RE: IP Default-Network/IP Subnet-Zero Exploit--or old news?

From: Mas Kato (tealp729@xxxxxxxx)
Date: Thu May 03 2001 - 21:27:01 GMT-3

• Next message: sanjay: "Re: IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Previous message: Kurt Bergsbaken: "Sorry for OT Lab Swap"
• Maybe in reply to: Mas Kato: "IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Next in thread: sanjay: "Re: IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Fair enough Z,

But if the requirement in the lab is "ping all interfaces from all
routers" in a similar OSPF VLSM/FLSM scenario--and the 'summary-address'
hack doesn't work, inter-area summarization isn't appropriate and they
take the 'ip default-network' command away, is there anything left
besides static routes?

I think I may lose points if I hand them a box of bubble-gum and bailing
wire. <G>

Mas

-----Original Message-----
From: Mask Of Zorro [mailto:ciscokid00@hotmail.com]
Sent: Thursday, May 03, 2001 11:57 AM
To: tealp729@home.com
Subject: Re: IP Default-Network/IP Subnet-Zero Exploit--or old news?

It is cool to watch all these talented people jump through flaming hoops
to
get this thing working... I am amazed at the many workarounds that I
have
seen that actually work! Nevertheless, I have to warn you, no matter how
cool, no matter how elegent (or not, in some cases), your solution will
NEVER EVER EVER be allowed to include the "ip default-network" command
in
the real lab... but in the real world, this is truly cool!

Z

>From: Mas Kato <tealp729@home.com>
>Reply-To: Mas Kato <tealp729@home.com>
>To: "'CCIELAB'" <ccielab@groupstudy.com>
>Subject: IP Default-Network/IP Subnet-Zero Exploit--or old news?
>Date: Wed, 02 May 2001 23:21:44 -0700
>
>Hello everybody,
>
>I've been playing around with the ole' FLSM network-to-VLSM network
>reachability scenario and may have stumbled across an 'ip
>default-network' / 'ip subnet-zero' exploit. It's a variation on
>something I found in the archives--but I'm not sure if it's old news or
>not, so I thought I'd throw it out there and have you guys rip it to
>shreds...
>
>Major network: 172.16.0.0
>
>OSPF/28--(R3)--OSPF/24--(R5)--IGRP/24--(R2)
>
>Goal: Provide reachability to the OSPF/28 network from the IGRP/24
>network while avoiding statics, blah, blah...
>
>One of the archived suggestions is to configure a classful loopback on
>R5, have IGRP advertise it to R2 and then use the 'ip default-network'
>command on R2, referencing the classful network. Fine--but what if
we're
>limited to using subnets from just one major network?
>
>Well, since the 'ip default-network' command is classful, if we
>reference a subnet of our major network we get that lovely static route
>installed to the major net and then we have to issue the 'ip
>default-network' command again, this time referencing the major net.
Ug.
>
>Here's what it looked like on R2:
>
>Gateway of last resort is 172.16.5.0 to network 172.16.0.0
>
> * 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
>C 172.16.52.0/24 is directly connected, Ethernet0
>I 172.16.35.0/24 [100/7100] via 172.16.52.5, 00:00:13, Ethernet0
>I 172.16.5.0/24 [100/1600] via 172.16.52.5, 00:00:13, Ethernet0
>S* 172.16.0.0/16 [1/0] via 172.16.5.0
>C 172.16.2.0/24 is directly connected, Loopback0
>R2#
>
>But then I got to thinking, "yo, what if the subnet we reference is
>subnet zero?"
>
>Now check out R2 (no static!):
>
>Gateway of last resort is 172.16.52.5 to network 172.16.0.0
>
> * 172.16.0.0/24 is subnetted, 5 subnets
>C 172.16.52.0 is directly connected, Ethernet0
>I 172.16.35.0 [100/7100] via 172.16.52.5, 00:01:16, Ethernet0
>I* 172.16.0.0 [100/1600] via 172.16.52.5, 00:01:16, Ethernet0
>C 172.16.2.0 is directly connected, Loopback0
>R2#
>
>Analysis, feedback, gotchas, etc. welcomed...
>
>Regards,
>
>Mas Kato
>
>(Config snippets follow...)
>
>!!!!!!!!!!
>hostname R5
>!
>ip subnet-zero
>!
>interface Loopback0
> ip address 172.16.0.5 255.255.255.0
>!
>interface Ethernet0
> ip address 172.16.52.5 255.255.255.0
>!
>interface Serial1
> bandwidth 2000
> ip address 172.16.35.5 255.255.255.0
>!
>router ospf 1
> log-adjacency-changes
> redistribute igrp 1 metric 10 subnets route-map IGRPNETS
> network 172.16.35.0 0.0.0.255 area 0
>!
>router igrp 1
> redistribute ospf 1 metric 2000 2000 255 1 1500
> passive-interface Serial1
> network 172.16.0.0
>!
>ip classless
>!
>access-list 1 permit 172.16.0.0 0.0.0.255
>access-list 1 permit 172.16.2.0 0.0.0.255
>access-list 1 permit 172.16.52.0 0.0.0.255
>route-map IGRPNETS permit 10
> match ip address 1
>!
>end
>R5#
>
>!!!!!!!!!!
>R2#
>hostname R2
>!
>ip subnet-zero
>!
>interface Loopback0
> ip address 172.16.2.1 255.255.255.0
>!
>interface Ethernet0
> ip address 172.16.52.2 255.255.255.0
>!
>router igrp 1
> network 172.16.0.0
>!
>ip classless
>ip default-network 172.16.0.0
>end
>R2#
>**Please read:http://www.groupstudy.com/list/posting.html

• Next message: sanjay: "Re: IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Previous message: Kurt Bergsbaken: "Sorry for OT Lab Swap"
• Maybe in reply to: Mas Kato: "IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Next in thread: sanjay: "Re: IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:33 GMT-3