Professional Documents
Culture Documents
Prof Bill Buchanan, Leader, Centre for Distributed Computing and Security http://www.dcs.napier.ac.uk/~bill Room: C.63
Academic Element On-line test: 40% MCQ Test Coursework: Agent-based IDS Web-CT submission: 40% Web-CT submission .NET Security On-line test: 20% Network Security On-line test: 20%
On-line test
Author: Prof Bill Buchanan
W 2 3
Assessment
Lab/Tutorial Lab 1: Packet Capture Lab 2: Packet Capture (Filter) Lab 3: Packet Capture (IDS)
4 5 6 7 8 10 11 12 13 14
23 Feb 2 Mar 9 Mar 16 Mar 23 Mar 6 Apr 27 Apr 4 May 11 May 18 May
Lab 5: IDS Snort 1 Lab 6: IDS Snort 2 Lab 7: Private-key Encryption Lab 8: Public-key Encryption Lab 9: Log/Process/Hashing Lab 10: TCP Forensics Lab 11: Binary Analysis/Sig Det
Bob
Alice
CIA
Applications (Integrated Security) Services (Integrated Security)
AAA
Eve
Eve
Bob
Alice
Switch
Bob
Alice
Router (NAT)
Firewall (Statefull)
DMZ
Cisco Switch
Cisco Firewall
Internet
Bob
Alice
Router (NAT)
Cisco PIX Cisco ASA 5500 Web server Email server FTP server Proxy server
DMZ
Bob
Firewall (Packet filter) Internet
Switch
Application (FTP, Telnet, etc) L4. Transport (TCP) L3. Internet (IP)
Router (NAT)
Restricted areas
DMZ
Restricted areas
Proxy server
VLAN 1
VLAN 2
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
FTP server
Bob
Firewall (Packet filter) Internet
Switch
Application (FTP, Telnet, etc) L4. Transport (TCP) L3. Internet (IP)
Different VLANs cannot communication directly, and need to go through a router to communicate
Firewall (Stateful)
Router (NAT)
DMZ
Proxy server
VLAN 1
VLAN 2
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
FTP server
Bob
Firewall (Packet filter) Internet
Switch
VLAN 1
Intrusion Detection System
Different VLANs cannot communication directly, and need to go through a router to communicate
Firewall (Stateful)
Router (NAT)
802.1q Trunk
DMZ
Proxy server
VLAN 1
VLAN 2
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
FTP server
Bob
Firewall (Packet filter) Internet
Switch
Application (FTP, Telnet, etc) L4. Transport (TCP) L3. Internet (IP)
Screening Firewalls filter for IP and TCP packet details, such as addresses and TCP ports, for incoming/outgoing traffic
Router (NAT)
Firewall (Stateful)
DMZ
Intrusion Detection System Proxy server
Alice
Bob
Firewall (Packet filter) Internet
Switch
Application (FTP, Telnet, etc) L4. Transport (TCP) L3. Internet (IP)
Stateful Firewalls filter for Application, IP and TCP packet details. They remember previous data packets, and keep track of connections
Router (NAT)
Firewall (Stateful)
DMZ
Alice Intrusion Detection System Proxy server
Author: Bill Buchanan
Bob
Switch
Application (FTP, Telnet, etc) L4. Transport (TCP) L3. Internet (IP)
All Application-layer traffic goes through the Proxy (eg FTP, Telnet, and so on) aka Application Gateways
DMZ
Alice Intrusion Detection System Proxy server
Professional Cert.
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
Design
Net Security
Service Provider
Storage Network
Voice
Wireless
CCIE Security
CCSP
CCNA Security
CCNA ENT
CCNA
CCNA Security
CCSP
Core
642-545 MARS Implementing Cisco Security Monitoring, Analysis and Response System
Network Security
Software firewall
Host-based: Zone alarm
Hardware firewall
Hardware firewall: Optimized engine/architecture Copes better with large trafficBill Buchanan Author: Prof conditions Improved failover
Stateful firewall Firewalls PIX/ASA
Software firewall: Easy to reconfigure Slower Less expensive Can be used with a range of computers/OSs
Firewall rules. These are contained within ACLs (using the access-list and access-group commands), and block or permit traffic. A key feature of this is the usage of URL filtering which defines the Web pages which are allowed and which are not. Port blocking. These use the fixup command to change, enable or disable network services. Cut-through proxy. This allows the definition of the users who are allowed services such as HTTP, Telnet and FTP. This authentication is a single initial authentication, which differs from the normal proxy operation which checks every single packet.
Bob
Intrusion detection. These use the ip audit command to detect intrusions. Shunning. This, along with intrusion detection, allows a defined response to an intrusion.
Encryption. This allows the PIX firewall to support enhanced encryption, such as being a server for VPN connections, typically with IPSec and tunnelling techniques such as PPTP.
Failover. This allows other devices to detect that a PIX device has crashed, and that another device needs to take its place. Author: Prof Bill Buchanan
Enterprise PIX 525. This has a 600MHz processor with 256MB RAM, and handles a throughput of 360Mbps for a maximum of 280,000 connections. It supports failover, and has the support for up to eight connections.
Enterprise PIX 535. This has a 1GHz processor with 1GB RAM, and handles a throughput of 1Gbps for a maximum of 500,000 connections. It supports failover, and has the support for up to ten network interfaces.
ASA 5520 Intel Pentium 4, 2GHz 512MB RAM PIX 7.x, ASA 8.x IOS 8 interfaces Integrated VPN SSL VPN Throughput: 450Mbps 3DES: 225Mbps Max conn: 280,000 VPN peers: 750
PIX/ASA Configuration
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
PIX 6.x # config t (config)# hostname freds (config)# domain-name fred.com (config)# ip address outside 192.168.1.1 255.255.255.0 (config)# interface e0 auto
(config)# hostname freds PIX/ASA 7.x/8.x (config)# domain-name fred.com (config)# int e0 (config-if)# ip address 192.168.2.1 255.255.255.0 (config-if)# no shutdown (config-if)# exit
E1 (inside) E0 (outside)
E2 (inf2)
Author: Bill Buchanan
PIX 6.x # config t (config)# hostname freds (config)# domain-name fred.com (config)# ip address outside 192.168.1.1 255.255.255.0 (config)# interface e0 auto
(config)# hostname freds PIX/ASA 7.x/8.x (config)# domain-name fred.com (config)# int e0 (config-if)# ip address 192.168.2.1 255.255.255.0 (config-if)# no shutdown (config-if)# exit
E1 (inside) E0 (outside)
E2 (inf2)
Author: Bill Buchanan
PIX 6.x
PIX/ASA 7.x/8.x
E1 (inside)
E2 (inf2)
Author: Prof Bill Buchanan
E0 (outside)
PIX 6.x
PIX/ASA 7.x/8.x
E1 (inside)
E2 (inf2)
Author: Prof Bill Buchanan
E0 (outside)
E0 (outside)
E2 (inf2)
Author: Prof Bill Buchanan
E1 (inside)
E0 (outside)
E1 (inside)
E2 (inf2)
E0 (outside)
E1 (inside)
E2 (inf2)
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Author: Prof Bill Buchanan
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Author: Prof Bill Buchanan
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
(config)# show fixup fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 (config)# fixup protocol http 161 (config)# fixup protocol ftp 60 (config)# fixup protocol smtp 84
FTP requires a server port on the initiator. SQL*Net requires a negiotation on the connected port.
E2 (inf2)
Author: Prof Bill Buchanan
E0 (outside)
E1 (inside)
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Do not NAT!
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
Perimeter gateway
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
10.1.1.254
E0
10.1.1.1 172.10.10.1
192.168.2.1
192.168.2.3
E1 E2
176.10.1.1
Perimeter gateway
172.10.10.2
192.168.2.5
176.10.1.2
PIX/ASA Failover
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
UPS 1
5U
1U
1U
UPS 2
MAIN
Failover cable
Either Prim (UR)/Sec (UR) Or: Prim (UR)/Sec (FO) Activation key is required!
STANDBY
UR Unrestricted licence (must be used for primary). FO Failover licence (for secondary). R Restricted licence (cannot be used).
Same PIX type Same RAM Same Flash memory. Same type and interfaces. Same software version. Same activation keys for DES or 3DES
Hello
Failover cable
Hello
Hello messages are sent every 1-15 seconds on every interface. Hello time. (PIX default 15 second, ASA default 1 second) If messages are not received with the holdtime Holdtime (PIX default: 45 seconds 3 times hello time, ASA default: 15 seconds), failover happens. If secondary doesnt work, primary assumes control, and no failover.
Tests: Test 1. NIC status test. Up/down status of interface. Test 2. Network activity. Monitor for 5 seconds. If detected, cancel tests. Test 3. ARP test. Requests last 10 IP addresses in the ARP table. Test 4. Ping test. Broadcast ping of 255.255.255.255. If any replies the test is quit.
Standby
outside
e0 e2
inf2
e1
inside
On start-up config is automated copied over. All new commands are replicated. The write startby command sends the config to the secondary.
Either Prim (UR) Sec (UR) Or Prim (UR) Sec (FO) Activation key is required!
Standby
outside
e0 e2
inf2
e1
inside
Stateful Restores everything. ARP table, Xlate, Fixup tables, ARP, routing information, IPSec/ISAKMP tables, MAC addresses, Hello messages. Secondary Inherits: IP addresses and MAC addresses of the primary. Primary Inherits: IP addresses and MAC addresses of the secondary. Require an additional Ethernet connection
e3
Stateful connection
e3
Failover cable
Author: Bill Buchanan
outside
e0 e2
inf2
e1
inside
Non-stateful Only RAM config and session details. Secondary Inherits: IP addresses and MAC addresses of the primary. Primary Inherits: IP addresses and MAC addresses of the secondary. Lost: NAT translations and connections.
Standby
outside
e0 e2
inf2
e1
inside
Standby
e2
Dedicated switch/hub
e2 outside
e0
e1
inside
Non-stateful Only RAM config and session details. Secondary Inherits: IP addresses and MAC addresses of the primary. Primary Inherits: IP addresses and MAC addresses of the secondary. Lost: NAT translations and connections.
e3
Failover cable
e3
Author: Bill Buchanan
outside
e0 e2
inf2
e1
inside
myPIX (config)# failover active myPIX (config)# failover active myPIX (config)# failover ip address outside 157.202.212.2 myPIX (config)# failover ip address outside 157.202.212.2 myPIX (config)# failover ip address inside 73.105.56.11 myPIX (config)# failover ip address inside 73.105.56.11 myPIX (config)# failover ip address inf2 166.209.230.11 myPIX (config)# failover ip address inf2 166.209.230.11 myPIX (config)# failover poll 2 myPIX (config)# failover poll 2 myPIX (config)# show failover myPIX (config)# show failover
e3
Stateful connection
e3
Failover cable
Author: Bill Buchanan
outside
e0 e2
inf2
e1
inside
myPIX (config)# ip address outside 157.202.212.1 myPIX (config)# ip address LAN-based Failover outside 157.202.212.1
myPIX (config)# ip address inside 73.105.56.1 myPIX (config)# ip address inside 73.105.56.1 myPIX (config)# ip address inf2 166.209.230.1 myPIX (config)# ip address inf2 166.209.230.1 myPIX (config)# failover active myPIX (config)# failover active myPIX (config)# failover ip address outside 157.202.212.2 myPIX (config)# failover ip address outside 157.202.212.2 myPIX (config)# failover ip address inside 73.105.56.2 myPIX (config)# failover ip address inside 73.105.56.2 myPIX (config)# failover ip address inf2 166.209.230.2 myPIX (config)# failover ip address inf2 166.209.230.2 myPIX (config)# failover lan key mypix myPIX (config)# failover lan key mypix myPIX (config)# failover lan unit primary myPIX (config)# failover lan unit primary myPIX (config)# failover lan interface inf2 myPIX (config)# failover lan interface inf2 myPIX (config)# failover lan enable myPIX (config)# failover lan enable
e2
Stateful connection
e2
outside
e0
e1
inside
myPIX (config)# ip address inf2 166.209.230.2 myPIX (config)# ip address inf2 166.209.230.2 myPIX (config)# failover active myPIX (config)# failover active myPIX (config)# failover lan key mypix myPIX (config)# failover lan key mypix myPIX (config)# failover lan unit secondary myPIX (config)# failover lan unit secondary myPIX (config)# failover lan interface inf2 myPIX (config)# failover lan interface inf2 myPIX (config)# failover lan enable myPIX (config)# failover lan enable
LAN-based Failover
e2
Stateful connection
e2
outside
e0
e1
inside
VPN
Author: Prof Bill Buchanan Author: Prof Bill Buchanan
Eve
Gateway
Gateway
What is required is: Encryption. Authentication of devices (to overcome spoofing) Authentication of packets (for integrity)
Eve
Eve
Eve
Bob
Alice
Gateway
Gateway
Untrusted network What is required is: Encryption. Authentication of devices (to overcome spoofing) Authentication of packets (for integrity)
PPTP (Point-to-point Tunneling Protocol). Created by Microsoft and is routable. It uses MPPE (Microsoft Point-to-point Encryption) and user authentication. L2TP (Layer 2 Tunneling Protocol). Works at Layer 2 to Forward IP, IPX and AppleTalk (RFC2661). Cisco, Microsoft, Ascent and 3Com developed it. User and machine authentication, but no encryption (but can be used with L2TP over IPSec). IPSec. An open standard. Includes both encryption and Authentication.
Author: Prof Bill Buchanan
Bob
Alice
Encrypted traffic Unencrypted traffic Tunelling mode (over untrusted connections) Unencrypted traffic
Bob
Alice
Extranet VPN
VPN VPN Bob Co.
Bob Co.
Intranet VPN
Bob@ home
Bob
Bob
For IPSec (one of the most popular tunnelling Web methods): server UDP Port 500 is the port. If it is blocked there can be no tunnel. FTP server TCP Port 50 for IPSec ESP (Encapsulated Security Proxy server Protocol). TCP Port 51 for IPSec AH (Authentication Header)
Email server key exchange
Authentication scope ESP Auth. ESP trailer IP packet (encrypted) ESP header IP header
The IPSec protocol has: ESP (Encapsulated Security Protocol). ESP takes the original data packet, and breaks off the IP header. The rest of the packet is encrypted, with the original header added at the start, along with a new ESP field at the start, and one at the end. It is important that the IP header is not encrypted as the data packet must still be read by routers as it travels over the Internet. Only the host at the other end of the IPSec tunnel can decrypt the contents of the IPSec data packet. AH (Authentication Header). This encrypts the complete contents of the IP data packet, and adds a new packet header. ESP has the weakness that an intruder can replay previously sent data, whereas AH provides a mechanism of sequence numbers to reduce this problem.
IP packet contents
IP header
IP packet contents
AH transport method (Provides complete authentication for the packet) IP packet contents IP header
Author: Bill Buchanan
IP IP
TCP TCP
Version Version
Total length Total length Identification Identification 0 D M 0 D M Time-to-Live Time-to-Live Fragment Offset Fragment Offset Protocol Protocol
Header Checksum Header Checksum Source IP Address Source IP Address Destination IP Address Destination IP Address
1 ICMP Internet Control Message [RFC792] 6 TCP Transmission Control [RFC793] 8 EGP Exterior Gateway Protocol [RFC888] 9 IGP any private interior gateway [IANA] 47 GRE General Routing Encapsulation (PPTP) 50 ESP Encap Security Payload [RFC2406] 51 AH Authentication Header [RFC2402] 55 MOBILE IP Mobility 88 EIGRP EIGRP [CISCO] 89 OSPFIGP OSPFIGP [RFC1583] 115 L2TP Layer Two Tunneling Protocol
Author: Bill Buchanan
IKE Policies
Hashing algorithm (SHA/MD5) Encryption (DES/3DES) Diffie-Hellman agreements Authentication (pre-share, RSA nonces, RSA sig).
isakmp enable outside isakmp key ABC&FDD address 176.16.0.2 netmask 255.255.255.255 isakmp identity address isakmp policy 5 authen pre-share isakmp policy 5 encrypt des isakmp policy 5 hash sha isakmp policy 5 group 1 isakmp policy 5 lifetime 86400 sysopt connection permit-ipsec
Phase 2
Defines the policies for transform sets, peer IP addresses/hostnames and lifetime settings. Crypto maps are exchanged
AH, ESP (or both) Encryption (DES, 3DES) ESP (tunnel or transport) Authentication (SHA/MD5) SA lifetimes defined Define the traffic of interest
crypto ipsec transform-set MYIPSECFORMAT esp-des esp-sha-hmac crypto map MYIPSEC 10 ipsec-isakmp access-list 111 permit ip 10.0.0.0 255.255.255.0 176.16.0.0 255.255.255.0 crypto map MYIPSEC 10 match address 111 crypto map MYIPSEC 10 set peer 176.16.0.2 crypto map MYIPSEC 10 set transform-set MYIPSECFORMAT crypto map MYIPSEC interface outside
Shared key passed (DiffieHellman) used to encrypt all the data Kpv1 Public key is used to authenticate the device Hashed value Hashed value
Result
Challenge?
Author: Bill Buchanan
10.0.0.1
172.16.0.1
172.16.0.2
192.168.0.1
10.0.0.1
172.16.0.1
172.16.0.2
192.168.0.1
Source 192.168.0.3
Destination 146.176.210.2
Frame 81 (918 bytes on wire, 918 bytes captured) Ethernet II, Src: IntelCor_34:02:f0 (00:15:20:34:62:f0), Dst: Netgear_b0:d6:8c (00:18:4d:b0:d6:8c) Internet Protocol, Src: 192.168.0.3 (192.168.0.3), Dst: 146.176.210.2 (146.176.210.2)
10.0.0.1
172.16.0.1
172.16.0.2
192.168.0.1
Internet Security Association and Key Management Protocol Initiator cookie: 5ABABE2D49A2D42A Responder cookie: 0000000000000000 Next payload: Security Association (1) Version: 1.0 Exchange type: Aggressive (4) Flags: 0x00 Message ID: 0x00000000 Length: 860 Security Association payload Next payload: Key Exchange (4) Payload length: 556 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 1 Next payload: NONE (0) Payload length: 544 Proposal number: 1 Protocol ID: ISAKMP (1) SPI Size: 0 Proposal transforms: 14 Transform payload # 1 Next payload: Transform (3) Payload length: 40 Transform number: 1 Transform ID: KEY_IKE (1) Encryption-Algorithm (1): AES-CBC (7) Hash-Algorithm (2): SHA (2) Group-Description (4): Alternate 1024-bit MODP group (2) Authentication-Method (3): XAUTHInitPreShared (65001) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (2147483) Key-Length (14): Key-Length (256)
C:\>route print =========================================================================== Interface List 10 ...00 1d 09 3f 49 8d ...... Broadcom NetLink (TM) Fast Ethernet 7 ...00 1f 3c 4f 30 1d ...... Intel(R) PRO/Wireless 3945ABG Network Connection 1 ........................... Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.3 281 192.168.0.3 255.255.255.255 On-link 192.168.0.3 281 192.168.0.255 255.255.255.255 On-link 192.168.0.3 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.3 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.3 281 =========================================================================== Persistent Routes: None Author: Prof Bill Buchanan
Before Stateful firewall VPN connecting to the PIX/ASA
C:\>route print =========================================================================== Interface List 21 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter 10 ...00 1d 09 3f 49 8d ...... Broadcom NetLink (TM) Fast Ethernet 7 ...00 1f 3c 4f 30 1d ...... Intel(R) PRO/Wireless 3945ABG Network Connectio 1 ........................... Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 146.176.0.0 255.255.0.0 On-link 146.176.212.218 281 146.176.1.0 255.255.255.0 146.176.0.1 146.176.212.218 100 146.176.2.0 255.255.255.0 146.176.0.1 146.176.212.218 100 Author: Prof Bill Buchanan ... =========================================================================== Persist After connecting to the VPN Stateful firewall PIX/ASA
All other traffic goes not on 146.176.0.0 network goes through non-VPN connection
VPN connection
146.176.0.1
192.168.0.1 cr0.escra.uk.easynet.net [87.87.249.224] ip-87-87-146-129.easynet.co.uk [87.87.146.129] be2.er10.thlon.ov.easynet.net [195.66.224.43] linx-gw1.ja.net [195.66.224.15] so-0-1-0.lond-sbr4.ja.net [146.97.35.129] so-2-1-0.leed-sbr1.ja.net [146.97.33.29] EastMAN-E1.site.ja.net [146.97.42.46] vlan16.s-pop2.eastman.net.uk [194.81.56.66] gi0-1.napier-pop.eastman.net.uk [194.81.56.46]
C:\>tracert www.napier.ac.uk Tracing route to www.napier.ac.uk [146.176.222.174] over a maximum of 30 hops: 1 2 3 57 ms 58 ms 58 ms 58 ms 56 ms 59 ms 57 ms 57 ms 56 ms 146.176.210.2 www.napier.ac.uk [146.176.222.174] www.napier.ac.uk [146.176.222.174]
Author: Prof Bill Buchanan
VPN connection
146.176.0.1
Prof Bill Buchanan, Leader, Centre for Distributed Computing and Security http://www.dcs.napier.ac.uk/~bill Room: C.63