Cisco SDA Part VII – multi-instance LISP

In this post, we look at multi-instance LISP, which is another core construct for Cisco’s SD-Access.

Cisco SDA Part V – LISP mobility – roaming hosts

In this post, we look at an actual LISP host mobility event and what happens behind the scenes to make this work.

Cisco SDA Part VI – LISP mobility – Solicit Map Requests (SMRs)

In this post, we look at SMRs and how these are essential for a host mobility event, within the LISP architecture.

Cisco SDA Part IV – LISP mobility – dynamic EIDs

In this post, we look at LISP dynamic EID - a core construct of LISP host mobility.

How to Choose a Red Team Service Provider

Custom screen saver with XSecureLock

i3lock is a popular X11 screen lock utility. As far as customization goes, it only allows one to set a background from a PNG file. This limitation is part of the design of i3lock: its primary goal is to keep the screen locked, something difficult enough with X11. Each additional feature would increase the attack surface and move away from this goal.¹ Many are frustrated with these limitations and extend i3lock through simple wrapper scripts or by forking it.² The first solution is usually safe, but the second goes against the spirit of i3lock.

XSecureLock is a less-known alternative to i3lock. One of the most attractive features of this locker is to delegate the screen saver feature to another process. This process can be anything as long it can attach to an existing window provided by XSecureLock, which won’t pass any input to it. It will also put a black window below it to ensure the screen stays locked in case of a crash.

XSecureLock is shipped with a few screen savers, notably one using mpv to display photos or videos, like the Apple TV aerial videos. I have written my own saver using Python and Continue reading

Cisco SDA Part III – LISP and non-LISP sites

In this post, we look at how a LISP site talks to non-LISP sites.

Cisco SDA Part II – basic LISP configuration and operation

In this post, we introduce basic LISP configuration and operation using packet captures and packet walks.

Cisco SDA Part I – Introduction to LISP and its basic terminology

This is a new series that will cover Cisco’s Software Defined Access architecture/solution over time. There are several moving pieces to this - in this post, we’re going to start with a key component, which is LISP.

Virtual audio cables

This is another post about the mess that is Linux audio. To follow along you may want to read the previous one first.

The goal this time

This time I want to create a virtual audio cable. That is, I want one application to be able to select a “speaker”, which then another application can use as a “microphone”.

The reason for this is that I want to use GNURadio to decode multiple channels at the same time, and route the audio from the channels differently. Specifically my goal is to usy my ICom 7300 in IF mode (which gives me 12kHz of audio bandwidth) tuned to both the FT8 and JS8 HF frequencies, and then let wsjtx listen on a virtual sound card carrying FT8, and JS8Call listen to a virtual sound card carrying JS8.

Creating virtual cables

We could use modprobe snd_aloop to create loopback ALSA devices in the kernel. But I’ve found that to be counter intuitive, buggy, and incompatible (not everything application supports the idea of subdevices). It also requires root, obviously. So this is best solved in user space, since it turns out it’s actually possible to do so.

Another way to say this is Continue reading

Automatic login with startx and systemd

If your workstation is using full-disk encryption, you may want to jump directly to your desktop environment after entering the passphrase to decrypt the disk. Many display managers like GDM and LightDM have an autologin feature. However, only GDM can run Xorg with standard user privileges.

Here is an alternative using startx and a systemd service:

[Unit]
Description=X11 session for bernat
After=graphical.target systemd-user-sessions.service

[Service]
User=bernat
WorkingDirectory=~

PAMName=login
Environment=XDG_SESSION_TYPE=x11
TTYPath=/dev/tty8
StandardInput=tty
UnsetEnvironment=TERM

UtmpIdentifier=tty8
UtmpMode=user

StandardOutput=journal
ExecStartPre=/usr/bin/chvt 8
ExecStart=/usr/bin/startx -- vt8 -keeptty -verbose 3 -logfile /dev/null
Restart=no

[Install]
WantedBy=graphical.target

Let me explain each block:

• The unit starts after systemd-user-sessions.service, which enables user logins after boot by removing the /run/nologin file.

• With User=bernat, the unit is started with the identity of the specified user. This implies that Xorg does not run with elevated privileges.

• With PAMName=login, the executed process is registered as a PAM session for the login service, which includes pam_systemd. This module registers the session to the systemd login manager. To Continue reading

How to use the nethogs command: 2-Minute Linux Tips

In this Linux tip, learn how to use the nethogs command. As the name implies, nethogs will display information on how much processes using or "hogging" your network bandwidth.

The 2021 IT Job Market: What a Year

Merry Christmas and Happy New Year 2022

Hello dear friend,

Another year is ending. It was not easy for many of us neither in professional nor in personal matters. Despite that, we still hope it was successful for you, as much as the year, when we spend a lot of time in lockdown and insolation, can be successful.

We sincerely wish you all the best in thew New 2022 Year!
– There will be challenges, but you are strong enough to overcome them.
– There will be storms, but you have your goals and you won’t get lost.
– There will be issues, but you have network automation to solve routine and leave your time for what matters.

Be healthy. Be lucky. Be happy.

Stay connected, we appreciate it a lot, dear friend.

Merry Christmas and Happy New Year!

And if you need any help, always feel free to reach us.

Your Team Karneliuk

How network policies can protect your environment from future vulnerabilities like Log4j

If you have access to the internet, it’s likely that you have already heard of the critical vulnerability in the Log4j library. A zero-day vulnerability in the Java library Log4j, with the assigned CVE code of CVE-2021-44228, has been disclosed by Chen Zhaojun, a security researcher in the Alibaba Cloud Security team. It’s got people worried—and with good reason.

This is a serious flaw that needs to be addressed right away, since it can result in remote code execution (RCE) in many cases. By now, I have seen many creative ways in which this can be used to infiltrate or disturb services. The right solution is to identify and patch your vulnerable Log4j installations to the fixed versions as soon as possible. If you are using Log4j, make sure you are following this page where you can find the latest news about the vulnerability.

What else should you be doing, though, for this and similar exploits? In this blog post, I’ll look at the impact of the vulnerability in a Kubernetes cluster, and share a couple of ways that you can prevent such vulnerabilities in the future.

How does the Log4j vulnerability work?

On its own, the Log4j vulnerability Continue reading

Schneider Electric publishes data-center sustainability framework

French IT giant Schneider Electric has published a five-part framework meant to serve as a guide to minimizing the environmental impact of data center operations.Schneider is billing the framework as an industry first, but the company does specialize in power systems management so it’s not all self-congratulations. The framework is designed to help operators make their sites more environmentally friendly regardless of how far along they are in sustainability efforts.Data center power consumption is on pretty much everyone’s radar to varying degrees. Researchers have estimated that data centers worldwide account for between 1% and 2% of all power consumption. For hyperscalers like Google and Facebook, as well as for enterprises, power savings is equal parts benefit to the bottom line and being good corporate stewards.To read this article in full, please click here

Schneider Electric publishes data-center sustainability framework

French IT giant Schneider Electric has published a five-part framework meant to serve as a guide to minimizing the environmental impact of data center operations.Schneider is billing the framework as an industry first, but the company does specialize in power systems management so it’s not all self-congratulations. The framework is designed to help operators make their sites more environmentally friendly regardless of how far along they are in sustainability efforts.Data center power consumption is on pretty much everyone’s radar to varying degrees. Researchers have estimated that data centers worldwide account for between 1% and 2% of all power consumption. For hyperscalers like Google and Facebook, as well as for enterprises, power savings is equal parts benefit to the bottom line and being good corporate stewards.To read this article in full, please click here

Introducing DARTH: Distributed Analysis for Research and Threat Hunting

As targeting data centers, which mainly run workloads on Linux, has proven to be a very lucrative target for cyber criminals, Linux malware has become increasingly prevalent. Although still an emerging threat that’s somewhat less complex than its Windows counterpart, analysis of Linux malware remains challenging due to lack of analysis tools in the Linux world.

Luckily, both the Linux kernel and the Linux ecosystem provide a set of capabilities and tools that, when combined, potentially allow for the creation of malware analysis frameworks as powerful as those available on Windows.

This blog details what can be achieved by leveraging tools and an analysis pipeline specifically tailored for Linux, and introduces our Distributed Analysis for Research and Threat Hunting

(DARTH) framework. We provide a high-level overview of the framework, including core components and modules, as well as the design requirements that have led our research efforts in this area. We then discuss Tracer, a dynamic analysis module used in DARTH to collect various behaviors during malware execution in a controlled environment.

High Level Overview: Where DARTH Began

As part of our research, we often find ourselves running new types of analysis on large collections of malicious samples; building a scalable Continue reading

SD-WAN and SASE – Hype or Reality?

Cloudflare Radar’s 2021 Year In Review

In 2021, we continued to live with the effects of the COVID pandemic and Internet traffic was also impacted by it. Although learning and exercising may have started to get back to something close to normal (depending on the country), the effects of what started almost two years ago on the way people work and communicate seems to be here to stay, and the lockdowns or restrictions continue to have an impact on where and how people go online.

So, Cloudflare Radar's 2021 Year In Review is out with interactive maps and charts you can use to explore what changed on the Internet throughout this past year. Year In Review is part of Cloudflare Radar. We launched Radar in September 2020 to give anyone access to Internet use and abuse trends.

This year we’ve added a mobile vs desktop traffic chart, but also the attack distribution that shows the evolution throughout the year — the beginning of July 2021, more than a month after the famous Colonial Pipeline cyberattack, was the time of the year when attacks worldwide peaked.

There are also interesting pandemic-related trends like the (lack) of Internet activity in Tokyo with the Summer Olympics in town and Continue reading