Hot potato and cold potato routing

These weeks I have been studying about networks, indeed about CCNP certification, because my CCNP certificate expires soon, actually next month, and I have to recertify. I wrote about my experience in the CCNP Route exam, CCNP Switch exam and CCNP Tshoot exam three years ago and I though I wasn't going to learn something new this time but I was wrong, I have learnt new concepts like “Hot potato and cold potato routing” and I have also reinforced my networking skills. The ID of exams has changed with regard of the last time:

• 300-101 ROUTE → Implementing Cisco IP Routing (ROUTE v2.0)
• 300-115 SWITCH → Implementing Cisco IP Switched Networks (SWITCH 2.0)
• 300-135 TSHOOT → Troubleshooting and Maintaining Cisco IP Networks (TSHOOT v2.0)

Hot potato and cold potato is used when we speak about routing in autonomous systems. In fact, hot potato is the normal behavior in a routing environment when we don't have to configure any routing engineering to the traffic. Therefore, routes are learnt and prefixes are advertised without any particular configuration. To sum up, hot potato routing is used to deliver traffic as quickly as possible from one autonomous system to another without any traffic engineering.

However, hot potato routing has some disadvantages. For instance, if we have a multihome network with two service providers (ISP1 and ISP2) to access to Internet, we could come across with an asymmetric routing issue. I mean, ISP1 would be used by uploading traffic and ISP2 would be used by downloading traffic, which could be an issue if we want to use one of the service provider, for example ISP2, as a backup connection to Internet because this backup service provider is more expensive, less reliable or we have less bandwidth contracted. If we want to solve these issues, we have to use cold potato routing.

Cold potato routing is more expensive than hot potato routing because we have to configure traffic engineering to deliver traffic as we want. Therefore, network administrators have more control over the traffic with cold potato than hot potato, which means we can give higher quality of service to our customers and it is better for content providers as well. However, if we use this technique we have to be willing to deliver our traffic for further distances because we are going to choose suboptimal routing from the point of view of hops but optimal routing from the point of view of performance, costs, etc.

For example, if we want to solve the asymmetric routing issue in a multihome network with a backup service provider we should look at the next BGP path selection to choose some techniques to deliver services as we want:

1. Weight
2. Local Preference
3. Locally originated routes
4. AS_PATH
5. Origin
6. MED (metric)
7. eBGP routes over iBGP
8. IGP metric to next hop (“Hot potato”)
9. Vendor-dependent tie break

We'll see the results of my CCNP exam, but in the meantime I'm going to keep studying new concepts like Windows Scaling (RFC 1323), Long Fat Networks (LFNS), TCP selective acknowledgement (RFC 2018), EVN Trunk, Unicast Reverse Path Forwarding (URPF), Tribal Flood Network (TFN), etc.

Regards my friend and remember, drop a line with the first thing you're thinking.

Honey, where have you been?

Do you want to know where a smartphone has been connected? I mean … would you like to know what wireless networks have been used by a smartphone? Is this information useful? It depends on what you are looking for. From time to time someone might be interested in gathering information about someone. For instance, where have people, who are around you, been connected? What is their ISP? where have they been eating? what places have they visited? What smartphone do they have? Is he in his house/office right now? etc. Getting this “public” and “free” information, and use it as you want!!

As you can guest, there is an easy way to get this information due to the fact that lots of people always have their Wi-Fi connection enabled in their smartphones even when they leave their home, office or wherever or even when they don't need it. However, these mobile devices keep sending “Probe Request” messages over the air asking for the whole wireless network list stored in their smartphones because it is looking for these wireless networks to connect again. This wireless networks list is made by our smartphone with each Wi-Fi we connect because mobile devices store all SSIDs we use by default. Next, we can see an image with all SSIDs my smartphone has used:

Wireless Network List

What tool can we use to get “Probe Request” messages? “Hoover” is an “old” and free tool, made in 2012 and writing in perl language by David Nelissen & Xavier Mertens, that it allows us to get a list of SSIDs which have been used by mobile devices which are nearby. This script uses the “channel hopping” technique to change the Wi-Fi channel every 5 seconds within an infinitive loop looking for “Probe Requests” messages. If we want to use it, we need to configure our wireless adapter in a monitor mode, and we also have to install tshark and perl. Next, we can see an image with the SSIDs and wireless devices which are around me:

Hoover

Hoover Results

Of course, hoover can be improved. For example, dates when SSIDs are discovered are wrong, it would be great to match MAC addresses with manufacturers and it would be awesome to know where SSIDs are in a wireless network mapping like WiGLE.

Once we know the SSIDs which mobile devices want to connect, what could be next? Maybe, turning on a rogue access point with that SSIDs to try to get their Wi-Fi passwords, try to analyze their network traffic and also trying to hack their devices.

If you don't want to be spied and you don't want anybody breaks your privacy, delete your unneccessary wireless list of your mobile devices and turn off your wireless connection when you don't use it, if not, you are exposing valuable information like where you have been eating, sleeping, or … everything.

Regards my friend and remember, drop a line with the first thing you're thinking.

ISACA Challenge for Young Professionals

ISACA Madrid has launched a challenge again for young professionals with the main goal of encouraging young people to innovate and promote in the Audit, Information Security and Information Security Governance fields. This is the third edition where young professionals can demonstrate their skills and knowledge about new threats, risks and tools, and this is a good opportunity to show our last researches and development projects to the security community, and at the end it's a good opportunity to teach what we know to improve the security world.

Last year I was the lucky young professional who could go to the final stage to show and teach my last research about Domain Generation Algorithm (DGA) with a paper called “Juego de Troyanos”. This was a concept that I didn't know until I analyzed the Zeus malware with the Ariolo probe. Once I understood how DGA worked, I developed a trojan malware what it bypassed black lists and antivirus software, and this was the main reason why I got the first award. Last year, all papers were good ideas with high technical quality, and I'm sure this year the level of the papers will be better.

 

In addition to 1000 € I got examination fees for an ISACA certification as a prize. In fact, last Christmas I applied for the CISM exam which I passed, and this week the ISACA organization emailed to me saying I fulfill all requirements to get the CISM certification. What I have learnt with this certification is that government and management aren't the same, also things about the Risk Management Process, InfoSec Program Development and Incident Management. All of this new concepts were welcomed to my knowledge and my job.

The requirements for the third ISACA challenge this year are the same as the last year. If we are young people with less than 35 years old and we have something interesting to show and teach about Audit, Information Security or IT governance, this is your challenge. Write it in a paper, sent it and good luck. This is the last week to apply, come on!!

For more information about the challenge, click on here, and if you need any help with your paper, let me know.

Regards my friend and remember, drop a line with the first doubt you're wondering.

Second World War

I really love reading, learning and studying, and for the last two months I have been reading the Winter of the World by Ken Follett, which is the second book of the century trilogy after Fall of Giants. This book is a novel about the Second World War where we can learn about that war in a easy and entertainment way. It's funny, and sad at the same time, how some people think this war was too many years ago while it was nearly 70 years ago when our grandparents lived then.

The second world war began 20 years after the first world war, when Germany invaded Poland in 1939, subsequently France and the United Kingdom declared the war to the Nazi Germany. There was two military alliances, the Allies and the Axis, led by Roosevelt, Stalin, Churchill, Hitler, Mussolini, etc. It's amazing how some leaders could decide a war where more than 60 millions people died.

It was 6 years of war where was many battles around the world. For instance the attack on Pearl Harbor in 1941 when Japanese attacked against the United States naval base at Pearl Harbor in Hawaii with fighter planes, bombers and torpedo planes launched from aircraft carriers. This was the entry of the United States to the Second World War. Another battle was the battle of Stalingrad in 1942 when Nazi Germany and its allies fought against the Soviet Union. It is said that this battle was the single largest and bloodiest battles in the history of warfare with nearly 2.2 millions people died. And I have to mention the invasion of Normandy as well where Western Allies assaulted Normandy in 1944 which was of Nazi Germany. It was the largest amphibious invasion which allowed to get the Western Europe by Western Allies.

At the end, in 1945, Adolf Hitler killed himself and Japan surrendered to the Western Allies. As a result of this awful war, our ancestors had a terrible life living with fear, misery and penury. Today, we know about millions of people like Jews, homosexuals, disabled, gypsies, priests, etc that they were killed in concentration camps. For instance the Auschwitz camp where more than 6 millions people died. We know about sexual violence where women got pregnant by soldiers. We know about scientific experiments with humans by Nazi to try to improve the Nazi racial ideology. We know about bombing against civilians and not only to soldiers. As you can see, this is a shame but this is a war.

Today, and after the second world war, we have the United Nations taking care of us where 193 countries promote international cooperation to maintain international peace and security, promoting human rights, fostering social and economic development, protecting the environment, and providing humanitarian aid in cases of famine, natural disaster, and armed conflict.

I'm wondering about what is going to happen with deportations, famine, peace and security in the Syrian war. When is the war going to finish? Will there be a Marshall Plan to rebuild Syria like there was in the Second World War? We'll see in the next years.

Regards my friend and remember, drop a line with the first thing you're thinking.