How Can You Screw up a Network?

aztektum asks: "Like a lot of Slashdot readers, I have setup my own home network. It isn't tricked out with all the fanciest hardware, but I do have a switch, BSD based firewall, I have configured e-mail (again on BSD), NFS and Samba, as well as remote access services like SSH and FTP. Now my line of work isn't networking or computer related at all. This is a personal hobby and a fairly new one for me (relatively speaking compared to others). I'm looking to learn more about managing problems with networks, but have no idea where to start. With such a small setup and only supporting two users (myself and a roommate) this isn't exactly enterprise level with enterprise level ups and downs. What are some ways I can screw up my network to troubleshoot problems and gain some insight? Also, what are some reference materials that you have found to be educational with relation to network administration?"

just a few thoughts

[Hardwyred]

Take a hub and plug it into your switch. You have to use a hub for this to work, or if you have a really cheesy switch I guess it could work without the hub. Now take an ethernet cable and plug both ends into the hub. Viola, instant layer 2 loop.
Run an ethernet cable (yours perhaps) next to a space heater/box fan/large electric motor of your choice. Periodicaly turn that motor on and off. Instant link loss due to a spike on the line. WARNING, this one could jack up your switch/computer so be sensible.
If you are really green, give your roommate and your computer the same IP.
Take a short ethernet cable and untwist it (take it out of its shielding and untwist the wires). Put it back together in various ways and see how fast/slow your download rates become.

Cable tricks and other tricks

[Kymermosst]

Take an ethernet cable and flex it back and forth (crease-style). Works best with solid conductor cable (I hardly ever see braided anyway). Chances are you'll seriously thin out or break a wire, and if it's one of the right four, you'll have issues.

Two DHCP servers on the same LAN is fun.

Plug a crossover cable between two ports on your switch. See what happens (most should disable both ports, but some freak out).

Crimp your own ethernet cables. That leads to all kinds of fun the first few times you try it.

Meh.. I'm not good at breaking stuff, that's all I can think of.

Try building a firewall script... by hand...

[WoTG]

OK, maybe this is flamebait... maybe not.

The first time I tried to setup a really locked down network (i.e. better than a NAT by allowing specific outgoing traffic only) I screwed up royally. Actually, I still would have significant difficulties without a good GUI.

For a crash course in the difference between UDP and TCP and how IP ports work and what NATs do, IMHO, there's nothing better than actually trying to create a "secure" firewall that still lets you do the stuff you normally expect. E.g. email, web, P2P (take your pick), streaming media, DNS resolution (which is way more complex than I would have imagined).

setup a honeynet and queueing

[pr0m]

setup a honeynet on a network that connects to the internet through the same router as your private lan. i found this challenging because i had to think of the worse case scenarios to mitigate with the firewall on the router. be sure to implement a working queue with altq so that your private network gets a higher priority than the honeynet on outbound traffic. it's also interesting because you learn about how "hackers", "crackers", and "script kiddies" launch attacks and what they do with the machines that they take over.

guest account

[dimss]

Create SSH-accessible "guest" account on your router or server. Set password to "guest". They will come to your network within 24 hours. Make sure they can't do much with this account! Most probably they will try to download local exploits and other nasty tools.

I have created "guest" account on my Linksys router three days ago. Someone from Romania discovered this account next morning. They downloaded some binary files and tried to run them. Idiots! Binaries were for i386 but Linksys router is MIPS :)

Re:Cable tricks and other tricks

[anticypher]

Crimp your own ethernet cables

I have a box of subtly bad ethernet cables from a reputable commercial source (its now marked "special cables for special lusers"), nice molded strain reliefs with tab protectors.

Normal straight through ethernet cables are wired like this:
1->1
2->2
3->3
6->6

These cables are wired similar to:
1->1
2->2
3->6
6->3

There are also some crossovers with similar polarity problems.

With just one of the directions having the wrong polarity, depending on which brands of NICs on each end, there are all kinds of bizarre problems. Sometimes things work (cisco to intel, but not with auto-negotiate), sometimes you get errors (realtek 81x9), sometimes link status doesn't come up in one direction but is fine in the other direction, sometimes nothing at all works.

I hand these out to people I don't like, those who beg cables off me for "just a few days".

the AC

Re:etherkiller myths

[anticypher]

Etherkillers shouldn't cause any immediate problems for anything up to 240V, you really need 480V or higher to start frying things. Electrical safety laws require isolation of up to 500VAC for a period of 48 hours, hence the isolation block on all NICs. The point where a card will start to smoke is usually higher than the breakdown voltage on the insulation of the wiring, cat5 or cat6 will break down at 350-600VAC, so its difficult to get enough voltage directly into a NIC to cause anything spectacular to happen. That I'm conversant in such matters is a good indication not to ever get me in a bad mood.

I once worked in a building that was on three phase power, where the outlets in each of the two wings off the main building were on different phases. The main wiring closet was in the main building, and the end points were plugged into PCs and hubs on a different phase. So there was 138VAC between the PCs and the main ethernet switches. NICs in PCs would last a few weeks before quietly failing, ports in switches lasted about two months. Every 3 months or so the company would just have to replace an entire 24 port blade. It was cheaper for them to keep their smartnet contracts up to date than to insist on an electrician fixing the problem since their lease was almost finished. The company that followed them into the building nearly burned it down the first week because of the improper electrical wiring, and much hilarity ensued.

the AC

You should have tried harder to destroy the PIX

Staple your cables

[Phreakiture]

Just as simple as that.... In stapling up your cables to walls, joists, studs or whatever, drive a staple through the cable.

I did that at least two times while setting up my home network. The first one shorted out a pair, and the cable was fine as soon as I removed the staple. The second one apparently severed a conductor, but then bridged it. That cable worked just fine until I removed the staple.

Needless to say, I have since acquired a cable-safe staple gun. It has a wire guide on its tip (you straddle the cable with the guide and it keeps the cable out of the way of the outcoming staple) and it uses rounded staples.