Archive

Category Archives for "Networking"

How To Pass API Query Parameters In A Curl Request

If you’re using CLI tool curl to retrieve data from a remote API, you might send forth a command like so.

curl -H "Authorization: Bearer access_token_goes_here" \
  https://api.provider.com/thing/you_want/index.json

That results in a lovely JSON payload that makes you happy.

Let’s say that according to the API documentation, /thing/you_want/ accepts query parameters so that you can scope what you want to know about. Excellent! Instinctively, you try the following…

curl -H "Authorization: Bearer access_token_goes_here" \
  https://api.provider.com/thing/you_want/index.json?scope=1

Rather than a scoped JSON payload that also makes you happy, you get back a message indicating that the API endpoint is displeased. Your sacrifice was deemed unworthy. Nay, YOU are unworthy. You are decidedly not happy.

What has gone wrong to anger the API gods so? You asked the wrong question of the API. More accurately, curl hasn’t formatted the request in quite the way you intuited it would.

To appease the API deities, the appropriate sacrifice comes in the form of a tweaked curl command. For example…

curl -G -H "Authorization: Bearer access_token_goes_here" \
  https://api.provider.com/thing/you_want/index.json \
  -d "query=scope=1"

We added a “-G” flag to make sure curl is sending a GET and not Continue reading

Emotet Is Not Dead (Yet) – Part 2

Emotet attacks leveraging malicious macros embedded in Excel files continue, with new variants and novel tactics, techniques, and procedures (TTPs). Following our recent report, we observed new waves of Emotet campaigns abusing legitimate Windows features, such as batch scripts and the mshta utility, combined with PowerShell, to deliver Emotet payloads.

In this follow-up blog post, we first provide an overview of the delivery processes of Emotet payloads in typical attacks. Then, we examine the recent variants and reveal how techniques evolved in these attacks.

Emotet payload delivery chain

The Emotet infection chain typically starts with a spam email containing a malicious document in the attachment (see Figure 1). The attachment can be either a Word document or an Excel file with embedded VBA or Excel 4.0 (XL4) macros. To entice the user to enable macro execution in Microsoft Word or Excel, the file displays social engineering content when opened. Once macro execution has been enabled, the embedded macro is executed, leading to the delivery process of an Emotet payload.

Figure 1: A typical Emotet payload delivery chain.

As highlighted in Figure 1, there are typically two ways to deliver an Emotet payload:

Slicing and Dicing Instant Logs: Real-time Insights on the Command Line

Slicing and Dicing Instant Logs: Real-time Insights on the Command Line
Slicing and Dicing Instant Logs: Real-time Insights on the Command Line

During Speed Week 2021 we announced a new offering for Enterprise customers, Instant Logs. Since then, the team has not slowed down and has been working on new ways to enable our customers to consume their logs and gain powerful insights into their HTTP traffic in real time.

Slicing and Dicing Instant Logs: Real-time Insights on the Command Line

We recognize that as developers, UIs are useful but sometimes there is the need for a more powerful alternative. Today, I am going to introduce you to Instant Logs in your terminal! In order to get started we need to install a few open-source tools to help us:

  • Websocat - to connect to WebSockets.
  • Angle Grinder - a utility to slice-and-dice a stream of logs on the command line.

Creating an Instant Log’s Session

For enterprise zones with access to Instant Logs, you can create a new session by sending a POST request to our jobs' endpoint. You will need:

  • Your Zone Tag / ID
  • An Authentication Key or an API Token with at least the Zone Logs Read permission
curl -X POST 'https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/logpush/edge/jobs' \
-H 'X-Auth-Key: <KEY>' \
-H 'X-Auth-Email: <EMAIL>' \
-H 'Content-Type: application/json' \
--data-raw '{
    "fields": "ClientIP,ClientRequestHost,ClientRequestMethod,ClientRequestPath,EdgeEndTimestamp,EdgeResponseBytes,EdgeResponseStatus,EdgeStartTimestamp,RayID",
    "sample": 1,
    "filter": "",
    "kind": "instant-logs"
}'

Response

The Continue reading

Network Break 368: Juniper, Cato Advance Cloud-Based Security Offerings; Citrix Gets Acquired

Take a Network Break! This week’s tech news includes new cloud-delivered security services from Juniper Networks and Cato Networks, new firewall hardware from Fortinet, prognostications on the campus switch market, Cisco teasing a private 5G service, and more.

The post Network Break 368: Juniper, Cato Advance Cloud-Based Security Offerings; Citrix Gets Acquired appeared first on Packet Pushers.

How to Celebrate Valentine’s Day with Your Single Friends 

Valentine’s Day is just a few months away, so it’s time to think about what you’re going to do this year. It is believed that Valentine’s Day is just for people who are romantically and passionately in love. However that is not the case, you can still enjoy Valentine’s Day with your loved ones even if you are single. This article will teach you how to celebrate Valentine’s Day with your single friends, no matter where they are in their dating journey!

Have a Movie Marathon

You and your single friends can get together to watch movies. The best thing about this is you don’t even have to change out of your pajamas! Buy a big tub of popcorn, order some pizzas and cuddle up on the couch surrounded by blankets. You’ll all love this because it’s just like being in high school again!

Go To a Comedy Show

If you’re looking for something more interactive than watching movies, then check out a comedy show! It will be exciting and hilarious at once so everyone should enjoy themselves.

Valentine’s Day Charity Event

Another option is to do a charity event. You and your single friends can volunteer at an Continue reading

Startup claims its passive data-center cooling system generates power

A Canadian startup called Infinidium Power claims it has a new data-center cooling system that will generate power from the heat generated by the servers deployed within it.Infinidium claims its Next Generation Datacenter Cooling and Power Supply Infrastructure can reduce both operating and capital costs by as much as 50% through air cooling. It has its own compute containers called the Vortex Vacuum Chamber and a low-voltage direct-current smart Nanogrid, which saves power by not doing AC-to-DC conversion.A video animation on the company's site explains how the Vortex Vacuum Chamber sucks in cold air to a bell-shaped chamber where server boards are arranged in levels of circular racks. It uses a combination of the shape of the chamber and physics (warm air rises, cold air sinks) to generate power. Cool air is pulled into the chamber, and as heat generated by the servers warms the air it rises to a vent in the ceiling where it drives a turbine on its way out, generating power.To read this article in full, please click here

Startup claims its passive data-center cooling system generates power

A Canadian startup called Infinidium Power claims it has a new data-center cooling system that will generate power from the heat generated by the servers deployed within it.Infinidium claims its Next Generation Datacenter Cooling and Power Supply Infrastructure can reduce both operating and capital costs by as much as 50% through air cooling. It has its own compute containers called the Vortex Vacuum Chamber and a low-voltage direct-current smart Nanogrid, which saves power by not doing AC-to-DC conversion.A video animation on the company's site explains how the Vortex Vacuum Chamber sucks in cold air to a bell-shaped chamber where server boards are arranged in levels of circular racks. It uses a combination of the shape of the chamber and physics (warm air rises, cold air sinks) to generate power. Cool air is pulled into the chamber, and as heat generated by the servers warms the air it rises to a vent in the ceiling where it drives a turbine on its way out, generating power.To read this article in full, please click here

Feedback: ipSpace.net Materials

Andy Lemin sent me such a wonderful review of ipSpace.net materials that I simply couldn’t resist publishing it ;)


ipSpace.net is probably my favorite networking resource out there. After spending years with other training content sites which are geared around certifications, ipspace.net provides a totally unique source of vendor neutral opinions, information, and anecdotes – the kind of information that is just not available anywhere else. And to top it off, is presented by a wonderful speaker who is passionate, smart and really knows his stuff!

The difference between an engineer who just has certs versus an engineer who has a rounded and wide view of the whole industry is massive. An engineer with certs can configure your network, but an engineer with all the knowledge this site provides, is someone who can question why and challenge how we can configure your network in a better way.

Feedback: ipSpace.net Materials

Andy Lemin sent me such a wonderful review of ipSpace.net materials that I simply couldn’t resist publishing it ;)


ipSpace.net is probably my favorite networking resource out there. After spending years with other training content sites which are geared around certifications, ipspace.net provides a totally unique source of vendor neutral opinions, information, and anecdotes – the kind of information that is just not available anywhere else. And to top it off, is presented by a wonderful speaker who is passionate, smart and really knows his stuff!

The difference between an engineer who just has certs versus an engineer who has a rounded and wide view of the whole industry is massive. An engineer with certs can configure your network, but an engineer with all the knowledge this site provides, is someone who can question why and challenge how we can configure your network in a better way.

CyberFlood: Test Duration, Load Specification and Default Starter Tests

Okay so ORIGINALLY the idea was to do a YouTube video to explain the interaction and relationship between the “Test Duration” of a CyberFlood test and the “Load Specification”. However, in order to best explain “load specification” though it is... Read More ›

The post CyberFlood: Test Duration, Load Specification and Default Starter Tests appeared first on Networking with FISH.

Interop LDP and Segment Routing with IP infusion and MikroTik

Introduction

During networking field day service provider 1 there was a ton of talk about segment routing (SR) and ethernet virtual private networks (EVPN). One of the biggest questions was “how do we get there?” and while we won’t examine EVPN in this post (it’s coming in a future post don’t worry) we will look at how you can take advantage of SR while still having large portions of LDP in your network.

The team here at IP architechs works on a lot of MikroTik and whitebox gear so we’ll focus on a deployment using MikroTik and IP infusion.

MPLS and IGP setup

The first thing to accomplish is end to end reachability between the provider edge (PE) routers. MikroTik doesn’t support IS-IS so we will have to perform redistribution between the IS-IS segment and the OSPF segment as seen above.

MPLS only requires the /32s of the loopbacks for functionality so redistribution is limited to the /32 loopbacks of the PE routers.

ip prefix-list LDP-PE-LOOPBACKS
 seq 10 permit 100.127.2.0/24 eq 32
!
ip prefix-list SR-PE-LOOPBACKS
 seq 10 permit 100.127.0.0/24 eq 32
!
route-map REDIS-OSPF-TO-ISIS permit 10
 match ip address prefix-list LDP-PE-LOOPBACKS
!
route-map REDIS-ISIS-TO-OSPF permit  Continue reading

Performance testing of Commercial BGP

1st Post Comparing Open Source BGP Stacks 2nd Post Follow-up Measuring BGP Stacks Performance 3rd Post Comparing Open Source BGP stacks with internet routes 4th Post Bird on Bird, Episode 4 of BGP Perf testing 5th Post BGP Performance 5 – 1000 full internet neighbors 6th Post BGP Performance testing...

Juniper vQFX and Containerlab

In this post, we look at how Containerlab can be used to quickly spin up vQFX topologies for network validation and testing. We’ll walk through the entire process - how to build docker images from vQFX images, what happens behind the scenes when bringing these containers up and how to build/verify your topology.