HackMD - Collaborative Markdown Knowledge Base

Занятие 3. Модель OSI. Сетевой уровень - L3 Конфигурацию любого одного маршрутизатора в каждой из зон маршрутизации (должно получиться 3 конфигурации роутеров) M-R-10 ``` # jan/10/2023 11:52:38 by RouterOS 6.47beta60 # software id = # # # /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 /ip address add address=11.0.1.10/24 interface=ether1 network=11.0.1.0 add address=11.0.4.10/24 interface=ether2 network=11.0.4.0 /ip dhcp-client add disabled=no interface=ether1 /routing ospf network add area=backbone network=11.0.4.0/24 add area=backbone network=11.0.1.0/24 ``` C-R-4 ``` Building configuration... Current configuration : 1455 bytes ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 10.0.2.4 255.255.255.0 ! interface Ethernet0/1 ip address 10.0.1.4 255.255.255.0 ! interface Ethernet0/2 no ip address ! interface Ethernet0/2.10 encapsulation dot1Q 10 ip address 192.168.10.4 255.255.255.0 ! interface Ethernet0/2.20 encapsulation dot1Q 20 ip address 192.168.20.4 255.255.255.0 ! interface Ethernet0/2.30 encapsulation dot1Q 30 ip address 192.168.30.4 255.255.255.0 ! interface Ethernet0/3 no ip address shutdown ! interface Ethernet1/0 no ip address shutdown ! interface Ethernet1/1 no ip address shutdown ! interface Ethernet1/2 no ip address shutdown ! interface Ethernet1/3 no ip address shutdown ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 10.0.2.16 ip route 10.0.0.0 255.255.255.0 10.0.1.17 ip route 10.0.4.0 255.255.255.0 10.0.2.16 ip route 10.0.5.0 255.255.255.0 10.0.2.16 ! ! ! ! control-plane ! ! ! ! ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! ! end ``` C-R-2 ``` Building configuration... Current configuration : 1252 bytes ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 12.0.5.2 255.255.255.0 ! interface Ethernet0/1 ip address 12.0.1.2 255.255.255.0 ! interface Ethernet0/2 ip address 12.0.2.2 255.255.255.0 ! interface Ethernet0/3 no ip address shutdown ! interface Ethernet1/0 no ip address shutdown ! interface Ethernet1/1 no ip address shutdown ! interface Ethernet1/2 no ip address shutdown ! interface Ethernet1/3 no ip address shutdown ! router bgp 100 bgp log-neighbor-changes redistribute connected neighbor 12.0.1.6 remote-as 100 neighbor 12.0.1.6 route-reflector-client neighbor 12.0.2.9 remote-as 100 neighbor 12.0.5.7 remote-as 100 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! ! ! control-plane ! ! ! ! ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 login transport input none ! ! end ``` M-R-7 ``` # jan/10/2023 11:57:08 by RouterOS 6.47beta60 # software id = # # # /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /routing bgp instance set default as=100 redistribute-connected=yes redistribute-ospf=yes \ redistribute-static=yes /routing ospf instance set [ find default=yes ] redistribute-bgp=as-type-1 redistribute-connected=\ as-type-1 redistribute-static=as-type-1 /ip address add address=11.0.5.7/24 interface=ether5 network=11.0.5.0 add address=11.0.6.7/24 interface=ether4 network=11.0.6.0 add address=13.0.1.7/24 interface=ether6 network=13.0.1.0 add address=12.0.6.7/24 interface=ether3 network=12.0.6.0 add address=12.0.5.7/24 interface=ether2 network=12.0.5.0 add address=13.0.2.7/24 interface=ether2 network=13.0.2.0 /ip dhcp-client add disabled=no interface=ether5 /ip route add distance=1 dst-address=10.0.0.0/24 gateway=13.0.1.16 add distance=1 dst-address=10.0.1.0/24 gateway=13.0.1.16 add distance=1 dst-address=10.0.2.0/24 gateway=13.0.1.16 add distance=1 dst-address=10.0.4.0/24 gateway=13.0.1.16 add distance=1 dst-address=10.0.5.0/24 gateway=13.0.1.16 add distance=1 dst-address=192.168.10.0/24 gateway=13.0.1.16 add distance=1 dst-address=192.168.20.0/24 gateway=13.0.1.16 add distance=1 dst-address=192.168.30.0/24 gateway=13.0.1.16 /routing bgp peer add in-filter=bgp-in-C-R-2 name=peer1 out-filter=bgp-out-C-R-2 \ remote-address=12.0.5.2 remote-as=100 route-reflect=yes add name=peer2 remote-address=12.0.6.9 remote-as=100 /routing filter add chain=bgp-out-C-R-2 set-out-nexthop=12.0.5.7 add chain=bgp-in-C-R-2 set-out-nexthop=12.0.5.2 add chain=bgp-in-C-R-2 set-in-nexthop=12.0.5.2 /routing ospf network add area=backbone network=11.0.5.0/24 add area=backbone network=11.0.6.0/24 ``` Скрин работы утилиты ping между каждыми крайними маршрутизаторами (MR-12, MR-10, CR-6, LR-15) ping M-R-12 и L-R-15 ![](https://i.imgur.com/fK8EiG8.png) ping M-R-12 и M-R-10 ![](https://i.imgur.com/EbOMNZs.png) ping M-R-12 и C-R-6 ![](https://i.imgur.com/ZUqIJ0X.png) ping L-R-15 и C-R-6 ![](https://i.imgur.com/ZnVUf9d.png) ping L-R-15 и M-R-10 ![](https://i.imgur.com/qWtXTxM.png) ping M-R-10 и C-R-6 ![](https://i.imgur.com/yjXsvF2.png) Скрин успешной атаки на OSPF (получен fake маршрут) ![](https://i.imgur.com/aUJuHdR.png)