FTP over SSL (ftps) – Explicit SSL vs. Implicit SSL / Active mode vs Passive mode
Explicit SSL:
ACTIVE MODE:
– A connection to the server is made on TCP/21 (ftp-control channel)
– A connection to the server is made on TCP-20 (ftp-data). Read more…
The steps to create the (Windows) .msi are as follows:
STEP 1: Download the ISO file from cisco.com software download navigator page (http://software.cisco.com/download/navigator.html ) Read more…
This aide-memoir describes and compares NAT configuration (Identity NAT, NAT Exemption/Identity NAT and also compares the syntax between ASA version 8.4.2 and below. There are some considerable differences to the syntax and some of the better-known commands have been deprecated. Read more…
It should be noted that many algorithms require the Cisco IOS to have access to the cleartext password.
The Vigenere algorithm is used to obfuscate the passwords (not really encrypt them as there is no encryption key) in order to prevent “shoulder surfing” from exposing passwords to someone who briefly looks at a running configuration.
If, however, someone gets hold of the configuration they can easily retrieve the passwords using the reverse translation of the Vigenere algorithm.
- This can be done using various “type-7” password crackers or indeed within the IOS itself
- Cisco IOS uses this level-7 encryption when the “service password-encryption” command is used. Here is a Perl Script which deobfuscates the Cisco Viginere password Read more…
Long Fat Pipes
High-capacity packet satellite channels are LFN’s (Delay 4 x 35‘800 km = 470ms RTT) and modern terrestrial long-haul fibre-optic paths will also fall into the LFN class. There are three fundamental performance problems with the current TCP over LFNs:
• Window Size Limit (2^16 or max 65k bytes) – Remedy: TCP option “Window scale”
• Recovery from Segment Losses – Remedy: TCP option “selective acknowledgement”
• Round-Trip Measurement – Remedy: TCP option “Time stamp” Read more…