Blocking a DDoS Upstream

In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network—upstream.

The key technology in play here is flowspec, a mechanism that can be used to carry packet level filter rules in BGP. The general idea is this—you send a set of specially formatted communities to your provider, who then automagically uses those communities to create filters at the inbound side of your link to the ‘net. There are two parts to the flowspec encoding, as outlined in RFC5575bis, the match rule and the action rule. The match rule is encoded as shown below—

There are a wide range of conditions you can match on. The source and destination addresses are pretty straight forward. For the IP protocol and port numbers, the operator sub-TLVs allow you to specify a set of conditions to match on, and whether to AND the Continue reading

The Importance of Carrier-grade VNFs

Serving as Vice President of Solutions Marketing and Strategy for GENBAND, Sanjay Bhatia oversees the company’s product marketing organization and alignment of GENBAND’s go-to-market strategy across different market segments including NFV, Cloud, Enterprise Unified Communications, MSO, and Wireless. Bhatia is an accomplished telecommunications professional with over 28 years of wide-ranging global experience. Bhatia has held... Read more →

Recent malware attacks on Polish banks tied to wider hacking campaign

Malware attacks that recently put the Polish banking sector on alert were part of a larger campaign that targeted financial organizations from more than 30 countries.Researchers from Symantec and BAE Systems linked the malware used in the recently discovered Polish attack to similar attacks that have taken place since October in other countries. There are also similarities to tools previously used by a group of attackers known in the security industry as Lazarus.The hackers compromised websites that were of interest to their ultimate targets, a technique known as watering hole attacks. They then injected code into them that redirected visitors to a custom exploit kit.To read this article in full or to leave a comment, please click here

Recent malware attacks on Polish banks tied to wider hacking campaign

Most Americans with knowledge of employer’s cybersecurity wouldn’t want to be a customer

Today Kaspersky Lab and HackerOne released the report, “Hacking America: Cybersecurity Perception.” Some of its revelations include that most Americans wouldn’t want to be a customer of their employers since they don’t trust their employers to protect their personal data; also, almost half the people surveyed think America is more vulnerable to cyber-espionage/nation-sponsored cyberattacks with Donald Trump as president.The study, based on answers provided by 5,000 US adults who were surveyed in December 2016, revealed that despite all the cybersecurity news coverage, American consumers and businesses still need a better understanding of cyberthreats and how to protect their personal and sensitive business data online.To read this article in full or to leave a comment, please click here

Most Americans with knowledge of employer’s cybersecurity wouldn’t want to be a customer

Intel now supports Vulkan on Windows 10 PCs

Intel is bringing more options to improve gaming and virtual reality experiences on Windows PCs with official support for Vulkan APIs (application programming interfaces).Vulkan is similar to DirectX 12 and can be used for many applications, but it is most relevant to visual applications like games.Games and VR applications written in Vulkan will work with GPUs integrated into Intel's 7th Generation chips code-named Kaby Lake and 6th Generation chips code-named Skylake. It will also support the Intel HD Graphics 505 GPU in Pentium chips code-named Apollo Lake.To read this article in full or to leave a comment, please click here

Part 3 of Thinking Serverless — Dealing with Data and Workflow Issues

This is a guest repost by Ken Fromm, a 3x tech co-founder — Vivid Studios, Loomia, and Iron.io. Here's Part 1 and 2.

This post is the third of a four-part series of that will dive into developing applications in a serverless way. These insights are derived from several years working with hundreds of developers while they built and operated serverless applications and functions.

The platform was the serverless platform from Iron.io but these lessons can also apply to AWS Lambda, Google Cloud Functions, Azure Functions, and IBM’s OpenWhisk project.

Serverless Processing — Data Diagram

Thinking Serverless! The Data

Worth Reading: Outage at Git

A short outage this week on the GitLab hosted code service struck a combination of fear and sympathy across the tech community and offered a sharp reminder of the importance of testing your backups again and again (and again). On Tuesday, a GitLab administrator had accidentally erased a directory of live production data during a routine database replication. In the process of restoring from the last backup, taken six hours prior, the company had discovered that none of its five backup routines worked entirely correctly. The incident report, which GitLab posted online, noted that erasure affected issues and merge requests but not the git repositories themselves. —The New Stack

The post Worth Reading: Outage at Git appeared first on 'net work.

Apple joins Wireless Power Consortium, charging up iPhone 8 rumor

Apple has joined the consortium behind the Qi wireless charging system, supercharging rumors that owners of future an iPhone could live tangle-free.Last week, a financial analyst claimed Apple will release three new iPhones with wireless charging capabilities this year, reviving an on-again, off-again rumor about the next-generation iPhone's capabilities.The appearance of Apple's name on the membership list of the Wireless Power Consortium, Qi's creator, over the last week adds credence to that rumor. Its name was not on the list cached by Google's search engine last Tuesday.To read this article in full or to leave a comment, please click here

Storage tank operator turns to IoT for energy savings

Royal Vopak N.V. is a leading independent tank storage provider for the oil and chemical industries, operating 67 terminals in 25 countries. Chris Sheldon, Terminal Manager for the company’s operation in Savannah, GA, recently oversaw the implementation of an Internet of Things deployment that is enabling the terminal to minimize energy usage, which should lead to significant cost savings. Sheldon shared the story with Network World Editor in Chief John Dix. Vopak Chris Sheldon, Terminal Manager, Vopak Terminal Savannah, Inc.To read this article in full or to leave a comment, please click here

Extreme, NRG Stadium score big with Super Bowl Wi-Fi performance

Super Bowl LI will be remembered for a number of things. The Patriots had the largest comeback in Super Bowl history. Like all Atlanta sports teams, the Falcons choked when it mattered most. Also, Tom Brady won his fifth Super Bowl to cement his place as the second greatest QB of all time, behind the illustrious Joe Montana. More importantly though, Super Bowl LI was the most connected and engaged sporting event to date, as the fans in NRG Stadium in Houston appeared to be very busy using their phones to take pictures, Tweet, Facebook, send messages and other activities. A year ago, I wrote a post about how the network performed for Super Bowl 50, so I thought it would be worth looking at how things changed between then and now. To read this article in full or to leave a comment, please click here

Extreme, NRG Stadium score big with Super Bowl Wi-Fi performance

BigSecure + A10 TPS: Dynamic, Scale-out DDoS Attack Mitigation

IDG Contributor Network: Coder turns AWS IoT Button into ACLU donation button

During World War II, President Franklin Roosevelt ordered people of Japanese descent, many American citizens, to be relocated to internment camps. Even those with as little as one-sixteenth Japanese blood were interned. Over 110,000 Japanese Americans from California, Oregon, Washington and Arizona were affected. Many had just six days to sell all their possessions before being interned!President Ronald Reagan signed the Civil Liberties Act in 1988, which apologized for the internment on behalf of the U.S. government. The legislation admitted that government actions were based on "race prejudice, war hysteria, and a failure of political leadership."To read this article in full or to leave a comment, please click here

57% off Anker LED Water-Resistant Rechargeable 1300 Lumen Flashlight – Deal Alert

The high-performance Cree LED XM-L2 chip delivers 50,000 hours of intense brightness at a true 1300 lumens. Sweep bright light beyond the length of two football fields. The Anker Bolder torch has a full range of light modes for every situation: a powerful high-beam, balanced medium-beam, energy-saving & less dazzling low-beam, high-visibility strobe, and emergency SOS. It's rechargeable battery generates 6 hours of undiminishing light on a charge. It's body is constructed of professional durable materials, and is IP67 rated for water resistance. Rated 4.5 out of 5 stars from over 100 people on Amazon (84% rate a full 5 -- see reviews here), its $112 list price is reduced 57% to just $47.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

Python – Kirk Byers Course Week 1 Part 2

In the second part of assignments for the first week of Kirk Byers Python for Network Engineers class we will be working with IPv6 addresses.

We start with the following IPv6 address: FE80:0000:0000:0000:0101:A3EF:EE1E:1719.

The goal is then to split this address into individual parts. The delimiter in an IPv6 address is a colon. For an IPv4 address we would have used a dot instead. Python has a built-in function for splitting strings. To split the address we use this function and tell Python that a colon is our delimiter.

print("IPv6 address split:")
print(ipv6_split)
print(type(ipv6_split))

This means that we have turned our string into a list, consisting of eight parts of the IPv6 address.

daniel@daniel-iperf3:~/python/Week1$ python3 ipv6.py 
IPv6 address split:
['FE80', '0000', '0000', '0000', '0101', 'A3EF', 'EE1E', '1719']
<class 'list'>

To rejoin the address again the built-in function “join()” will be used. The syntax for this function is a bit awkward besides that it’s easy to use.

ipv6_new = ":".join(ipv6_split) 

print("IPv6 address rejoined:") 
print(ipv6_new) 
print(type(ipv6_new))

First we tell Python to put a colon between all the parts we are joining. The output then looks like this:

daniel@daniel-iperf3:~/python/Week1$ python3 ipv6.py 
IPv6 address rejoined:
FE80:0000:0000:0000:0101:A3EF:EE1E:1719
<class 'str'>

Note that the Continue reading

14% of Apple iPhone 7 Smart Battery Case White – Deal Alert

Charge your iPhone and battery case simultaneously, and when you're on-the-go, enjoy increased talk time up to 26 hours, and internet use up to 22 hours. The case preserves the lightning port so nothing is blocked. On the inside, a soft microfiber lining helps protect your iPhone. With the smart battery case on, the intelligent battery status is displayed on the iPhone lock screen and in notification center, so you know exactly how much charge you have left. The case averages 4 out of 5 stars on Amazon, where its typical list price of $99.99 has been reduced 14% to $84.99. See the discounted Apple charging case on Amazon.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Intel report suggests that self-service IT is a huge security risk

Ever since cloud computing was introduced a decade or so ago, there has been much gnashing of teeth and wailing about the security risks that the cloud introduced. Back in the old days, these arguments were pretty simple and revolved around control. Since then, however, as cloud adoption has become more widespread, we have had more nuanced views about cloud risks. But still, there are those traditional IT folks who balk at the very mention of the cloud. To them, cloud is anathema that is diametrically opposed from their stated objective of delivering the best outcome with the highest levels of safety for the business. Of course, many people would suggest that a significant proportion of those bemoaning the risks of the cloud are actually bemoaning the fact that their career prospects look less rosy in a cloudy world, and that it is self-interest that drives this message.To read this article in full or to leave a comment, please click here

No-Hassle Hardware Replacement with DCNM

Continuing my look at Cisco’s Data Center Network Manager (DCNM) software, I had to swap out a faulty spine switch recently, and got a chance to find out whether I could use DCNM to make the RMA process a little less painful than it would normally be.

Nexus 5648Q

Using DCNM for RMA

If I had a dream, albeit a rather sad one, it would be to be able to swap out a hardware component in my network quickly and efficiently, and not have to mess around.

DCNM has all the elements to make this feasible. Given a device serial number, I’ve already confirmed that DCNM can automatically deploy the correct firmware version and base configuration when deploying a new fabric, so there’s no reason it couldn’t be used to do the same thing for a replacement switch, but this time deploying the complete, production configuration in one step. Happily I already have the configuration for the spine switch I’m replacing, because DCNM takes frequent backups. I also have the appropriate firmware loaded to DCNM’s software repository because I used it to build the fabric in the first place. So how do I approach the RMA?

Telling DCNM About The New Hardware

Once the replacement switch was received Continue reading

« Previous 1 … 2,089 2,090 2,091 2,092 2,093 … 3,616 Next »