The most common attack against Service Provider IP Networks is Denial of Service. Usually these attacks take the form of “Many-to-One Attacks” where multiple attacking sources send flooding traffic towards a single destination. These attacks are sometimes called Distributed Denial of Service. Usually the attacking hosts are “zombie” computers which are compromised by hackers and belong to a BotNet network. Usually these attacks are directed towards a critical node of the ISP network (a Border Router, a public Server etc).

If the attack contains thousands of non-legitimate connections to initiate TCP communication (SYN packets) towards a single host, the target host gets overloaded from the requested connections because the three-way TCP handshake does not get completed (because these TCP connections have unreachable return addresses, the connections cannot be established).  The resulting volume of unresolved open connections eventually overwhelms the server and can cause it to deny service to valid requests. The above attack is also called SYN Attack.

TCP Intercept is a feature on routers used to prevent and mitigate TCP SYN-flooding attacks by monitoring the rate of SYN packets and intervening inside the TCP communication whenever necessary in order to reduce the number of incomplete TCP connections.

There are two modes for TCP Intercept: “Intercept Mode” and “Watch Mode”.

Intercept Mode

The most “invasive” mode is “Intercept Mode”. The router establishes a connection with the client on behalf of the destination server, and if successful, establishes the connection with the server on behalf of the client and knits the two half-connections together transparently. This means that if the connection is legitimate, it will reach the server with no problem. If the connection is from a non-legitimate client, the half-open connection will be dropped by the router. This mode consumes a lot of memory and CPU on the router.

Watch Mode

We recommend using the “Watch Mode” instead of the “Intercept Mode”.  In Watch Mode, the router passively watches the connection requests flowing through the router. If a connection fails to get established in a configurable interval, the software intervenes and terminates the connection attempt.

Configuration of TCP Intercept

On router connecting the host under attack, configure the following (assume target host under attack is 1.1.1.1):

Router(config)# access-list 101 permit tcp any host 1.1.1.1
Router(config)# ip tcp intercept mode watch
Router(config)# ip tcp intercept list 101

The above configuration will watch the TCP SYN packets towards host 1.1.1.1. If the SYN packets exceed a certain default value, the router starts to close incomplete TCP connections. Specifically, if the number of incomplete connections exceed 1,100, or the number of connections arriving in the last one-minute period exceed 1,100, each new arriving connection causes the oldest partial connection (or a random connection) to be deleted. These are the default values, which can be altered.

On June 17th, the IEEE has ratified the 802.3ba standard for Ethernet connections with speeds of 40 and 100 Gbps. Both Cisco and Juniper have been supplying high performance network equipment which support the above standard. Cisco for example supports the 100Gbps Ethernet card on its CRS-3 router, while Juniper supports its 100Gbps PIC card on its T1600 Core Router.

As its name suggests, the IEEE 802.3ba standard allows for Ethernet services of 40 and 100 Gbps in both LAN and WAN implementations. The initial plan for the fastest Ethernet ever was to develop the technology for the 40 Gbps to support high-speed connections between switches and core servers, while for the 100 Gbps speed the plan was to support transport trunks for Internet and Video over IP. Both standards are applicable for the transport of packets in optical fiber networks.

Of course, as in previous cases, the new standard maintains backward compatibility with the rest of the Ethernet family.

Well, actually not the latest news. Let’s say news from the past 2-3 months!!

Cisco is committed to release the TIP protocol:

After the acquisition of Tandberg , Cisco has pledged to release the protocol Telepresence Interoperability Protocol (TIP) on 1 July 2010. The draft release will be hosted on Sourceforge under the Apache 2.0 license. This decision is apparently the result of a concession to the European Commission for approval of acquisition of Tandberg.

Cisco completes acquisition of Tandberg

Cisco completed the acquisition of Norwegian company Tandberg, specializing in solutions for video conferencing and telepresence. Tandberg products are now integrated in the Cisco Telepresence product series. The solutions are based primarily on the TIP protocol (Telepresence Interoperability Protocol).

Cisco WebEx Meeting Center available on iPad

After the iPhone version, Cisco announced the availability of WebEx Meeting Center on the iPad. WebEx Meeting Center is a collaborative tool ”that combines professional interaction, voice and instant messaging”. This tool lets “to organize meetings for dispersed staff and using tools and heterogeneous systems”

Do you want to learn how to install, configure and maintain computer networks? Are you looking to develop your professional skills in networking and to demonstrate your expertise or enhance your credibility? Then a Cisco Certified Network Associate (CCNA) certification is an excellent choice for you as an entry level professional. The knowledge that you will acquire during preparation for CCNA will be your solid base to build a promising and successful career in the field of networks.

Training and Certification

Candidates who pass the exam will receive a CCNA certificate from Cisco. This quality qualification will put a weight on your resume which will certainly be noticed by prospective employers.

Preparing for the CCNA certification requires candidates to study about the following topics:

• Describe how a network works
• Configure, verify and troubleshoot a switch with VLANs and interswitch communications
• Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network
• Configure, verify, and troubleshoot basic router operation and routing on Cisco devices
• Explain and select the appropriate administrative tasks required for a WLAN
• Identify security threats to a network and describe general methods to mitigate those threats
• Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network
• Implement and verify WAN links

I suggest the following CCNA Training which covers the full range of topics that you will be tested. The above training claims that you will pass CCNA Guaranteed.

Benefits of CCNA

Cisco certification rewards the efforts of candidates: A validation of your technical expertise increases your professional credibility. In particular, the CCNA skills acquired for SOHO or medium networks reveal an extremely valuable qualification for companies whose networks have fewer than 100 nodes.

 The holder of a CCNA is able to do the following:

• Installation and configuration of Cisco switches and routers in multiprotocol environments, using LAN and WAN interfaces. 
• Troubleshooting Operations at Level 1 
• Improve security and network performance.

The holder of a CCNA can occupy the following positions:

• Engineer at Hotline 
• Onsite Technician  
• System Engineer Level 1 
• System Integrator Level 1