Hacking network infrastructure

Routing protocols form the core functions of all IP networks. Their proper operation ensures the correct and uninterrupted traffic flow. The course consists of alternating hands-on and lecture sessions. This course is valid to all those who are interested to learn to protect network infrastructure.

All participants must have a working knowledge and hands-on experience on BGP, OSPF, IPv6 and multicast. This course is not an introduction/basic level course to any of the aforementioned technologies.

The practise environment is based on Cisco IOS and Kali Linux and therefore fluent Cisco IOS -experience and basic Linux skills are highly recommended.

Lectures in Finnish, materials in English


Introduction to hacking
• Hacking in general
• Goals of hacking the infrastructure
• Hacking challenges
• Infrastructure protection mechanisms
• Cracking MD5

Hacking BGP

  • Purpose of BGP
  • BGP connectivity options
  • Routing policy tools in BGP
    • BGP attributes
    • BGP route filtering
    • BGP route selection
  • BGP modes of operation
    • iBGP, eBGP
  • BGP vulnerabilities
    • TCP attacks, MD5 attacks, BGP message attacks, DoS
  • Attack vectors and tools
    • BGP targets for attack
    • Attack platform options
  • BGP defences
    • Router hardening, Authentication, BGP TTL check, route filtering, Route Flap Dampening
  • Exercises: Traffic attractors, directors, prefix-lists


Hacking OSPF

  • Link-state routing
  • OSPF basics
    • Neighborships, route advertisements, area hierarchy
  • OSPF strengths and vulnerabilities
  • Attack vectors and tools
    • Neighborship attacks, route insertion, replay attacks, DoS
  • OSPF defences
    • Router hardening, authentication, using IPSec in OSPFv3
  • Exercise: OSPF neighborship formation, LSA-advertising


Hacking IPv6

  • IPv6 basics
    • Architecture, protocol, IPv6-addresses, LAN-operation, router discovery, DNS
  • IPv6 key issues: addressing and LAN operations
    • Protocol weakness analysis: Host discovery, ND, routing headers
    • Attack vectors and tools. LAN discovery, global Google/DNS reconnaissance
    • IPv6 defences
  • ICMPv6 weakness analysis
  • ICMPv6 attack vectors and tools
    • RA attack, ND attacks, SEND, Redirect, MITM, DAD, ICMPv6+DHCPv6, Smurf
  • ICMPv6 defences
    • RA guard, IDS
  • Exercises: THC-toolkit in Kali/Linux
Näytä lisää Sulje
Mika Ilvesmäki
Mika Ilvesmäki kouluttava konsultti Tämä sähköpostiosoite on suojattu spamboteilta. Tarvitset JavaScript-tuen nähdäksesi sen.

Käytännön ja teorian yhteen sitova kouluttaja. Ydinosaaminen: L2/L3 –tekniikat ja Cisco- ympäristöt.
Opiskelut: TkT