Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN

You know all those Apple and other IoT devices connected to your wireless network? Lots of them run apps that discover services on your network via multicast DNS (mDNS). All of that mDNS traffic can have a significant impact on your WLAN’s performance. On today's Heavy Networking we talk with guest Bryan Ward who has actually measured the impact of mDNS on a production wireless network to see what would happen if he let mDNS traffic run wild.

Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN

You know all those Apple and other IoT devices connected to your wireless network? Lots of them run apps that discover services on your network via multicast DNS (mDNS). All of that mDNS traffic can have a significant impact on your WLAN’s performance. On today's Heavy Networking we talk with guest Bryan Ward who has actually measured the impact of mDNS on a production wireless network to see what would happen if he let mDNS traffic run wild.

The post Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN appeared first on Packet Pushers.

Technology Short Take 167

Welcome to Technology Short Take #167! This Technology Short Take is a tad shorter than the typical one; I’ve been busy recently and my intake volume of content has gone down, thus resulting in fewer links to share with all of you! I opted to go ahead and publish a shorter Technology Short Take instead of making everyone wait around for a longer one. In any case, here’s hoping that I’ve included something useful for you!

Networking

Servers/Hardware

Security

Cloud Computing/Cloud Management

Turning WiFi into a Thick Yellow Cable

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Read more …

Turning WiFi into a Thick Yellow Cable

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Read more …

Project Calico wants to hear from you! The 2023 Calico Open Source Adoption Survey

Project Calico is made possible thanks to you—thank you for your ongoing support of Project Calico, and for being an essential part of our growing open-source community. To improve Calico, we want to hear from you.

That’s why we’ve created the 2023 Calico Open Source Adoption Survey, a 16-question survey designed specifically to help us gather your feedback and insights.

Why take this survey?

Not only will this be a chance to share extensive feedback,  your input will actually help us prioritize future development efforts and ensure that we are addressing the most pressing needs of the community. We want to make sure that Project Calico continues to be the best possible solution for networking and security in Kubernetes and container environments.

We know that your time is valuable, but we believe that your feedback is essential to our success. We hope that you will take a few moments to complete the survey and share your thoughts with us.

Thank you again for your continued support, and we look forward to hearing from you soon.

Take the survey

The post Project Calico wants to hear from you! The 2023 Calico Open Source Adoption Survey appeared first on Tigera.

Introducing Calico Runtime Threat Defense—The most extensive security coverage for containers and Kubernetes

Containerized applications are complex, which is why an effective container security strategy is difficult to design and execute. As digitalization continues to push applications and services to the cloud, bad actors’ attack techniques have also become more sophisticated, which further challenges container security solutions available on the market.

Despite the discussion around agent vs agentless in the cloud security landscape and which type of solution is better, the most valuable solution is one that provides a wide breadth of coverage. Calico is unique as it is already installed as part of the underlying platform and provides the dataplane for a Kubernetes cluster. When Calico Cloud or Calico Enterprise is deployed, security and observability capabilities can be enabled on top of these core components. We provide a simple plug-and-play active security solution that focuses on securing workloads and the Kubernetes platform with the least amount of complexity and configuration.

Runtime attack vectors

Cloud-native applications are susceptible to many attack vectors. We have broken them down to eight, as seen in the following illustration:

Fig 1: Cloud-native attack vectors

In previous blogs, we have explained how the use of vulnerability management, zero-trust workload security, and microsegmentation can help reduce the Continue reading

Hedge 173: If Multicast is the answer, what was the question?

Multicast hasn’t ever really “gone viral” (In modern terms!) throughout the Internet—in fact, it’s not widely used even in networks supporting enterprises. why not? Join Dirk Trossen, Russ White, and Tom Ammon as we discuss the many facets of multicast, and what the future holds.

Dirk’s paper on multicast can be found here.

download

Japan to hike subsidies to 2nm chip maker Rapidus, an IBM partner

Japan will increase the financial support it's giving to semiconductor maker Rapidus — established with the aim of making cutting-edge, 2-nanometer chips — in order to further support domestic production, according to Japanese trade and industry minister Yasutoshi Nishimura.“The government is ready to continue and beef up financial support to the company,” Nishimura said in an interview with Bloomberg. He added that the plan will require the government to invest trillions of yen in the project.The Tokyo-based manufacturer was established in 2022 with the aim of making 2nm chips in Japan by 2025. To date, it has received ¥70 billion (US$532 million) from the Japanese government, in addition to investments from Toyota, Sony, and telecom giant NT&T.To read this article in full, please click here

Japan to hike subsidies to 2nm chip maker Rapidus, an IBM partner

Japan will increase the financial support it's giving to semiconductor maker Rapidus — established with the aim of making cutting-edge, 2-nanometer chips — in order to further support domestic production, according to Japanese trade and industry minister Yasutoshi Nishimura.“The government is ready to continue and beef up financial support to the company,” Nishimura said in an interview with Bloomberg. He added that the plan will require the government to invest trillions of yen in the project.The Tokyo-based manufacturer was established in 2022 with the aim of making 2nm chips in Japan by 2025. To date, it has received ¥70 billion (US$532 million) from the Japanese government, in addition to investments from Toyota, Sony, and telecom giant NT&T.To read this article in full, please click here

Verifying bash script arguments

Many bash scripts use arguments to control the commands that they will run and the information that will be provided to the people running them. This post examines a number of ways that you can verify arguments when you prepare a script and want to make sure that it will do just what you intend it to do – even when someone running it makes a mistake.Displaying the script name, etc. To display the name of a script when it’s run, use a command like echo $0. While anyone running a script will undoubtedly know what script they just invoked, using the script name in a usage command can help remind them what command and arguments they should be providing.To read this article in full, please click here

Verifying bash script arguments

Many bash scripts use arguments to control the commands that they will run and the information that will be provided to the people running them. This post examines a number of ways that you can verify arguments when you prepare a script and want to make sure that it will do just what you intend it to do – even when someone running it makes a mistake.Displaying the script name, etc. To display the name of a script when it’s run, use a command like echo $0. While anyone running a script will undoubtedly know what script they just invoked, using the script name in a usage command can help remind them what command and arguments they should be providing.To read this article in full, please click here

Protect your domain with Zone Holds

Protect your domain with Zone Holds
Protect your domain with Zone Holds

Today, we are announcing Zone Holds, a new capability for enterprise customers that gives them control of if and when someone else can add the same zone to another Cloudflare account. When multiple teams at a company want to use Cloudflare, one team might accidentally step on another’s toes and try to manage the same zone in two accounts. Zone Holds ensure that this cannot happen by enforcing that only one account can contain a given domain, optionally inclusive of subdomains or custom hostnames, unless explicit permission is granted by the account owner of the zone.

What can go wrong today

Cloudflare already requires zones to be authenticated via DNS before traffic is proxied through our global network. This ensures that only domain owners can authorize traffic to be sent through and controlled with Cloudflare. However, many of our customers are large organizations with many teams all trying to protect and accelerate their web properties. In these cases, one team may not realize that a given domain is already being protected with Cloudflare. If they activate a second instance of the same domain in Cloudflare, they end up replacing the original zone that another team was already managing with Cloudflare. Continue reading

IPv6 Buzz 123: Why You Need An IPv6 Security Plan

Today's IPv6 Buzz podcast explores why you need a plan for IPv6 security. Even if you haven't actively deployed IPv6, you've got v6-enabled hosts on your LAN and remote workers connecting to you over v6 networks. We discuss key elements to consider in your plan, evaluating IPv6 support in security products and services, and more.

IPv6 Buzz 123: Why You Need An IPv6 Security Plan

Today's IPv6 Buzz podcast explores why you need a plan for IPv6 security. Even if you haven't actively deployed IPv6, you've got v6-enabled hosts on your LAN and remote workers connecting to you over v6 networks. We discuss key elements to consider in your plan, evaluating IPv6 support in security products and services, and more.

The post IPv6 Buzz 123: Why You Need An IPv6 Security Plan appeared first on Packet Pushers.

Kicking the Tires of GitHub Copilot

A friend sent me a video demo of his AI-driven network device configuration proof-of-concept. Before commenting on that idea, I wanted to see how well AI works as an assistant. Once Kristian Larsson mentioned he was using GitHub Copilot, it was obvious what to do next: try it out while working on the next netlab release.

TL&DR:

  • It works.
  • Some Copilot suggestions are uncannily accurate; others are fishing expeditions.
  • It’s bland.
Read more …

Kicking the Tires of GitHub Copilot

A friend sent me a video demo of his AI-driven network device configuration proof-of-concept. Before commenting on that idea, I wanted to see how well AI works as an assistant. Once Kristian Larsson mentioned he was using GitHub Copilot, it was obvious what to do next: try it out while working on the next netlab release.

TL&DR:

  • It works.
  • Some Copilot suggestions are uncannily accurate; others are fishing expeditions.
  • It’s bland.
Read more …

Juniper Version Selection

Picking the right Junos version is important. If you’re not familiar with Juniper, finding and downloading the right software package is confusing. Here’s some guidance on picking the right version.

It’s useful to understand Junos version numbering, and the upgrade policy. Then check the Suggested Releases page to see what they recommend, check if that makes sense, and figure out how to get from here to there.

Understanding Version Numbering

These days Juniper publishes a new release train every quarter. Versioning is simple “<year>.<quarter>.R<release number>”. So 21.4R1 is released in the 4th quarter of 2021. New releases add new features and support new hardware. Configs may break

They then publish “service releases” on top of that, for example 21.4R1-S1 and 21.4R1-S2. These are supposed to only be bugfixes, but complacency breeds contempt. So sometimes they throw in throw in breaking changes that may render your existing config non-bootable, because why the hell not? Continue reading

1 244 245 246 247 248 3,766