How to setup an encrypted SOCKS proxy using stunnel

Why using SOCKS

There are times in which setting up a complete VPN tunnel might be an overkill (or not be an option at all).

For example, assume the followings:

  • You don’t want to tunnel all the traffic, just want to do so for your browsers.
  • Your OS is running under a limited account and doesn’t allow creation of tun interfaces.
  • Your provider does not allow setting up a tun device.
  • You want to securely surf the web on your old android device that doesn’t support tunneling.

stunnel can be used on your Android phone. SOCKS functionality could then be directly used in your phone for apps that support it: Firefox, Telegram, etc.

To see how to install and setup stunnel on android, take a look at:

How to run stunnel on your android device

These are just couple of examples. In such cases, setting up a SOCKS proxy might just do the trick.

Another interesting aspect of SOCKS proxy, is that after the initial per each connection handshake, it doesn’t add much overhead to the underlying traffic.

Overhead might not look like a big deal at first, but it adds up. This is specially true when you have a Continue reading

39 – DCNM 11.1 and VXLAN EVPN Multi-site Update

Dear Network experts,

It took a while to post this update on DCNM 11.1 due to other priorities, but I should admit it’s a shame due to all great features that came with DCNM 11.1. As mentioned in the previous post, DCNM 11.1 brings a lot of great improvements.

Hereafter is a summary of the top LAN fabric enhancements that comes with DCNM 11.1 for LAN Fabric.

Feel free to look at the Release-notes for an exhaustive list of New Features and Enhancements in Cisco DCNM, Release 11.1(1)

Fabric Builder, fabric devices and fabric underlay networks

  • Configuration Compliance display side-by-side of existing and pending configuration before deployment.

  • vPC support for BGWs (VXLAN EVPN Multi-site) and standalone fabrics.

Brownfield Migration

  • Transition an existing VXLAN fabric management into DCN.

Interfaces

  • Port-channel, vPC, subinterface, and loopback interfaces can be added and eddited with an external fabric devices.

  • Cisco DCNM 11.1(1) specific template enhancements are made for interfaces.

Overlay Network/VRF provisioning

  • Networks and VRFs deployment can be deploy automatically at the Multi-site Domain level from Site to Site in one single action.

External Fabric

  • Switches can be added to the external fabric. Inter-Fabric Connections (IFCs) can be created Continue reading

Save the Date: Hackathon@AIS

The third Hackathon@AIS will take place in Kampala, Uganda on the 19th and 20th of June 2019. The Hackathon@AIS is an event aimed at exposing engineers from the African region to Internet Standards development and usage. This will be the third event in the series following successful events held in Nairobi (2017) and Dakar (2018), each alongside the Africa Internet Summit (AIS).

See what was covered in 2017 and 2018 Hackathons@AIS here:
2017 Hackathon@AIS
2018 Hackathon@AIS

The event is targeted at network/system engineers, software developers, and/or computer science students to introduce them to existing and evolving Internet standards development that can help further their careers.

Applications for the event will open in April 2019.

Fellowships will be awarded to strong applicants where possible.

Applications will close on 12 May 2019.

For more information please contact Kevin Chege: [email protected].

Read testimonials from the 2018 Hackathon@AIS fellows.

The post Save the Date: Hackathon@AIS appeared first on Internet Society.

Stuff The Internet Says On Scalability For April 5th, 2019

Wake up! It's HighScalability time:

 

How unhappy do you have to be as a customer to take so much joy in end-of-lifing a product?

 

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. I wrote Explain the Cloud Like I'm 10 for people who need to understand the cloud. And who doesn't these days? On Amazon it has 44 mostly 5 star reviews (100 on Goodreads). They'll learn a lot and love you for the hookup.

 

  • $40 million: Fortnite World Cup prize money; 89%: of people who like Go say they like Go; 170 million: paid iCloud accounts; 533: days bacteria lived on the outside of ISS; 95%: BTC volume is fake; 51: LTE vulnerabilities found by fuzzing; 13,000: CRISPR edits in a single cell; 5G: 762Mbps down and a 19ms ping; 17,000: awesome Historic Blues & Folk Recordings; 3,236: Amazon broadband LEO satellite network; 5.1 million: emails sent during 10 day spam campaign; 

  • Quoteable Quotes:

Help us update the Cloudflare Blog!

Help us update the Cloudflare Blog!
Help us update the Cloudflare Blog!

Want to get right to the feedback? Click here.

As you’ve probably noticed over the years, we’re always evolving and improving the look and feel of different aspects of the Cloudflare experience. Sometimes it’s more about function, other times it’s more about form, and most of the time it’s a combination of both. But there’s one area of the site that many users visit even more frequently than they visit the homepage or their dashboard, and strangely enough it hasn’t really seen any major updates in years. And if you’re reading this, that means you're looking at it.

With more than 150 current contributors, and more than 1,000 posts, we have a lot of people dedicating a lot of their time to writing blog posts. And based on the responses I see in the comments, and on Twitter, there are a lot of people who really like to read what these authors have to say (whether it has much to do with Cloudflare or not).

Well, we’d like to finally give some love to the blog. And we really want to know what you, our loyal (or even occasional) readers, think. There are two options to choose from. Continue reading

OpenConfig and Wi-Fi – The Winning Combo

Wireless isn’t easy by any stretch of the imagination. Most people fixate on the spectrum analysis part of the equation when they think about how hard wireless is. But there are many other moving parts in the whole architecture that make it difficult to manage and maintain. Not the least of which is how the devices talk to each other.

This week at Aruba Atmosphere 2019, I had the opportunity to moderate a panel of wireless and security experts for Mobility Field Day Exclusive. It was a fun discussion, as you can see from the above video. As the moderator, I didn’t really get a change to explain my thoughts on OpenConfig, but I figured now would be a great time to jump in with some color on my side of the conversation.

Yin and YANG

One of the most exciting ideas behind OpenConfig for wireless people should be the common YANG data models. This means that you can use NETCONF to have a common programming language against specific YANG models. That means no more fumbling around to remember esoteric commands. You just tell the system what you want it to do and the rest is easy.

As outlined Continue reading

Weekend Reads 040419

The world is private. The world has gone public. The world turns out is hybrid. There are numerous reports out there of the fast adoption and migration from private clouds to public ones as the hybrid cloud trend picks up. However, there are still risks associated with shifting applications from one to another… —Grant Kirkwood

Blockchain, or distributed ledger technology (DLT), is estimated by Gartner to create $3.1 trillion of business value by 2030, yet many organizations lack a clear understanding of its applications, the risks and benefits specific to their company and industry, or strategies for achieving optimal return from DLT projects. —Steve McNew

The construction site of the future may look very different. Data centers will be pieced together from pre-fab components built in factories, with on-site teams assembling walls, components and sometimes entire rooms. —Rich Miller

A new standard being developed by the National Fire Protection Association could have a big impact on the use of batteries in UPS systems, according to a group of data center energy experts, who are seeking to mobilize the industry to seek revisions. —Rich Miller

Gone are the days when robbers wore ski masks, carried guns and dynamite, and risked Continue reading

Why Is MPLS Segment Routing Better than LDP?

A while ago I made a statement along the lines of “MPLS segment routing is the best thing that happened to MPLS control plane in a decade”. Obviously some MPLS-focused engineers disagree with that and a few years ago I decided to write a lengthy blog post explaining the differences between using MPLS SR with IGP (or BGP) versus more traditional IGP+LDP approach.

Obviously, I wasn’t making any progress on that front, so the only way forward was to record a short video on the topic which didn’t work well either because the end-result was a set of three videos (available with free or paid ipSpace.net subscription).

Watch the videos

Ginseng: keeping secrets in registers when you distrust the operating system

Ginseng: keeping secrets in registers when you distrust the operating system Yun & Zhong et al., NDSS’19

Suppose you did go to the extreme length of establishing an unconditional root of trust for your system, even then, unless every subsequent piece of code you load is also fully trusted (e.g., formally verified) then you’re open to post-boot attacks. This is especially true in a context where lots of third-party application code (e.g. apps on a mobile phone) gets loaded.

Many mobile and IoT apps nowadays contain sensitive data, or secrets, such as passwords, learned models, and health information. Such secrets are often protected by encryption in the storage. However, to use a secret, an app must decrypt it and usually store it as cleartext in memory. In doing so, the app assumes that the operating system (OS) is trustworthy. OSes are complex software and have a large attack surface… Increasingly abundant evidence suggests that prudent apps should not trust the OS with their secrets.

Instead of trying to protect absolutely everything, Ginseng assumes that some data matters more than others. It arranges things such that this sensitive data is only ever in the clear in registers Continue reading

Why blockchain (might be) coming to an IoT implementation near you

Companies have found that IoT partners well with a host of other popular enterprise computing technologies of late, and blockchain – the innovative system of distributed trust most famous for underpinning cryptocurrencies – is no exception. Yet while the two phenomena can be complementary in certain circumstances, those expecting an explosion of blockchain-enabled IoT technologies probably shouldn’t hold their breath.Blockchain technology can be counter-intuitive to understand at a basic level, but it’s probably best thought of as a sort of distributed ledger keeping track of various transactions. Every “block” on the chain contains transactional records or other data to be secured against tampering, and is linked to the previous one by a cryptographic hash, which means that any tampering with the block will invalidate that connection. The nodes – which can be largely anything with a CPU in it – communicate via a decentralized, peer-to-peer network to share data and ensure the validity of the data in the chain.To read this article in full, please click here

Your Kubernetes Agenda at DockerCon

Kubernetes has seen a rapid rise over the last few years and is becoming one of the most sought after skills. DockerCon is a great opportunity to get hands-on training from industry experts and hear from real customers who have deployed Kubernetes in production.

You’ll also have a chance to learn how Docker is the easiest way to get started with Kubernetes and attend sessions that describe how the Docker platform manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments.

.

Download your Kubernetes agenda and register now for DockerCon!

 

Expert-Led Workshops

Register soon as space is running out in these hands-on workshops!

  • Kubernetes 101: Getting up and running with Kubernetes – Led by Nigel Poulton, Docker Captain and Pluralsight author and writer of several popular Docker and Kubernetes books
  • Security Best Practices for Kubernetes – Led by Scott Coulton, Docker Captain and Principal Software Engineer at Microsoft

Customer Case Studies

Hear from Docker customers who are running Kubernetes in production.

Technical Sessions

Learn about the inner workings of Kubernetes and the Continue reading

1 1,223 1,224 1,225 1,226 1,227 3,797