Sei sulla pagina 1di 25

K7+ : Q & A

1.3 Spanning-Tree Domains for Switched Network Configure STP on all fours switches as per the following requirements:

Use domain name as "cisco" without quote Enable IEEE 802.1w on all four switches. SW1 must be elected root for ALL ODD VLANS and backup for ALL EVEN VLANS. SW2 must be elected root for ALL EVEN VLANS and backup for ALL ODD VLANS. Ensure the two switches send out the configured timer about 1sec. Configure native vlan as VLAN 999 and ensure is tagged. All unused ports should be administratively shut-down and defined as access ports on VLAN 999. Don't forget GigaEthernet ports (2 ports).

Complete Soln: SW1 SW4 vlan dot1q tag native Spanning-tree mode mst Spanning-tree mst configuration name cisco revision 1 instance 3 vlan 1 4094 instance 1 vlan 17,29,45,67,89,101,103,333,999 instance 2 vlan 34,38,56,100,102,104,200,300,500,666

int range Fa 0/19 24 sw trunk encap dot1q sw mode trunk sw trunk native vlan 999

inter range [unused-ports] sw mode acc sw acc vlan 999

shu SW1 Spanning-tree mst 1 priority 0 Spanning-tree mst 0 priority 0 Spanning-tree mst 2 priority 4096 Spanning-tree mst hello-time 1 int Po 12 sw trunk native vlan 999 ////Add this, you will have native vlan mismatch error msg if Po is not treated////

SW1 Spanning-tree mst 2 priority 0 Spanning-tree mst 0 priority 4096 Spanning-tree mst 1 priority 4096 Spanning-tree mst hello-time 1 int Po 12 sw trunk native vlan 999 ////Add this, you will have native vlan mismatch error msg if Po is not treated////

Note: If the question says switches should run in 802.1w mode and also give mst domain name, use MST. Immediately you configure mst, pvst start running. You need to add private-vlan VLAN range to the appropriate mst instance later. 1.4 Switch Trunking and Ether-channel Refer to Diagram 5 Trunk ports, and configure your network as per the following requirements:

All inter-switch links must use encapsulation 802.1Q Disable DTP on all trunks Ensure that the native VLAN (VLAN 999) is always tagged Configure a 200Mbps ether-channel between SW1 and SW2 based on Cisco propriety method, SW2 should NOT actively start it.

If more channel members are added in future, Fa0/24 must have the best chance to be the first active port in the channel Links must be load-balanced based on the source and destination mac addresses

Complete Soln: SW1 SW4 int range Fa0/19-24 switchport nonegotiate exit SW1 Port-channel load-balance src-dst-mac Int range Fa0/23 24 Channel-group 12 mode desirable Int range Fa0/24 pagp port-priority 255

SW2 Port-channel load-balance src-dst-mac Int range Fa0/23 24 Channel-group 12 mode auto Int range Fa0/24 pagp port-priority 255

1.6 PPP over Ethernet Configure PPPoE between R3 and R4 according to the following requirements:

Configure R3 as the PPPoE server and R4 as a PPPoE client Configure group name as CISCO Ensure R4 always gets the same IP address. Use DHCP server

Ensure no interleaving in PPPoE link. R3 must require R4 to authenticate using CHAP but R4 must NOT require R3 to authenticate. Do NOT use the ppp chap hostname command on R4. Use CISCO as CHAP password for R4. Make sure that all CHAP passwords are shown in clear text in the configuration.

Note: please read the question patiently as any of R3/R4 could be mentioned as PPPoE server. Complete Soln: R3 username RackYYR4 password CISCO bba-group pppoe CISCO virtual-template 1 interface Gi 0/0 */// R3 interface facing R4///* no ip address pppoe enable group CISCO interface virtual-template 1 ip address YY.YY.34.3 255.255.255.0 peer default ip address dhcp-pool POOL ppp authentication chap ip dhcp pool POOL host YY.YY.34.4 255.255.255.0 client-identifier 0063.6973.636f.2d61.6162.622e.6363.3030.2e30.3430.302d.4469.31 client-name RackYYR4

Note: You can find client-id from server by issuing "debug ip dhcp server packet

*Feb 3 03:33:38.944: DHCPD: client's VPN is . *Feb 3 03:33:38.944: DHCPD: No option 125

*Feb 3 03:33:38.944: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d61.6162.622e.6363.3030.2e30.3430.302d.4469.31 on interface Virtual-Access2.1.

R4 interface Fa 0/1 *///R4 interface facing R3///* no ip address pppoe enable group CISCO pppoe-client dial-pool-number 1

interface dialer 1 ip address dhcp hostname RackYYR4 mtu 1492 encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent ppp chap password CISCO

If ppp authentication is required using aaa, FIX that.

1.7 Implement PPP over Frame Relay Configure the link between R1 and R2 for PPP over Frame-Relay according to the following requirements:

Use static frame relay maps with the broadcast capability Do not use dynamic ARP mapping Do not change anything in the frame-relay switch (R4) Use RFC1490/RFC2427 encapsulation Use the DLCI assignments from the table below Use the IP addressing as documented in diagram #x and use the largest subnet mask

Set the bandwidth administrative to 50000 Kb in the interfaces. Ensure R1 and R2 can ping self interface

o R1: DCLI 100 o R2: DLCI 200

Complete Soln: R1 interface Serial0/0/0 no ip address bandwidth 50000 encapsulation frame-relay IETF frame-relay interface-dlci 100 ppp Virtual-Template1

interface Virtual-Template1 ip address YY.YY.12.1 255.255.255.0

****OPTIONAL**** interface Virtual-Template1 no ip address multilink-group 1

interface multilink 1 ip address YY.YY.12.1 255.255.255.0

R2 interface Serial0/0/0

bandwidth 50000 no ip address encapsulation frame-relay IETF frame-relay interface-dlci 200 ppp Virtual-Template1

interface Virtual-Template1 ip address YY.YY.12.2 255.255.255.0

****OPTIONAL**** interface Virtual-Template1 no ip address multilink-group 1

interface multilink 1 ip address YY.YY.12.2 255.255.255.0

If task ask for self interface ping, read this to workaround that: http://blog.ine.com/2009/12/03/pingthyself-yet-again-pppofr/

2.3 Implement IPv4 RIP Configure RIPv2 per IGP topology diagram

RIP updates must be advertised only out the interface per IGP topology diagram. Disable auto-summarization Redistribute OSPF into RIP on R5 Ensure all EIGRP routes go via R5, all OSPF routes go via R3.

Note: Don't use any route filtering mechanism. Complete Soln: R4 router rip version 2 passive-interface default no passive-interface FastEthernet0/0 network YY.0.0.0 no auto-summary router ospf 100 distance ospf external 121

R5 router rip version 2 redistribute ospf 100 metric 5 passive-interface default no passive-interface FastEthernet0/1 network YY.0.0.0 no auto-summary

Variant: Configure RIPv2 per IGP topology diagram


RIP updates must be advertised only out the interface per IGP topology diagram. Disable auto-summarization Redistribute OSPF into RIP on R5 Ensure all routes generated from EIGRP YY and EIGRP 100 are be reachable via R5

Note: Don't use any route filtering mechanism. Complete Soln: [ Same as above ]

2.4 Redistribute OSPF & EIGRP Redistribute mutually between OSPF and EIGRP YY on R2 and R3 according to the following requirements:

Only external route in R2 and R3 should be the EIGRP 100 routes. On R2 and R3 ensure that all prefixes learned from OSPF should be seen as OSPF route and that the prefixes learned from EIGRP 100 should be seen as EIGRP External Route (D EX). No default route should be seen in this network.

NOTE: Don't use any filtering mechanism like route-map or distribute list to achieve this task, and make sure without doing any additional configuration you output should be valid for any future routes generated by BB3.

Complete Soln: R2 access-list 45 permit YY.YY.45.0 0.0.0.255 router eigrp YY redistribute ospf YY metric 10000 100 255 1 1500

router ospf YY redistribute eigrp YY subnets distance ospf external 171 distance 110 YY.YY.0.0 0.0.255.255 45

R3 access-list 45 permit YY.YY.45.0 0.0.0.255 router eigrp YY redistribute ospf YY metric 10000 100 255 1 1500

router ospf YY redistribute eigrp YY subnets distance ospf external 171 distance 110 YY.YY.0.0 0.0.255.255 45

To eliminate host route injected into EIGRP as D EX by PPPoFR....use below, If no such route, don't care about that. R2 router eigrp YY offset-list 1 out 2147483647 access-list 1 permit YY.YY.12.1 R3 router eigrp YY offset-list 1 in 2147483647 access-list 1 permit YY.YY.12.1

NOTE: no peer neighbor-route under Mu X interface might eliminate the /32 D EX on R3. Easier solution if you have access to ML interface.

2.5 Implement IPv4 iBGP Configure iBGP between R1, R2, R3, R4 and R5 according to the following requirements:

Where possible failure of a physical interface should not permanently affect BGP peer connections. Use only the Loopback 0 IP Addresses to propagate BGP route information within your BGP domain. Configure R3 & R5 as route-reflectors and they should have the same cluster-id. Minimize the number of BGP peering sessions and all iBGP speakers should be in AS YY. You are not allowed to use BGP peer-groups.

Complete Soln: R1 router bgp YY bgp router-id YY.YY.1.1 nei YY.YY.5.5 remote-as YY nei YY.YY.5.5 up lo0 nei YY.YY.5.5 send-community nei YY.YY.3.3 remote-as YY nei YY.YY.3.3 up lo0 nei YY.YY.3.3 send-community

R2 router bgp YY bgp router-id YY.YY.2.2 nei YY.YY.3.3 remote-as YY nei YY.YY.3.3 up lo0 nei YY.YY.3.3 send-community nei YY.YY.5.5 remote-as YY nei YY.YY.5.5 up lo0 nei YY.YY.5.5 send-community

R4 router bgp YY bgp router-id YY.YY.4.4 nei YY.YY.3.3 remote-as YY nei YY.YY.3.3 up lo0 nei YY.YY.3.3 send-community nei YY.YY.5.5 remote-as YY nei YY.YY.5.5 up lo0 nei YY.YY.5.5 send-community

R5 (RR) router bgp YY bgp router-id YY.YY.5.5

bgp cluster-id YY.YY.200.200 nei YY.YY.1.1 remote-as YY nei YY.YY.1.1 up lo0 nei YY.YY.1.1 route-reflector-cli nei YY.YY.1.1 send-community

nei YY.YY.2.2 remote-as YY nei YY.YY.2.2 up lo0 nei YY.YY.2.2 route-reflector-cli nei YY.YY.2.2 send-community nei YY.YY.4.4 remote-as YY nei YY.YY.4.4 up lo0 nei YY.YY.4.4 route-reflector-cli nei YY.YY.4.4 send-community

R3 ( RR) router bgp YY bgp router-id YY.YY.3.3 bgp cluster-id YY.YY.200.200 nei YY.YY.1.1 remote-as YY nei YY.YY.1.1 up lo0 nei YY.YY.1.1 route-reflector-cli nei YY.YY.1.1 send-community

nei YY.YY.2.2 remote-as YY nei YY.YY.2.2 up lo0 nei YY.YY.2.2 route-reflector-cli nei YY.YY.2.2 send-community nei YY.YY.4.4 remote-as YY nei YY.YY.4.4 up lo0 nei YY.YY.4.4 route-reflector-cli nei YY.YY.4.4 send-community

2.6 Implement IPv4 eBGP Configure eBGP on R1 and R2 according to the following requirements:

R1 eBGP peers with the router 150.1.YY.ZZ on Backbone 1 AS 254 R2 eBGP peers with the router 150.2.YY.ZZ on Backbone 2 AS 254 R2 should generate a warning if more than 3 prefix is received. Do not change the BGP next-hop anywhere. Determine BB addresses by any means Secure eBGP session between R1 and BB1 without using password command

Note: R1 routes as as-path 253 254, - R2 routes have as-path 254 Complete Soln: R1 router bgp YY nei 150.1.YY.254 remote-as 254 nei 150.1.YY.254 ttl-security hops 1

R2 router bgp YY nei 150.2.YY.254 remote-as 254 nei 150.2.YY.254 maximum-prefix 3 100 war nei 150.2.YY.254 route-map BB1 in route-map BB1 permit 10 set as-path pre 253

2.8 Implement VRF-Lite Configure the network as per the following requirements:

VLAN 101 -104 and VLAN interfaces are all pre-configured for you. Configure the VRF name and parameters as per the diagram provided and the names are case sensitive and you must determine which interface belongs to which VRF. Configure SW1 SW2 and SW3 to use BGP to communicate between AS101 and AS102 using SVI interfaces Without using any route leaking on SW4, the ping from SW1 loopback 100 to SW2 loopback 100 MUST go through SW4 SW2 loopback 100 must be able to ping SW1 and SW4 loopback 100 In SW1, SW2 and SW3 (ROUTES ORIGINATED IN ONE VRF CANNOT BE SEEN IN OTHER VRF) Make sure that 100.x.x.x address space is not seen in any global routing table.

Compele Soln:

SW1-SW4 vlan 101 vlan 102 vlan 103 vlan 104 ip routing ///In case no routing already running/// ip cef distributed

SW1 ip vrf AS101 rd 1:1 int lo100 ip vrf forwarding AS101 ip addr 100.1.1.1 255.255.255.255 no shut

int vlan101 ip vrf forwarding AS101

ip addr YY.YY.101.6 255.255.255.0 no shut router bgp 101 no synchronization bgp router-id 100.1.1.1 bgp log-neighbor-changes neighbor YY.YY.101.8 remote-as 100 (SW3) no auto-summary ! address-family ipv4 vrf AS101 neighbor YY.YY.101.8 remote-as 100 neighbor YY.YY.101.8 activate no synchronization network 100.1.1.1 mask 255.255.255.255 exit-address-family

RackYYSW1#sh ip bgp vpnv4 vrf AS101 sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd YY.YY.101.8 4 100 1594 1580 49 0 0 00:21:44 4

SW2 ip vrf AS102 rd 2:2 int lo 100 ip vrf forwarding AS102 ip addr 100.2.2.2 255.255.255.255 int vlan 102 ip vrf forwarding AS102 ip addr YY.YY.102.7 255.255.255.0 no shut router bgp 102

no synchronization bgp router-id 100.2.2.2 bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf AS102 neighbor YY.YY.102.8 remote-as 100 (SW3) neighbor YY.YY.102.8 activate no synchronization network 100.2.2.2 mask 255.255.255.255 exit-address-family

RackYYSW2#sh ip bgp vpnv4 vrf AS102 sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd YY.YY.102.8 4 100 1597 1585 53 0 0 00:22:56 4

SW3 ip vrf AS101 rd 1:1 ip vrf AS102 rd 2:2

int vlan 101 ip vrf forwarding AS101 ip addr YY.YY.101.8 255.255.255.0 no shut int vlan 102 ip vrf forwarding AS102 ip addr YY.YY.102.8 255.255.255.0 no shut int vlan 103

ip vrf forwarding AS101 ip addr YY.YY.103.8 255.255.255.0 no shut int vlan 104 ip vrf forwarding AS102 ip addr YY.YY.104.8 255.255.255.0 no shut router bgp 100 no synchronization bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf AS102 neighbor YY.YY.102.7 remote-as 102 neighbor YY.YY.102.7 activate neighbor YY.YY.104.9 remote-as 100 neighbor YY.YY.104.9 activate no synchronization bgp router-id YY.YY.102.8 exit-address-family ! address-family ipv4 vrf AS101 neighbor YY.YY.101.6 remote-as 101 neighbor YY.YY.101.6 activate neighbor YY.YY.103.9 remote-as 100 neighbor YY.YY.103.9 activate no synchronization bgp router-id YY.YY.101.8 exit-address-family

RackYYSW3#sh ip bgp vpnv4 vrf AS101 sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd YY.YY.101.6 4 101 1585 1599 193 0 0 00:26:48 2 YY.YY.103.9 4 100 1597 1576 193 0 0 00:24:11 4

RackYYSW3#sh ip bgp vpnv4 vrf AS102 sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd YY.YY.102.7 4 102 1588 1601 193 0 0 00:27:23 2 YY.YY.104.9 4 100 1602 1580 193 0 0 00:24:42 4

SW4 ip vrf AS100 rd 3:3 int lo100 ip vrf for AS100 ip addr 100.4.4.4 255.255.255.255

int vlan103 ip vrf for AS100 ip addr YY.YY.103.9 255.255.255.0 no shut int vlan 104 ip vrf for AS100 ip addr YY.YY.104.9 255.255.255.0 no shut router bgp 100 no synchronization bgp router-id 100.4.4.4 bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf AS100 neighbor YY.YY.103.8 remote-as 100 neighbor YY.YY.103.8 activate neighbor YY.YY.103.8 default-originate neighbor YY.YY.104.8 remote-as 100

neighbor YY.YY.104.8 activate neighbor YY.YY.104.8 default-originate no synchronization exit-address-family

RackYYSW4#sh ip bg RackYYSW4#sh ip bgp vpnv4 vrf AS100 sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd YY.YY.103.8 4 100 1579 1601 55 0 0 00:28:04 2 YY.YY.104.8 4 100 1583 1605 55 0 0 00:27:48 2

PING/TRACE TEST

RackYYSW3#sh ip route vrf AS101 Routing Table: AS101 Gateway of last resort is YY.YY.103.9 to network 0.0.0.0 100.0.0.0/32 is subnetted, 2 subnets B 100.4.4.4 [200/0] via YY.YY.103.9, 00:30:20 B 100.1.1.1 [20/0] via YY.YY.101.6, 00:32:56 YY.0.0.0/24 is subnetted, 3 subnets C YY.YY.101.0 is directly connected, Vlan101 C YY.YY.103.0 is directly connected, Vlan103 B YY.YY.104.0 [200/0] via YY.YY.103.9, 00:30:20 B* 0.0.0.0/0 [200/0] via YY.YY.103.9, 00:30:20 RackYYSW3#

RackYYSW3#sh ip route vrf AS102 Routing Table: AS102 Gateway of last resort is YY.YY.104.9 to network 0.0.0.0 100.0.0.0/32 is subnetted, 2 subnets B 100.4.4.4 [200/0] via YY.YY.104.9, 00:29:21 B 100.2.2.2 [20/0] via YY.YY.102.7, 00:32:02 YY.0.0.0/24 is subnetted, 3 subnets C YY.YY.102.0 is directly connected, Vlan102 B YY.YY.103.0 [200/0] via YY.YY.104.9, 00:29:21 C YY.YY.104.0 is directly connected, Vlan104 B* 0.0.0.0/0 [200/0] via YY.YY.104.9, 00:29:21 RackYYSW3# RackYYSW1#pin vrf AS101 100.2.2.2 sou Loopback100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.2.2.2, timeout is 2 seconds: Packet sent with a source address of 100.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms RackYYSW1#

RackYYSW1#trace vrf AS101 100.2.2.2 Type escape sequence to abort. Tracing the route to 100.2.2.2 1 YY.YY.101.8 0 msec 8 msec 0 msec 2 YY.YY.103.9 8 msec 0 msec 9 msec 3 YY.YY.104.8 0 msec 8 msec 9 msec 4 YY.YY.102.7 8 msec * 0 msec RackYYSW1# RackYYSW2#traceroute vrf AS102 100.1.1.1 Type escape sequence to abort. Tracing the route to 100.1.1.1

1 YY.YY.102.8 0 msec 8 msec 0 msec 2 YY.YY.104.9 0 msec 8 msec 0 msec 3 YY.YY.103.8 9 msec 8 msec 0 msec 4 YY.YY.101.6 0 msec * 8 msec RackYYSW2#

2.9 IPV6 Tunneling IPv6 addressing is preconfigured on your network. Configure your network as per the following requirements:

Create a Loopback 12 interfaces on R2 with IPv6 address 2001:102:102:102::2/128 Enable OSPFv3 on R2 loopback 12 and place it in OSPF area 12, use process 2001. The PPP link between R1 and R2 is an IPv4-only link. Ensure R1 is the OSPF ABR for area 12 You are allowed to create another interface but no new IPv6 interface other then R2s loopback 12 or IPv4 address anywhere to accomplish the task. R1 G0/1 and R2 G0/0 are already enabled for IPv6 DO NOT modify their IPv6 configurations. Ensure R2s Loopback 12 is reachable from any IPv6 device

Complete Soln: R2 ipv6 router ospf 2001 router-id YY.YY.2.2 interface Loopback12 no ip address ipv6 address 2001:102:102:102::2/128 ipv6 ospf 2001 area 12 interface Tunnel12 no ip address ipv6 unnumbered Loopback0

ipv6 ospf 2001 area 12 tunnel source Loopback0 tunnel destination YY.YY.1.1

R1 interface Tunnel12 no ip address ipv6 unnumbered Loopback0 ipv6 ospf 2001 area 12 tunnel source Loopback0 tunnel destination YY.YY.2.2

RackYYSW1#ping 2001:102:102:102::2 so lo0 Sending 5, 100-byte ICMP Echos to 2001:102:102:102::2, timeout is 2 seconds: Packet sent with a source address of 2001:YY:6::6 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 67/70/76 m

2.10 IPv6 Traffic Filtering Configure your network so that only traffic destined to the following IPv6 reserved address are BLOCKED from entering your network via R1

Documentation prefixes All multicast prefixes 6to4 address block

Complete Soln: R1 ipv6 access-list BLOCK_IPV6_RESERVED deny ipv6 any 2001:DB8::/32 deny ipv6 any FF00::/8

deny ipv6 any 2002::/16 permit ipv6 any any interface GigabitEthernet0/1 /// Interface facing BB1 /// ipv6 enable ipv6 traffic-filter BLOCK_IPV6_RESERVED in

4.2 Implement Zone Base Firewall The following are the informations about a WORM that is spreading from the inside of your network to the outside:

The worm uses only HTTP port 80 to infect many targets on the internet The worm sends many GET requests to different URLs The requests always carry the word attack Configure zone-based firewall on R1 according to the following: Reset any suspicious HTTP connection that may be attributed to the worm. Implement additional mitigation by setting the following parameters to all HTTP traffic going out from the in (can be out) side Set the one min low threshold to 400 half open sessions Set the one min high threshold to 500 half open sessions Ensure that any other traffic flowing through R1 in not inspected NO new class map may be created[size=4]

The following test must produce the same output: RackYYR1#ping 150.1.YY.254 [size=4]Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.YY.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 23/18/37 ms RackYYR1#telnet 150.1.YY.254 80 Trying 150.1.YY.254 , 80 Open GET attack

Complete Soln: parameter-map type regex attack pattern attack class-map type inspect http match-all CMAP_ATTACK match request uri regex attack policy-map type inspect http PMAP_ATTACK class type inspect http CMAP_ATTACK reset log parameter-map type inspect HTTP one-minute low 400 one-minute high 500 class-map type inspect match-all CMAP_HTTP match protocol http policy-map type inspect PMAP_HTTP class type inspect CMAP_HTTP inspect HTTP service-policy http PMAP_ATTACK class class-default pass policy-map type inspect PMAP_ALLOW_ALL class class-default pass Step 8: Define INSIDE and OUTSIDE zone and assign interface in ZONE zone security INSIDE zone security OUTSIDE int G0/0 zone-member security INSIDE int S0/0/0 zone-member security INSIDE int S0/0/1 zone-member security INSIDE int G0/1

zone-member security OUTSIDE zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE service-policy type inspect PMAP_HTTP zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE service-policy type inspect PMAP_ALLOW_ALL

RackYYR1#telnet 150.1.YY.254 80 Trying 150.1.YY.254 , 80 Open GET attack [Connection to 150.1.YY.254 closed by foreign host]

Let's keep it rolling.

Thank you all. RIKITEE.