Scanning active IPv4 addresses is difficult? Simpler than you think

It is always a best practice to keep full track of all IP address assignments inside our local area network. From time to time, it might also be a good idea for security purposes to check whether we have any hidden nodes inside our network.

To discover any node with active IP addresses inside our network, we might imagine that we must acquire powerful tools such as Cisco Prime Infrastructure before we can achieve anything. In fact, it might be much easier than you have expected. Let me show you how.

All you must have is a Windows 10 PC. I think that should be easy.

CCNA 2020, My summary of changes

Cisco recently announced major changes of certification programs and they all will take place on February 24, 2020. In this post, I am giving you my quick summary on CCNA alone.

CCNA Exam Changes (200-301)

The official new exam name for CCNA 2020 is “Cisco Certified Network Associate v2.0 (CCNA 200-301)”. I know it is quite confusing since CCNA exams has already been changed for a couple of times in recent years. I will call this 2020 CCNA by its exam code “200-301” instead.

Google is terminating Google+ service

Hi, this is Li-Ji Hong speaking. We now know Google is terminating Google+ service. I understand that many of you came from Google+ to find and visit my web site “Show IP Protocols”. To keep updated and connected to my web site “Show IP Protocols”, I recommend you adding at least one of these three services: Twitter, Facebook, and Email subscription.

400G Ethernet, My Observation Notes

I saw a post about Cisco has announced 400G Ethernet switch products.

400G Ethernet means the bit rate can be up to 400 Gbps. Here are some of my observation notes on 400G Ethernet products.

Bank lost 1 million US Dollars because of outdated routers

A recent news was about hackers hacked into a Russian bank because of outdated routers. When I saw the keyword “router”, I felt that I must dig further about what really happened.

What I have understood now

The victim is PIR Bank. One of the suspects is MoneyTaker. After the breach, PIR Bank hired company Group-IB to do the clean-ups, recovery, and investigating how the hackers got into their internal network.

Up to this moment, Group-IB disclosed hackers exploited the outdated routers of PIR Bank. The model of the routers was Cisco 800 series routers, which was already declared publicly that the End of Support date would be someday in Year 2016, by Cisco. The running Cisco IOS version was 12.4.

BGP Injection instead of Leak, my observation notes for MyEtherWallet incident

After reading articles by Doug Madory, and by Louis Poinsignon, here are some notes I observed and learned.

[What happened in this incident?]

Hackers somehow made some BGP routers of “eNet” to falsely announce that they own the following 5 IP subnets, which are indeed NOT belonging to “eNet”. The true owner is Amazon. To be more specific, they are for Amazon’s Route 53 DNS name resolution services.

• 205.251.192.0/24
• 205.251.193.0/24
• 205.251.195.0/24
• 205.251.197.0/24
• 205.251.199.0/24

The registered domain server for domain “MyEtherWallet.com” is hosted on Amazon Route 53.

Hackers also somehow embedded malicious DNS server (or servers, I really don’t know) also inside service network of “eNet”.

After that, any affected clients’ DNS query for domain “MyEtherWallet.com” would hit hacker’s malicious DNS server. Of course, malicious DNS server would respond with false IP addresses, and those false IP addresses are indeed hacker’s own web servers.

At this moment, clients thought they were accessing “MyEtherWallet.com”, and they indeed were accessing hacker’s web servers.

Prepare Python 2.7 on Microsoft Windows using PowerShell

Everyone today talks about the programming language Python while discussing Software-defined Networking (SDN). Since Python is so popular, it would be a good idea for network administrators to know more about Python. First thing first. I talk about how I prepare Python running environment on Microsoft Windows.

It would be nothing special if I only download the installation software from Python official web site by mouse clicking. Instead, I use PowerShell to download and install for me. That is, prepare one scripting running environment using another scripting language.

Here is the recorded video of how I do this.

The version I talk about is version 2.7.13.