaniei electorale trebuie sa se tina cont de noile exigente ridicate de sistemul de vot; altfel resursele si oportunitatile angajate de candidat se pot irosi. Eficientizarea oferita de ARP, cu un suport puternic de marketing politic, presupune realizarea unei campanii care sa urmareasca, in mare, urmatoarele etape:

1) cunoasterea populatiei colegiului electoral si a competitorilor, prin culgere de date statistice, pe baza de sondaje de opinie, elemente de profil public etc.

2) supunerea acestor date primare unei prelucrari specifice marketingului politic, prin care sunt decantate acele informatii, tendinte, caracterstici ale populatiei locale ce sunt relevante pentru actorul politic - client.

3) jonctiunea intre temele si tedintele locale si profilul si caracteristicile actorului politic.

4) realizarea strategiei de campanie electorala care sa integreze toate informatiile culese de mai sus si care sa construiasca baza pentru

5) comunicarea efectiva a mesajului electoral, prin solutii de comunicare dedicate fieacrui tip de public tinta si fiecarei zone.

Aceasta ar fi, de altfel, marea modificare adusa de noul sistem de vot uninominal - necesitatea, din partea candidatului, de a isi construi in mod real o campanie electorala la nivel local, dupa reguli profesioniste. Deoarece se pot face campanii si dupa reguli, sa spunem, "urechiste".

Asa cum am afirmat in cadrul unui articol, prea deseori se prefera solutiile superficiale in politica: "[este] obisnuinta politicienilor de a apela la solutii foarte simple: sondaje de opinie si comunicare. "Intre acestea nu mai exista nimic. Politicienii nu stiu restul de instrumente care ii pot ajuta in a atrage mai multi alegatori. Consultanta politica este firava si este exact mijlocul care lipseste pentru ca politica sa aiba continut"".

Toate aceste lucruri sunt necesare, asa cum afirmat deja, deoarece sistemul de vot se schimba. In sistemul electoral de reprezentare proportionala, candidatul era aproape anonim. Partidul defila cu liderii sai principali, cu acei "capi de lista" care trageau dupa ei "turma", iar alegatorul se raporta in primul rand la partid si la lideri de cele mai multe ori nationali.

Drept consecinta, campaniile electorale intr-un astfel de sistem electoral aveau inevitabil un caracter national - ele erau coordonate de la centru, transmiteau acelasi mesaj, propuneau aceiasi lideri. Pe plan local candidatul rareori isi facea propria sa campanie electorala, iar aceasta insemna, de cele mai multe ori, doar poza si numele sau afisate pe fondul campaniei nationale a partidului sau.

In noul sistem electoral candidatul se confrunta cu o prima necesitate de a isi cunoaste electoratul din colegiul in care este arondat. Anonimitatea electoratului si a candidatului vor trebui sa dispara. Campania electorala a candidatului trebuie sa capete un profil particularizat, adaptat locului, oamenilor care sunt vizati de procesul politic. Nu se mai poate recurge doar la campania nationala a partidului, mai ales in colegiile electorale in care sansele de a castiga un mandat sunt estimate ca nesigure.

Astfel, in ciuda "desenelor" de multe ori trase de par prin care s-au creat colegii care sa optimizeze sansele unor candidati, in mod inevitabil vor ramane spatii in care rezultatul votului nu este deloc unul sigur. Ca sa nu mai spunem ca surprizele sunt posibile oricand - iar asta s-a vazut nu mai departe de ultimele alegeri locale. Nu era Bucurestiul "colegiul" cel mai sigur al PDL? Si exact pe acesta l-a pierdut ... Asadar, campaniile electorale, pentru a avea o finalitate, vor trebui sa fie particularizate sau nu vor fi deloc. Vor trebui sa fie profesioniste.

Pentru a veni in sensul acestor noi necesitati, ARP a venit in intampinarea cerintelor ce vor rezulta din aplicarea noului sistem de vot uninominal. Solutiile ARP sunt solutii profesioniste pentru politicieni de profesie, pentru actori politici care isi iau in serios rolul si au ca scop o cariera la acest nivel.

ARP

What was different was how they handled exceptions to the Westminster Confession of Faith.  In my Presbytery, we don't handle them separately or individually unless they are considered substantial and become part of the discussion for the theological portion of the exam.

Today, they handled the exceptions prior to whether or not they sustained his exams.  They were placed in various catagories: not a true exception, a matter of semantics, a true exception that does not affect the core of the system of doctrine in the WCF, and a true exception that affects the core system of doctrine.  The first 3 would not affect his suitableness to ministry in the PCA, and the 4th would.  A committee if GA would then note them when looking over the minutes of the meeting to see how things are going in Presbytery.

They got held up on one exception.  This candidate had 4, which is an unusually high number.  None of them were very major, in my estimation.  But the 2nd exception needed some additional clarification.

Since they were held up, they moved to the examination proper.  Due to a controversial view in theology, they handled each area of examination separately.  There was lengthy debate on that controversial area.

Another area of difference between this Presbytery and mine was the length of the examinations.  Typically, they are examined on the floor for only 5 minutes per area of examination (Christian life & experience, theology, sacraments, church government).  Since he had not been examined by committee, those rules were suspended.  We have no such rules to suspend.

As an ARP pastor who might end up a PCA pastor, I found this interesting.  I'm not sure which process I prefer.  If I was examined by committee, it would be great to have the questioning limited to 5 minutes per area of examination.  That shortens the process.  But waiting longer while they sort out individual exceptions to the WCF takes longer.  This guy was waiting for quite some time while they worked through the exceptions and examinations.  That had to be distressing.  When I was examined for ordination, I think I waited outside 5 minutes since my exception was common and they thought my examination very good (there is no way to put that without sounding arrogant).  Nothing controversial either.

was ARP. Or rather, what ARP did as anti to Reverse ARP, Inverse ARP, and Proxy ARP! One

aggregation would name ARP without mentioning the another variations, digit would name RARP

but not Proxy ARP, and so on...

I got finished my Intro and ICND exams, but I never forgot

how unclear this was to me when I started. (And we every move somewhere!) To support underway

CCNA candidates with this unclear topic, let's verify a countenance at apiece digit of these

technologies.

ARP - Address Resolution Protocol

You haw substantially undergo

what ARP does from your networking studies or effect on a LAN, but to effectively troubleshoot ARP

issues on a WAN (and transfer the 640-801, 640-811, and 640-821 exams!), you requirement to

verify meshwork devices into statement that haw be separating the workstations in

question.

The base ARP activeness is ultimate enough. We centre on IP addressing a

enthusiastic care in our studies and our jobs, but it's not sufficiency to hit a instruction IP come in

meet to beam data; the transmitting figure staleness hit a instruction MAC come as well.

If

the communicator doesn't undergo the MAC come of the destination, it has to intend that come

before accumulation crapper be sent. To obtain the uncharted Layer Two come when the Layer

Three come is known, the communicator transmits an ARP Request. This is a Layer Two broadcast,

which has a instruction come of ff-ff-ff-ff-ff-ff. Since Ethernet is a programme media, every another

figure on the portion module wager it. However, the exclusive figure that module move it is the figure

with the matched Layer Three address. That figure module beam an ARP Reply, unicast backwards

to the figure that dispatched the warning ARP Request. The communicator module then hit a MAC

come to go with the IP come and crapper then transmit.

There are individual meshwork

devices that haw be between our digit hosts, and for the most part, there is no effect on ARP. Since

this is Cisco, though, there's gotta be an exception! Let's verify a countenance at how these devices

effect ARP.

Repeaters and Hubs are Layer One (Physical Layer) devices, and they hit no

effect on ARP. A repeater's employ is only to improve a communication to attain it stronger, and a

hub is only a multiport repeater. Therefore, neither a felon nor a hub hit effect on

ARP.

Switches are Layer Two devices, so you strength conceive they effect ARP's operation;

after all, ARP deals with effort an uncharted MAC come to equal with a famous IP address. While

that's sure true, switches don't effect ARP for digit ultimate reason: Switches nervy broadcasts

discover every opening eliminate the digit it was originally conventional on. The ARP Reply module

be unicast to the figure requesting it, as with the preceding example.

Now here's the

omission -- a router. Routers accept broadcasts, but routers module not nervy them. For example,

study a PC with the come 20.1.1.1 /16. That patron assumes it's on the aforementioned fleshly

portion as the figure 20.1.2.200 /16, since their IP addresses are both on the aforementioned subnet

(20.1.0.0 /16). The difficulty here is that a router separates the digit devices, and the router module

not nervy the ARP broadcast.

The Cisco router module move the ARP Request, however,

with the MAC come of the router programme the ARP Request was conventional on. In this case,

the router module move to the ARP Request with its possess E1 interface's MAC

address.

When the figure at 20.1.1.1 receives this ARP Response, it thinks the MAC come of

20.1.2.200 is 11-11-11-11-11-11. Therefore, the instruction IP for reciprocation sure for the far

patron module be 20.1.2.200, but the MAC instruction module actually be that of the router's E1

interface.

Proxy ARP runs by choice on a Cisco 2500 router, but it crapper be overturned

soured at the programme take with the no ip proxy-arp command.

RARP and Inverse

ARP

Reverse ARP is a aggregation simpler! RARP obtains a device's IP come when it

already knows its possess MAC address. (If the figure doesn't undergo it's possess MAC address,

you hit large problems than RARP!) A removed device, a RARP Server, tells the figure what its MAC

come is in salutation to the RARP Request. As you crapper see, RARP and DHCP hit a aggregation

in common.

Inverse ARP doesn't care with MAC or IP addresses. Inverse ARP dynamically

maps topical DLCIs to far IP addresses when you configure Frame Relay. Many organizations

favour to statically create these mappings; you crapper invoke this choice activity soured with the

interface-level bidding no inclose inverse-arp.

To your success,

Chris Bryant, CCIE

#12933, is the someone of The Bryant Advantage, bag of liberated CCNA and CCNP tutorials, The

Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.
For a FREE double of his

stylish e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, meet the website and

download your liberated copies. You crapper also intend FREE CCNA and CCNP communicating

questions every day! Pass the CCNA communicating with The Bryant Advantage!

ARP adalah termasuk jenis protokol broadcast. Untuk menghindarkan
kemacetan lalulintas data, suatu host biasanya menyimpan informasi
ARP dalam memori yang disebut ARP cache, yang dipergunakan untuk
akses yang cepat. Penggunaan ARP cache ini dengan asumsi bahwa pada
umumnya relasi dari MAC address dengan IP address jarang berubah.

Hub dan switch dapat meneruskan broadcast oleh sebab itu dapat mene-
ruskan informasi ARP yang diterimanya, sedangkan router tidak mene-
ruskan broadcast oleh sebab itu tidak dapat meneruskan informasi ARP
yang diterimanya.

I've talked to a few of my fellow Presbyters about what happened in my absence.  Tonight I came across Dr. William Evans' articleabout this unordinary meeting of Synod.  Apparently he has been busy, since he also has a piece there about Peter Enns' book Inspiration and Incarnation.  He simply lays out so problems with the book.  But on to Synod where the issue of inspiration arose.

For the first time in years, more than one person was nominated to be Moderator of Synod.  It is interesting on a number of levels.  One, Barry Dagenhart, has deep roots in the ARP and would probably affirm the status quo and put a big priority on relationships.  The other, Dr. J.R. DeWitt, is a relative newcomer to the ARP (more recently than yours truly), but Drs. Evans, R.J. Gore and Sinclair Ferguson believed that his theological acumen are vitally important as the ARP addresses some important issues.  He would not maintain the status quo, and is quite fearful of a top-heavy denomination (which the ARP cannot be accused of having with any seriousness).

I agree that a man with theological acumen, and who will not seek to preserve the status quo but rather move us into the future, is greatly needed.  I'd humbly disagree with Sinclair Ferguson that Dr. DeWitt is that man.  One of the great things about the ARP, which I've needed to have modeled to me, is the emphasis on love as well as truth.  Our pursuit of truth must be done in love and hopefully preserve the relationships that already exist.  My experience with the Dr., limited as it is to debate on the floor of Synod, would make me hesitate in applauding his election as Moderator.  While I may side with him theologically, I fear that the price of winning the debate may be too great.  I really hope I'm wrong. 

I would like us to take our theology more seriously, and build stronger relationships with other conservative Reformed denominations.  We do need to repent of our in-grown ways.  But that is a product of spritual renewal.  I want us to be more than well-connected with the PCA, OPC et al.  I want us to grapple with the call to be missionaries to this culture and our communities.  I don't sense that winsome, missionary spirit with Dr. DeWitt.  I think we had the right motives but not the best choice, if that makes sense.  Mark Ross probably would have been a better choice, but convincing him to serve would probably be difficult.

Regarding Scripture, 3 different motions were approved to strengthen our stance on the inerrancy and infallibility of Scripture.  Since we are in the process of revising our Form of Government it is important that new ministers understand and affirm these things lest we drift off to the left over time.  Without these fundamental commitments, our ability to properly address the theological issues before us becomes weak and suspect.  To include these affirmations in the ordination vows, and as standards for Synod employees, is what was missing from our affirmation of these truths over 2 decades ago.

Anem per parts.

El atac man-in-the-middle, com el seu nom indica, es un tipus d'atac en que l'atacant es posa entre la víctima i el servidor. La víctima passa les peticions al servidor, el atacant les intercepta, les modifica i les envia al servidor. Quan aquest respon, les torna a capturar, les modifica i les envia al client, com si res hagués passat.

Quin és el propòsit d'aquesta feinada? Doncs en protocols que van amb text clar, potser no té sentit fer-ho, perquè posem un sniffer, i capturem les dades. Aquest seria el cas del Telnet a un AS/400, un POP3, un FTP, o fins i tot el HTTP.

Però avui en dia els protocols porten una capa d'encriptació per evitar precisament que un simple sniffer pugui mostrar la informació que circula per la xarxa. Aquesta encriptació el que fa es que quan un client vol comunicar-se amb un servidor, utilitzen un protocol d'intercanvi de claus.

Un cop intercanviades les claus, s'encripta tot amb un algorisme de fluxe basat en les claus. Aleshores ningú pot incerceptar res del contingut.

La gràcia del Man-in-the-middle (MITM) és intervenir just en l'intercanvi de claus. Aleshores intercanvia unes claus amb el servidor, i les altres amb el client, i així pot interceptar tot el trànsit, ja que es capaç de desencriptar-ho, ja que les claus les ha posat ell.

Ja se que molts em direu que en una xarxa que té switchs (i no hubs), cada boca de xarxa només mostra el trànsit dirigit a ell mateix, i que es "impossible" capturar el trànsit que va a altres màquines. DONCS NO! Listillos, jejeje. Resulta que hi ha un tipus d'atac conegut com "ARP Poisoning" i també el "DNS Spoofing" que consisteix precisament en saltar-se això.

Repassem els fonaments del TCP/IP. Quan una màquina vol parlar amb una altra i només sap el nom de màquina, necessita saber la IP. Això es consulta en un servidor DNS. Aleshores llancem un paquet contra el DNS dient "Qui té aquest nom?". El problema es que algú estigui interceptant aquest paquet, i ens respongui enlloc del DNS, donant-nos una IP del PC amb el software de Man-in-the-middle.

I preguntareu, com es pot suplantar un DNS ? Doncs fàcil. Resulta que per accedir a un PC necessitem saber la adreça MAC de la tarja Ethernet. I com que només tenim la IP, doncs el PC envia un packet ARP preguntant "Who has IP x.x.x.x?" a TOTA la xarxa. Aleshores, el atacant envia la seva propia MAC en aquest paquet (ARP Poisoning), dient que és ell qui té la IP que necessita. A partir d'aquí, tots els paquets que hagin d'anar a aquella IP s'enviaran a la màquina que ha fet el ARP Poisoning.

En aquest moment, tots els paquets que s'enviin a aquella IP, quedaran interceptats. Si la IP es la del Gateway que ens comunica amb el POP3, o bé la del servidor Web HTTP, o fins i tot la del AS/400 amb el Telnet, doncs ja hem begut oli.

Per tant, no és cap escenari poc probable, o tant teòric que no es pot fer mai, etc. sinó que és un atac ben real i ben fàcil de fer amb algunes eines molt conegudes.

Quins són els protocols més susceptibles de patir un man-in-the-middle?

- Connexió HTTPS amb una CA no reconeguda (la típica CA de Windows per estalviar-nos uns durillos)

- Protocol RDP de Terminal Server de Microsoft

- SSH Mitjançant un versión downgrade

- Qualsevol tipus de protocol de text pla: FTP, Telnet, HTTP, etc.

Quin seria un escenari típic? Estem a un Hotel, ens donen Wifi. Estem a l'aeroport, tenim Wifi. Agafem el Wifi del veí que el té obert. Conectem en una oficina. Estem a casa,  i algú se'ns cola al Wifi. Estem a la oficina, i tenim un becari listillo que ens vol putejar, etc, etc, etc.

1. Ens connectem a la Wifi i obrim la nostra connexió de Terminal Server. A l'habitació del costat tenim algú fent ARP Poisoning del Gateway. De la manera més tonta, ja li hem donat un usuari probablement administrador per entrar a la nostra empresa fins dins de tot.
2. A més, estem consultant el nostre correu via POP3. També té el password del correu, que probablement serà el de Windows, i ja té una altra via d'entrada.
3. A més, fem un HTTPS contra la pàgina del Webmail, la intranet, etc. Ens apareix el missatge de sempre que "no se reconoce el certificado", ja que el nostre jefe no deixa que comprem certificats a una CA coneguda, ja que valen pasta. Aleshores li diem "p'alante", com fem sempre. Aquest gest, que sembla inofensiu, ens pot perjudicar greument. Si a l'accédir al https enlloc de entrar al servidor estem entrant a un PC d'un atacant del MITM via ARP Poisoning, estarem negociant les claus amb ell, i tota la comunicació que fem posteriorment, serà interceptada. Això és un problema, perquè sempre que veiem https ens dóna una sensació de seguretat que es FALSA. Només ens podem fiar dels certificats emesos per una entitat coneguda, i reconeguda. Si no és així, podem ser víctimes d'un MITM.
4. Un altre problema del HTTPS amb una CA no reconeguda és que no es guarden les sessions. En un certificat validat, fem l'intercanvi de claus la primera vegada, i després només cal dir que és la mateixa sessió, que la caché ja sap les claus, i ningú les pot interceptar. En una CA no reconeguda, cada vegada es fa el intercanvi, i per tant, cada vegada podem patir un atac MITM, no cal que sigui només a l'inici de la conversa.
5. Connectem a la nostra màquina SSH. A les opcions de SSH sempre tenim posat com a preferència SSH version 2, ja que com sabem, la versió 1 es vulnerable a atacs de contrasenya. Aleshores, el atacant del man-in-the-middle, ens accepta la connexió, i ens diu que ell només parla SSH1. Automàticament, el nostre client de SSH baixa la versió a SSH1, i ens passa el password, que podrem desencriptar fàcilment.

Què ús sembla ? No es cap escenari de la NASA, no?  Pot passar a qualsevol lloc, sense preveure-ho. I com passa sempre, avui en dia fins i tot hi ha programes que només apretant un botó et fan un atac MITM, no cal ser un super-friki, tocar linux, ni ser un pollòs desaliñao  per fer un atac d'aquests.

Quines són les recomanacions:

- No utilitzar protocols insegurs des d'Internet: POP3, RDP (Terminal Server)

- Res de fer servir servidors HTTPS amb la CA de Windows. Ni per temes interns.

- Fer servir protocols de connexió segurs des de l'exterior, com ICA de Citrix, HTTPS amb CA reconeguda a través de proxys inversos (tipus ISA Server). També connexions VPN amb certificats.

- Posar els serveis accessibles de l'exterior en una DMZ, i que aquestes màquines només facin de passarel·la, que no continguin dades.

- Posar firewalls que siguin UTM (Unified Threat Management), i que a més de inspecció d'estats, disposin de IDS, IPS, Antispam, i Antivíric.

Espero ser una mica aclaridor amb aquest tema, i crec que no cal pensar "això a mi no em pot passar", perquè es un escenari molt comú.

In this example we will be working on LAN enviroments. It does work over point-to-point links with slightly difference results, however I dont see the need to arp over p2p links. Over frame-relay, it is a bad idea to try to use such a feature instead always send traffic on a next-hop basis.

Basically, what we will do is configuring a routing protocol or a static route between R1 and R2, generate some traffic and look into R1's arp table. Then without any routing protocol in place, we will again generate some traffic and look into R1's arp table and try to understand the process. I say it is rather simple but if you do not undestand it you can get stuck.

Diagram bellow

1 - Enable a static route (could be a dynamic routing protocol)on R1 pointing to R2 as such
ip route 0.0.0.0 0.0.0.0 10.10.10.2
In other words we are not arping traffic towards Vlan 20, instead we are sending traffic towards the next hop address which is R2

R1 arp table:
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.2 0 cc01.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.3 0 cc02.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.1 - cc00.1504.0000 ARPA FastEthernet0/0

We can conclude that we cannot see the PC's on vlan 20 on R1 arp table however we have ip reachability to them. That's because we are sending traffic to a next-hop address.

2 - No routing protocols between R1 and R2.
Disabling Ip routing on R1 or either create a static route as such
ip route 0.0.0.0 0.0.0.0 f0/0
R2 needs to have ip proxy-arp enabled on f0/0 (default)

R1's arp table
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.2 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.3 1 cc02.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.1 - cc00.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.1 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.2 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.3 1 cc01.1504.0000 ARPA FastEthernet0/0

We can see that now, R2 is responding with its MAC address for all requests to the PC's, that's because now when we generate traffic towards a PC, we will send a ARP request which is basically a broadcast.

How can this help us?

A week ago at work, we received a call from an administrator let's say, the administrator of the vlan 20 saying that they couldnt ping a server inside the vlan 20.
We don't have a routing protocol between R1 and R2 and after inspecting R1 arp table, the MAC address of that server which should be the same MAC of R2, in fact it wasnt. We could see the MAC of the server itself.
What this means?
I assume someone had changed the server connection to the switch to other port that was in NO SHUT state and had vlan 10 assigned to it which caused R1 to learn the server MAC.

That's all folks!!

• method to learn another hosts MAC address
• all 0’s in des MAC
• ARP protocol type: 0x0806
• Proxy Arp: if a router can route packet to the target host in another subnet, router uses proxy ARP on behalf of the target.

RARP, BOOTP and DHCP

• main function: how host can discover it’s own IP address plus other details
• RARP: same old ARP message but uses it’s own MAC address as TARGET and IP address of 0.0.0.0. RARP server must be on the same subnet as the client.
• BOOTP: commands are encapsulated in an IP and UDP header. Router can forward the BOOTP packets to other subnets. Also allows assignment of: subnet mask, default gateway, DNS address and IP address of a boot server. STILL REQUIRES CONFIGURATION LIKE RARP.
• DHCP: Router would change the clients DHCP request from a source and destination of 255.255.255.255 to a source of directed broadcast of clients subnet (e.g 10.1.1.255) and destination of DHCP server. DHCP response would be forwarded to destination 10.1.1.255.
  • Only configuration command: ip helper-address <dhcpserverIP> on the inside router interface (client side).
  • DHCP pool includes keys such as: subnet, default gateway, length of lease time, dns domain name.
  • you can use (global) ip dhcp excluded-address command to exclude IP hosts. (global configuration)

Click on Start button --> Run..

Type cmd and press OK button.

The DOS window opens.

Type the following DOS command: arp -a and press Enter.

Look at the info displayed: it is something like

  Interface: 135.92.229.21 --- 0x10003
  Internet Address      Physical Address           Type
  135.92.229.1           00-44-45-1b-d4-ad     dynamic  

Your IP is at the first row after 'interface:'.

And your MAC /network adapter/ address is on last row: something like this 00-44-45-1b-d4-ad but with other numbers. Every MAC address is unique because it is the way server can tell one computer from another /like peoples ID on their passports/

Cuando uno de los hosts se quiere comunicar con el otro, envía un paquete que llega hacia el repetidor diciendo, soy X y busco a Y, por medio del nombre buscará la dirección IP de ese host en un proceso llamado Resolución de Nombre de Dominio (DNS). Pero dado que se encuentran en la misma LAN, se envía un paquete de broadcast preguntando la información que necesita sin usar el DNS. El protocolo de resolución de direcciones (ARP) le dará una respuesta y obtendrá la IP del host Y y su dirección MAC.

Por ejemplo:

IP de X 192.168.10.10 255.255.255.0
MAC de X 00.15.12.ac.de.10
broadcast: IP 192.168.10.255 MAC ff.ff.ff.ff.ff.ff
Protocolo: NBNS

Este paquete será difundido en la red a través del HUB, y por ser la dirección de broadcast, todos los hosts recibirán y procesarán la información, y el host Y, al identificar su nombre, responderá con los datos que le son solicitados:

Responde la IP 192.168.10.11 con MAC address 00.15.12.ac.de.31

Ahora el host X tiene la dirección MAC y la IP del host Y, pero el host Y no sabe la información del Host X, por lo que deberá pasar por el mismo proceso para enterarse de la misma información acerca del host X.

Esto representa un problema en una red de tamaño más grande, ya que habría que mandar todos esos paquetes cada que un host se quiera comunicar, y se presentarían congestiones de red por el tráfico local en el mismo dominio de broadcast.

Documento de Cisco.com