Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS

Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was:

  • 30 Mpps (millions of packets per second)
  • 80 Gbps (billions of bits per second)
  • using 940k reflector IPs

This changed a couple of days ago when we noticed an unusually large SSDP amplification. It's worth deeper investigation since it crossed the symbolic threshold of 100 Gbps.

The packets per second chart during the attack looked like this:

The bandwidth usage:

This packet flood lasted 38 minutes. According to our sampled netflow data it utilized 930k reflector servers. We estimate that the during 38 minutes of the attack each reflector sent 112k packets to Cloudflare.

The reflector servers are across the globe, with a large presence in Argentina, Russia and China. Here are the unique IPs per country: 

$ cat ips-nf-ct.txt|uniq|cut -f 2|sort|uniq -c|sort -nr|head
 439126 CN
 135783 RU
  74825 AR
  51222 US
  41353 TW
  32850 CA
  19558 MY
  18962 CO
  14234 BR
  10824 KR
  10334 UA
   9103 IT
   ...

The reflector IP distribution across ASNs is typical. It pretty much follows the world’s largest residential ISPs:

$ cat ips-nf-asn.txt |uniq|cut -f 2|sort|uniq  Continue reading

Worth Reading: The blue disco ball

We deal with procurement departments every day. It’s a fact of modern day corporate life. But this week, I’ve had to respond to so many RFPs asking for “blue disco balls,” (my metaphoric name for a specific kind of middle management error that most vendors, suppliers and even solutions providers love most), I’m thinking about hanging one over my desk. What is a “blue disco ball?” Here’s a story I wrote last year about every senior executive’s worst nightmare and every vendor’s holiday bonus all rolled into a budget-busting good time. —Shelly Palmer

The post Worth Reading: The blue disco ball appeared first on rule 11 reader.

How do you troubleshoot UCaaS problems? Put a ThousandEyes on it

Cisco Live kicked off this week in Las Vegas. The annual event is where Cisco shows off its latest and greatest innovations, such as the intent-based networking system Cisco announced last week.However, it’s also a forum for many of Cisco’s technology partners to show off their wares in the World of Solutions Expo Hall. One of the more interesting vendors there was ThousandEyes, which demonstrated their network monitoring solution, as well as their new Unified Communications monitoring and management capabilities that provide visibility into the performance and connectivity across Unified Communications as a Service (UCaaS), on premises and hybrid VoIP deployments. To read this article in full or to leave a comment, please click here

How do you troubleshoot UCaaS problems? Put a ThousandEyes on it

Cisco Live kicked off this week in Las Vegas. The annual event is where Cisco shows off its latest and greatest innovations, such as the intent-based networking system Cisco announced last week.However, it’s also a forum for many of Cisco’s technology partners to show off their wares in the World of Solutions Expo Hall. One of the more interesting vendors there was ThousandEyes, which demonstrated their network monitoring solution, as well as their new Unified Communications monitoring and management capabilities that provide visibility into the performance and connectivity across Unified Communications as a Service (UCaaS), on premises and hybrid VoIP deployments. To read this article in full or to leave a comment, please click here

Cisco upgrades one IoT platform and announces another

Following Cisco's launch last week of its Digital Network Architecture (DNA), which delivers intent-based networking solutions and services, this week’s Cisco Live event in Las Vegas was highly focused on networking. Only a few announcements were made, but the Internet of Things (IoT) made the cut.Cisco’s approach to IoT has been difficult to grasp because it crosses so many divisions. Its largest IoT unit, Cisco Jasper, is exclusively focused on cellular-connected devices.To read this article in full or to leave a comment, please click here

Cisco Vs Ruckus Wireless Systems

There is always a great tussle between Cisco and Ruckus on the wireless upfront where both the vendors are working hard to grip the market with the features they are providing in their wireless domain. Today I am going to talk about the head to head discussion of Cisco and Ruckus, Although  there are lot of point which i am not going to cover here in this discussion.

Ruckus Wireless:
Ruckus wireless controllers address deployments of any size i.e. from a very small Field Sales Office to a Managed Service Provider solution. Clustered SCG 200s offer one of the highest scalability levels and are available in an appliance form factor as well as a virtual controller. EMS functions are built-in and integration via REST API is supported.

Full range of wireless controllers scaling from the entry level ZoneDirector 1200 which supports up to 75 AP’s, all the way up to the SmartCellTM Gateway controller which, with available clustering support, is capable of managing tens of thousands of AP’s and providing access for hundreds of thousands of mobile devices 

Virtual SmartZone
High Scale (vSZ-H) - up to10,000 APs, up to 100,000 clients
vSZ-H cluster of 4 - up to 30,000 Continue reading

10% off Bose SoundSport Pulse Wireless Headphones With Heartrate Monitor – Deal Alert

Take your workout to the next level with Bose SoundSport Pulse wireless headphones. A built-in heart rate sensor makes it easy to track your performance without missing a beat of your music. The sensor measures your heart rate directly from your ear, delivering a highly accurate reading without interfering with your workout. And while you’re on the move, SoundSport Pulse wireless headphones stay secure. The StayHear+ Pulse tips are designed for stability even during intense workouts. Connect to your device easily with Bluetooth and NFC pairing. The Bose SoundSport Pulse headphones average 4 out of 5 stars from over 1,900 people on Amazon (read recent reviews here), where their typical list price of $199 has been reduced to $179. See this deal on Amazon.To read this article in full or to leave a comment, please click here

New Petyawrap Ransomware Attack Again Highlights Critical Need For Security Processes

Whenever there's a new attack on a global scale, the world trusts the Internet a little less. Today we are concerned with the many reports about this new ransomware attack called "Petyawrap", "Petrwrap" or an older name of "Petya."

The sad fact is: this new attack exploits the same vulnerabilities in Windows systems as last month's WannaCry attack. 

Fixes have been available for most Windows systems since March 2017!

The same tips Niel Harper provided last month to protect against ransomware also apply here.

Dan York

Patching Not Enough to Stop Petya

Voluminous amounts of information have already been disseminated regarding the “Petya” (or is it “NotPetya”? [1]) ransomware that hit the Ukraine hard [2] along with organizations such as “the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, Saint-Gobain […]

What Cisco’s new programmable switches mean for you

To help ring in the 2017 New Year, CNN wanted to do a live shot from a Royal Caribbean cruise ship, but had an issue: “They were concerned about being out at sea, would they have the ability to live-stream?” says Royal Caribbean’s CIO Mike Giresi.The answer was yes, and the live-shot went off without a hitch, in part because the ship’s Cisco network gear was programmable to prioritize the video trafficAs an early implementer, Royal Caribbean has found benefits from regarding Cisco’s programmable infrastructure as a flexible asset that can be driven by software. “There are huge advantages to looking at the network as a software layer,” Giresi says. “It gives us the ability to create products, drive an experience and deliver services that are integrated with the infrastructure.”To read this article in full or to leave a comment, please click here

What Cisco’s new programmable switches mean for you

To help ring in the 2017 New Year, CNN wanted to do a live shot from a Royal Caribbean cruise ship, but had an issue: “They were concerned about being out at sea, would they have the ability to live-stream?” says Royal Caribbean’s CIO Mike Giresi.The answer was yes, and the live-shot went off without a hitch, in part because the ship’s Cisco network gear was programmable to prioritize the video trafficAs an early implementer, Royal Caribbean has found benefits from regarding Cisco’s programmable infrastructure as a flexible asset that can be driven by software. “There are huge advantages to looking at the network as a software layer,” Giresi says. “It gives us the ability to create products, drive an experience and deliver services that are integrated with the infrastructure.”To read this article in full or to leave a comment, please click here

Giving Out Grades For Exascale Efforts

Just by being the chief architect of the IBM’s BlueGene massively parallel supercomputer, which was built as part of a protein folding simulation grand challenge effort undertaken by IBM in the late 1990s, Al Gara would be someone whom the HPC community would listen to whenever he spoke. But Gara is now an Intel Fellow and also chief exascale architect at Intel, which has emerged as the second dominant supplier of supercomputer architectures alongside Big Blue’s OpenPower partnership with founding members Nvidia, Mellanox Technologies, and Google.

It may seem ironic that Gara did not stay around IBM to help this

Giving Out Grades For Exascale Efforts was written by Timothy Prickett Morgan at The Next Platform.

Worth Reading: High performance computing poised for change

There is a lot of change coming down the pike in the high performance computing arena, but it has not happened as yet and that is reflected in the current Top 500 rankings of supercomputers in the world. But the June 2017 list gives us a glimpse into the future, which we think will be as diverse and contentious from an architectural standpoint as in the past. —The Next Platform

The post Worth Reading: High performance computing poised for change appeared first on rule 11 reader.

Epyc win for AMD in the server security battle

While everyone is talking about the impressive performance potential and scale of AMD’s new Epyc server chips, overlooked in all the hoopla are the security features of the chip that may prove just as appealing.To start off, there is the tag team of Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). Secure Memory Encryption allows for full encryption of data stored in DRAM, and SEV allows individual virtual machines to be assigned a unique cryptographic key, thus isolating them from each other as well as the OS hypervisor and administrator layer. These functions are based on a hardware security processor attached to the memory controller with a 128-bit AES encryption engine.To read this article in full or to leave a comment, please click here

Epyc win for AMD in the server security battle

While everyone is talking about the impressive performance potential and scale of AMD’s new Epyc server chips, overlooked in all the hoopla are the security features of the chip that may prove just as appealing.To start off, there is the tag team of Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV). Secure Memory Encryption allows for full encryption of data stored in DRAM, and SEV allows individual virtual machines to be assigned a unique cryptographic key, thus isolating them from each other as well as the OS hypervisor and administrator layer. These functions are based on a hardware security processor attached to the memory controller with a 128-bit AES encryption engine.To read this article in full or to leave a comment, please click here

1 2,013 2,014 2,015 2,016 2,017 3,853