PoisonTap - siphons cookies, exposes internal router & installs web backdoor on locked computers

Created by @SamyKamkar || https://samy.pl
Source code: https://github.com/samyk/poisontap

When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer, it:

• emulates an Ethernet device over USB (or Thunderbolt)
• hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
• siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
• exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
• installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning
• allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain
• does not require the machine to be unlocked
• backdoors and remote access persist even after device is removed and attacker sashays away

Live demonstration and more details available in the video: 

PoisonTap evades the following security mechanisms:

• Password Protected Lock Screens
• Routing Table priority and network interface Service Order
• Same-Origin Policy
• X-Frame-Options
• HttpOnly Cookies
• SameSite cookie attribute
• Two-Factor/Multi-Factor Authentication (2FA/MFA)
• DNS Pinning
• Cross-Origin Resource Sharing (CORS)
• HTTPS cookie protection when Secure cookie flag & HSTS not enabled

---

PoisonTap

PoisonTap is built for the $5 Raspberry Pi Zero without any additional components other than a micro-USB cable & microSD card, but can work on other devices that can emulate USB gadgets such as USB Armory and LAN Turtle.

(incredible HTML5 canvas animation by Ara)

Video Demo: https://youtu.be/Aatp5gCskvk

Point of Contact: @SamyKamkar // https://samy.pl

Released: November 16, 2016

Source code and download: https://github.com/samyk/poisontap

How hacker crack your password

Original Title: Beware! This are the 6 ways by which hackers crack your Password

If your bank account or online accounts like Gmail, Yahoo, Facebook or Twitter has ever been hacked, you should know that the cyber criminals use specific trick to get into your account. With passwords being the central theme of almost all your accounts, hackers prefer to go after your password to hack into your financial as well as online accounts.

If your account is hacked, the criminals probably used one of the 6 below given ways to crack your account. If you study these methods you can prepare yourself better to repel such hacks and control your accounts easily.

Brute force attack

Brute force is about overpowering the computer’s defenses by using repetition. Brute force attack is a random trial and error method hack repeated till the password is finally cracked. Hackers randomly keep applying names and numbers to crack password through this pattern. Sometimes, a lot of guesswork is also used to decode password. Arithmetic numbers, birth date, pet’s name, favourite actor’s name are the password that users commonly use.



Dictionary Hacking

Dictionary hacking is also a form of brute force attack. But in Dictionary hack, hackers use various permutations and combinations of dictionary words. They repetitively use the dictionary software and try various combination of words to crack your password. A report says, over 50 percent of the passwords are cracked through this process.

Brute force dictionaries always start with simple letters “a”, “aa”, “aaa”, and then eventually moves to full words like “dog”, “doggie”, “doggy”. These brute force dictionaries can make up to 50 attempts per minute in some cases.



Phishing

Phishing is another most commonly used tool of hackers to to acquire  usernames and passwords. Also, phishing is the most used method because it takes just a trick to fool the victim into divulging his/her login credentials. Most trojans spread through phishing while sometimes hackers create cloned websites or fake internet address is created wherein you are asked to fill in your username and password details.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Spidering attack

Another hacking tool is the Spidering attack. Just as the name suggests, hackers also crawl your website like a spider and collect all the common information. Cyber criminals normally use spidering attack to target big companies.

A spider is a tool that crawls a website looking for all the available content. There’s a few different ways to discover content:



– Static Content
– Dirbuster
– HTTP Method
– Ascension Fuzz
– Query Fuzz
– Cookie Fuzz
– Robots.txt / Sitemap.xml
– RIA Checks
– UserAgent
– Regexp path/url
– Public cache search
– /status

Keylogger attack

This hacking tool is very similar to Phishing and is generally spread through malware infection. The victim is usually trapped into installing a keylogger on his/her PC/Laptop by clicking on an attachment is sent to victim email. The moment you download the attachment, it scans through your browser. Once installed, the keylogger records all your Internet activity which is than relayed back to the command and control servers.

Rainbow Table

While you might think of Rainbow Tables as eclectic colorful furniture, those aren’t the ones we are going to discuss. The Rainbow Tables that we are talking about are used to crack passwords and are yet another tool in the hacker’s ever growing arsenal.

This method requires a good knowledge of computers and coding.Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be. It’s possible for two different passwords to result in the same hash so it’s not important to find out what the original password was, just as long as it has the same hash. The plaintext password may not even be the same password that was created by the user, but as long as the hash is matched, then it doesn’t matter what the original password was.

The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables themselves, Storage these days is plentiful and cheap so this is not a big issue for hackers. You can also get  precomputed Rainbow Tables for cracking passwords of vulnerable operating systems such as Windows XP, Vista, Windows 7, and applications using MD5 and SHA1 as their password hashing mechanism (many web application developers still use these hashing algorithms).

Credits to Vijay Prabhu
Do drop in your comments about the above six methods of password cracking.

Find ip address in windows 7 using command prompt

The fastest way to check your computer ip address in windows 7 using cmd.exe

At Start, search for cmd.exe. Select to run the cmd.exe

Type ipconfig in the cmd.exe. Then press enter.

You may see some result shown in the command prompt. Search for wireless if you are currently connected to wireless network, else look for local area network Ethernet adapter

Congratulations. The IPv4 as shown is the computer local area network ip address. And this is the easiest and fastest way to find ip address in windows 7 using command ipconfig.

2014 Exam Answers - CCNA 1 Chapter 8 v5 0

1

Fill in the blank.

The decimal equivalent of the binary number 10010101 is    ”149” .

2



Place the options in the following order:

[+] 192.168.100.161/25

[+] 203.0.113.100/24

[+] 10.0.50.10/30

[#] 192.168.1.80/29

[#] 172.110.12.64/28

[#] 10.10.10.128/25

[*] 10.0.0.159/27

[*] 192.168.1.191/26

[+] Order does not matter within this group.

[#] Order does not matter within this group.

[*] Order does not matter within this group.

3

What is indicated by a successful ping to the ::1 IPv6 address?

The link-local address is correctly configured.

The default gateway address is correctly configured.

The host is cabled properly.

All hosts on the local link are available.

IP is properly installed on the host.*

4



Launch PT - Hide and Save PT

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Which message is displayed on the web server?

Correct configuration!*

IPv6 address configured!

You did it right!

Successful configuration!

5

Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)​

router solicitation

protocol unreachable*

neighbor solicitation

route redirection*

router advertisement

6

A message is sent to all hosts on a remote network. Which type of message is it?

unicast

directed broadcast*

limited broadcast

multicast

7

Which two things can be determined by using the ping command? (Choose two.)

the average time it takes each router in the path between source and destination to respond

the average time it takes a packet to reach the destination and for the response to return to the source*

whether or not the destination device is reachable through the network*

the IP address of the router nearest the destination device

the number of routers between the source and destination device

8

A DHCP server is used to assign IP addresses dynamically to the hosts on a network. The address pool is configured with 192.168.10.0/24. There are 3 printers on this network that need to use reserved static IP addresses from the pool. How many IP addresses in the pool are left to be assigned to other hosts?

253

252

251*

254

9

Which two parts are components of an IPv4 address? (Choose two.)

logical portion

network portion*

physical portion

broadcast portion

host portion*

subnet portion

10

Which IPv6 address is most compressed for the full FE80:0:0:0:2AA:FF:FE9A:4CA3 address?​

FE80::2AA:FF:FE9A:4CA3*

FE80::0:2AA:FF:FE9A:4CA3​

FE80:::0:2AA:FF:FE9A:4CA3​

FE8::2AA:FF:FE9A:4CA3​

11



12

What are three parts of an IPv6 global unicast address? (Choose three.)

an interface ID that is used to identify the local host on the network*

an interface ID that is used to identify the local network for a particular host

a subnet ID that is used to identify networks inside of the local enterprise site*

a global routing prefix that is used to identify the network portion of the address that has been provided by an ISP*

a global routing prefix that is used to identify the portion of the network address provided by a local administrator

13



14

Which network migration technique encapsulates IPv6 packets inside IPv4 packets to carry them over IPv4 network infrastructures?

encapsulation

translation

dual-stack

tunneling*

15

When an IPv6 enabled host needs to discover the MAC address of an intended IPv6 destination, which destination address is used by the source host in the NS message?

global unicast address of the receiver

solicited-node multicast address*

all-node multicast address

link-local address of the receiver

16

When a Cisco router is being moved from an IPv4 network to a complete IPv6 environment, which series of commands would correctly enable IPv6 forwarding and interface addressing?

Router# configure terminal

Router(config)# interface fastethernet 0/0

Router(config-if)# ip address 192.168.1.254 255.255.255.0

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# ipv6 unicast-routing

Router# configure terminal

Router(config)# interface fastethernet 0/0

Router(config-if)# ipv6 address 2001:db8:bced:1::9/64

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# ipv6 unicast-routing ***********

Router# configure terminal

Router(config)# interface fastethernet 0/0

Router(config-if)# ipv6 address 2001:db8:bced:1::9/64

Router(config-if)# no shutdown

Router# configure terminal

Router(config)# interface fastethernet 0/0

Router(config-if)# ip address 2001:db8:bced:1::9/64

Router(config-if)# ip address 192.168.1.254 255.255.255.0

Router(config-if)# no shutdown

​

17

What two statements describe characteristics of Layer 3 broadcasts? (Choose two.)

There is a broadcast domain on each switch interface.

Routers create broadcast domains.*

A router will not forward any type of Layer 3 broadcast packet.

Broadcasts are a threat and users must avoid using protocols that implement them.

A limited broadcast packet has a destination IP address of 255.255.255.255.*

Some IPv6 protocols use broadcasts.

18

Which two statements are correct about IPv4 and IPv6 addresses? (Choose two.)

IPv6 addresses are represented by hexadecimal numbers.*

IPv6 addresses are 32 bits in length.

IPv4 addresses are 128 bits in length.

IPv4 addresses are represented by hexadecimal numbers.

IPv4 addresses are 32 bits in length.*

IPv6 addresses are 64 bits in length.

19

What is the prefix length notation for the subnet mask 255.255.255.224?

/26

/28

/27*

/25

20

Fill in the blank.

What is the decimal equivalent of the hex number 0x3F?   “63”

21

What are two types of IPv6 unicast addresses? (Choose two.)

anycast

link-local*

multicast

loopback*

broadcast

22

When will a router drop a traceroute packet?

when the router receives an ICMP Time Exceeded message

when the host responds with an ICMP Echo Reply message

when the value in the TTL field reaches zero*

when the values of both the Echo Request and Echo Reply messages reach zero

when the RTT value reaches zero

23

An IPv6 enabled device sends a data packet with the destination address of FF02::1. What is the target of this packet?

all IPv6 configured routers across the network

all IPv6 configured routers on the local link

all IPv6 enabled nodes on the local link*

all IPv6 DHCP servers

24

How many bits are in an IPv4 address?

256

128

64

32*

CCNA 4 R&S Year 2014: Connecting Networks Chapter 1 v5.0 Exam Question with Answers

Connecting Networks Chapter 1 v5.0 Exam Answers 2014

1 
What are two structured engineering principles necessary for successful implementation of a network design? (Choose two.)

modularity*
security
availability
quality of service
resiliency*

2 
What is an important first consideration when starting to design a network?

size of the network* 
access security
protocols to be used
type of applications

3 
Which layer of the Cisco Collaboration Architecture contains unified communications and conference software such as Cisco WebEx Meetings, WebEx Social, Cisco Jabber, and TelePresence?

service provider edge
enterprise WAN
applications and devices* 
services module

4 
In which layer of the hierarchical enterprise LAN design model would PoE for VoIP phones and access points be considered?

core
physical
data link
access* 
distribution

5 
Which network module is the fundamental component of a campus design?

access-distribution module* 
services module
data center
enterprise edge

6 
In a hierarchical network design, which layers may be combined into a collapsed core for smaller networks?

core, distribution, and access
distribution and access
core and access
core and distribution*

7

Refer to the exhibit. Which type of ISP connectivity to the service provider edge is being used by company A?

dual-homed
dual-multihomed
single-homed
multihomed*

8 
What is one advantage to designing networks in building block fashion for large companies?

mobility
redundancy
increased network access time
failure isolation*

9 
A network engineer wants to redesign the wireless network and make use of wireless network controllers that manage the many deployed wireless access points. In which network design module of the campus network architecture would the centralized wireless network controllers be found?

services* 
access-distribution
enterprise edge
data center

10 
Which two devices would commonly be found at the access layer of the hierarchical enterprise LAN design model? (Choose two.)

Layer 3 device
firewall
access point* 
Layer 2 switch* 
modular switch

11 
Which approach in networking allows for network changes, upgrades, or the introduction of new services in a controlled and staged fashion?

modular* 
network module
borderless
static

12

Refer to the exhibit. Which type of Cisco hierarchical LAN design model is used at school site 1?

7 layer
two-tier collapsed core* 
three-tier
3 layer

13 
Which three network architectures have been introduced by Cisco to address the emerging technology challenges created by the evolving business models? (Choose three.)

Cisco Collaboration* 
Cisco Data Center* 
Cisco Borderless* 
Cisco Enterprise Edge
Cisco Enterprise Campus
Cisco Enterprise Branch

14 
Which Cisco technology allows diverse network devices to connect securely, reliably, and seamlessly to enterprise network resources?

Cisco AnyConnect*
enterprise edge
building distribution
service provider edge

15 
The network design for a college with users at five sites is being developed. Where in the campus network architecture would servers used by all users be located?

services
enterprise edge
data center* 
access-distribution

16 
What is creating a new challenge for IT departments by changing the border of the enterprise network?

tablets* 
company-owned desktops
energy costs
access layer switching

17 
Which network architecture functions through a combination of technologies that include wired, wireless, security, and more?

Cisco Borderless* 
Cisco Enterprise Campus
Cisco Enterprise Edge
Cisco Enterprise Branch

18 
Which network architecture combines individual components to provide a comprehensive solution allowing people to cooperate and contribute to the production of something?

Cisco Enterprise Campus Architecture
Cisco Enterprise Branch Architecture
Cisco Borderless Network Architecture
Cisco Collaboration Architecture*

19 
Fill in the blank.
Reducing the complexity of network design by dividing a network into smaller
areas is an example of a ” hierarchical ” network model.​

20 
Fill in the blank. Use the abbreviation.
Under the Cisco Enterprise Edge module, the submodule that provides remote access
including authentication and IPS appliances is the ” VPN ” and remote access submodule.

21

Place the options in the following order:

- not scored – 
core 
ccess 
distribution

JAN2012 - Chapter 1 CCNA Exploration 4.0 EWAN Answer and Question

1. Which statement is true about the differences between a WAN and a LAN?
WANs generally support higher bandwidth than LANs support.
A WAN link typically traverses shorter geographic distances than a LAN link traverses.
A WAN often relies on the services of carriers, such as telephone or cable companies, but a LAN does not.
All WAN implementations generally use the same Layer 2 protocol but there are many accepted LAN Layer 2 protocols in use.

2. A U.S. company requires a WAN connection used only to transfer sales data from individual stores to the home office. All transfers will occur after business hours. The required bandwidth for this connection is estimated to be less than 38 kbps. Which type of connection requires the least investment for this company?
ATM
ISDN
analog dialup
T1 Leased Line

3. What are two advantages of an analog PSTN WAN connection? (Choose two.)
low cost
availability
traffic encryption
available bandwidth
support for voice and video

4. Which WAN technology uses a fixed payload of 48 bytes and is transported across both switched and permanent virtual circuits?
ATM
ISDN
Frame Relay
metro Ethernet

5. Which three WAN devices can be found in the cloud? (Choose three.)
ATM switches
core routers
CSU/DSU
Ethernet switches
Frame Relay switches
repeaters

6. Which term describes a device that will put data on the local loop?
DLCI
DTE
DCE
BRI
PRI

7. What is an advantage of packet-switched technology over circuit-switched technology?
Packet-switched networks are less susceptible to jitter than circuit-switched networks are.
Packet-switched networks can efficiently use multiple routes inside a service provider network.
Packet-switched networks do not require an expensive permanent connection to each endpoint.
Packet-switched networks usually experience lower latency than circuit-switched networks experience.

8. Which statement is true about data connectivity between a customer and a service provider?
Normally the CSU/DSU is the designated demarcation point for the service provider but not the customer.
The segment between the demarcation point and the central office is known as the “last mile.”
The local loop is the segment between the CSU/DSU and the serial port on a router.
Putting data on the local loop is the responsibility of the DTE.

9. A company needs a WAN connection that is capable of transferring voice, video, and data at a minimum data rate of 155 Mbps. Which WAN connection is the best choice?
X.25
DSL
ATM
ISDN BRI
ISDN PRI

10. Which statement is true of the functionality of the layers in the hierarchical network model?
The purpose of the access layer is to provide very high bandwidth communications between network devices.
Most security screening to prevent unauthorized entry to the network happens at the core layer.
Untrusted external connections are segmented from the rest of the network at all three levels.
The distribution layer aggregates WAN connections at the edge of the campus.

11. Why is the call setup time of a circuit-switched WAN implementation considered a drawback?
Routing protocols are incompatible with this function.
It restricts the communication sent to voice traffic only.
A telephone must be used to initially start transferring data.
Data cannot be transferred until a circuit has been established.

12. For digital lines, which device is used to establish the communications link between the customer equipment and the local loop?
CSU/DSU
Frame Relay switch
ISDN switch
modem
PBX switch

13. Which packet-switched WAN technology offers high-bandwidth connectivity capable of managing data, voice, and video all on the same infrastructure?
Time Division Multiplexing (TDM)
metro Ethernet
Integrated Services Digital Network (ISDN)
Public Switched Telephone Network (PSTN)

14. Which networking device is typically used to concentrate the dial-in and dial-out traffic of multiple users to and from a network?
core router
access server
Frame Relay switch
ATM switch

15. Which two devices are commonly used as data communications equipment? (Choose two.)
modem
router
CSU/DSU
ISDN switch
Ethernet switch

16. Which two features are identified with Frame Relay connections? (Choose two.)
53-byte cells
DLCI
DSLAM
PVC
SPID

17. Which statement about WAN protocols is correct?
ATM differs from other WAN protocols in that it uses variably sized packets.
Most WAN protocols use HDLC or a variant of HDLC as a framing mechanism.
The frame header consists of the frame check sequence and cyclic redundancy check.
ISDN differs from Frame Relay, HDLC, and ATM in that it is packet-switched rather than circuit-switched technology.

18. Which switching type will allow the communication devices in the provider network to be shared and only allocated to an individual subscriber during data transfer?
circuit-switched
dedicated switched lines
frame-switched
packet-switched

19. What can cause a reduction in available bandwidth on a cable broadband connection?
smaller cells
number of subscribers
committed information rate
distance from the central office of the provider

20. What three terms are associated with ISDN PRI? (Choose three.)
cell
DLCI
circuit switching
packet switching
data bearer channels
time-division multiplexing

21. At which two layers of the OSI model does a WAN operate? (Choose two.)
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Presentation Layer
Application Layer

22. What type of connectivity is established when VPNs are used from the remote site to the private network?
PVCs
DLCIs
tunnels
dedicated Layer 2 links

Update : Links

UCEN 3133 Advanced Computer Networks - Tutorial 5 - Year 2012

Tutorial 5 – Routing and Traffic Engineering

1. Why is conventional IP routing mechanisms such as RIP incapable of supporting constraint based routing (CBR) ? Based on your answer:

     (i)            Explain why CBR routing is supported by a variant of link state routing protocols such as OSPF

   (ii)            Give two reasons why a MPLS network is particularly suited to support CBR

Constraint-based routing requires route calculation at the source as different sources may have different constraints for a path to the same destination, and the constraints associated with a particular source router are known only to that router, but not to any other router in a network. In IP routing such as RIP, every router in a network is involved in computation of a route is in a distributed fashion.

i) Link-State Routing Protocols floods the network with information about all links in the network (in addition to constraint-related information associated with that link), hence allowing the source router to perform the entire route calculation

ii) The LSRs within the core MPLS network only switch on the basis of these labels and no longer make any forwarding decisions of their own based on the IP header (which is what happens in conventional routing).

Mapping between an FEC and an LSP is completely confined to the edge LSR at the head end of the LSP. The decision as to which packets will take a particular explicit route is completely achieved by this edge LSR, noone else is involved.

2. What is the common additional feature used in extending RSVP and LDP to support CBR, and briefly explain how this feature is used as part of CR-LDP ?

The Explicit Route Object (ERO) contains the explicit route that the message has to take. Forwarding of a message containing a ERO by a router is determined not by the IP destination address, but the content of the ERO. The ERO consists of an ordered sequence of “hops,” where the sequence specifies an explicit route and each hop is represented by an “abstract node.”, which is a group of one or more routers

1. A LSR determines the explicit route to be established and constructs a ERO that contains this route.
2. This LSR then constructs a LDP LABEL REQUEST message and includes ERO in this message, and finds the first abstract node in ERO and forwards this message onwards to it.
3. The receiving LSR removes the abstract node associated with it and forwards it onwards to the next  LSR specified in the ERO
4. This process is repeated until it finally arrives at the destination LSR.
5. This LSR then constructs a LABEL MAPPING message and sends it back on the same route – each LSR along the way will use the label to populate its label forwarding message.
6. When it reaches the original LSR, the labels would have established a complete LSP from the original LSR to the destination.

3. List 5 common traffic parameters that are part of the CR-LDP specification and briefly explain their purpose.

• Peak data rate (PDR), Peak burst size (PBS)
• Committed data rate (CDR), Committed burst size (CBS)
• Excess burst size (EBS)

Peak data rate and burst size together define a token bucket, which characterizes the maximum rate of traffic that is expected to be sent down this LSP. Committed data rate and burst size define a token bucket characterizing the average rate at which traffic is expected to be sent on this LSP. Excess burst size defines another token bucket that can be used to characterize the amount by which bursts may exceed the committed burst size.

4. Resource reservation for QOS purposes using RSVP may cause problems in a MPLS network that uses link state routing protocols such as CSPF. Explain briefly the cause of this problem, and how it is addressed.

Establishing a route for a particular traffic flow may require resource reservation along the route using RSVP. Once resources (such as bandwidth) of a link are reserved, the attributes of these links will change (since bandwidth is usually one of the attributes). In link state routing protocols such as CSPF, when the attribute of a given link changes, the node to which the link is connected floods this information throughout the network. Since resource reservation happens quite frequently, flooding also happens frequently which results in high network overhead.

This can be addressed by establishing an upper bound on the frequency of flooding of information when a link attribute changes.

5. List the drawbacks of using RSVP and CR-LDP respectively in a MPLS network.

RSVP makes reservations for individual microflows between single applications, which does not scale well as  the number of microflows in a large IP network is very large. RSVP’s soft state also requires constant refreshing which consumes bandwidth and processing resources.

CR-LDP, by contrast, runs on top of TCP. TCP’s congestion avoidance may limit the transfer of information between LSRs. There is overhead involved in establishing an adjacency between two LSRs because they must go through TCP’s handshake sequence before initiating an LDP session.

6. What is meant by a routing transient and name 2 factors that influence the duration of a routing transient within a network based on conventional IP routing

Routing transients refer to episodes in a network where routing information across a network is changing, mainly due to failures of links or routers or both. At such times, the routing information stored at different routers may be temporarily inconsistent.

The duration of routing transients depends on two factors: - The time it takes for a router adjacent to the failed link (or node) to detect the failure, and the time it takes to distribute this information among all the routers and for them to recompute their forwarding tables based on this information (converge on the failure).

7. What is the motivation behind the use of a protection LSP in a MPLS ? Briefly explain how it is set up and used in that context.

Protection LSPs are used to handle link failures in an MPLS, so that when a link fails, the LSR attached to that link can channel all traffic destined for that link on to the alternative protection LSP.

When a link between two LSRs fail, the information about this failure will be distributed (via OSPF or IS-IS) to all the LSR. Once the original LSR gets this information, it can use constraint-based routing to compute a new route (the protection LSR). Or it may already have a precomputed alternative route

To route traffic onto the new route, the LSR pushes a new label corresponding to the protection LSP into the label stack of all incoming packets, allowing them to be switched over the protection link.

8. The Constrained Shortest Path First (CSPF) algorithm is typically employed in a MPLS network for TE purposes during the construction of routing tables. In the process of constructing a routing table based on CSPF, what are the tiebreaking factors used to arbitrate between two paths of equal hop cost ?                    

For tie break

1. Take the path with the largest minimum available bandwidth.
2. If there is still a tie, take the path with the lowest hop count (the number of routers in the path).
3. If there is still a tie, take one path at random.

9. Consider a MPLS network of routers (A-E) as shown below. The parenthesis pair that labels each link between the routers is used to denote the hop cost and bandwidth available, respectively. For example, the link between A and B has a hop cost of 2 and a bandwidth of 90 Mbps. CSPF is now used to calculate the best path to router D from router A, given a constraining bandwidth of 70 Mbps. Show all steps involved in constructing router A’s table to determine this best path. In your working, show all tentative routes possible and mark them as cancelled if they do not qualify to be used.

Configured constraint 70 Mbps

PATH list	TENT List
{A, 0, self, N/A}

PATH list	TENT List
{A, 0, self, N/A}	{B, 2, B, 90} {C, 8, C, 80} {D, 10, D, 100}

PATH list	TENT List
{A, 0, self, N/A} {B, 2, B, 90}	{E, 3, B, 90} {C, 7, B, 90}  [1] {C, 8, C, 80} -> cancel {D, 10, D, 100} {D, 10, B, 80} -> cancel

PATH list	TENT List
{A, 0, self, N/A} {B, 2, B, 90} {E, 3, B, 90}	{C, 7, B, 90} {D, 10, D, 100} {D, 10, B, 90} -> cancel   [2]

PATH list	TENT List
{A, 0, self, N/A} {B, 2, B, 90} {E, 3, B, 90} {C, 7, B, 90}	{D, 10, D, 100} {D, 8, B, 50} -> cancel    [3]

PATH list	TENT List
{A, 0, self, N/A} {B, 2, B, 90} {E, 3, B, 90} {C, 7, B, 90} {D, 10, D, 100}

[1] {C, 7, B, 90} – The required format is {destination, cost, next hop, minimum bandwidth}. If we take the newly added node to the PATH list {B, 2, B, 90}, this means that the destination is B, cost = 2, next hop to get to B is also B, and minimum bandwidth on all the routes to B is 90. Now when we consider connection to C from B, the entry for the TENT list becomes {C, 7, B, 90}. 90 because if we consider from A->B->C, the minimum bandwidth on all the links encountered is 90. The logic of taking the minimum bandwidth is that the delay along any given path is most affected by the link on that path with the smallest bandwidth. So if a packet was going from A -> C, the slowest  travel time would be from A to B. Therefore, if we have two paths to C with exactly the same cost, then as a tie breaker we would pick the path with the highest bandwidth (remember the rule).

[2] {E, 3, B, 90} -> This means the shortest path to E from A has a total cost of 3, with next hop B, and minimum bandwidth among all the links so far is 90. E has a connection with metric {7,100} to D. So the total cost from A to D now becomes 10. The next hop is still B. The minimum bandwidth is still 90 (because the E-D bandwidth is 100). So, the correct entry becomes {D, 10, B, 90}, which is cancelled because its bandwidth is lower than the existing entry of {D, 10, D, 100} -> remember, in tie breaker we choose the one with the highest bandwidth

[3] {C, 7, B, 90} -> This means the shortest path to C from A has a total cost of 7, with next hop B, and minimum bandwidth among all the links so far is 90. C  has a connection with metric {1,50} to D. So the total cost from A to D now becomes 8. The next hop is still B. The minimum bandwidth becomes 50 (because this is lower than the previous lowest of 90). So, the correct entry becomes {D, 8, B, 50}, which is cancelled because the bandwidth of 50 is less than the initial configured constraint of 70 as given in the question.

10. A multimedia network that provides QOS guarantees uses a leaky bucket policer in one of its routers to ensure that the incoming packet traffic does not exceed the TSpec specification agreed upon during an initial session of Integrated Services (IntServ). The following are the features of this policer:

·         The token buffer can hold at most three (3) tokens, and is initially filled with two (2) tokens at time slot t = 0.

·         New tokens arrive into the bucket at a rate of two (2) tokens per time slot. Packets arrive at the beginning of a time slot and enter the packet queue, where they are processed and transferred to the output link in a First In First Out (FIFO) manner.

·         The size of the packet queue is four  (i.e. it can queue a maximum of 4 packets at any given time slot); any extra arriving packets are dropped.

·         Packets that obtain available tokens in a given time slot go together on the same time slot in the output link.             

Time slot	Incoming Packets
0	A B C D
1	E F
2	G
3	-
4	-
5	H I J K
6	L M N O
7	P Q
8	-
9	R S T

The table shows incoming packets from the network into the router with the policer, from time slot t = 0 to time slot t = 9. Based on this information, construct a new table with columns showing the packets in queue, tokens in bucket and packets on output link from time slot t = 0 to t = 9.                                            

Time slot	Packets in queue	Tokens in bucket	Packets at output
0	A B C D	2	A B
1	C D E F	2	C D
2	E F G	2	E F
3	G	2	G
4	-	3	-
5	H I J K	3	H I J
6	K L M N	2	K L
7	M N P Q	2	M N
8	P Q	2	P Q
9	R S T	2	R S