0

IBM’s Latest All-Flash Storage Array ‘Is All About Software’

The new FlashSystem 9100 supports NVMe now and will support NVMe over Fabrics (NVMe-oF) and storage class memory (SCM) in the future.

0

Arista Introduces Cognitive Cloud Networking for the Campus – Arista

As predicted, Arista starts work on the Campus …..

0

Worth Reading: Reflecting on the GPLv3 license

GPLv3 must be understood as the product of an earlier era of FOSS, the contours of which may be difficult for some to imagine today. —Richard Fontana @opensource.com

0

Red Hat’s James Talks About the Importance of Open Source Innovation

Open source gives telecom providers more control that will be key for deploying 5G and MEC, says James.

0

IDG Contributor Network: Protecting iOS against the aLTEr attacks

Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have uncovered a new attack against devices using the Long-Term Evolution (LTE) network protocol. LTE, which is a form of 4G, is a mobile communications standard used by billions of devices and the largest cellular providers around the world.In other words, the attack can be used against you.The research team has named the attack “aLTEr” and it allows the attacker to intercept communications using a man-in-the-middle technique and redirect the victim to malicious websites using DNS spoofing.To read this article in full, please click here

0

The aftermath of the Gentoo GitHub hack

Gentoo GitHub hack: What happened? Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.The attackers also attempted to add "rm -rf" commands to some repositories to cause user data to be recursively removed. As it turns out, this code was unlikely to be run because of technical precautions that were in place, but this wouldn't have been obvious to the attacker.To read this article in full, please click here

0

The aftermath of the Gentoo GitHub hack

Gentoo GitHub hack: What happened? Late last month (June 28), the Gentoo GitHub repository was attacked after someone gained control of an admin account. All access to the repositories was soon removed from Gentoo developers. Repository and page content were altered. But within 10 minutes of the attacker gaining access, someone noticed something was going on, 7 minutes later a report was sent, and within 70 minutes the attack was over. Legitimate Gentoo developers were shut out for 5 days while the dust settled and repairs and analysis were completed.The attackers also attempted to add "rm -rf" commands to some repositories to cause user data to be recursively removed. As it turns out, this code was unlikely to be run because of technical precautions that were in place, but this wouldn't have been obvious to the attacker.To read this article in full, please click here

0

Looking to Meet, Podcast and Video in San Francisco/Silicon Valley next week

I’m travelling to Silicon Valley next week for Network Field Day 18 and Google Next the following week. I have extended my stay with a couple of free days . Get in touch if you would like to meet. Hoping to podcast, some video and some fun. Looking for people who listen to Packet Pushers who just want […]

0

Rough Guide to IETF 102: Internet Infrastructure Resilience

As usual, in this post I’ll focus on important work the IETF is doing that helps improve the security and resilience of the Internet infrastructure.

At IETF 102 there are a lot of new ideas being brought to the community in the form of Internet Drafts aimed at improving the security and resilience of the Internet infrastructure, and I’d like to introduce some of them to you. But keep in mind – an Internet Draft does not indicate IETF endorsement, is not a standard, and may not result in any further work at the IETF.

So, let us look at what is happening in the domain of BGP, the routing protocol that connects the Internet.

Route leaks

There has been slow progress in the work on mitigating route leaks in the IDR Working Group (WG). One of the reasons for the slowness was that the group was considering two proposals addressing the route leak problem and both are IDR WG documents:  “Methods for Detection and Mitigation of BGP Route Leaks”, and “Route Leak Prevention using Roles in Update and Open Messages”. Plus, there is a third submission “Route Leak Detection and Filtering using Roles Continue reading

0

BrandPost: CTO Notes from the Road: 3 take-aways from customers in 6 countries across Asia Pacific

Ciena Anup Changaroth, of Ciena’s CTO Office in APAC, highlights a few insights from Ciena’s recent six-country roadshow he participated in across the Asia-Pacific region. Over the last couple of weeks, I have been on the road supporting our annual Ciena Drive Roadshows in Australia, New Zealand, South Korea, Japan, Vietnam and finishing up with Hong Kong. We had the opportunity to share Ciena’s Adaptive Network vision with both customers and partners, as well as an opportunity to discuss with them their top priorities, challenges and investment plans.To read this article in full, please click here

0

Redirecting DNS Requests to Umbrella with ASA

As networks begin leveraging intelligent DNS products, there is often a need to do some magic at the Internet edge to redirect to the target provider. Some products actually have this capability embedded. Even though the ASA doesn’t specifically have a defined configuration to do this, we can achieve the same outcome with a few simple NAT rules.

An initial thought would be to build a NAT policy as follows

//define the objects
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network Umbrella1
 host 208.67.220.220
object network Umbrella2
 host 208.67.222.222
object service UDP-53
 service udp destination eq domain

//define the nat rules
nat (any,outside) source dynamic any interface destination static obj_any Umbrella1 service UDP-53 UDP-53
nat (any,outside) source dynamic any interface destination static obj_any Umbrella2 service UDP-53 UDP-53

This will sort of work. However, there are two words of caution I would share with this approach. First, DNS sometimes leverages TCP. Second, the last NAT rule will never be used. In this case, even requests to 208.67.222.222 would match the first rule and be re-written to the destination 208.67.220.220.

My recommendation would be Continue reading

0

Redirecting DNS Requests to Umbrella with ASA

As networks begin leveraging intelligent DNS products, there is often a need to do some magic at the Internet edge to redirect to the target provider. Some products actually have this capability embedded. Even though the ASA doesn’t specifically have a defined configuration to do this, we can achieve the same outcome with a few simple NAT rules.

An initial thought would be to build a NAT policy as follows

//define the objects
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network Umbrella1
 host 208.67.220.220
object network Umbrella2
 host 208.67.222.222
object service UDP-53
 service udp destination eq domain

//define the nat rules
nat (any,outside) source dynamic any interface destination static obj_any Umbrella1 service UDP-53 UDP-53
nat (any,outside) source dynamic any interface destination static obj_any Umbrella2 service UDP-53 UDP-53

This will sort of work. However, there are two words of caution I would share with this approach. First, DNS sometimes leverages TCP. Second, the last NAT rule will never be used. In this case, even requests to 208.67.222.222 would match the first rule and be re-written to the destination 208.67.220.220.

My recommendation would be Continue reading

0

Comments on Vendor Optics – Listen Here

I recently listened to Packet Pushers show 395 recently. It is a great discussion on optical networking. One thing I wanted to make everyone aware of was a series of comments on the varying quality of optics and some justification around the premium prices often found on vendor branded optics. While the entire episode is worth a listen, the discussion around vendor optics begins at about 35:20 into the recording.

I work for a vendor and it is doubtful that people would view my opinion as unbiased. I encourage everyone to take a listen below and form their own opinions.

If you are a tech guy or girl, the Packet Pushers Podcast is a perfect addition to the podcatcher.
.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

 

0

Comments on Vendor Optics – Listen Here

I recently listened to Packet Pushers show 395 recently. It is a great discussion on optical networking. One thing I wanted to make everyone aware of was a series of comments on the varying quality of optics and some justification around the premium prices often found on vendor branded optics. While the entire episode is worth a listen, the discussion around vendor optics begins at about 35:20 into the recording.

I work for a vendor and it is doubtful that people would view my opinion as unbiased. I encourage everyone to take a listen below and form their own opinions.

If you are a tech guy or girl, the Packet Pushers Podcast is a perfect addition to the podcatcher.
.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

 

0

Calling the world cup goals 5 seconds before they happen

Calling the world cup goals 5 seconds before they happen

It’s that time again where once every 4 years people get very hyped over kicking a ball around a grass pitch, however this time my own country is actually doing pretty well! At the time of wr

0

WiFi Network Upgrade: 8 Tips for Success

0

BGP Optimal Route Reflection as an alternative to BGP Add Path

The post BGP Optimal Route Reflection as an alternative to BGP Add Path appeared first on Noction.

0

Worth Reading: Why you should care about service mesh

Service meshes offer the centralized control plane that enterprises require, while still enabling the free-wheeling stylings of agile, cloud-based application development. —Rob Whiteley @The New Stack

0

Most Enterprise of Things initiatives are a waste of money

The Internet of Things (IoT) has captured much attention recently as more devices like wearables, AR/VR headsets and sensor-based products make their way to market. But off-the-shelf consumer-oriented devices are not always what enterprises need. Rather, most companies need a more specialized approach than just deploying things all over the place.As a result, the more specialized Enterprise of Things (EoT) is becoming a significant part of nearly all companies' plans for the next three to five years. Indeed, we expect EoT to become a top 3 item on most organizations' strategic initiatives in the coming two to three years. EoT will partner with ongoing enterprise cloud and security initiatives as organizations look to transform how they do business and run more efficient and user-responsive operations. But research shows that for many companies currently deploying or planning deployments of EoT, it’s a waste of money.To read this article in full, please click here

0

Security Unicorn Illumio Snags Former Pentagon Exec

Illumio’s new head of cybersecurity strategy — former Obama administration executive Jonathan Reiber — literally wrote the book on cyberstrategy at the U.S. Department of Defense.Reiber is Illumio’s .