obfs4proxy-openvpn: Obfuscating OpenVPN traffic using obfs4proxy

Overview

After my initial post about obfs4 on how to hide any TCP traffic and an example for hiding SSH traffic, it’s now time to do so for OpenVPN.

For this, I have written a Bash script to do the job. It’s called obfs4proxy-openvpn and is freely available under MIT license.

Supported transports

obfs4

The main goal of the script is to provide obfs4 transport to OpenVPN. This is also the main interest of this article.

This transport requires out-of-band CERT exchange between client and server and because of that, can provide some advanced functionalities which are missing in older transports.

obfs3

obfs3 transport is supported but should generally be avoided in favor of obfs4.

obfs2

obfs2, the oldest transport is supported as well (mainly because its supported by obfs4proxy). You really shouldn’t use it…

Architecture

Before going into detail, its good to have a basic idea on how different parts of the script work together to provide obfs4 functionality to Continue reading

Containers are here to stay, who has the right skill set?

Who controls containers: developers, or operations teams? While this might seem like something of an academic discussion, the question has very serious implications for the future of IT in any organization. IT infrastructure is not made up of islands; each component interacts with, and depends on, others. Tying all components of all infrastructures together is the network.

If operations teams control containers, they can carefully review the impact that the creation of those containers will have on all the rest of an organization’s infrastructure. They can carefully plan for the consequences of new workloads, assign and/or reserve resources, map out lifecycle, and plan for the retirement of the workload, including the return of those resources.

If developers control containers, they don’t have the training to see how one small piece fits into the wider puzzle, and almost certainly don’t have the administrative access to all the other pieces of the puzzle to gain that insight. Given the above, it might seem like a no-brainer to let operations teams control containers, yet in most organizations deploying containers, developers are responsible for the creation and destruction of containers, which they do as they see fit.

This is not as irrational as it Continue reading

Multi-Vendor Network Simulations at Scale with meshnet-cni and vrnetlab

In the previous post I’ve demonstrated how to build virtual network topologies on top of Kubernetes with the help of meshnet-cni plugin. As an example, I’ve shown topologies with 50 cEOS instances and 250 Quagga nodes. In both of these examples virtual network devices were running natively inside Docker containers, meaning they were running as (a set of) processes directly attached to the TCP/IP stack of the network namespace provided by the k8s pod. This works well for the native docker images, however, the overwhelming majority of virtual network devices are still being released as VMs. In addition to that, some of them require more than one VM and some special bootstrapping before they can they can be used for the first time. This means that in order to perform true multi-vendor network simulations, we need to find a way to run VMs inside containers, which, despite the seeming absurdity, is quite a common thing to do.

Option 1 - kubevirt

Kubevirt is a very popular project that provides the ability to run VMs inside k8s. It uses the power of Custom Resource Definitions to extend the native k8s API to allow the definition of VM parameters (libvirt domainxml) same Continue reading

Knative Update Shows It’s Serious About Serverless

The project is now working on a six-week release cycle cadence that will allow for smaller and more frequent updates.

IBM, Juniper Ink $325 Million Hybrid-Cloud Deal

The deal will use IBM Watson’s cognitive capabilities to help with the operation of Juniper’s cloud and data center environments.

Aryaka Hires Three New C-Suite Executives

This is CEO Matt Carter’s first big leadership shakeup since taking over as head of Aryaka in September of last year.

Datanauts 156: AWS Outposts, Choosing An NVMe Fabric, Parallel NFS Cautions

Today's Datanauts explores three different topics in one show: we dive into AWS Outposts with Ned Bellavance, NVMe fabrics with Howard Marks, and parallel NFS with Chris Wahl. It's a triple play episode!

The post Datanauts 156: AWS Outposts, Choosing An NVMe Fabric, Parallel NFS Cautions appeared first on Packet Pushers.

Burying The OpenMP Versus OpenACC Hatchet

I have been frequently asked when the OpenMP and OpenACC directive APIs for parallel programming will merge, or when will one of them (usually OpenMP) will replace the other. …

Burying The OpenMP Versus OpenACC Hatchet was written by Timothy Prickett Morgan at .

Cybeats Releases IoT Security, Monitoring App on Palo Alto Networks Framework

The Cybeats IoT Radar app provides internal defense, monitoring, and lifecycle management directly to IoT devices.

Veeam Lands $500M to ‘Dominate Multi-Cloud Data Management’

The investment comes on the heels of Veeam competitor Rubrik closing a $261 million funding round at a $3.3 billion valuation. And it’s yet another signal that the data management sector is hot.

IoT for retailers: opportunities and challenges

The rise of the Internet of Things (IoT) is already having a profound impact on the world of retail, both online and in the brick-and-mortar world. But according to Darin Archer, chief marketing officer of ecommerce software vendor Elastic Path, we haven’t seen nothing yet.Via email, I asked Archer about the opportunities and challenges the IoT poses for retailers, and he offered some illuminating answers, including how IoT devices are “especially useful for routine purchases” and how they will increasingly pit retailers against manufacturers.[ Read also: 6 ways IoT is transforming retail ] Opportunity in the home, the car, online, and IoT devices That retailer/manufacturer competition will play out in four key fields, Archer said: the home, the car, online and social media, and from devices themselves.To read this article in full, please click here

Mobile for Humanitarian Innovation at MWC19

Join the Mobile for Humanitarian Innovation at MWC19 for an exciting line-up of sessions profiling innovative digital humanitarian services, such as The Future of Digital Humanitarian Response: Partnership & Innovation.

VMware PKS Update Embraces Azure, Kubernetes Security

VMware CEO Patrick Gelsinger told attendees at a recent investor conference that the company was “seeing [a] good uptick” in adoption of PKS.

AWS Buys TSO Logic to Help Customers Decide Where to Best Run Workloads

With its entry into the private data center ecosystem, it now makes sense for AWS to help customers place their workloads where it's more cost effective.

On the ‘net: ARCnet

ARCnet was not an accidental choice in the networks I supported at the time. While thinnet was widely available, it required running coax cable. The only twisted pair Ethernet standard available at the time required new cables to be run through buildings, which could often be an expensive proposition. For instance, one of the places that relied heavily on ARCnet was a legal office in a small town in north-central New Jersey. @ECI’s LighTALK

One-Click DNSSEC with Cloudflare Registrar

When you launch your domain to the world, you rely on the Domain Name System (DNS) to direct your users to the address for your site. However, DNS cannot guarantee that your visitors reach your content because DNS, in its basic form, lacks authentication. If someone was able to poison the DNS responses for your site, they could hijack your visitors' requests.

The Domain Name System Security Extensions (DNSSEC) can help prevent that type of attack by adding a chain of trust to DNS queries. When you enable DNSSEC for your site, you can ensure that the DNS response your users receive is the authentic address of your site.

We launched support for DNSSEC in 2014. We made it free for all users, but we couldn’t make it easy to set up. Turning on DNSSEC for a domain was still a multistep, manual process. With the launch of Cloudflare Registrar, we can finish the work to make it simple to enable for your domain.

You can now enable DNSSEC with a single click if your domain is registered with Cloudflare Registrar. Visit the DNS tab in the Cloudflare dashboard, click "Enable DNSSEC", and we'll handle the rest. If you are Continue reading

5G Spectrum Auctions to Ramp in 2019

The GSA has identified 45 countries that are planning 5G spectrum auctions or have already allocated spectrum for the new services.

History Of Networking – WHOIS – Mark Kosters

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post History Of Networking – WHOIS – Mark Kosters appeared first on Network Collective.

Germany Makes Massive Quantum, Neuromorphic Investment

One of Germany’s foremost scientific research centers, Jülich Forschungszentrum, will receive a €36-million infusion of government funding to advance quantum and neuromorphic computing technologies. …

Germany Makes Massive Quantum, Neuromorphic Investment was written by Michael Feldman at .

Last Month in Internet Intelligence: December 2018