Cisco Announces New XDR Service at RSA Conference
At the 2023 RSA Conference, Cisco announced a new XDR service, a first for the industry’s biggest network vendor. Learn the details and implications of the announcement.Netbox Upgrade Play-by-play
I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.
Environment
- The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
- The destination v3.4.8 server is an Ubuntu 20.04 VM.
- We have no media, scripts, or reports in Netbox.
- I’m running Virtualbox on my laptop to do the data migrations.
- I did the Netbox installs with Netbox Build-o-matic.
Process Overview
Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.
The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.
One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading
Netbox Upgrade Play-by-play
I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.
Environment
- The source v2.7.6 server is an Ubuntu 18.04 VM. Yes, both are very old.
- The destination v3.4.8 server is an Ubuntu 20.04 VM.
- We have no media, scripts, or reports in Netbox.
- I’m running Virtualbox on my laptop to do the data migrations.
- I did the Netbox installs with Netbox Build-o-matic.
Process Overview
Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.
The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.
One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading
SLP: a new DDoS amplification vector in the wild
Earlier today, April 25, 2023, researchers Pedro Umbelino at Bitsight and Marco Lux at Curesec published their discovery of CVE-2023-29552, a new DDoS reflection/amplification attack vector leveraging the SLP protocol. If you are a Cloudflare customer, your services are already protected from this new attack vector.
Service Location Protocol (SLP) is a “service discovery” protocol invented by Sun Microsystems in 1997. Like other service discovery protocols, it was designed to allow devices in a local area network to interact without prior knowledge of each other. SLP is a relatively obsolete protocol and has mostly been supplanted by more modern alternatives like UPnP, mDNS/Zeroconf, and WS-Discovery. Nevertheless, many commercial products still offer support for SLP.
Since SLP has no method for authentication, it should never be exposed to the public Internet. However, Umbelino and Lux have discovered that upwards of 35,000 Internet endpoints have their devices’ SLP service exposed and accessible to anyone. Additionally, they have discovered that the UDP version of this protocol has an amplification factor of up to 2,200x, which is the third largest discovered to-date.
Cloudflare expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks as malicious actors learn how to exploit Continue reading
Outburst: Dune in the Style of H.R. Giger #midjourney – YouTube
If you are into Dune, then this AI Art should fill an emotional void
IPv6 Security in Layer-2 Firewalls
You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?
Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.
Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:
IPv6 Security in Layer-2 Firewalls
You can configure many firewalls to act as a router (layer-3 firewall) or as a switch bridge (layer-2 firewall). The oft-ignored detail: how does a layer-2 firewall handle ARP (or any layer-2 protocol)?
Unless you want to use static ARP tables it’s pretty obvious that a layer-2 firewall MUST propagate ARP. It would be ideal if the firewall would also enforce layer-2 security (ARP/DHCP inspection and IPv6 RA guard), but it looks like at least PAN-OS version 11.0 disagrees with that sentiment.
Straight from Layer 2 and Layer 3 Packets over a Virtual Wire:
Zscaler Report: Phishing Continues to Be the Scourge of the Security Industry
Zscaler’s 2023 Phishing Report details the latest trends in phishing attacks, and how organizations can protect themselves from these cyber threats.Bridging The Gap Between ‘Default Yes’ And ‘Default No’
I’ve encountered two basic philosophies for responding to requests to join a project. One philosophy I’ll describe as “Default Yes”. The argument goes, “If someone brings you a request, say yes! You only grow with challenges and if you say no too much, people will stop asking.” The second philosophy could be called “Default No.” […]
The post Bridging The Gap Between ‘Default Yes’ And ‘Default No’ appeared first on Packet Pushers.