Russ

Author Archives: Russ

The Hedge 87: Jordan Holand and nPrint

The network monitoring world is rife with formats for packets being measured—every tool has its own format. What would make things a lot better for network engineers is a standard data representation for packet analysis, no matter what format packets are captured in. Jordan Holland joins Russ White and Tom Ammon on this episode of the Hedge to discuss the problem and nprint, a standard packet analysis format and tools for converting from other formats.

You can find out more about nprint here.

download

Weekend Reads 060421


Comcast recently conducted its first test of the DOCSIS 4.0 technology and achieved a symmetrical 4-gigabit connection. The test was enabled by a DOCSIS 4.0 chip from Broadcom.


Ultimately, the incident stemmed from a ransomware infection in which a well-known threat actor took volumes of corporate data in just two hours and made their demands including the threat to block and encrypt the company’s network.


Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants, an environmental engineering firm based in the Washington, D.C. area. Those who responded were told their application for employment was being reviewed and that they should email Troy Gwin — Geosyntec’s senior recruiter — immediately to arrange a screening interview.


Seagate has been working on dual-actuator hard drives—drives with two independently controlled sets of read/write heads—for several years. Its first production dual-actuator drive, the Mach.2, is now “available to select customers,” meaning that enterprises can buy it directly from Seagate, but end-users are out of luck for now.


The purpose of cloud migration is to move your on-premise network to a bigger network operated by someone else. It replaces and improves network security, Continue reading

The Hedge 86: TCPLS

TCP and QUIC are the two primary transport protocols in use on the Internet today—QUIC carries a large part of the HTTP traffic that makes the web work, while TCP carries most everything else that expects reliability. Why can’t we apply the lessons from QUIC to TCP so we can merge these two protocols, unifying Internet transport? TCPLS is just such an attempt at merging the most widely used reliable transport protocols.

You can read more about TCPLS here.

download

Illusory Correlation and Security

Fear sells. Fear of missing out, fear of being an imposter, fear of crime, fear of injury, fear of sickness … we can all think of times when people we know (or worse, a people in the throes of madness of crowds) have made really bad decisions because they were afraid of something. Bruce Schneier has documented this a number of times. For instance: “it’s smart politics to exaggerate terrorist threats”  and “fear makes people deferential, docile, and distrustful, and both politicians and marketers have learned to take advantage of this.” Here is a paper comparing the risk of death in a bathtub to death because of a terrorist attack—bathtubs win.

But while fear sells, the desire to appear unafraid also sells—and it conditions people’s behavior much more than we might think. For instance, we often say of surveillance “if you have done nothing wrong, you have nothing to hide”—a bit of meaningless bravado. What does this latter attitude—“I don’t have anything to worry about”—cause in terms of security?

Several attempts at researching this phenomenon have come to the same conclusion: average users will often intentionally not use things they see someone they perceive as paranoid using. Continue reading

Weekend Reads 052821


The round trip time to the root servers is dependent on multiple factors, but particularly, the proximity of a root server instance and it being routed to in the most efficient way.


UMN computer science researchers who were interested in the ability to intrude bad code into the Linux kernel abused submission processes, faking supportive reviews, to insert code deep in the operating system codebase.


Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers.


We are launching a new Privacy Breakdown of Mobile Phones “playlist” on Surveillance Self-Defense, EFF’s online guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.


This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to critical business information or extract money through email-based fraud.


Email Campaign builders (marketers) are flying blind. I know ESPs are genuinely timely about rolling out new products for their marketers, but there is a colossal gap in adopting data science and MLops into the email campaign building workflow.


The web has evolved a Continue reading

Dennis Jennings and the History of NSFNET

The NSFNET followed the CSNET, connecting the campuses of several colleges and supercomputing systems with a 56K core in 1986. The NSFNET was the first large-scale implementation of Internet technologies in a complex environment of many independently operated networks, and forced the Internet community to iron out technical issues arising from the rapidly increasing number of computers and address many practical details of operations, management and conformance. The NSF eventually became the “seed” of the commercialized core of the Internet, playing an outsized role in the current design of routing, transport, and other Internet technologies.

In this episode of the History of Networking, Dennis Jennings joins Donald Sharp and Russ White to discuss the origins and operation of the NSFNET.

You can find out more about Dennis and the NSFNET in the following links.

https://internethalloffame.org/inductees/dennis-jennings
https://en.wikipedia.org/wiki/National_Science_Foundation_Network
https://www.nsf.gov/news/news_summ.jsp?cntn_id=103050
http://arvidc.weebly.com/nsfnet.html

download

Is it really the best just because its the most common?

I cannot count the number of times I’ve heard someone ask these two questions—

  • What are other people doing?
  • What is the best common practice?

While these questions have always bothered me, I could never really put my finger on why. I ran across a journal article recently that helped me understand a bit better. The root of the problem is this—what does best common mean, and how can following the best common produce a set of actions you can be confident will solve your problem?

Bellman and Oorschot say best common practice can mean this is widely implemented. The thinking seems to run something like this: the crowd’s collective wisdom will probably be better than my thinking… more sets of eyes will make for wiser or better decisions. Anyone who has studied the madness of crowds will immediately recognize the folly of this kind of state. Just because a lot of people agree it’s a good idea to jump off a cliff does not mean it is, in fact, a good idea to jump off a cliff.

Perhaps it means something closer to this is no worse than our competitors. If that’s the meaning, though, it’s a pretty cynical Continue reading

Weekend Reads 052121


One of the major takeaways from the Web Globalization Report Card is the importance of providing “front doors” to your localized websites.


If you want to break into datacenter compute in a sustainable way, it takes the patience of a glacier. And not just any glacier, but one that predates the Industrial Revolution.


35 million phone numbers are disconnected every year in the U.S., according to the Federal Communications Commission. Most of these numbers are not disconnected forever; after a while, carriers reassign them to new subscribers.


Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems.


As a cybersecurity professional, I relate to those old movie scenes where a character is starting to lose it, someone delivers a firm face slap, and the first character pulls it together, saying, “Thanks, I needed that.”


Our passwords can say a lot about us, and much of what they have to say is unflattering. In a world in which all databases — including hacker forums — are eventually compromised and leaked online, it can be tough for cybercriminals Continue reading

The Hedge 84: David Brown and the Root of Trust

Many engineers just assume that secure hardware boot is, in fact, secure. How does this security work, and just how secure is it, though? David Brown joins Tom Ammon, Eyvonne Sharp, and Russ White on this episode of the Hedge to discuss the secure boot loader in some detail. For more information on the secure boot loader and IoT, see David’s presentation at the Open Source Summit.

download

The Effectiveness of AS Path Prepending (2)

Last week I began discussing why AS Path Prepend doesn’t always affect traffic the way we think it will. Two other observations from the research paper I’m working off of are:

  • Adding two prepends will move more traffic than adding a single prepend
  • It’s not possible to move traffic incrementally by prepending; when it works, prepending will end up moving most of the traffic from one inbound path to another

A slightly more complex network will help explain these two observations.

Assume AS65000 would like to control the inbound path for 100::/64. I’ve added a link between AS65001 and 65002 here, but we will still find prepending a single AS to the path won’t make much difference in the path used to reach 100::/64. Why?

Because most providers will have a local policy configured—using local preference—that causes them to choose any available customer connection over other paths. AS65001, on receiving the route to 100::/64 from AS65000, will set the local preference so it will prefer this route over any other route, including the one learned from AS65002. So while the cause is a little different in this case than the situation covered in the first post, the result is the Continue reading

Controversial Reads 051521


Apple’s long-awaited privacy update for iOS is out, and it’s a solid step in the right direction.


A little over a year into the COVID-19 pandemic, our reliance on private, safe, and secure communication has become more critical than ever.


Today, the “datasphere”, or the volume of data in the world – is estimated to be over 60 Zettabytes. We even have a term for it: Big Data.


Last year, Facebook created its widely dubbed “Supreme Court” (officially the Oversight Board) in an effort to outsource some of the platform’s most difficult content decisions.


Just stop. Stop telling us why your 5G network is the very best and fastest and most reliable. Stop running commercials about how life-changing your 5G network is.


Founded in 1987 by Chinese native Morris Chang, Taiwan Semiconductor Manufacturing Company (TSMC) was the first “pure play” foundry, a manufacturer of integrated circuits designed by other companies.


Everyday, your personal information is being harvested by your smart phone applications, sold to data brokers, and used by advertisers hoping to sell you things.


One skill he focuses on is abduction, which was Sherlock Holmes’s favorite method.


Yesterday, The Epoch Times reported on leaked internal Chinese government documents revealing Continue reading

Weekend Reads 051421


For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic.


Research into methods of attacking machine-learning and artificial-intelligence systems has surged—with nearly 2,000 papers published on the topic in one repository over the last decade—but organizations have not adopted commensurate strategies to ensure that the decisions made by AI systems are trustworthy


Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse.


But the Advanced Persistent Threat (APT) carries with it a worrying sub-text that requires further exploration as companies continue to tackle the ongoing issues of a global pandemic and an increasingly fatigued and remote workforce.


With organizational data practices coming under increasing scrutiny, demand is growing for mechanisms that can assist organizations in meeting their data-management obligations


All good parties come to an end, and the one that Intel has enjoyed for an unbelievable dozen years, starting with the rollout of the “Nehalem” Xeon E5500 processors back in March 2009, is over. Find the Advil, grab a glass of water, and try not to drop all the pills Continue reading

The Hedge 83: Bruce Davie and the System View

Network engineers tend to look at the world through the lens of a single device—an individual appliance, sold by a vendor, with a well-developed CLI for configuration and maintenance. Networks, however, are the “odd person out” in the world of information technology. In the broader technology world, a stronger systems-oriented view is more common. In this episode of the Hedge, Bruce Davie joins Tom Ammon and Russ White to discuss a systems view of the world, as well as a new publishing model he’s working on, and some thoughts on the place of SDN.

download

You can find Bruce’s book, Computer Networks: A Systems Approach, here.

How the Internet Really Works, Part 1

I’m a bit late posting this … but this Thursday (an odd day for me) I’m running How the Internet Really Works, Part 1, over at Safari Books Online. From the page:

This live training will provide an overview of the systems, providers, and standards bodies important to the operation of the global Internet, including the Domain Name System (DNS), the routing and transport systems, standards bodies, and registrars. For DNS, the process of a query will be considered in some detail, who pays for each server used in the resolution process, and tools engineers can use to interact DNS. For routing and transport, the role of each kind of provider will be considered, along with how they make money to cover their costs, and how engineers can interact with the global routing table (the Default Free Zone, of DFZ). Finally, registrars and standards bodies will be considered, including their organizational structure, how they generate revenue, and how to find their standards.

You can register for the training at the link above. I’ll be giving part 2 of How the Internet Really Works next month.

The Effectiveness of AS Path Prepending (1)

Just about everyone prepends AS’ to shift inbound traffic from one provider to another—but does this really work? First, a short review on prepending, and then a look at some recent research in this area.

What is prepending meant to do?

Looking at this network diagram, the idea is for AS6500 (each router is in its own AS) to steer traffic through AS65001, rather than AS65002, for 100::/64. The most common method to trying to accomplish this is AS65000 can prepend its own AS number on the AS Path Multiple times. Increasing the length of the AS Path will, in theory, cause a route to be less preferred.

In this case, suppose AS65000 prepends its own AS number on the AS Path once before advertising the route towards AS65001, and not towards AS65002. Assuming there is no link between AS65001 and AS65002, what would we expect to happen? What we would expect is AS65001 will receive one route towards 100::/64 with an AS Path of 2 and use this route. AS65002 will, likewise, receive one route towards 100::/64 with an AS Path of 1 and use this route.

AS65003, however, will receive two routes towards 100::/64, one with an AS Continue reading

The Hedge 82: Jared Smith and Route Poisoning

Intentionally poisoning BGP routes in the Default-Free Zone (DFZ) would always be a bad thing, right? Actually, this is a fairly common method to steer traffic flows away from and through specific autonomous systems. How does this work, how common is it, and who does this? Jared Smith joins us on this episode of the Hedge to discuss the technique, and his research into how frequently it is used.

download

Ambiguity and complexity: once more into the breach

Recent research into the text of RFCs versus the security of the protocols described came to this conclusion—

While not conclusive, this suggests that there may be some correlation between the level of ambiguity in RFCs and subsequent implementation security flaws.

This should come as no surprise to network engineers—after all, complexity is the enemy of security. Beyond the novel ways the authors use to understand the shape of the world of RFCs (you should really read the paper; it’s really interesting), this desire to increase security by decreasing the ambiguity of specifications is fascinating. We often think that writing better specifications requires having better requirements, but down this path only lies despair.

Better requirements are the one thing a network engineer can never really hope for.

It’s not just that networks are often used as a sort of “complexity sink,” the place where every hard problem goes to be solved. It’s also the uncertainty of the environment in which the network must operate. What new application will be stuffed on top of the network this week? Will anyone tell the network folks about this new application, or just open a ticket when it doesn’t work right? What about all Continue reading

Weekend Reads 050121


Attacks on virtual private networks, like those this week targeting a trio of known vulnerabilities in Pulse Secure appliances, have intensified in recent months along with the increase in remote and hybrid work environments since the outbreak of COVID-19.


Over the last couple of years, policy-making institutions have been putting greater focus on the study of various aspects of Artificial Intelligence (AI). This doesn’t come as a surprise.


Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.


One position I think more people should be aware of is a CISO. What does this actually mean – besides being made redundant when a breach is announced? I have personally worked within a CISO-as-a-Service position, but I wanted to get some more insight from those who are working in the trenches daily in an in-house CISO position.


According to Help Net Security, organizations in the pharmaceutical and biotech sectors witnessed a 50% increase in digital attacks between 2019 and 2020. It appears that at least part of those attacks originated from nation-state actors who specifically sought to steal COVID-19 vaccine research.


As further proof of this, new research Continue reading

1 23 24 25 26 27 163