Syslog relay with Scapy

I needed to point some syslog data at a new toy being evaluated by security folks.

Reconfiguring the logging sources to know about the new device would have been too much of a hassle for a quick test. Reconfiguring the Real Log Server (an rsyslog box) to relay the logs wasn't viable because the source IP in the syslog packets would have reflected the syslog box instead of the origin server.

A few lines of python running on the existing rsyslog box did the trick:

 #!/usr/bin/env python2.7  
   
 from scapy.all import *  
   
 def pkt_callback(pkt):  
   del pkt[Ether].src  
   del pkt[Ether].dst  
   del pkt[IP].chksum  
   del pkt[UDP].chksum  
   pkt[IP].dst = '192.168.100.100'  
   sendp(pkt)  
   
 sniff(iface='eth0', filter='udp port 514', prn=pkt_callback, store=0)

This script has scapy collecting frames matching udp port 514 (libpcap filter) from interface eth0. Each matching packet is handed off to the pkt_callback function. It clears fields which need to be recalculated, changes the destination IP (to the address of the new Security Thing) and puts the packets back onto the wire.

The source IP on these forged packets is unchanged, so the Security Thing thinks it's getting the original logs from real servers/routers/switches/PDUs/weather stations/printers/etc... around the Continue reading

Configuring vPC on Cisco Nexus Devices

Today I am going to talk about the configurations of vPC on Cisco Nexus devices as i already talked about vPC in my earlier articles. If you want to have a look on the vPC basics check the below mentioned link for your references.

A short Story on vPC- Virtual Port Channel in Cisco Datacenter Environment

There are lot of questions how and why we are using the vPC in the Datacenter environment while some asked me about the difference in the vPC and VSS. Please have a look on the below link for the comparison of vPC and VSS.

Features comparison : Cisco vPC and Cisco VSS

Apart from the above mentioned articles, I wrote on the different technologies used by other vendors same as Cisco uses vPC and VSS. Below is the link defining the same

Feature Comparison: Juniper VCF vs HP IRF vs Cisco VSS vs Cisco vPC

From all the above articles, I think now you got the basics on vPC and VSS, but in this article I will talk about the vPC configuration in details with the diagram. The topology used in the article will be sample topology and has no relevance with any of Continue reading

Things that cannot go wrong

Found this Douglas Adams quote in The Signal and the Noise (a must-read book):

The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair

I’ll leave to your imagination how this relates to stretched VLANs, ACI, NSX, VSAN, SD-WAN and a few other technologies.

Nvidia Breaks $2 Billion Datacenter Run Rate

If GPU acceleration had not been conceived of by academics and researchers at companies like Nvidia more than a decade ago, how much richer would Intel be today? How many more datacenters would have had to be expanded or built? Would HPC have stretched to try to reach exascale, and would machine learning have fulfilled the long-sought promise of artificial intelligence, or at least something that looks like it?

These are big questions, and relevant ones, as Nvidia’s datacenter business has just broken through the $2 billion run rate barrier. With something on the order of a 10X speedup across

Nvidia Breaks $2 Billion Datacenter Run Rate was written by Timothy Prickett Morgan at The Next Platform.

Weekend Reads 2017-05-11

We’re quietly replacing an open web that connects and empowers with one that restricts and commoditizes people. We need to stop it. I quit Facebook seven months ago. Despite its undeniable value, I think Facebook is at odds with the open web that I love and defend. This essay is my attempt to explain not only why I quit Facebook but why I believe we’re slowly replacing a web that empowers with one that restricts and commoditizes people. And why we should, at the very least, stop and think about the consequences of that shift. –Parimal Satyal @ Neustadt.fr

Two clocks are ticking for US tech companies in the power centers of the modern world. In Washington, lawmakers are working to reform FISA Section 702 before it expires on December 31st, 2017. Section 702 is the main legal basis for US mass surveillance, including the programs and techniques that scoop up the data transferred by non-US individuals to US servers. Upstream surveillance collects communications as they travel over the Internet backbone, and downstream surveillance (better known as PRISM) collects communications from companies like Google, Facebook, and Yahoo. –Danny O’Brien @ EFF

Arguably, a good deal of Americans are in Continue reading

IBM Bolsters Quantum Capability, Emphasizes Device Differentiation

Much of the quantum computing hype of the last few years has centered on D-Wave, which has installed a number of functional systems and is hard at work making quantum programming more practical.

Smaller companies like Rigetti Computing are gaining traction as well, but all the while, in the background, IBM has been steadily furthering quantum computing work that kicked off at IBM Research in the mid-1970s with the introduction of the quantum information concept by Charlie Bennett.

Since those early days, IBM has hit some important milestones on the road to quantum computing, including demonstrating the first quantum

IBM Bolsters Quantum Capability, Emphasizes Device Differentiation was written by Nicole Hemsoth at The Next Platform.

Stuff The Internet Says On Scalability For November 10th, 2017

Hey, it's HighScalability time: 


Ah, the good old days. This is how the FBI stored finger prints in 1944. (Alex Wellerstein). How much data? Estimates range from 30GB to 2TB.

 

If you like this sort of Stuff then please support me on Patreon. Also, there's my new book, Explain the Cloud Like I'm 10, for complete cloud newbies. 


  • 1 million: times we touch our phones per year; 13 million: lines of Javascript @ Facebook; 256K: RAM needed for TensorFlow on a microcontroller; 2,502%: increase in the sale of ransomware on the dark web; 800 million: monthly Instagram users; 40%: VMs in Azure run Linux; 40%: improved GCP network latency from new SDN stack; 50%: fat content of a woolly mammoth; 

  • Quotable Quotes:
    • Sean Parker: And that means that we [Facebook] need to sort of give you a little dopamine hit every once in a while, because someone liked or commented on a photo or a post or whatever. And that's going to get you to contribute more content, and that's going to get you ... more likes and comments
    • David Gerard: I spent yesterday afternoon on Twitter Continue reading

Cloudflare Wants to Buy Your Meetup Group Pizza

Cloudflare Wants to Buy Your Meetup Group Pizza

Cloudflare Wants to Buy Your Meetup Group Pizza

If you’re a web dev / devops / etc. meetup group that also works toward building a faster, safer Internet, I want to support your awesome group by buying you pizza. If your group’s focus falls within one of the subject categories below and you’re willing to give us a 30 second shout out and tweet a photo of your group and @Cloudflare, your meetup’s pizza expense will be reimbursed.

Get Your Pizza $ Reimbursed »

Developer Relations at Cloudflare & why we’re doing this

I’m Andrew Fitch and I work on the Developer Relations team at Cloudflare. One of the things I like most about working in DevRel is empowering community members who are already doing great things out in the world. Whether they’re starting conferences, hosting local meetups, or writing educational content, I think it’s important to support them in their efforts and reward them for doing what they do. Community organizers are the glue that holds developers together socially. Let’s support them and make their lives easier by taking care of the pizza part of the equation.

Cloudflare Wants to Buy Your Meetup Group Pizza

What’s in it for Cloudflare?

  1. We want web developers to target the apps platform
  2. We want more people to Continue reading

An Opinion On Offense Against NAT

It’s been a long time since I’ve gotten to rant against Network Address Translation (NAT). At first, I had hoped that was because IPv6 transitions were happening and people were adopting it rapidly enough that NAT would eventually slide into the past of SAN and DOS. Alas, it appears that IPv6 adoption is getting better but still not great.

Geoff Huston, on the other hand, seems to think that NAT is a good thing. In a recent article, he took up the shield to defend NAT against those that believe it is an abomination. He rightfully pointed out that NAT has extended the life of the modern Internet and also correctly pointed out that the slow pace of IPv6 deployment was due in part to the lack of urgency of address depletion. Even with companies like Microsoft buying large sections of IP address space to fuel Azure, we’re still not quite at the point of the game when IP addresses are hard to come by.

So, with Mr. Huston taking up the shield, let me find my +5 Sword of NAT Slaying and try to point out a couple of issues in his defense.

Relationship Status: NAT’s…Complicated

The first Continue reading

Introduction to Network Time Protocol (NTP) and Basic Configurations

Today I am going to discuss about the NTP or so called Network Time Protocol. I knew many of you already aware about the use of NTP in our networks but as it was asked by some guys who follow our blogs, So I am happy to explain the NTP little bit with the configurations.

What is Network Time Protocol or NTP ?
So, NTP is Network Time Protocol which is generally used to synchronise of the devices to some specific time references. NTP uses UDP protocol to communicate with all the devices in the network and all NTP communications in the network will be synchronised with the defined universal time in the network.

How they synchronise with the time source ?
NTP server usually receives its time from a trustworthy time source, such as a radio clock attached to a time server, and then distributes this time across the network. NTP is extremely efficient and there is no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other

An Network Time Protocol actually uses a layer to describe the distance between a network device and an authoritative time source

IDG Contributor Network: Thoughts & prayers don’t stop mass shooters. Technology might.

It’s heartbreaking. Gun violence kills 93 Americans every day while politicians send their thoughts and prayers. 2017 has seen two of the deadliest mass shootings in American history.How can technology help reduce mass shootings? How can shooters be authenticated before they can fire? How can the police be alerted when a large number of firearms are present at an unusual location? Can an excessive number of shots fired be prevented?Background Americans make up about 4.4 percent of the global population but own 42 percent of the world’s guns. And approximately one in three gunmen is American according to a study by Adam Lankford, a professor at the University of Alabama. Firearms are an $11 billion per year industry with over 300 million existing guns in circulation. About 40% of Americans say they own a gun or live in a household with one. A recent survey reports that the US has the highest rate of murder by firearms in the developed world. Mass shootings cost Americans over $229 billion per year.To read this article in full, please click here

Technology Short Take 90

Welcome to Technology Short Take 90! This post is a bit shorter than most, as I’ve been on the road quite a bit recently. Nevertheless, there’s hopefully something here you’ll find useful.

Networking

Security

On the dangers of Intel’s frequency scaling

While I was writing the post comparing the new Qualcomm server chip, Centriq, to our current stock of Intel Skylake-based Xeons, I noticed a disturbing phenomena.

When benchmarking OpenSSL 1.1.1dev, I discovered that the performance of the cipher ChaCha20-Poly1305 does not scale very well. On a single thread, it performed at the speed of approximately 2.89GB/s, whereas on 24 cores, and 48 threads it performed at just over 35 GB/s.

CC BY-SA 2.0 image by blumblaum

Now this is a very high number, but I would like to see something closer to 69GB/s. 35GB/s is just 1.46GB/s/core, or roughly 50% of the single core performance. AES-GCM scales much better, to 80% of single core performance, which is understandable, because the CPU can sustain higher frequency turbo on a single core, but not all cores.

alt

Why is the scaling of ChaCha20-Poly1305 so poor? Meet AVX-512. AVX-512 is a new Intel instruction set that adds many new 512-bit wide SIMD instructions and promotes most of the existing ones to 512-bit. The problem with such wide instructions is that they consume power. A lot of power. Imagine a single instruction that does the work of 64 regular Continue reading

1 1,829 1,830 1,831 1,832 1,833 3,841