Archive

Category Archives for "Networking"

‘KeyRaider’ iOS malware targets jailbroken devices

Credentials for more than 225,000 Apple accounts have been stolen by sophisticated malware that targets modified iOS devices, according to Palo Alto Networks.The malware, which is nicknamed KeyRaider, enables attackers to download applications from Apple's App Store without paying or to lock devices in lieu of a ransom.“We believe this to be the largest known Apple account theft caused by malware,” wrote Claud Xiao of Palo Alto Networks in a blog post.Palo Alto Networks notified Apple of KeyRaider on Aug. 26 and provided the stolen account information, Xiao wrote. Apple officials in Sydney couldn't be immediately reached on Monday.To read this article in full or to leave a comment, please click here

Russian-speaking hackers breach 97 websites, many of them dating ones

Russian-speaking hackers have breached 97 websites, mostly dating-related, and stolen login credentials, putting hundreds of thousands of users at risk.Many of the websites are niche dating ones similar to Ashley Madison, according to a list compiled by Hold Security, a Wisconsin-based company that specializes in analyzing data breaches. A few are job-related sites.Batches of stolen information were found on a server by the company’s analysts, said Alex Holden, Hold Security’s founder and CTO. The server, for some reason, was not password protected, allowing analysis of its contents, he said.None of the dating sites are nearly as prominent as Ashley Madison, which saw sensitive company information, emails, internal documents and details of 30 million registered users released in a devastating data breach. Holden said this Russian-speaking group is not related to Impact Team, which claimed credit for the intrusion into Ashley Madison.To read this article in full or to leave a comment, please click here

6 UK teenagers arrested for allegedly using Lizard Squad’s Lizard Stresser DDoS service

The National Crime Agency (NCA), which is like a British version of the FBI, arrested six UK teenagers for allegedly using a DDoS-for-hire service to attack corporate websites. During Operation Vivarium, warrants were executed for six male teenagers – ages 15, 16, 17 and three 18-year-olds – accused of using the hacking group Lizard Squad’s Lizard Stresser tool which is capable of knocking websites offline for up to eight hours at a time.Lizard Squad took down Microsoft Xbox and Sony PlayStation networks on Christmas day; shortly thereafter, Lizard Squad released its Lizard Stresser service. According to Krebs on Security, the Lizard Stresser service “draws on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords.”To read this article in full or to leave a comment, please click here

Why Cisco?

Why do i keep focusing so much on Cisco, when there are clearly alot of different vendors out there with similar products and technologies?

There are several reasons for this.

1) I began the professional part of my networking career with Cisco.
2) Cisco has a proven track record when it comes to education and learning.
3) Even though not always the best match for all use-cases, Cisco is a big player in almost all areas of networking.
4) The networking opportunities provided by Cisco is by far the best of what ive seen. Take for example the Cisco Learning Network.
5) Cisco Press is really awesome in my opinion. They have alot of really high quality books out there.
6) Great opportunities to interact with the company. By this i mean to participate in programs like Cisco Champions and different SME (Subject Matter Expert) related activities.
7) Cisco documentation is not perfect, but its hands down the best I’ve seen across multiple vendors.
8) And ofcourse Cisco Live! :)

That being said, recently i have begun to take a more neutral look at technologies. The reason being, that in this day and age, proprietary technologies become less prefered than open Continue reading

IWAN’s “Intelligent Path Control” & Using Your Backup Link

The blog I was going to post today was a blog about how PfRv3 (IWAN’s “Intelligent Path Control”) utilizes the GRE tunnel of the DMVPN underlay in order to make intelligent decisions about where to send business critical traffic based on knowledge of the health of the path that business critical traffic would take.  …… But then I started realizing that while I have dug into a lot of DMVPN stuff recently on “Networking With Fish”…. I have not even really touched “Intelligent Path Control”. So……. let’s take a giant step backward.

“Intelligent Path Control” at the WAN – what can it do for you and why do you want it?   In this blog I’m not going to try to be the definitive all encompassing guide of what all “Intelligent Path Control” is…. just enough to get us a little on the same page before we start “playing in the lab together” with it in future blogs.

primary_backup

 

 

 

 

 

 

The picture above is of a typical 1 router branch location with 2 WAN connections. One WAN connection is the primary and the other one sits there, unused, as just a backup … doing nothing Continue reading

Busting Myths – IPv6 Link Local Next Hop into BGP

In some publications it is mentioned that a link local next-hop can’t be used when redistributing routes into BGP because routers receiving the route will not know what to do with the next-hop. That is one of the reason why HSRPv2 got support for global IPv6 addresses. One such scenario is described in this link.

The topology used for this post is the following.

Topo1

I have just setup enough of the topology to prove that it works with the next-hop, so I won’t be running any pings and so on. The routers R1 and R2 have a static route for the network behind R3 and R4.

ipv6 route 2001:DB8:100::/48 GigabitEthernet0/1 FE80::5:73FF:FEA0:1

When routing towards a link local address, the exit interface must be specified. R1 then runs BGP towards R5, notice that I’m not using next-hop-self.

router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2001:DB8:1::5 remote-as 100
!
address-family ipv6
redistribute static
neighbor 2001:DB8:1::5 activate
exit-address-family

If we look in the BGP RIB, we can see that the route is installed with a link local next-hop.

R1#sh bgp ipv6 uni
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed,  Continue reading

Don’t Optimize the Last 5%

Robin Harris described an interesting problem in his latest blog post: while you can reduce the storage access time from milliseconds to microseconds, the whole software stack riding on top still takes over 100 milliseconds to respond. Sometimes we’re optimizing the wrong part of the stack.

Any resemblance to SDN in enterprises or the magical cost-reduction properties of multi-vendor data center fabrics is obviously purely coincidental.

Yet Another new BGP NLRI: BGP-LS

Yes, that’s right, we have another new BGP NLRI: BGP-LS. In this post we will be looking at BGP with Link State (LS) extension which is an integral part of the Carrier SDN strategy. We will look at why we need BGP-LS, its internals and its applications. What I won’t cover is things like do we need SDN?, […]

The post Yet Another new BGP NLRI: BGP-LS appeared first on Packet Pushers.

Microsoft may offer some Windows 10 patch notes to enterprises

IT administrators may get more information than originally planned about Windows 10 patches, as Microsoft ponders how much to tell business customers about modifications to the new OS."We've heard that feedback from enterprise customers so we're actively working on how we provide them with information about what's changing and what new capabilities and new value they're getting," Jim Alkove, a vice president in the Windows group, said during a press briefing. It's a change in tone for the company, which previously said that it wouldn't provide detailed information about most Windows 10 patches. That original plan was bad news for IT managers and users who want to know what an update does before they install it. This is more of an issue now that Microsoft is supposed to release more frequent updates over the lifetime of Windows 10, as part of its "Windows as a service" plans, than it did for previous editions of Windows.To read this article in full or to leave a comment, please click here

US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures

A U.S. agency hopes to gather security researchers, software vendors and other interested people to reach consensus on the sticky topic of how to disclose cybersecurity vulnerabilities.Beginning in September, the U.S. National Telecommunications and Information Administration (NTIA) will host a series of meetings intended to improve collaboration among security researchers, software vendors and IT system operators on the disclosure of, and response to, vulnerabilities.The first NTIA-hosted meeting will be Sept. 29 at the University of California, Berkeley, School of Law. Registration is open to all who want to participate, and the meeting will also be webcast, NTIA said.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Anatomy of an IoT hack

With Internet of Things penetration set for a trillion devices by 2025, according to recent McKinsey numbers, our thoughts are, or should be, turning to security.One question that could be posed is: Just how could a future IoT attack play out? What route could it take?A security company reckons it has an answer.'Terror in the kitchen' One World Labs, a security outfit that specializes in penetration testing, forensics, and security code review, presented a session at San Francisco's RSA Conference in April, where it attempted to address the question.To read this article in full or to leave a comment, please click here

Grsecurity will stop issuing patches citing trademark abuse

A major corporation is misusing grsecurity’s trademarks and tarnishing its brand – and as a consequence, the leader of the project said Wednesday, grsecurity will stop making its stable patches available to the general public.In an official announcement, grsecurity project leader Brad Spengler said that it was unfair to the project’s sponsors to allow the companies in the embedded Linux industry – which he declined to name, citing legal advice – to dilute grsecurity’s trademarks.+ALSO ON NETWORK WORLD: Massachusetts boarding school sued over Wi-Fi sickness + Access points with 802.11ac are taking over enterprise WLANsTo read this article in full or to leave a comment, please click here

iPexpert’s Newest “CCIE Wall of Fame” Additions 8/28/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Mohan Mayilraj, CCIE #49942 (Data Center)
  • Zahari Georgiev, CCIE #49996 (Wireless)
  • Mohamed Enassiri, CCIE #46237 (Collaboration)

This Week’s Testimonial

Mohan Mayilraj CCIE #49942 (Data Center)
Thank you very much for help reach my goal. Your video and training and Boot camp helped lot and your proctor lab is gem and very much useful and I used your lab most of time and workbook.This is my first attempt on CCIE. I got through it .

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

1 3,000 3,001 3,002 3,003 3,004 3,476