Author: Valter Popeskic

There is so much about MPLS and how MPLS works. Here I wrote some simple introductory lines about it but only from one perspective. The costumer side one. There is nothing here about BGP and all the things that need to be done and configured in order for MPLS to function in ISP cloud. As an introductory in MPLS this text will take you to the central office and branch side of the MPLS configuration and in this way it will be simpler to explain and enter in the world of MPLS networking technology.

MPLS

In MPLS networks, packets are sending with special MPLS prefix before IP packet data. With an MPLS header that is sometimes mentioned as a label stack. In MPLS header there are labels, every label with some value:

• Traffic-class field, important for quality of service – QoS
• Bottom-of-stack flag
• 8-bit time-to-live – TTL field

ICMP flood

Smurf attack is one specific form of a flooding DoS attack that occurs on the public Internet. It solely depends on incorrect configuration network equipments that permit packets that are supposed to be sent to all hosts of computer on a specific network not via any machine but only via network’s broadcast address. Then the network actually works or serves as a smurf amplifier. In an attack like this, the killers or the perpetrators will send IP packets in huge number displaying the fake source address as to show that it is a victim’s address.

When a number of systems i.e. one or more than one web server floods the resources and bandwidth of a targeted system then a distributed denial of service attack (DDoS) takes place, Different types of methods are used by attackers in order to compromise the systems.

It is the malware that can carry out the mechanisms of DDoS attack; its best example was MyDoom. The mechanism of its DoS was actually triggered on a specific time and date. The DDoS of this kind involves hardcoding of the target IP address before the release of malware and there was no need of communication for launching the attack.

It can also happen that the system may be compromised with a trojan, giving a permission to the attacker downloading a zombie agent (sometimes the trojan already contain one). Attackers can destroy the systems with the help of automated tools that exploit the faults present in programs and listen for connections from far away hosts. The primary concern of this scenario is that the systems start serving as web servers.

One of the classic examples of DDoS tool is Stacheldraht DDoS tool. A layered structure is used and the attacker make use of a client program for connecting to the handlers, and these are compromised systems that send commands to the zombie agents, which give rise to DDoS attack. The handlers can control the agents with the use of automated routines in order to exploit program’s vulnerabilities that accept the connections running far away on the targeted hosts. Every single handler has a capacity to control up to 1000 agents.

These systems compromisers are referred to as botnets. Still the DoS tools like Stacheldraht utilizes the classic method of DoS attack centered on IP spoofing as well as amplification like fraggle attacks and smurf attacks (also referred to as bandwidth consumption attacks). Sometimes the SYN floods or resource starvation attacks may be used too. For the purpose of DoS modern tools can utilize DNS servers.

DoS – Denial of Service attack

The concept behind the design of DoS attack is interfering in the normal functions of a server, web site, or other resources of a network. The hackers and even the virus writers can use number of ways in order to get this job done. One of the most common methods is flooding a server with heavy traffic from network so that it becomes difficult to control it. As a result of this heavy traffic it is not possible to carry out the normal functions properly and sometimes this can further lead to server crash.

The only difference in case of DDoS attack is that multiple machines are used in order to conduct it. The master and zombie machines are used by hackers or virus writers in order to co-ordinate the attack across the other. These two machines usually exploit an application’s vulnerability on the machine, to install any malicious code like Trojan.

The VLAN hosts reside in their own broadcast domain and can interact /communicate quite freely. VLANs can build partition of network as well as separation of traffic at layer 2 of the OSI, and as we have discussed earlier about the need of routers, in order to host or if you want any other device to interact between VLANs, then it is essential to use layer-3 device.

The division of the LAN into multiple VLAN is basically the same like separating them into different physical LANs. In this case is clear that you will need a router if you want to go from one LAN to another.