CCNA tutorial: Router On A stick

A couple of previous posts were about

   1. Introduction to Vlan

   2. Implementation of VLAN in Cisco devices with the help of Cisco Packet Tracer.

 A special topology known as Router On a Stick was also mentioned(it is an interesting topic taught in Cisco's CCNA curriculum). In certain situations VLAN prove to be too restrictive since they disallow inter-VLAN communication ( to understand why see VLAN Intro PART 2). To resolve this problem a router is set up and configured to allow such communication. Usually the topology ends up looking something like this:

Note:

switch0's (2960 model) fa0/1 is connected to router's fa0/0 (2811) 

PC-0-5 are connected to fa0/2 and so on 

Router configuration:

For each VLAN id there will be a corresponding sub-interface and an ip address assigned to it. Explanation of a couple of key commands:

int fa0/0.1  //create a subinterface with id 1
encapsulation dot1Q 2 //dot1q refers to IEEE 802.1Q which documents VLAN
//standards. 
//This command sets VLAN tagging and all hosts in VLAN id 2
//will be communicate with this interface 

A sub-interface:

In cisco devices a sub-interface is a division of the physical interface into many logical,independent interfaces.So a physical port, say fa0/0 may be divided into fa0/0 , fa0/0.1 ,fa0/0.2 -3 separate interfaces belonging to the same physical interface but logically acting independently. 
Pinging PC1 from PC0 will not work initially. What you need to do is to create subinterfaces and enable 802.1Q encapsulation/tagging. Now the router will be able to understand the tagged packets. 

Additionally assign a unique subnetwork to each VLAN group and the router's subinterface.In the following code note that VLAN id 1 has been assigned 10.0.0.0/8 subnetwork, id 2 with 20.0.0.0/8 and VLAN id 3 with 30.0.0.0/8 .Router's fa0/0 interface has 10.0.0.1/8 , fa0/0.1 20.0.0.1/8 and fa0/0.3 with 30.0.0.1/8. 

All the hosts need to be assigned a gateway address. Remember that the gateway address and host address always belong to the same (sub)network. Keeping this in mind: 

PC0,PC3,PC5 will have their gateway address as 10.0.0.1/8
PC1 will have 20.0.0.1/8
and PC2 and PC4 will have 30.0.0.1/8

Interestingly 30.0.0.1 interface has been configured to accept VLAN id- 3 packets which is correct since all the nodes in VLAn id -3 will have their gateway address as 30.0.0.1/8.

Finally try to ping PC1 from PC0. If pings are successful you have been able to do inter-VLAN communication. If not try the realtime mode to see where packets are being dropped. The most common mistakes include not setting the encapsulation type on the router, binding subinterface with the wrong vlan id. Remember that by default VLAN id 1 is called the native VLAN and these packets are NEVER tagged. That is the reason why you DO NOT need to set encapsulation/tagging on fao/0 interface.

//switch:
en
conf t
vlan 2
name account
exit
vlan 3
name admin
exit

int fa0/1
switchport mode trunk //sets this port as trunking port
exit

int fa0/3
switchport access vlan 2 //this port belongs to VLAN id 2
exit
int range fa0/4,fa0/6
switchport access vlan 3
exit
end //jump from config mode to privileged mode
copy running-config startup-config //save all the settings

//Router:

enable
configure terminal
int fa0/0
ip address 10.0.0.1 255.0.0.0
no shutdown  //enable interface
int fa0/0.1 //enable logical subinterface fa0/0 id 1
encapsulation dot1Q 2 //Enables router to 'read' vlan tagged packets.
ip address 20.0.0.1 255.0.0.0
int fa0/0.3 
encapsulation dot1Q 3
ip address 30.0.0.1 255.0.0.0
end

copy running-config startup-config

Important Links:

Introduction to VLAN
Wiki on router on stick/one armed router
Wiki on 802.1Q standard

Create Virus/malware to infect and disinfect with Visual Basic

I was quite surprised when I realized that I have not posted a single code on my blog. Unfortunately I am not the programmer one expects to design complex algorithms or solve logical problems in a jiffy. Every semester break, I plan to code small application which involve new languages or something which has not been taught before. The first such attempt involved learning Visual Basic. Visual Basic 6 is very easy to learn and Windows GUI programs are very easy to build. It offers simple functions to manipulate and control external devices like CD-ROM drives and complex structures such as Regsitry Hives. I decided to write an application which is able to hide itself and write registries, basically imitating a malware. It is also able to make copies of it and store them in different locations and run these whenever the computer boots up. It is a very simple program and once you know how to write registries and run some system commands using VB,you are done!

Why Visual Basic:

I chose Visual Basic since it the easiest language to write in when doing Windows Programming.Also it was one of the first languages in which simple malware, worms like I love you worm  were written in VBSscript(closely related to VB).
 

I have used VB6 because of its smaller size but found out that it easier to use when writing these sorts of codes compared to VB.NET. This software writes and modifies registry entries a lot of times and is simpler unlike C which requires knowledge of complicated functions and Windows API( although it provides complete control over Windows Registry).

Some features:

    * Disables Task Manager
    * Disables Regedit
    * Disables UAC in Vista
    * Enables Remote Desktop
    * Disables command prompt
    * Disable access to USB drives
    * Enable/Disable Automatic Updates
    * Disables Windows Installer
    * Disable Control Panel
    * Remove shutdown icon
    * Remove logoff button
    * Disable applications such as: firefox, notepad, wordpad, Avira antivirus etc
    * Change file associations, eg. html pages will be opened in wordpad only
    * Disable changing of file associations
    * Disable folder options

After understanding how primitive malware works you can write applications which can reverse these effects. Many such malware do the above mentioned, like disable the Task Manager. After reading through the very simple source code you will be able to repair your system.
Also this application can be modified and deployed by computer admins who want to control the amount of access to provide to users.For example an admin might employ such methods to disable control panel and other features to prevent abuse. I have provided links to "regdigest.exe" which will infect your system. "regundigest.exe" on the other hand will disinfect/repair your system. I have also put up links to their source codes. I am not responsible for any damages caused nor do I encourage the use of this code for illegal purposes.

Basic flow of the program:

    * CreateObject("WScript.Shell) returns an object which allows for registry key editing.
    * [object].regwrite is used to write regsitry key
    * [object].regdelete used to delete a registry key
    * Copy file to different locations in hard drive
    * add entries to "run" to ensure all the programs are run at startup

Food for thought:

Here are a few things you may want to add:
 

    *  Restrict running of major antivirus software.
    * copy the application to network drives
    * modify autorun.inf to execute it whenever the corresponding drive is opened.
    * Disable firewall, ports.

NOTE: Some of the antiviruses might flag the exe as a trojan or virus. Disable it before downloading.

A few issues to consider:

Changing Icons

You will notice that the exe has a typical Visual Basic styled icon. Malware and viruses generally carry icons which do not give away their identity. They usually have popular software icons like new firefox version etc. A great tool called ResourceTuner can be used to edit your application's icons.

Vista and UAC compatibility:

Vista users will be familiar with UAC and small shield which appers on executables requiring admin privileges. These are UAC compatible applications and make use of 'Application Manifest' which "inform the OS what resources an application needs". An Application Manifest basically carries information of privileges and resources required by the application. You can manually create an Appilcation Manifest file or Resource Tuner do the work.

Avoiding Antivirus:

There are tools known as crypter which can help in avoiding antivirus detection. Right now I do not have much clue about how they work but I do know that there are many posts available on the Internet which teach how to build your own crypters.

 Important Links:

1. Download regdigest.exe and undigest.exe
2. More about Application Manifest(UAC)