Basic Card

3일차


저번시간 switch란?: ip주소와 mac주소를 찾아주는 장비

switch에서 vlan2로 바꾸기
우선 vlan2로 만들기
conf t
vlan 2
name vlan 2
exit
exit

fa1/2를 vlan 2로 옮기기
conf t
int fa1/2
switchport access vlan 2
exit


vlan으로 분리 되어있을때 서로 통신할려면 라우터가 필요하다

int fa1/0을 trunk설정
conf t
int fa1/0
switch trunk allowed vlan 1-2
switchport mode trunk
exit
exit
show int trunk

라우터 설정
config t
hostname jjcom
interface fastethernet0/0
ip address 192.168.0.254 255.255.255.0
no shutdown
exit
interface fastethernet0/0.2
encapsulation dot1q 2 
ip address 192.168.1.254 255.255.255.0
no shutdown
exit


스위치 설정
config t
vlan 2
name VLAN2
exit
interface fastethernet1/2
switchport mode access
switchport access VLAN 2
exit
interface fastethernet1/0
switchport mode trunk
exit
exit
show interface trunk



결론: 네트워크 분할이 보안할때 확실하다.


칼리 리눅스들어 올때 10.0.2.15인 이유: 네트워크 설정에서 NAT로 연결 되어있기 때문
nat에서 어뎁터 브릿지로 바꾸면 192.168.0.xxx대로 바뀐다.(주의: 네트워크를 껏다 켜야함)

칼리리눅스 명령어
sudo passwd: 비번 변경
su : 디렉터리로 들어가기


칼리리눅스 스캔
                                                                             
┌──(kali㉿kali)-[~]
└─$ su         
Password: 
┌──(root㉿kali)-[/home/kali]
└─# nmap -v -sS -O 192.168.1.0/24 > result.txt
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
adjust_timeouts2: packet supposedly had rtt of 9026003 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 9026003 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 12035910 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 12035910 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 12014874 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 12014874 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 12014827 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 12014827 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 9005654 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 9005654 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 9005828 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of 9005828 microseconds.  Ignoring time.
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0


192.168.0.0/24
ip + port(65536개 : 0 ~ 65535)
254*65536 = 16,646,144‬

AccessList 설정하기
라우터의 텔넷 활성화
jjcom>_ 사용자모드   jjcom# _관리자모드
config t
line vty 0 4
password 123456
login
exit

config t
ip domain-name st.kr
crypto key generate rsa
2048
ip ssh version 2
line vty 0 4
transport input ssh

show crypto key mypubkey rsa


config t
line con 0
exec-time 0 0 

표준  ACL 과 확장 ACL
표준 ACL(1-99) : 출발지 IP주소만 참조하여 패킷을 필터링 함
확장 ACL : 출발지 및 목적지 ip주소와  TCP,UDP,포트 번호를 참조하여 패킷을 필터링 함


칼리에서 공격을 막는 명령어
access-list 1 deny 192.168.0.2 0.0.0.0
access-list 1 permit any
interface fastethernet0/0
ip access-group 1 in
exit




ps.이제 63일 남았다...