06 July, 2013

BGP BACKDOOR

BGP BACKDOOR


SCENARIO:

As a professional poker player you have won the WSOP (World Series of Poker) and now your financial problems are over you decide to start your own online poker room. The bluffing is over it's time to configure your own company network...you have setup your own AS (100) and are connected to a service provider who is using AS 300. You are connecting your network to another big online poker website to exchange network information but you are using EIGRPinstead of BGP to connect AS 100 and 200...the problem you face is that traffic from your AS towards AS 200 is being sent towards AS300 and not using the direct link between router Diamonds and Spades.

GOAL:

  • All IP addresses have been preconfigured for you.
  • All routers have a loopback interface:
    Router Diamonds: L0: 1.1.1.1 /24
    Router Spades: L0: 2.2.2.2 /24
    Router Hearts: L0: 3.3.3.3 /24
    Router Clubs: L0: 4.4.4.4 /24
  • Configure EBGP between AS 100 and AS 300.
  • Router Diamonds: Advertise the 1.1.1.0 /24 network in BGP.
  • Configure IBGP on router Hearts and Clubs.
  • Configure EBGP between AS 200 and AS 300.
  • Router Diamonds: advertise the 1.1.1.0 /24 network in BGP.
  • Router Spades: advertise the 2.2.2.0 /24 network in BGP.
  • Ensure you can ping 2.2.2.2 from router Diamonds.
  • Ensure you can ping 1.1.1.1 from router Spades.
  • If you have any connectivity problems fix them by using next-hop-self or advertising the appropriate networks in BGP. Do not advertise the 192.168.12.X /24 network in any way.
  • Configure EIGRP between router Diamonds and Spades:
    Advertise the 192.168.12.0 /24 network.
    Advertise the 1.1.1.0 /24 network.
    Advertise the 2.2.2.0 /24 network.
    Disable auto-summary
  • Ensure you have an EIGRP neighbor relationship between the 2 routers.
  • Do a traceroute from router Spades to 1.1.1.1, which path is it taking?
  • Use a BGP command to make sure that traffic from router Spades towards 1.1.1.1 is using the 192.168.12.X link and is not being sent through AS 300.
  • When the link between router Diamonds and Spades fails it should use AS 300 to reach the 1.1.1.0 /24 network.
Configure BGP
  • Configure EBGP between AS 100 and AS 300.
HEARTS#conf terminal
HEARTS(config)#router bgp 300
HEARTS(config-router)#neighbor 192.168.13.1 remote-as 100

 DIAMONDS#configure terminal
DIAMONDS(config)#router bgp 100
DIAMONDS(config-router)#neighbor 192.168.13.3 remote-as 300
*Mar  1 00:17:23.255: %BGP-5-ADJCHANGE: neighbor 192.168.13.3 Up
  • Router Diamonds: Advertise the 1.1.1.0 /24 network in BGP.
DIAMONDS(config-router)#network 1.1.1.0 mask 255.255.255.0
  • Configure IBGP on router Hearts and Clubs.
CLUBS#configure terminal
CLUBS(config)#router ospf 1
CLUBS(config-router)#network 4.4.4.4 0.0.0.0 area 0
CLUBS(config-router)#network 192.168.34.4 0.0.0.0 area 0
CLUBS(config-router)#router bgp 300
CLUBS(config-router)#neighbor 3.3.3.3 remote-as 300
CLUBS(config-router)#neighbor 3.3.3.3 update-source lo 0

HEARTS#configure terminal
HEARTS(config)#router ospf 1
HEARTS(config-router)#network 3.3.3.3 0.0.0.0 area 0
HEARTS(config-router)#network 192.168.34.3 0.0.0.0 area 0
*Mar  1 00:18:37.491: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done
HEARTS(config-router)#router bgp 300
HEARTS(config-router)#neighbor 4.4.4.4 remote-as 300
HEARTS(config-router)#neighbor 4.4.4.4 update-source lo 0
*Mar  1 00:19:08.123: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
  • Configure EBGP between AS 200 and AS 300.
CLUBS#conf terminal
CLUBS(config)#router bgp 300
CLUBS(config-router)#neighbor 192.168.24.2 remote-as 200

SPADES#configure terminal
SPADES(config)#router bgp 200
SPADES(config-router)#neighbor 192.168.24.4 remote-as 300
*Mar  1 00:24:41.475: %BGP-5-ADJCHANGE: neighbor 192.168.24.4 Up
  • Router Spades: advertise the 2.2.2.0 /24 network in BGP.
SPADES(config-router)#network 2.2.2.0 mask 255.255.255.0
  • Ensure you can ping 2.2.2.2 from router Diamonds.
  • Ensure you can ping 1.1.1.1 from router Spades.
  • If you have any connectivity problems fix them by using next-hop-self or advertising the appropriate networks in BGP. Do not advertise the 192.168.12.X /24 network in any way.
DIAMONDS#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

SPADES#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 Fix This 

 SPADES(config)#router bgp 200
SPADES(config-router)#network 192.168.24.0 mask 255.255.255.0

 DIAMONDS(config)#router bgp 100
DIAMONDS(config-router)#network 192.168.13.0 mask 255.255.255.0

HEARTS(config)#router bgp 300
HEARTS(config-router)#neighbor 4.4.4.4 next-hop-self
CLUBS(config)#router bgp 300
CLUBS(config-router)#neighbor 3.3.3.3 next-hop-self

 Verify:

 DIAMONDS#show ip route | inc 2.2.2
B       2.2.2.0 [20/0] via 192.168.13.3, 00:01:06

 DIAMONDS#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/63/84 ms

 SPADES#show ip route | include 1.1.1
B       1.1.1.0 [20/0] via 192.168.24.4, 00:11:01

 SPADES#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/65/84 ms
  • Configure EIGRP between router Diamonds and Spades:
    Advertise the 192.168.12.0 /24 network.
    Advertise the 1.1.1.0 /24 network.
    Advertise the 2.2.2.0 /24 network.
    Disable auto-summary
DIAMONDS#configure terminal
DIAMONDS(config)#router eigrp 1
DIAMONDS(config-router)#no auto-summary
DIAMONDS(config-router)#network 192.168.12.0 255.255.255.0
DIAMONDS(config-router)#network 1.1.1.1 0.0.0.0
SPADES#configure terminal
SPADES(config)#router eigrp 1
SPADES(config-router)#no auto-summary
SPADES(config-router)#network 192.168.12.0 0.0.0.255
*Mar  1 01:45:22.659: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.1 (FastEthernet0/0) is up: new adjacency
SPADES(config-router)#network 2.2.2.2 0.0.0.0
  • Ensure you have an EIGRP neighbor relationship between the 2 routers.
SPADES(config-router)#do show ip eigrp neighbor
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   192.168.12.1            Fa0/0             10 00:02:47   30   200  0  3
  • Do a traceroute from router Spades to 1.1.1.1, which path is it taking?
SPADES#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1

   1 192.168.24.4 44 msec 24 msec 24 msec
  2 192.168.34.3 44 msec 36 msec 32 msec
  3 192.168.13.1 [AS 100] 64 msec *  56 msec

SPADES#show ip route | include 1.1.1.0
B       1.1.1.0 [20/0] via 192.168.24.4, 00:25:48

DIAMONDS#show ip route | include 2.2.2.0
B       2.2.2.0 [20/0] via 192.168.13.3, 00:25:48
  • Use a BGP command to make sure that traffic from router Spades towards 1.1.1.1 is using the 192.168.12.X link and is not being sent through AS 300.
SPADES#conf ter
SPADES(config)#router bgp 200
SPADES(config-router)#network 1.1.1.0 mask 255.255.255.0 backdoor

 DIAMONDS#configure terminal
DIAMONDS(config)#router bgp 100
DIAMONDS(config-router)#network 2.2.2.0 mask 255.255.255.0 backdoor

SPADES#show ip route | include 1.1.1.0

D       1.1.1.0 [90/409600] via 192.168.12.1, 00:03:16, FastEthernet0/0

DIAMONDS#show ip route | include 2.2.2.0

D       2.2.2.0 [90/409600] via 192.168.12.2, 00:12:03, FastEthernet0/0

 DIAMONDS#traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2

   1 192.168.12.2 20 msec *  36 msec
  • When the link between router Diamonds and Spades fails it should use AS 300 to reach the 1.1.1.0 /24 network.
DIAMONDS#interface fa 0/0
DIAMONDS(config-if)#shutdown
*Mar  1 02:44:17.459: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 192.168.12.2 (FastEthernet0/0) is down: interface down

*Mar  1 02:44:19.399: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

*Mar  1 02:44:20.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

DIAMONDS(config-if)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
C    192.168.13.0/24 is directly connected, FastEthernet0/1
     2.0.0.0/24 is subnetted, 1 subnets
B       2.2.2.0 [200/0] via 192.168.13.3, 00:00:05
B    192.168.24.0/24 [20/0] via 192.168.13.3, 00:11:17

Backdor Command Sets AD To 200 !!!

DIAMONDS#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/65/84 ms

DIAMONDS#traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2

  1 192.168.13.3 24 msec 24 msec 24 msec
  2 192.168.34.4 36 msec 40 msec 36 msec
  3 192.168.24.2 [AS 200] 76 msec *  56 msec

##########################################################################################################
At
Tags::