masscan, macOS, and firewall

One of the more useful features of masscan is the "--banners" check, which connects to the TCP port, sends some request, and gets a basic response back. However, since masscan has it's own TCP stack, it'll interfere with the operating system's TCP stack if they are sharing the same IPv4 address. The operating system will reply with a RST packet before the TCP connection can be established.

The way to fix this is to use the built-in packet-filtering firewall to block those packets in the operating-system TCP/IP stack. The masscan program still sees everything before the packet-filter, but the operating system can't see anything after the packet-filter.


Note that we are talking about the "packet-filter" firewall feature here. Remember that macOS, like most operating systems these days, has two separate firewalls: an application firewall and a packet-filter firewall. The application firewall is the one you see in System Settings labeled "Firewall", and it controls things based upon the application's identity rather than by which ports it uses. This is normally "on" by default. The packet-filter is normally "off" by default and is of little use to normal users.

Also note that macOS changed packet-filters around version 10.10. Continue reading

What Drives IPv6 Deployment?

It's been six years since World IPv6 Launch day on the 6th June 2012. In those six years we've managed to place ever increasing pressure on the dwindling pools of available IPv4 addresses, but we have still been unable to complete the transition to an all-IPv6 Internet.

A Hard Rain’s A-Gonna Fall In Public Cloud

Way back in the early days of the commercial Internet, when we all logged into what seemed to be new but what was actually a quite old service used by academic institutions and government agencies that rode on the backbones of the telecommunications network, there were many, many thousands of Internet service providers who provided the interface between our computers and the network capacity that was the onramp of the information superhighway.

Most of these ISPs are gone today, and have been replaced by a few major telco, cable, and wireless network operators who provide us with our Internet service.

A Hard Rain’s A-Gonna Fall In Public Cloud was written by Timothy Prickett Morgan at The Next Platform.

NSX Workshop: Secure App Infrastructure and Multi-Site Cloud Networking

NSX Workshops

[Summer 2018] Free NSX Training Workshop near you!

Secure Application Infrastructure and Multi-Site Cloud Networking

 

What: Attend a half-day lecture and lab designed to get you started with Micro-segmentation and Multi-Site Cloud Networking (Disaster Recovery).

Why: Not only will you get a business and technical overview of NSX Data Center, you’ll also receive hands-on experience with the products. We’ll make sure you leave knowing how NSX can help secure and extend your network across multiple sites, and into the cloud.

 

Sneak peek (full agenda in registration links):

  • Security: Understand your network traffic flows and intelligently create security groups and policies, leveraging vRNI, Service Composer, and Application Rule Manager to secure your network.
  • Disaster Recovery: Deep dive into multi-site NSX Data Center topologies, learn how to architect your network overlays, and gain visibility across your virtual and physical networks – all so you can build a resilient and flexible network.

RSVP your spot today (click below):

Weekend Reads 051818: Botnets and Throwhammer

The Facebook freak-out provides an outlet for fears regarding the digital environment we inhabit. A few companies control most channels of information. The gadgets that we use for convenience and entertainment also create the mechanisms for near-total surveillance, from tracking devices in our pockets to wiretaps in our homes—hi, Alexa! Someone besides Santa is watching and knows whether you have been naughty or nice. —Nathanael Blake @Public Discourse

Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. —Swati Khandelwal @The Hacker News

Exploitation of Rowhammer attack just got easier. Dubbed ‘Throwhammer,’ the newly discovered technique could allow attackers to launch Rowhammer attack on the targeted systems just by sending specially crafted packets to the vulnerable network cards over the local area network. Known since 2012, Rowhammer is a severe issue with recent generation dynamic random access memory (DRAM) chips in which repeatedly accessing a row of memory Continue reading

Show 390: Visualizing Complex SD-WAN With LiveAction (Sponsored)

Today on the Packet Pushers Weekly show, we investigate how to monitor hybrid and SD-WAN.

If your WAN looks like a mix of legacy MPLS, SD-WAN, and uplinks to cloud, this is your show. Our sponsor today is LiveAction, who is going to shine a light on the hybrid and SD-WAN through monitoring and automation.

Our guest is John Smith, Founder, CTO and EVP of LiveAction.

We talk about LiveAction’s software and how it works, why it’s essential to have visibility into your hybrid WAN and SD-WAN, and how LiveAction can provide highly visual and intuitive insights and actionable intelligence for day-to-day operations, troubleshooting, and long-term planning.

Show Links:

LiveAction’s Packet Pushers Resources – LiveAction

LiveAction on Facebook

LiveAction on Twitter

LiveAction on LinkedIn

LiveAction on YouTube

LiveAction on Google+

The post Show 390: Visualizing Complex SD-WAN With LiveAction (Sponsored) appeared first on Packet Pushers.

Dustin’s Internet Community Roadtrip: In the Bay Area, What Redwoods Can Teach Us About the Internet

Dustin Phillips, Co-Executive Director of ICANNWiki, is traveling across the United States in his red Toyota Corolla, making connections with the people who are making their communities – and the Internet – a better place. While making his way to the Bay Area from Portland, Oregon, he took a slight detour.

On my way down to the Bay Area from Portland, I made a trip through the Redwood National and State Parks of Northern California. These Coastal Redwoods have existed for over 20 million years and individual trees can live over 2,000 years. What makes these ancient giants so resilient?

They find strength in community.

Redwoods grow in groves, or “communities,” where the roots only go down 10-13 feet (3-4 m) before spreading outward 60-80 feet (20-27 m). In this phenomenon, survival is dependent on interconnection, meaning the roots intertwine and fuse with each other to provide resiliency against the threats of nature and share the resources necessary to thrive.

This lesson from the redwoods is directly applicable to the Internet. The “network of networks” would be nothing without interconnection or the shared resources of open standards and protocols. Expanding wider, not deeper, is essential to the resilience Continue reading

Is Training The Enemy of Progress?

Peyton Maynard-Koran was the keynote speaker at InteropITX this year. If you want to catch the video, check this out:

Readers of my blog my remember that Peyton and I don’t see eye-to-eye on a few things. Last year I even wrote up some thoughts about vendors and VARs that were a direct counterpoint to many of the things that have been said. It has even gone further with a post from Greg Ferro (@EtherealMind) about the intelligence level of the average enterprise IT customer. I want to take a few moments and explore one piece of this puzzle that keeps being brought up: You.

Protein Robots

You are a critical piece of the IT puzzle. Why? You’re a thinking person. You can intuit facts and extrapolate cause from nothing. You are NI – natural intelligence. There’s an entire industry of programmers chasing what you have. They are trying to build it into everything that blinks or runs code. The first time that any company has a real breakthrough in true artificial intelligence (AI) beyond complicated regression models will be a watershed day for us all.

However, you are also the problem. You have requirements. You need a Continue reading

What to Expect: CCIE Security Written Exam Bootcamp

Whether you’ve just started your CCIE training journey, or are already several months along, an INE bootcamp can help get you to where you need to be before taking the CCIE Written or lab exam. This blogpost is for anyone who may be interested in attending a CCIE Security bootcamp but is hesitant to dive in. Keep reading to find out what a bootcamp is and what you should expect when attending a CCIE Security Bootcamp with INE.

What is a Bootcamp?
Bootcamps are intensive, live classes that typically last from 5-7 days. Bootcamps allow you to dive further into your study path in a small classroom environment with an in-person, expert INE instructor leading the way. Each bootcamp class will cover a specific list of topics tailored to the Cisco track and certification level you are studying. Our instructors will customize the training to focus on certain topics and technologies that best meet the individual requests of the students in your bootcamp.

What to expect: Instructor’s Point of View
In this short video, our CCIE Security instructor, Rohit Pardasani, explains what topics he typically covers in a bootcamp and what the environment is like.

 

 

 
What to Continue reading

Digital Self-Defense for Palestinian Schoolgirls

Cyber-bullying is a growing phenomenon amongst preteens. Studies have established that nearly 43% of children are victims of cyberbullying and girls are twice as likely to be targeted. Students who experienced cyber attacks suffer drops in school grades and have more suicidal thoughts than those who had never dealt with such forms of peer aggression. A link between cyber harassment victimization and noncompletion of school has been demonstrated resulting in increased risk of poor education and substance abuse in adulthood.

Sadly, the majority of the victims do not report the incidents to adults or authorities due to fear of negative effects and social scandal. The tacit support given to the bullying perpetrators through silence contributes to the escalation of victimization. Banning technology is not the answer. Cyberbullying prevention in schools is crucial to defend students from this new face of violence.

The Internet Society Palestine Chapter is conducting a campaign to raise awareness about the dangers of electronic blackmail and cyber harassment. The project, funded by the Internet Society Beyond the Net, has already reached more than 2250 schoolgirls in 25 Palestinian schools in phase I of the project.

 

Ahmad Alsadeh, assistant professor at Birzeit University and Continue reading

1 1,600 1,601 1,602 1,603 1,604 3,841