Home
Search results “Ppp chap secret”
CCNA Routing & Switching: PPP Authentication
 
15:40
The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994 leavingcisco.com) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994 leavingcisco.com. Prerequisites Requirements Readers of this document should have knowledge of these topics: How to enable PPP on the interface through the encapsulation ppp command. The debug ppp negotiation command output. Refer to Understanding debug ppp negotiation Output for more information. Ability to troubleshoot when the Link Control Protocol (LCP) phase is not in the open state. This is because, the PPP authentication phase does not begin until the LCP phase is complete and is in the open state. If the debug ppp negotiation command does not indicate that LCP is open, you need to troubleshoot this issue before you proceed. Note: This document does not address MS-CHAP (Version 1 or Version 2). For more information on MS-CHAP, refer to the MS-CHAP Support and MSCHAP Version 2 documents. Components Used This document is not restricted to specific software and hardware versions. Conventions For more information on document conventions, see the Cisco Technical Tips Conventions. Configure CHAP The procedure to configure CHAP is fairly straightforward. For example, assume that you have two routers, left and right, connected across a network, as shown in figure 1. Figure 1 – Two Routers Connected Across a Network understanding_ppp_chap7.gif To configure CHAP authentication, complete these steps: On the interface, issue the encapsulation ppp command. Enable the use of CHAP authentication on both routers with the ppp authentication chap command. Configure the usernames and passwords. To do so, issue the username username password password command, where username is the hostname of the peer. Ensure that: Passwords are identical at both ends. The router name and password are exactly the same, because they are case-sensitive. Note: By default, the router uses its hostname to identify itself to the peer. However, this CHAP username can be changed through the ppp chap hostname command. Refer to PPP Authentication Using the ppp chap hostname and ppp authentication chap callin Commands for more information. One-Way and Two-Way Authentication CHAP is defined as a one-way authentication method. However, you use CHAP in both directions to create a two-way authentication. Hence, with two-way CHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication. However, the calling party can also verify the identity of the called party, and this results in a two-way authentication. One-way authentication is often required when you connect to non-Cisco devices. For one-way authentication, configure the ppp authentication chap callin command on the calling router. Table 1 shows when to configure the callin option. Table 1 – When to Configure the Callin Option Authentication Type Client (calling) NAS (called) One-way (unidirectional) ppp authentication chap callin ppp authentication chap Two-way (bidirectional) ppp authentication chap ppp authentication chap For more information on how to implement one-way authentication, refer to PPP Authentication Using the ppp chap hostname and ppp authentication chap callin Commands. CHAP Configuration Commands and Options Table 2 lists the CHAP commands and options: Table 2 – CHAP Commands and Options Command Description ppp authentication {chap | ms-chap | ms-chap-v2 | eap |pap} [callin] This command enables local authentication of the remote PPP peer with the specified protocol. ppp chap hostname usern
Cisco CCNA Packet Tracer Ultimate labs: PPP & PPP CHAP: Answers Part 1
 
06:27
Packet Tracer file (PT Version 7.1): https://goo.gl/iJg2cJ Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course). For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. #CCNA #PacketTracer #CCENT The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: ● A method for encapsulating multi-protocol datagrams. ● A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. ● A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994 Transcription: In this lab you need to configure Point-to-Point Protocol or PPP. Okay, so we’ll start the required tasks first. The first thing we need to do is configure the link between Customer 1 and ISP1 with PPP. So in other words, this link here needs to be configured with PPP. I’ll start with ISP 1. The ISP router has booted up. Go to enable mode, show ip interface brief We can see in the output that this interface gigabit 0.0.1 is configured with IP address 8.8.8.2 interfaces up up. This interface serial 0.1.0 the link to the customer is currently administratively shutdown. show interface serial 0.1.0 shows us that this interface is configured with default encapsulation of HDLC. The interface is once again administratively shutdown. So layer 1 and layer 2 are down, notice again that the default encapsulation is HDLC. So I’ll go on to the interface and configure an IP address because no IP address is currently configured on the interface. So ip address 8.8.10.1, the subnet mask it used here is /24 subnet mask. In the real world, on Point-to-Point Protocol links, you’re probably going to use a /30 mask to conserve IP addresses. But in a lab like this we don’t have to worry too much about that. Next thing I’ll configure is the encapsulation which I’m going to set to PPP and then I’ll no shut or enable the interface. So show interface serial 0.1.0 interface is currently up at Layer 1, Layer 2 is down because we haven’t configured the other side of the link. Notice the capsulation is now PPP, LCP or Link Control Protocol, is closed. NCPs or Network Control Protocols such as IPCP and CDPCP are also closed because the link is down. so show run that’s the configuration of the ISP side. Let’s do something similar on the customer side. So show interface serial 0.1.0 The physical interfaces is up but the line protocol is down that’s because the encapsulation is HDLC on this side but on the ISP side, it’s PPP. So again, show interface serial 1/0 on the ISP side. Layer 1 is up, Layer 2 is down. Same on the other side, Layer 1 is up, Layer 2 is down. The routers are using different encapsulations, so we need to configure them to use the same encapsulation. Before I do that, do show ip interface brief......
Views: 974 David Bombal
Configure PPP with CHAP for the Cisco CCNA
 
05:39
Using Packet Tracer, I demonstrate how to configure serial interfaces for PPP encapsulation and CHAP authentication. CCNA 4 WAN Protocols http://danscourses.com
Views: 101344 danscourses
Challenge-Response authentication system
 
02:52
Welcome to challenge-response authentication system. For your convenience there's a short presentation below explaining system's operation and site navigation.
Views: 22812 privacytau
chap challenge hadshake authentication protocol,chap protocol tutorial
 
04:10
chap tutorial , what is chap Challenge Handshake Authentication Protocol (CHAP) is similar to PAP with several unique characteristics. Instead of requesting a password, the network access server sends a challenge message to the client machine. The challenge message is a random value. The client machine encrypts the challenge message with a user's password and sends the combination back to the access server. The access server forwards the challenge/password combination to the authentication server. The authentication server encrypts the challenge with the user's password stored in the authentication database. If the user's response is a match, the password is considered authentic. CHAP uses the model of a shared secret (the user password) to authenticate the user. The use of CHAP is considered a moderately secure method of authentication.
Views: 1919 Zariga Tongy
Cisco CCNA Packet Tracer Ultimate labs: PPP & PPP CHAP: Can you complete the lab?
 
05:43
Packet Tracer file (PT Version 7.1): https://goo.gl/iJg2cJ Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course). For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. #CCNA #PacketTracer #CCENT The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: ● A method for encapsulating multi-protocol datagrams. ● A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. ● A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994 Transcription: In this lab you need to configure point to point protocol or PPP. You need to configure Point-to-Point Protocol on the link between ISP 1 and Customer Router 1. You also need to configure Point-to-Point Protocol but with CHAP between ISP3 and Customer 2. In other words you’re going to configure PPP with a CHAP or Challenge Handshake Authentication Protocol. This lab consists of required tasks as well as bonus tasks. The required tasks are once again that you need to configure the link between Customer 1 and ISP1. This link here with PPP. You need to configure this link using PPP CHAP and a password of cisco You then need to configure static default routes on the customer routers pointing to the ISPs. The reason for doing that is that, these devices representing the Internet in this topology of running BGP in autonomous systems 65000, 65001, 65002. So you need to configure the customer routers to use static default routes so that they can send traffic on to the Internet and access the Google DNS server 8.8.4.4 You need to verify that things are working by ensuring that the customer routers can ping the DNS server and that they can ping Cisco.com So make sure that you configure both of the ISP side and customer side with PPP between ISP 1 and ISP 2. Configure IP addresses and anything else that’s relevant and again the side needs to be configured with PPP CHAP. That’s the required portion of the lab but to make the lab more real world, we have some bonus tasks. In the bonus tasks, you need to create a DHCP pool on the customer routers to allocate IP addresses to the PCs. Customer Router 1 needs to be configured with this IP address on gigabit 0.0.0 and it needs to allocate IP addresses to the PC in that subnet. Customer Router 2 needs to be configured with this IP address 10.1.2.1 on gigabit 0 /0 / 0 And you need to configure a DHCP pool on the customer router to allocate IP addresses to this PC in this subnet. Now without giving it away think about all the DHCP options that you need to allocate to your PCs to allow the PCs to ping Cisco.com The verification for this section is that PC 1 and PC 2 can ping Cisco.com. So think about what’s required from a DHCP point of view but also from a NAT or Network Address Translation point of view. You’re going to have to configure both of these routers with network address translation and to be specific; it’s actually port address translation so that the PCs can access the Internet. So make sure that these PCs which are using RFC 1918 addresses, in other words private IP addresses can access the Internet which is a public network. Notice as an example, that the BGP routers on the Internet only know about Network 8, they have no visibility of network 10. You are not going to advertise Network 10 to the Internet. Network 10 is a private IP address; it’s none routable on the Internet because ISPs will block that network. So can you complete this lab? Can you configure the network with PPP, PPP CHAP, DHCP Network Address Translation and DNS information?
Views: 1195 David Bombal
CCNA Lab configuring Point to Point (PPP), CHAP and AAA
 
22:59
Follow me: https://twitter.com/CCNADailyTIPS CCNA Lab configuring PPP, CHAP and AAA The AAA feature allows you to verify the identity of, grant access to, and track the actions of users managing an Cisco NX-OS device. Cisco NX-OS devices support Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control device Plus (TACACS+) protocols. Based on the user ID and password combination that you provide, Cisco NX-OS devices perform local authentication or authorization using the local database or remote authentication or authorization using one or more AAA servers. A preshared secret key provides security for communication between the Cisco NX-OS device and AAA servers. You can configure a common secret key for all AAA servers or for only a specific AAA server.
Views: 35 CCNADailyTIPS
Cisco CCNA Packet Tracer Ultimate labs: PPP & PPP CHAP: Answers Part 5
 
05:51
Packet Tracer file (PT Version 7.1): https://goo.gl/iJg2cJ Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course). For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. #CCNA #PacketTracer #CCENT The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: ● A method for encapsulating multi-protocol datagrams. ● A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. ● A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994
Views: 433 David Bombal
What is PPP & CHAP & PAP Authentication !! How to Configure PPP & Authentication !!
 
16:40
What is PPP in Cisco? What is a PPP authentication? What is encapsulation ppp command?
Views: 467 Narayan Baghel
Cisco CCNA Packet Tracer Ultimate labs: PPP & PPP CHAP: Answers Part 2
 
06:55
Packet Tracer file (PT Version 7.1): https://goo.gl/iJg2cJ Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course). For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. #CCNA #PacketTracer #CCENT The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: ● A method for encapsulating multi-protocol datagrams. ● A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. ● A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994
Views: 472 David Bombal
ppp tutorial.wmv
 
02:09
my first tutorial YAY!!!!!!
Views: 815 timelorddaniel
Installation de VPN PPTP Sur Centos 6 5
 
10:37
Installation de VPN PPTP Sur Centos 6 5 ############################## yum install ppp iptables rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm yum install pptpd vi /etc/sysctl.conf changez net.ipv4.ip_forward = 0 en net.ipv4.ip_forward = 1 /sbin/sysctl -p vi /etc/ppp/options.pptpd ######################## name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd ms-dns 8.8.8.8 ms-dns 8.8.4.4 ########################### vi /etc/pptpd.conf ################ option /etc/ppp/options.pptpd logwtmp localip 172.16.2.1 remoteip 172.16.2.2-12 ##################### vi /etc/ppp/chap-secrets #################### user1 pptpd [email protected]$$w0rd * user2 pptpd [email protected]$$w0rd2 * ########################### iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Accept on localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow established sessions to receive traffic iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # Allow ping sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p gre -j ACCEPT iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.16.2.0/24 -j TCPMSS --clamp-mss-to-pmtu iptables -I INPUT -p udp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p tcp --dport 47 -m state --state NEW -j ACCEPT iptables -I INPUT -p udp --dport 47 -m state --state NEW -j ACCEPT iptables -A INPUT -p udp -m udp --dport 137 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 138 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT sudo iptables-save sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT service iptables save service iptables start chkconfig iptables on reboot voir les utilisateurs connectés : last -n 3 |grep ppp
Views: 22 Adel sfeuh
pap and chap
 
04:10
Cisco CCNA Packet Tracer Ultimate labs: PPP & PPP CHAP: Answers Part 4
 
08:40
Packet Tracer file (PT Version 7.1): https://goo.gl/iJg2cJ Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course). For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. #CCNA #PacketTracer #CCENT The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: ● A method for encapsulating multi-protocol datagrams. ● A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. ● A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994 Translation: So to complete the bonus tasks, we need to create a DHCP pool on the customer routers to allocate IP addresses to their PCs. In the relevant subnets, we need to configure the customer routers with NAT so that the PCs can access the Internet. And we need to verify that things are working by making sure that PC 1 and PC 2 can ping Cisco.com. So on Customer Router 1 show ip interface brief no IP address is configured on gigabit 0.0.0 so we need to go on to that interface. Configure an IP address of 10.1.1.1/24 mask and no shut the interface. So show ip interface brief now shows us that interface is up, up and it’s configured with this IP address. So let’s configure a DHCP pool So ip dhcp pool I’m going to give it a name of PC. You could call this anything in the exam, follow the instructions in the question, but here we can configure it with any name PC is fine for this example. Network that we’re going to configure is 10.1.1.0 with a /24 mask. Default gateway or default router will be the local router, DNS server will be Google.com. So don’t forget to configure the DNS server in your DHCP pool. Now that’s configured. Let’s verify that the PC gets an IP address. So on the PC’s configuration; I’m going to configure it to use DHCP. Go to desktop, command prompt type, ip config We can see that an IP address has been allocated to the PC. Back on the router, notice we see that there was an address conflict for that IP address. So the IP address that was allocated to the PC is this. Now you could have created a DHCP excluded range and excluded IP addresses in a specific range. That would force the router to allocate IP addresses starting at 11. But in this example, it’s worked without that configuration. The router did a ping and saw that it had this IP address, so it allocated the next IP address in the range. So that looks good. The PC will hopefully be able to ping the router which it can. But it won’t be able to ping Google.com at this point because we need to configure NAT on the router. So on Customer Router 1, interface serial 1/0 This is going to be our NAT outside interface. ......
Views: 757 David Bombal
Cisco CCNA Packet Tracer Ultimate labs: PPP & PPP CHAP: Answers Part 3
 
03:28
Packet Tracer file (PT Version 7.1): https://goo.gl/iJg2cJ Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course). For lots more content, visit http://www.davidbombal.com - learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. #CCNA #PacketTracer #CCENT The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: ● A method for encapsulating multi-protocol datagrams. ● A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. ● A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994) verifies the identity of the peer by means of a three-way handshake. These are the general steps performed in CHAP: After the LCP (Link Control Protocol) phase is complete, and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer. The peer responds with a value calculated through a one-way hash function (Message Digest 5 (MD5)). The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is successful. Otherwise, the connection is terminated. This authentication method depends on a "secret" known only to the authenticator and the peer. The secret is not sent over the link. Although the authentication is only one-way, you can negotiate CHAP in both directions, with the help of the same secret set for mutual authentication. For more information on the advantages and disadvantages of CHAP, refer to RFC 1994 Translation: So in Customer Router 1 show ip route at the moment shows us that we only see connected and local routes on the routing table. So ip route default route looks like this. Next hop is going to be 8.8.10.1 So show ip route now shows us that we’ve got the default route in the routing table. We now need to ping the Google DNS server which is 8.8.4.4 So ping 8.8.4.4 let’s see if that works, yes it does. So that’s good. We also need to ping Cisco.com but that means we need to configure the main server to be the DNS server. So 8.8.4.4 and hopefully now we’ll be able to ping Cisco.com which we can. In this packet tracer lab it’s resolving to the same IP address as the Google DNS server. But that’s ok. It proves that we’ve successfully configured things properly in our lab. I’ll save my configuration. Again for the exam, you’re going to use copy running-config startup-config For the real world, we’ll use this command because it’s lot shorter. Something similar needs to be done on Customer Router 2. So show ip route no static route is shown in the routing table, no gateway the last resort. So IP route create a static default route pointing to 8.8.11.1 So show ip route again notice the gateway of last resort has been configured. We’ve got a static default route or candidate default route in routing table. So we should be able to ping Google, which we can. Notice we won’t be able to ping Cisco.com because we don’t have a name server configured. So ip name server 8.8.4.4 ping Cisco.com; that now works. So we’ve completed the required tasks in this lab. How did you do? Were you able to get the lab to work? Were you able successfully complete the lab? Now I’m going to show you how to complete the bonus tasks which makes the lab more real world.
Views: 728 David Bombal
Configuring PPP Authentication CHAP
 
07:36
Cisco PPP
Views: 11228 Paul Browning
Configuring PAP and CHAP Authentication, Packet Tracer v.7.2
 
12:05
download Packet Tracer's source files: https://drive.google.com/file/d/1CWBaA0XiBBJ9WzgFXfMDcQ73fompvb3m/view?usp=sharing Configuring PAP and CHAP: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) are both used to authenticate PPP sessions and can be used with many VPNs, PAP works like a standard login procedure, the remote system authenticates itself to the using a static user name and password combination. In today’s video we will practice configuring PPP encapsulation on serial links, and we will configure PPP PAP authentication and PPP CHAP authentication. On Router1 and Router3 notice we used static and dynamic routes in the topology # show run # show ip protocol # show ip route From the PCs, ping the web server. Now it is time to configure PPP as the encapsulation method with Router3, enter the following commands on Router1 Router1 # interface s0/0/0 # encapsulation PPP Configure Router2 to use PPP encapsulation with Router3 Router2 # interface s0/0/1 # encapsulation PPP On Router3 configure PPP encapsulation with Router1, Router2 and ISP: # interface s0/0/0 # encapsulation PPP # interface s0/0/1 # encapsulation PPP # interface s0/1/0 # encapsulation PPP Also on the internet router, configure PPP encapsulation # interface s0/0/0 # encapsulation PPP Now from the PCs, ping the webserver, the ping should be successful. Now it is time to configure PPP authentication on the network between Router1 and Router3, we will use encrypted password, now on Router1 #username R3 secret ccna # interface s0/0/0 # ppp authentication pap # ppp pap sent-username R1 password cisco Now on Router3 # username R1 secret cisco # interface s0/0/0 # ppp authentication pap # ppp pap sent-username R3 password ccna. Now we will configure PPP PAP authentication between Router2 and Router3, each password sent on each serial port matches the password expected by the opposite router. On Router3: # username R2 secret cisco # interface s0/0/1 # ppp authentication pap # ppp pap sent-username R3 password ccna On Router2 # username R3 secret ccna # interface s0/0/1 # ppp authentication pap # ppp pap sent-username R2 password cisco Now let us configure PPP CHAP authentication between Router3 and Internet. On the Internet router # username R3 secret cisco # interface s0/0/0 # ppp authentication chap On Router3 # username Internet secret cisco # interface s0/1/0 # ppp authentication chap. Now let us check the connectivity between the PCs and the webserver.
Views: 84 Saleh Al-Moghrabi
PPP Password Authentication Protocol PAP tutorial,wireshark pap tutorial rfc 1994,rfc 134
 
02:39
The Password Authentication Protocol (PAP), a Link Control Protocol in the PPP suite, provides a simple method for the peer to establish its identity using a 2-way handshake. This is done only upon initial link establishment. PAP Tutorial Using Wireshark
Views: 3469 Zariga Tongy
Configuring Password Authentication Protocol [PAP] & Challenge Handshake Auth. Protocol [CHAP]
 
17:45
Configuring Password Authentication Protocol [PAP] & Challenge Handshake Authentication Protocol [CHAP] ----------------------------------------------------------------------------------------------------------- Password authentication protocol (PAP) and challenge handshake authentication protocol (CHAP) are both used to authenticate PPP sessions and can be used with many VPNs. Basically, PAP works like a standard login procedure; the remote system authenticates itself to the using a static user name and password combination. The password can be encrypted for additional security, but PAP is subject to numerous attacks. In particular, since the information is static, it is subject to password guessing as well as snooping. CHAP takes a more sophisticated and secure approach to authentication by creating a unique challege phrase (a randomly generated string) for each authentication. The challenge phrase is combined with device host names using oneway hashing functions to authenticate in way where no static secret information is ever transmitted over the wire. Because all transmitted information is dymanic, CHAP is significantly more robust than PAP. For More Details - https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol https://searchnetworking.techtarget.com/answer/Which-is-most-secure-CHAP-or-PAP
Views: 99 Maddy’s World
Abiola
 
01:05
Delegate
Views: 1275 Paul Browning
PPP World + Secret Sauce + Frodo = Win! Muhahaha!!!!
 
03:13
To get this product, please visit : http://goo.gl/I3OmH
Views: 5 Tri Hartanto
AAA framework and RADIUS
 
05:50
AAA stands for Authentication, Authorization, and Accounting. It is a fundamental security framework for controlling a user’s access to a network, determining access levels or user privileges based on policies and user identity, and keeping track of the user’s activities. RADIUS stands for Remote Authentication Dial-In User Service. It is a client/server protocol and system that enables a network access server, or NAS, to communicate with a central server to authenticate dial-in users, authorize their access to the network, and keeps track of their activities. Keywords: AAA, Authentication, Authorization, and Accounting, RADIUS, Remote Authentication Dial-In User Service, supplicant, network access server, NAS, Remote Access server, WAP, Wireless Access Point. My topics are organized by playlists: https://www.youtube.com/user/sunnylearning/playlists My most popular videos: https://www.youtube.com/user/sunnylearning/videos?sort=p&view=0&flow=grid Access Control Fundamentals https://www.youtube.com/playlist?list=PLSNNzog5eydthQKWtSjm0Z4GEz7spwJuu Playlist: Basic Cryptography https://www.youtube.com/watch?v=vk3py9M2IfE&list=PLSNNzog5eyduN6o4e6AKFHekbH5-37BdV Advanced Cryptography: https://www.youtube.com/watch?v=TmA2QWSLSPg&list=PLSNNzog5eydtwsdT__t5WtRgvpfMzpTc7 Playlist - IPv4 Basics https://www.youtube.com/watch?v=vcArZIAmnYQ&list=PLSNNzog5eydt_plAtt3k_LYuIXrAS4aDZ Please leave comments, questions and subscribe! Thank you very much! Sunny Classroom
Views: 3904 Sunny Classroom
Настройка VPN PPTP сервера  на CentOS 7
 
08:52
Настройка VPn PPTP сервера на CentOS 7 ● В этом ролике: # yum update && yum upgrade # yum install -y epel-release # yum install -y mc # yum install -y net-tools Удаляем NetworkManager в CentOS 7 Это программа, облегчающая определение и конфигурацию средств для автоматического подключения к сети. Полезна она только для домашнего ПК или ноутбука, на сервере же может создавать проблемы с настройкой сети, т.к. может самостоятельно менять настройки. # systemctl stop NetworkManager && systemctl disable NetworkManager && systemctl restart network Отключите Selinux: # sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/sysconfig/selinux # sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config После перезагрузки проверьте статус SELinux командой «sestatus», Вы должны увидеть следующий вывод: SELinux status: disabled yum -y install ppp pptpd cp /etc/pptpd.conf /etc/pptpd.conf.bak cat /etc/pptpd.conf EOF option /etc/ppp/options.pptpd logwtmp localip 10.0.10.1 remoteip 10.0.10.2-254 EOF cp /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak cat /etc/ppp/options.pptpd EOF name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd ms-dns 8.8.8.8 ms-dns 8.8.4.4 EOF cp /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak cat /etc/ppp/chap-secrets EOF root pptpd toor * EOF cp /etc/sysctl.conf /etc/sysctl.conf.bak cat /etc/sysctl.conf EOF net.core.wmem_max = 12582912 net.core.rmem_max = 12582912 net.ipv4.tcp_rmem = 10240 87380 12582912 net.ipv4.tcp_wmem = 10240 87380 12582912 net.core.wmem_max = 12582912 net.core.rmem_max = 12582912 net.ipv4.tcp_rmem = 10240 87380 12582912 net.ipv4.tcp_wmem = 10240 87380 12582912 net.core.wmem_max = 12582912 net.core.rmem_max = 12582912 net.ipv4.tcp_rmem = 10240 87380 12582912 net.ipv4.tcp_wmem = 10240 87380 12582912 net.ipv4.ip_forward = 1 EOF sysctl -p Удаляем firewalld, вместо него ставим IPTABLES # systemctl stop firewalld # systemctl disable firewalld устанавливаем iptables # yum install iptables-services iptables Включим автозапуск iptables: # systemctl enable iptables chmod +x /etc/rc.d/rc.local echo "iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -o eth0 -j MASQUERADE" /etc/rc.d/rc.local iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -o eth0 -j MASQUERADE systemctl start pptpd systemctl enable pptpd.service ● Дополнительные хештеги: #компьютер #pc #анонимность #firewall #брандмауер #фаерволл #VirtualPrivateNetwork #VPN #codeby #hack #brute #danger #хакеры #мотивация #internet #CentOS
Views: 2436 Russian Hackers
INSTALL AND CONFIGURATION PPTP VPN ON UBUNTU
 
16:44
CARA INSTALL DAN KONFIGURASI PPTP VPN PADA UBUNTU SERVER Berikut cara membuat VPN PPTP di ubuntu Berikut ini adalah cara membuat PPTP di server UBUNTU Point-to-Point Tunneling Protocol (PPTP) adalah suatu protokol jaringan yang memungkinkan pengiriman data secara aman melalui jaringan data berbasis TCP/IP. 1. ketik sudo su dan masukan password rootmu 2. ketik apt-get update 3. ketik apt-get install pptpd 4. saatnya untuk mngkonfigurasi user dan ip ketik nano /etc/ppp/chap-secrets untuk mulai mengonfigurasi user pada VPN munano /etc/ppp/chap-secrets untuk mulai mengonfigurasi user pada VPN mu isikan seperti dibawah ini client [isikan dengan username], server [isikan dengan ip server yang anda jadikan VPN], secret [password user untuk masuk ke VPN], IP addresses [IP yang diijinkan untuk mengakses VPN jika anda hanya mengijinkan ip tertentu untuk ogin ke VPN] nah jika anda mengijinkan semua ip dapat mengakses VPN anda anda dapat mengisinya dengan tanda bintang * berikut contohnya saya buat client dengan nama test dan ip server yang saya blurkan, dengan password test dan ip addressesnya dengan tanda * setelah terisi tekan ctrl + x akan muncul tulisan save modified buffer klik Y dan tekan enter untuk menyimpan perubahan. 5. seting pptpd.conf ketik nano /etc/pptpd.conf akan muncul seperti gambar dibawah ini scrool kebawah dan hilangkan tanda # menjadi localip 192.168.0.1 remoteip 192.168.0.10-20 setelah itu tekan ctrl + x akan muncul tulisan save modified buffer klik Y dan tekan enter untuk menyimpan perubahan. 6. ketik iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save 7. seting rc.local menjadi seperti ini #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 192.168.0.0/8 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT exit 0 8. ketik nano /etc/sysctl.conf cari tulisan net.ipv4.ip_forward= pastikan tidak ada tanda pagar di depan net.ipv4.ip_forward= jika angka dibelakang net.ipv4.ip_forward= adalah 0 maka rubah menjadi 1 seperti ininet.ipv4.ip_forward=1 ketik ctrl + x dan tekan enter untuk menyimpannya. 9. restart service pptpd dengan mengetikan service pptpd restart lalu enter 10. selesai dan silakan gunakan vpn anda. SUMBER: ismailps
Views: 249 GwEx Net
PPPoE Security
 
19:16
This is a video in PPPoE Security describing some authentication protocols that are used. Also, we describe some phishing attacks on PPPoE it’s self and on other devices as well. References: http://www.point.ro/sem4/chap.html https://en.wikipedia.org/wiki/Microsoft_Point-to-Point_Encryption https://tools.ietf.org/html/rfc3078 https://n0tty.github.io/2017/02/25/ISP-Hacking/ https://special.habrahabr.ru/kyocera/p/130710/ https://www.linuxquestions.org/questions/linux-networking-3/pppoe-server-314523/ Resources Used: FortiGate FGT30E Windows 10 (Client O/S) Other devices used for our findings: D-Link DSR-250N Linksys Cisco BEFSR41 Version 4.2 MikroTik RouterOS
Views: 188 Winsta 0
Spring 2015 - CSI258-847 (Week #2 - 04.04.2015) - Packet Tracer 3.3.2.7 Tutorial
 
01:06:44
The following video will walk you through the PacketTracer 3.1.2.7 activity and demonstrate all configuration steps with an in-depth discussion of each step with PPP and PAP and CHAP authentication. Note that this activity is for the Cisco Networking Academy "Connecting Networks" course. *NOTE: I have posted an addendum to this video with the same Packet Tracer number that talks about how and why you cannot actually configure PPP CHAP authentication using SECRETs for the passwords*
Views: 975 Travis Bonfigli
How to setup a PPTP VPN server on Linux :: VPS Tutorials
 
06:38
In this video we show you how to setup a VPN server using the PPTP protocol. Setting one up with OpenVPN: https://www.youtube.com/watch?v=S9ZP08Y2PvQ DDoS Protected UK VPS hosting: https://nodebalance.com Visit us @ http://serenityservers.net Commands in order of appearance: #apt-get install pptpd #nano /etc/pptpd.conf localip 10.0.0.1 remoteip 10.0.0.100-200 #nano /etc/ppp/chap-secrets Enter your info in there. #nano /etc/ppp/pptpd-options ms-dns 8.8.8.8 ms-dns 8.8.4.4 #service pptpd restart #nano /etc/sysctl.conf Find and uncomment net.ipv4.ip_forward = 1 #sysctl -p #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE #iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT #iptables --append FORWARD --in-interface eth0 -j ACCEPT #iptables-save ARROW firewall to restore do iptables-restore ARROW firewall Apparently youtube does not allow the use of the arrows... -------------SOCIAL-------------- http://www.gameservertuts.com http://facebook.com/gameservertuts Copyright - This video is made by me, owner of gameservertuts. Avoid reuploading, use everywhere.
Views: 43879 SerenityServers
setup cisco router username/password -enable -secret
 
00:59
how to setup cisco router username/ password- enable or enable secret password
Views: 201 smart tech
VPN-Server einrichten
 
12:35
In diesem VideoTutorial wird gezeigt, wie Sie sich z.B. auf einem Root-Server einen eigenen VPN Server (PPTP) installieren können. Gezeigt wird die Installation und Konfiguration über die Konsole /etc/pptpd.conf + bcrelay eth0 + localip IhreIP + remoteip ServerIP /etc/ppp/pptpd-options ms-dns 8.8.8.8 ms-dns 8.8.4.4 /etc/ppp/chap-secrets /etc/sysctl.conf + net.ipv4.ip_forward = 1 /etc/rc.local + iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Views: 132865 SemperVideo
3rd party Cisco for BT ADSL+  and BT Infinity
 
06:26
A short guide on how to configure a Cisco router for use with your BT internet connection instead of the BT HomeHub. How to do it. And why you shouldn't ADSL 2+ CONFIG hostname Router_1 ! ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.200 ! ip dhcp pool LAN import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 8.8.8.8 ! ! ! ip domain name example.co.uk ip name-server 8.8.8.8 ip inspect name local-site udp ip inspect name local-site tcp ip inspect name local-site icmp router-traffic ip cef login on-failure log no ipv6 cef ! ! ! username NAME secret PASSWORD ! ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! ! interface FastEthernet3 description LAN_DATA no ip address spanning-tree portfast ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Dialer1 ip address negotiated ip access-group ingress_acl in ip access-group egress_acl out no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect local-site out ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 10 ppp authentication chap callin ppp chap hostname [email protected] ppp chap password anything ! ! no ip nat service sip udp port 5060 ip nat source static udp 192.168.1.202 22 interface Dialer1 22 ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended egress_acl permit tcp any any permit udp any any deny udp any gt 0 any gt 0 log deny tcp any gt 0 any gt 0 log deny ip any any log ip access-list extended ingress_acl deny ip 58.218.198.0 0.0.0.255 any deny tcp host 5.188.87.55 any log deny ip host 5.188.87.55 any log permit tcp any any eq ftp log permit udp any any eq 21 permit tcp 92.207.0.0 0.0.255.255 any permit tcp any any eq 22 permit udp host 8.8.8.8 any deny udp any gt 0 any gt 0 log deny tcp any gt 0 any gt 0 log deny ip any any log ! access-list 1 permit 192.168.0.0 0.0.255.255 dialer-list 1 protocol ip permit ! ! line vty 0 4 transport input ssh *BT Fibre / Infinity* hostname Router_1 ! ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.200 ! ip dhcp pool LAN import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 8.8.8.8 ! ! ! ip domain name example.co.uk ip name-server 8.8.8.8 ip inspect name local-site udp ip inspect name local-site tcp ip inspect name local-site icmp router-traffic ip cef login on-failure log no ipv6 cef ! ! ! username NAME secret PASSWORD ! ! interface Ethernet0 no ip address service-policy output parent_upstream hold-queue 2304 out ! interface Ethernet0.101 encapsulation dot1Q 101 pppoe enable group global pppoe-client dial-pool-number 1 pppoe-client ppp-max-payload 1492 ! ! ! interface FastEthernet3 description LAN_DATA no ip address spanning-tree portfast ! interface Vlan1 ip address 192.168.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Dialer1 ip address negotiated ip access-group ingress_acl in ip access-group egress_acl out no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect local-site out ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 10 ppp authentication chap callin ppp chap hostname [email protected] ppp chap password anything ppp ipcp dns reques ! ! no ip nat service sip udp port 5060 ip nat source static udp 192.168.1.202 22 interface Dialer1 22 ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip access-list extended egress_acl permit tcp any any permit udp any any deny udp any gt 0 any gt 0 log deny tcp any gt 0 any gt 0 log deny ip any any log ip access-list extended ingress_acl deny ip 58.218.198.0 0.0.0.255 any deny tcp host 5.188.87.55 any log deny ip host 5.188.87.55 any log permit tcp any any eq ftp log permit udp any any eq 21 permit tcp 92.207.0.0 0.0.255.255 any permit tcp any any eq 22 permit udp host 8.8.8.8 any deny udp any gt 0 any gt 0 log deny tcp any gt 0 any gt 0 log deny ip any any log ! access-list 1 permit 192.168.0.0 0.0.255.255 dialer-list 1 protocol ip permit ! ! line vty 0 4 transport input ssh
Views: 341 MTM
Tutorial Install dan Konfigurasi L2TP/IPSEC Pada Centos 7 - TOPSETTING.COM
 
22:18
Tutorial Install dan Konfigurasi L2TP/IPSEC Pada Centos 7 - TOPSETTING.COM File-file konfigurasi terkait : # /etc/ipsec.conf ----------------------------------- config setup virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 protostack=netkey keep_alive=1800 conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=172.16.10.115 # ip server leftid=172.16.10.115 # ip server leftprotoport=17/1701 right=%any rightprotoport=17/%any dpddelay=40 dpdtimeout=130 dpdaction=clear # /etc/ipsec.secret ---------------------------------- include /etc/ipsec.d/*.secrets 172.16.10.115 %any: PSK "anysecret" # /etc/xl2tpd/xl2tpd.conf ------------------------------------------- [global] ; ipsec saref = yes listen-addr = 172.16.10.115 auth file = /etc/ppp/chap-secrets port = 1701 [lns default] ip range = 10.15.0.2-10.15.0.254 local ip = 10.15.0.1 refuse chap = yes refuse pap = yes require authentication = yes name = L2TPVPN ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes # /etc/ppp/options.xl2tpd -------------------------------------------- ms-dns 8.8.8.8 ms-dns 8.8.4.4 noproxyarp passive silent default-asyncmap noipx noipv6 hide-password noccp nodeflate nopcomp noaccomp nobsdcomp novj novjccomp nopredictor1 mtu 1450 mru 1450 lcp-echo-interval 60 lcp-echo-failure 10 ipcp-accept-local ipcp-accept-remote # /etc/sysctl.conf -------------------------------- net.ipv4.ip_forward = 1 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # iptables masquerade, 10.15.0.0/24 [ client network ] ----------------------------------------------------------------------------------------- iptables -t nat -s 10.15.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -o ppp+ -j MASQUERADE Dapatkan artikel lainnya di https://topsetting.com/
Views: 106 TOPSETTING DOTCOM
Off-Path Hacking The Illusion of Challenge-Response Authentication - Amir Herzberg
 
53:48
Off-Path Hacking: The Illusion of Challenge-Response Authentication Lecture by Amir Herzberg of Bar-Ilan University at Technion-Israel Institute of Technology TCE Summer School 2013 Everyone is concerned about Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only {\em off-path} and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use existing `unpredictable' protocol header fields; this allows use of existing, widely-deployed protocols such as TCP and DNS. We argue that this practice may only give an {\em illusion of security}. We present our recent off-path TCP injection and DNS poisoning attacks, allowing circumvention of existing challenge-response defenses. Both TCP and DNS attacks are non-trivial, yet very efficient and practical. The attacks allow circumvention of widely deployed security mechanisms, such as a Same Origin Policy, and allow a wide range of exploits, e.g., long-term caching of malicious objects and scripts. We hope that this article will motivate adoption of cryptographic mechanisms such as SSL/TLS, IPsec and DNSSEC, as well as of correct, secure challenge-response mechanisms. Joint work with Yossi Gilad and Haya Shulman
Views: 660 Technion
CCNA v3.0 200-125 GNS3 Labs: Troubleshoot PPP Mulitlink. Be careful of debugs!
 
10:19
This is one of multiple GNS3 labs videos. In this video we troubleshoot a PPP Mulitlink issue. =========================================== Tasks: =========================================== Troubleshoot the network. =========================================== IOS used: c3725-adventerprisek9-mz.124-15.T14.bin =========================================== Get $200 worth of network software for free here: https://goo.gl/613TUF =========================================== GNS3 Topology: =========================================== https://goo.gl/Yeea9P =========================================== Resources: =========================================== http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10313-config-pap.html http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/25647-understanding-ppp-chap.html
Views: 2181 David Bombal
Password
 
01:01
Very Funny !!! The chap wants to enter the secured area which seems to have next generation authentication technology
Views: 285 victor gons
Create personal  VPN server in linux server and connect from windows pc
 
08:15
In this tutorial you will learn how to create a personal vpn server with linux based ec2 Instance and connect from windows pc Requirements:- 1. Your Instance must be in started mode. 2. Connected through SSH to the instance. 3. Need to install Point-to-Point Tunneling Protocol 4. Find the private ip of your ec2 instance 5. Then need to configure the files pptpd.conf,pptpd-options, sysctl.conf, rc.local, chap-secrets Steps-- 1. Connect ssh to ec2 instance. 2. Install pptp by typing the following command sudo apt-get install pptpd 3. Modify the file pptpd.conf using the following command sudo nano /etc/pptpd.conf 4. Uncomment the following two lines and change the local ip address to your Instance's private ip from aws console. #localip 192.168.0.1 #remoteip 192.168.0.234-238,192.168.0.245 5. Then save and exit the file. 6. Modify the file pptpd-options using the following command sudo nano /etc/ppp/pptpd-options 7. Uncomment the two lines under Networking and Routing section, add open dns server ip 208.67.222.222 and 208.67.220.220 or you can use google dns 8.8.8.8 and 8.8.4.4 #ms-dns 10.0.0.1 #ms-dns 10.0.0.2 8. Then save and exit the file. 9. Modify the file sysctl.conf using the following command sudo nano /etc/sysctl.conf 10. Uncomment the line #net.ipv4.ip_forward=1 11. Then save and exit the file. 12. Now execute the command sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 13. Modify the file rc.local using the following command sudo nano /etc/rc.local 14. Add the following line above exit sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 15. Save and exit the file. 16. Now modify the file chap-secrets using the following command sudo nano /etc/ppp/chap-secrets 17. Write your user name under client, add server name pptpd under server, add password under secret, add * under ip ddresses if you want to use the VPN from any where. If you use here only actual ip address then you only able to connect from that ip address. 18. Now save and exit the file. 19. Now Restart your vpn server using the following command /etc/init.d/pptpd restart 20. Now rboot your running system using the command sudo reboot 21. Open the tcp port 1723 and 47 in your ec2 security group 22. Now click on add vpn from control panel - Internet Option - connection - Add vpn 23. Add your public dns name in Internet address. 24. In destination name you can give your connection name and click on create 25. Now you can find the name myvpn from the list of connection 26. Add user name and password which saved in chap-secrets file. 27. Now check your ip address from the link http://whatismyip.com
Views: 3350 Julfi Tutorials
instalação e configuração do servidor VPN no Linux
 
23:07
Este vídeo descreve como fazer a instalação do Servidor VPN no Linux CentOS com compatibilidade com Windows. comandos para este vídeo: su entra no super usuário root. primeira coisa, vamos a instalação do servidor DHCP: yum install dhcp Configurando o arquivo dhcpd.conf: # vim /etc/dhcp/dhcpd.conf Segue abaixo o conteúdo de um arquivo de exemplo, bem simples que pode ser usado como template. option domain-name-servers 8.8.8.8, 8.8.4.4; default-lease-time 432000; max-lease-time 864000; log-facility local7; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.254; default-lease-time 256000; max-lease-time 256000; option broadcast-address 192.168.1.255; one-lease-per-client on; #option domain-name "dominio.com.br"; option routers 192.168.1.1; option subnet-mask 255.255.255.0; option netbios-name-servers 192.168.1.1; } Salve o arquivo e feche (:wq) depois execute a ferramenta setup e desabilite o firewall e depois configure os serviços para iniciar durante o boot. service dhcpd start inicia o servidor DHCP. adicionar repositório do servidor VPN: wget --server-response http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm yum update atualiza o repositório do CentOS instala os pacotes: yum -y install ppp ppp-devel pptpd edite o arquivo /etc/pptpd.conf com o Vim vim /etc/pptpd.conf adicionar as linhas: localip 192.168.0.10 remoteip 192.168.0.150-254 editar arquivo: vim /etc/ppp/options.pptpd adicionar as linhas: ms-dns 8.8.8.8      # se você tiver seu DNS primário coloque-o aqui ms-dns 8.8.4.4      # se você tiver seu DNS secundário coloque-o aqui debug criar os arquivos com os mesmos conteúdos /etc/ppp/chap-secrets e /etc/ppp/pap-secrets rm /etc/ppp/chap-secrets rm /etc/ppp/pap-secrets vim /etc/ppp/pap-secrets # Client Server secret IP_address vanderson pptpd vanderson * usuario pptpd usuario * usuarios pptpd usuarios * cp /etc/ppp/pap-secrets /etc/ppp/chap-secrets service pptpd start inicia o servidor VPN. depois no servidor se digitar ifconfig você já tem uma noção das conexões dos usuários. cliente VPN no Linux CentOS: adicionar repositório do cliente VPN: wget --server-response http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm yum install pptp-linux pppd pty "pptp 192.168.0.10 --nolaunchpppd" lock nodetach noauth nobsdcomp nodeflate usepeerdns defaultroute require-mppe-128 name "usuario" remotename PPTP password "usuario" debug esta VPN tem integração total com clientes Microsoft. boas configurações e até o próximo tutorial.
How to recover a password on a Cisco router? - Packet Tracer
 
11:51
In this tutorial, I cover password recovery procedures for a Cisco router for the Cisco CCNA. The process is demonstrated using Packet Tracer. The tutorial covers: the configuration register, the show version command, rom monitor mode (rommon), and saving the configuration file Subscribe! and for more information about the Cisco CCNA visit me at http://danscourses.com
Views: 103448 danscourses
Cisco CCNA | 640-802 Exam | Decrypt Enable | Telnet | Console | PPP Password
 
01:10
In this video, you'll see how to decrypt a password already encrypted in the IOS configuration file. For more videos related to the Cisco CCNA Exam 640-802, visit as at http://www.ciscoccnabootcamp.com.
Views: 5774 ccnainaction
How-To: Easy PPTP VPN Server on Linux (Ubuntu/Debian)
 
16:34
In this video, I demonstrate how to setup a PPTP VPN server relatively easily on a Linux machine. As follows is the notes file found in the video: 1. Update and install pptpd 2. Network config - static IP, bridged vs NAT VPN Network gateway address: 192.168.0.1 VPN server address: 192.168.0.220 client addresses: 192.168.0.221-225 3. Edit /etc/ppp/pptpd-options #refuse-pap #refuse-chap #refuse-mschap ms-dns 8.8.8.8 (DNS Server for VPN) 4. Edit /etc/pptpd.conf localip 192.168.0.x remoteip 192.168.0.y1-y2 5. Edit /etc/ppp/chap-secrets Enter username, pptp server name, password, client IP 6. Edit /etc/sysctl.conf Uncomment IPV4 Forward line (net.ipv4.ip_forward=1) 7. Install/configure ufw sudo ufw allow 47 sudo ufw allow 1723 sudo ufw enable (IP forwarding for NAT VPN setups) /etc/default/ufw DEFAULT_FORWARD_POLICY to ACCEPT /etc/ufw/before.rules *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE COMMIT -A ufw-before-input -p 47 -j ACCEPT 8. Port forward (ports 47 and 1723) to IP of VPN server
Views: 18788 Someone7089
Implementing Password Authentication
 
05:01
This video is part of the Udacity course "Intro to Information Security". Watch the full course at https://www.udacity.com/course/ud459
Views: 753 Udacity
3 Rescue Rangers Moments | Robot Chicken | Adult Swim
 
01:30
SUBSCRIBE to Adult Swim UK: http://bit.ly/1ntNOb5 A dissection of rodent gender roles in children's animation. Watch Adult Swim every Thursday midnight on FOX UK. FACEBOOK: http://www.facebook.com/AdultSwimUK TWITTER: https://twitter.com/adultswimuk INSTAGRAM: https://www.instagram.com/adultswimuk/ Adult Swim is your home for animation and live-action comedy. Enjoy some of your favourite shows, including Rick and Morty, Robot Chicken, Mr Pickles, Black Jesus, Venture Bros., Tim and Eric, Aqua Teen, Metalocalypse, Squidbillies, Frisky Dingo, Assy McGee and more. Watch some playlists. Fast forward, rewind, pause. It's all here. We know you wouldn't forget, but it never hurts to make sure.
Views: 687612 Adult Swim UK
Packet Tracer Switch Password Configuration Tutorial CCENT/CCNA
 
01:18
In this tutorial I will demonstrate how to set up passwords and make them work, and secure them with MD5 hash. This enables the first password you come across when you first get on the switch. line console 0 password cisco login exit This line enables a password for Telnet and SSH sessions via another device trying to access your switch remotely. line vty 0 4 password class login exit This enables the second password you come across to get into administrative mode. enable secret class This enables MD5 hash security on all future and current passwords on your switch. MD5 is extremely unsecure however. service password-encryption
Views: 1837 Trojans
Key logging-resistant Visual Authentication Protocols
 
05:38
To get this project in ONLINE or through TRAINING Sessions, Contact:JP INFOTECH, Old No.31, New No.86, 1st Floor, 1st Avenue, Ashok Pillar, Chennai -83. Landmark: Next to Kotak Mahendra Bank. Pondicherry Office: JP INFOTECH, #45, Kamaraj Salai, Thattanchavady, Puducherry -9. Landmark: Next to VVP Nagar Arch. Mobile: (0) 9952649690 , Email: [email protected], web: www.jpinfotech.org Blog: www.jpinfotech.blogspot.com Key logging-resistant Visual Authentication Protocols The design of secure authentication protocols is quite challenging, considering that various kinds of root kits reside in PCs (Personal Computers) to observe user’s behavior and to make PCs untrusted devices. Involving human in authentication protocols, while promising, is not easy because of their limited capability of computation and memorization. Therefore, relying on users to enhance security necessarily degrades the usability. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users’ trust. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of authentication. To that end, we propose two visual authentication protocols: one is a one-time-password protocol, and the other is a password-based authentication protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements.
Views: 553 jpinfotechprojects
IS-IS on CISCO by JODOI
 
09:19
สอนการ Config IS-IS บน CISCO Router โดยอาจารย์เกรียงศักดิ์ นามโคตร (อ.ดอย) http://www.jodoi.org
Views: 961 MrJodoi
Spring 2015 - CSI258-847 (Week #2 - 04.04.2015) - Packet Tracer 3.3.2.7 (Addendum Tutorial)
 
20:50
The following video is a brief addendum to the original Packet Tracer 3.3.2.7 video where we first looked at CHAP authentication. In the PT activity you are told to configure CHAP by using secrets as your passwords - only one problem with that: You can't in the real world! That's right, there is no way to hash the hash (the MD5 hash that is created that is). I walk you though just the PT section where you are instructed to do this, demonstrate how it will work in the PT activity and then show you that not only will it not work, but if you unlucky enough to not be logging messages to your console (and if you time it just right - which I do a number of times) the "show ip interface brief" command will actually show that the interfaces are up/up! Again, only one problem...they are not. They will simply bounce from up to down and never come up. I then change the username passwords to Type 7 and everything starts working great again! Enjoy!
Views: 195 Travis Bonfigli
Creating a VPN Server using PPTP
 
04:03
In this video we show you how to setup a VPN server using the PPTP protocol Commands in order of appearance: #apt-get install pptpd #nano /etc/pptpd.conf localip **YOUR IP** remoteip **CLIENT IP RANGE** **EXAMPLE: localip 10.0.0.1 remoteip 10.0.0.100-200 ** #nano /etc/ppp/chap-secrets Enter your info in there. #nano /etc/ppp/pptpd-options ms-dns 8.8.8.8 ms-dns 8.8.4.4 #service pptpd restart #nano /etc/sysctl.conf Find and uncomment net.ipv4.ip_forward = 1 #sysctl -p #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE #iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT #iptables --append FORWARD --in-interface eth0 -j ACCEPT #iptables-save > firewall #iptables-restore < firewall
Views: 178 kalgi bhatt
VPS安装pptpd教程,详尽安装VPN教程
 
11:29
小白也能自己动手自己丰衣足食,自己安装VPN。 CentOS下安装 VPN"傻瓜教程"。 PPTP协议,VPS安装VPN 10分钟即可完成。 每月只需要5刀。(最便宜的VPS) 简易 教程: 1.购买VPS,最好是CentOS5 系统的 有一键安装包。 2.用Putty(如果是windows用户)连上你的VPS。 3.然后输入: wget http://www.diahosting.com/dload/pptpd.sh 回车。等待下载完成! 4.再输入: sh pptpd.sh 5.等待输入完成。出来的最后一行就包含你的VPN帐号,和密码.(协议PPTP ) 6.如果要编辑帐号 ,添加其他帐号。 vi etc/ppp/chap-secrets 然后安装上面的格式编辑即可! 第一次做教程,有点紧张,希望大家包容!
Views: 11544 萧海