DNS a ‘Victim of its Own Success’
Why securing the Domain Name System remains an afterthought at many organizations.
DNS a ‘Victim of its Own Success’
Why securing the Domain Name System remains an afterthought at many organizations.
Microburst: A New Post Type on MovingPackets.Net
A problem I frequently face is that I want to share thoughts and comments on something, but I don’t have the time free to write up a full post. The solution, I hope, is a new post type which I’m calling a Microburst.
A Microburst could be anything from one line to a few paragraphs; basically enough for me to convey a thought without having to go into as much depth as I would usually like to do. For that reason in particular, I think it’s important that I can distinguish my regular, shallow posts from these special, short, shallow posts. Handy, right?
The first Microburst appeared a few days ago, and more will be coming soon. Gird your loins, etc.
If you liked this post, please do click through to the source at Microburst: A New Post Type on MovingPackets.Net and give me a share/like. Thank you!
SSH HashKnownHosts File Format
The HashKnownHosts option to the OpenSSH client causes it obfuscate the host field of the ~/.ssh/known_hosts file. Obfuscating this information makes it harder for threat actors (malware, border searches, etc...) to know which hosts you connect to via SSH.Hashing defaults to off, but some platforms turn it on for you:
chris:~$ grep Hash /etc/ssh/ssh_config
HashKnownHosts yes
chris:~$
Here's an entry from my known_hosts file:
|1|NWpzcOMkWUFWapbQ2ubC4NTpC9w=|ixkHdS+8OWezxVQvPLOHGi2Oawo= ecdsa-sha2-nistp256 AAAAE2Vj<...>ZHNLpyJsv
There's one record per line, with the fields separated by spaces. The first field is the remote host (SSH server) identifier.
In this case, the leading characters |1| in the host identifier are the magic string (HASH_MAGIC). It tells us that the field is hashed, rather than a plaintext hostname (or address). The remaining characters in the field comprise two parts: a 160-bit salt (random string) and a 160-bit SHA1 hash result. Both values are base64 encoded.
The various OpenSSH binaries that use information in this file feed both the remote hosts name (or address) and the salt to the hashing function in order to produce the hash result:
So, lets validate a host entry against this record the hard way. The entry above is for an IP address: Continue reading
PQ 130: ANIMA And IoT Networking – IETF 99
Greg Ferro talks about the challenges of connecting lots of little devices to the network in a conversation recorded live at the IETF 99 conference. His guest is Michael Richardson. The post PQ 130: ANIMA And IoT Networking – IETF 99 appeared first on Packet Pushers.
Tier 1 carrier performance report: September, 2017
The post Tier 1 carrier performance report: September, 2017 appeared first on Noction.
Supporting Internet Development in The Gambia
Dawit Bekele, the Internet Society’s Regional Bureau Director for Africa, paid a visit to The Gambia from 17-18 September 2017. This was the first time a senior Internet Society staff visited The Gambia with the intention of meeting Internet Society Gambia chapter leadership, members, and local partners. The aim was to discuss our past and future plans for more engagement and future Internet development. It was also an opportunity to raise the profile of the Internet Society Gambia Chapter.
During his short visit, Dawit Bekele and the Internet Society Gambia chapter executives took the opportunity to meet with the Minister, Ministry of Information and Communication Infrastructure (MOICI), Honorable Demba Jawo.
The team also visited and met with the Management of The Gambia’s Public Utilities and Regulatory Agency (PURA) as well as the Chairperson of the Serrekunda Internet Exchange Point SIXP, Mrs. Isatou Jah. Among the topics discussed was the way forward in fostering partnership with local stakeholders in supporting Internet development, security, and capacity building.
The official visit was preceded by a visit to the Internet Society Gambia office where the team met with the Director General of The Association of Non-Governmental Organizations (TANGO), Mr. Ousman Yabo, and toured the Continue reading
IoT Tipping Point: Connection Capacity
All that data generated by IoT devices won't be valuable without a robust network.
IoT Tipping Point: Connection Capacity
All that data generated by IoT devices won't be valuable without a robust network.
Update: Arista Data Center Switches
In the past 5+ years I ran at least one Data Center Fabrics Update webinar per year to cover new hardware and software launched by data center switching vendors.
The rate of product and feature launches in data center switching market is slowing down, so I decided to insert the information on new hardware and software features launched in 2017 directly into the merged videos describing the progress various vendors made in the last years.
First in line: Arista EOS. You can access the videos if you bought the webinar recording in the past or if you have an active ipSpace.net subscription.
Mellanox Launches Software-Programmable Adapters for SD-Data Centers
The adapters aim to accelerate software-defined data centers and NFV.
Virtual Versus Reality: The Challenges of Enterprise NFV Adoption
With all of the potential upsides that NFV offers for IT operations, why aren’t enterprises pulling the trigger?
Oracle Paints Altruistic Picture for Containers and Serverless Computing
Focus on open source viewed as helping to avoid vendor lock in.