Personal tools

Difference between revisions of "Service:Network"

From Eth0Wiki

Jump to: navigation, search
Line 2: Line 2:
  
 
==Network design==
 
==Network design==
There will be a flat network with a single uplink. Nothing is known yet about the availability of public ip space. Depending on the availability of the hardware, the topology will either be ring or star based. In both situations, multiple distribution switches will be available on the fields.
+
There will be a flat network with a single uplink. Nothing is known yet about the availability of public ip space. Depending on the availability of the hardware, the topology will either be ring or star based. In both situations, multiple distribution switches will be available on the fields. Due to the decision to deliver a stable and robust network, the plans for setting up multiple vlan's to prevent abuse is dropped. Instead, a flat network will be created. There will be a separate vlan for hacking purposes, if you'd like a port in there, contact noc@ when laying a cable to a distribution point.
 +
 
 +
==Network facilities==
 +
The organisation will provide a DHCP/DNS server, together with rate-limited and firewalled low-bandwith internet. There will also be multiple file / gaming serves on the network, of which a list is provided below:
 +
 
 +
{
 +
!Service
 +
!IP Address
 +
!Provided by
 +
!Details
 +
!-
 +
|FTP
 +
|n/a
 +
|#mononoke
 +
|2TB raid5
 +
|-}
  
 
==Getting uplink==
 
==Getting uplink==
 
When you've setup all your gear, lay a cable to one of the distribution points. Noc engineers will periodically scan all the distribution points to connect all the cable's there. Under no circumstances it's permitted that you connect your own cable yourself!
 
When you've setup all your gear, lay a cable to one of the distribution points. Noc engineers will periodically scan all the distribution points to connect all the cable's there. Under no circumstances it's permitted that you connect your own cable yourself!
 
==IDPS monitoring==
 
To prevent abuse of the network and it's uplink, several IDS sensors will be placed on the network, together with IPS software. These sensors will detect and respond to the following scenario's:
 
 
==Malware distribution==
 
If your system is malware infected or is active part of a botnet, your switchport will be configured to be part of the quarantine network. In this network, the only connectivity you'll have is with the FTP server provided with the organisation. You will notice you are in this vlan by checking your webbrowser. If it displays the quarantine page, follow the onscreen instructions or contact noc@
 
  
 
==Hacking==
 
==Hacking==
No hacking of other systems is allowed on this event. If you're caught you'll be subjected to the dutch laws and we'll be glad to hand you over to local authorities. If you're still unwise enough to hack other systems, please be aware that we have prepared a special vlan, just for you kiddies :)
+
No hacking of other systems is allowed on this event. If you're caught you'll be subjected to the dutch laws and we'll be glad to hand you over to local authorities.
  
* [[User:Mathijs|Mathijs]]: Perhaps an idea to organise a hacking contest on this special vlan?
+
* [[User:Mathijs|Mathijs]]: Perhaps an idea to organise a hacking contest on this special vlan? (See special hacking vlan, let it organise itself :)
  
 
==Network hardware==
 
==Network hardware==

Revision as of 20:03, 29 June 2008

About this service
Contact: r3boot
E-mail: noc@eth-0.nl

Network design

There will be a flat network with a single uplink. Nothing is known yet about the availability of public ip space. Depending on the availability of the hardware, the topology will either be ring or star based. In both situations, multiple distribution switches will be available on the fields. Due to the decision to deliver a stable and robust network, the plans for setting up multiple vlan's to prevent abuse is dropped. Instead, a flat network will be created. There will be a separate vlan for hacking purposes, if you'd like a port in there, contact noc@ when laying a cable to a distribution point.

Network facilities

The organisation will provide a DHCP/DNS server, together with rate-limited and firewalled low-bandwith internet. There will also be multiple file / gaming serves on the network, of which a list is provided below:

{ !Service !IP Address !Provided by !Details !- |FTP |n/a |#mononoke |2TB raid5 |-}

Getting uplink

When you've setup all your gear, lay a cable to one of the distribution points. Noc engineers will periodically scan all the distribution points to connect all the cable's there. Under no circumstances it's permitted that you connect your own cable yourself!

Hacking

No hacking of other systems is allowed on this event. If you're caught you'll be subjected to the dutch laws and we'll be glad to hand you over to local authorities.

  • Mathijs: Perhaps an idea to organise a hacking contest on this special vlan? (See special hacking vlan, let it organise itself :)

Network hardware

Hardware to be used in the NOC, field distribution and end users connectivity.

  • 3x Extreme Summit 48 (48x 10/100mbit rj45, 2x Gbic + 2x failover Gbic)
  • 30x Nortel Baystack 450 (24x 10/100mbit rj45, 1 MDA slot, 1 Cascade slot)
  • 24x 1000sx Gbic
  • Cisco 6509 Chassis / Redundant PSU
    • WS-X6416-GBIC (16x Gbic)
    • ws-X6K-SUP2-2GE (Supervisor 2x Gbic)
    • WS-X6348= (48x 10/100mbit rj45)