Routing, Switching

Cisco ASA & ESX: strange ARP behavior

René Jorissen on January 12, 2009 10 Comments • Tags: #arp #behavior #esx #icmp #interface #nat #noproxyarp #path #proxy #reverse #reverse-path #spoofing #strange #sysopt #verify #vmware

Last week I had a very strange problem with a Cisco ASA firewall. The firewall is configured with multiple interfaces, including a DMZ interface. There are multiple servers in the DMZ. These servers are physical and virtual servers. The virtual servers are VMware servers in a blade environment. I configured the feature ip verify reverse-path … Read More

Configuration Example, Routing, Security, Switching

Secure HSRP configuration

René Jorissen on July 25, 2008 2 Comments • Tags: #authenticate #cdp #clear #dtp #hsrp #key-string #md5 #preempt #priority #spoofing #standby #text #timeout #wireshark #yersinia

A friend of mine works for a well known auditing and penetration testing company in the Netherlands. Recently we were talking about how he starts looking for flaws in network infrastructures. My friend told me that the first thing he does is simply starting WireShark and start looking at all the packets he receives. By … Read More

Configuration Example, Security, Switching

Layer 2 security

René Jorissen on July 6, 2008 2 Comments • Tags: #address #arp #attacks #bpduguard #dhcp #dynamic #hopping #inspection #ip #layer #mac #rootguard #source #spoofing #two #vlan

I attended the session layer 2 security, because I had some discussions about layer 2 security with one of my colleagues. We were discussing about using layer 2 security and especially implementing it in the environments from our customers. Looking at my/our customers, I don’t see environments where layer 2 threats would be immediate. But … Read More