IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating

Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here

A Brief History of the IANA

October 2016 marks a milestone in the story of the Internet. At the start of the month the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. No single government now has a unique relationship with the governance of the protocol elements of the Internet, and it is now in the hands of a community of interested parties in a so-called Multi-Stakeholder framework. This is a unique step for the Internet and not without its attendant risks. How did we get here?

IoT botnets used in unprecedented DDoS against Dyn DNS; FBI, DHS investigating

Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here

Managing AWS Infrastructure with Ansible

In this post, I’m going to discuss some concepts behind managing your Amazon Web Services (AWS) infrastructure using Ansible. Ansible is a very popular tool for configuring operating system instances and software; using the concepts and examples provided in this post would allow you to expand your use of Ansible to include—when using AWS—the creation and deletion of the operating system instances themselves, as well as related infrastructure components (like security groups or other services).

Preface

Before I continue, I’d like to first discuss the “fit” of using Ansible for this particular purpose. Ansible doesn’t store the state of managed systems. Perhaps this is due to the agentless architecture; I don’t know. What that means in this particular use case is that you must take other steps to store information you’ll absolutely need like instance IDs, security group IDs, and the like because Ansible itself doesn’t. In my mind, this makes Ansible a less-than-ideal tool for this particular use case. That doesn’t mean Ansible isn’t a good tool; it just means that Ansible may not be the best tool for this particular purpose. (Think of it like this: Yes, you can sometimes unscrew something using a knife, but a screwdriver Continue reading

Float Shelf: An elegant way for Apple users to clean up their desktops

I love my iMac. There’s something so elegant and practical about the design and, as a result, many companies have attempted to come up with products that fit the Apple aesthetic but, sadly, most fail. Now, way back in 2012 in a roundup of Kickstarter projects I wanted to get my hands on, I covered the Hand Stylus, a beautifully designed pen-style stylus for tablets that is still my favorite tool for drawing on an iPad. Designed by Steve King, the Hand Stylus was the first of a series of products from his company, Prism Designs, and the company’s latest product, the Float Shelf, echoes the whole Apple look and feel as well as being really useful. To read this article in full or to leave a comment, please click here

dweet.io: A simple, effective messaging service for the Internet of Things

In my last post I discussed Freeboard, a powerful, polished, open source Web dashboard and mentioned that Bug Labs, the creators of Freeboard, also offer a very interesting Internet of Things messaging service called dweet which we’ll look at today.Now, there are many messaging services (for example MQTT) that can be used by IoT applications but few that are really simple and free as well; dweet is, indeed, simple and free though there is also an inexpensive enhanced level of dweet service we’ll get to later.To read this article in full or to leave a comment, please click here

Yes, we can validate the Wikileaks emails

Recently, WikiLeaks has released emails from Democrats. Many have repeatedly claimed that some of these emails are fake or have been modified, that there's no way to validate each and every one of them as being true. Actually, there is, using a mechanism called DKIM.

DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.

Hillary's team uses "hillaryclinton.com", which as DKIM enabled. Thus, we can verify whether some of these emails are true.

Recently, in response to a leaked email suggesting Donna Brazile gave Hillary's team early access to debate questions, she defended herself by suggesting the email had been "doctored" or "falsified". That's not true. We can use DKIM to verify it.

You can see the email in question at the WikiLeaks site: https://wikileaks.org/podesta-emails/emailid/5205. The title suggests they have early access to debate questions, and includes one specifically on the death penalty, with the text:
since 1973, 156 people have been on death row and later set free. Since 1976, 1,414 people have been executed in the U.S

TDWR 5 GHz Weather Radar Locations and Frequencies

Is your Wi-Fi network close to TDWR weather radar that may impact your deployment?

 

Use this list to know: 

Source: Cisco and WISPA

 http://www.wispa.org/Resources/Industry-Resources/TDWR-Resources/TDWR-Locations-and-Frequencies

 http://www.cisco.com/c/en/us/products/collateral/routers/3200-series-rugged-integrated-services-routers-isr/data_sheet_c78-647116.html

PDF version: 

 http://www.cisco.com/c/en/us/products/collateral/routers/3200-series-rugged-integrated-services-routers-isr/data_sheet_c78-647116.pdf

IMG_3879.PNG

Deep Dive- Contrail Data Center Interconnect

In previous blog we discussed high level for  Juniper Contrail Data Center Interconnect and how to connect physical servers with servers deployed inside SDN environment. In this blog we will have deep dive for both scenarios. We will discuss in detail configuration options ,  control plane and data plane operations involved in both options:-

picture1

Following component are included in reference topology:-

  1. 1 x MX-5 will be configured as Data Center Edge Router
  2. Contrail Control Node
  3. Compute 51 (which has 1 x vRouter)
  4. Compute 52 (Which has 1 x vRouter)
  5. MP-iBGP will be configured by Contrail Control Node between itself and all vRouters.
  6. Contrail node will act as Route Reflector (RR) and all vRouter will act as client to RR.
  7. vRouter will establish GRE tunnel (for data plane forwarding) with all other vRouter .
  8. MX-5 (Data Center Edge Router) will also establish MP-iBGP  peer-ship with Contrail Control node and will establish GRE tunnel with all vRouters.

Now if we recall iBGP forwarding rules and co-relate to our environment:-

  1. All vRouter which are RR  clients will transmit routes only to RR.
  2. RR will receive the routes from any of the client and will transmit received routes to all clients (except the vRouter from where the Continue reading

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring

The U.S. has charged a suspected Russian hacker with breaking into computers at LinkedIn, Dropbox and a question-and-answer site formerly known as Formspring.On Thursday, a federal grand jury indicted 29-year-old Yevgeniy Aleksandrovich Nikulin following his arrest by Czech police in Prague on Oct. 5.LinkedIn has said that Nikulin was involved in the 2012 breach of the company that stole details from over 167 million accounts. However, a U.S. court filing unsealed on Friday only gave limited details on Nikulin's alleged crimes.To read this article in full or to leave a comment, please click here

How the Dyn DDoS attack unfolded

Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here

How the Dyn DDoS attack unfolded

Today's attacks that overwhelmed the internet-address lookup service provided by Dyn were well coordinated and carefully plotted to take down data centers all over the globe, preventing customers from reaching more than 1,200 domains Dyn was in charge of.The attacks were still going on at 7 p.m. Eastern time, according to ThousandEye, a network monitoring service.Dyn’s service takes human-language internet addresses such as www.networkworld.com and delivers the IP addresses associated with them so routers can direct the traffic to the right locations.To read this article in full or to leave a comment, please click here

Some notes on today’s DNS DDoS

Some notes on today's DNS outages due to DDoS.

We lack details. As a techy, I want to know the composition of the traffic. Is it blindly overflowing incoming links with junk traffic? Or is it cleverly sending valid DNS requests, overloading the ability of servers to respond, and overflowing outgoing link (as responses are five times or more as big as requests). Such techy details and more make a big difference. Was Dyn the only target? Why were non-Dyn customers effected?

Nothing to do with the IANA handover. So this post blames Obama for handing control of DNS to the Russians, or some such. It's silly, and not a shred of truth to it. For the record, I'm (or was) a Republican and opposed handing over the IANA. But the handover was a symbolic transition of a minor clerical function to a body that isn't anything like the U.N. The handover has nothing to do with either Obama or today's DDoS. There's no reason to blame this on Obama, other than the general reason that he's to blame for everything bad that happened in the last 8 years.

It's not a practice attack. A Bruce Schneier post created Continue reading

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

An IoT botnet is partly behind Friday’s massive DDOS attack

Malware that can build botnets out of IoT devices is at least partly responsible for a massive distributed denial-of-service attack that disrupted U.S. internet traffic on Friday, according to network security companies.Since Friday morning, the assault has been disrupting access to popular websites by flooding a DNS service provider called Dyn with an overwhelming amount of internet traffic.Some of that traffic has been observed coming from botnets created with the Mirai malware that is estimated to have infected over 500,000 devices, according to Level 3 Communications, a provider of internet backbone services.To read this article in full or to leave a comment, please click here

Loggly aims to reveal what matters in log data  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Logs are one of those things that a lot of people take for granted. Every software, device and application generates its own logs, and they are often overlooked until something happens and someone needs to dig into the logs to try to discover a root cause of the issue. Companies that treat logs in this way are missing out on an opportunity to improve their business.Logs have an interesting property that makes them quite valuable: they are the only common thread across a company's entire technology stack. It doesn't matter if it's network devices, security devices, operating systems or applications—all generate logs. Because of that, and with the proper tools, it's possible to look end-to-end in the infrastructure and the application stack using logs. The result is the ability to see what is happening from node to node, and from process to process.To read this article in full or to leave a comment, please click here

Loggly aims to reveal what matters in log data  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Logs are one of those things that a lot of people take for granted. Every software, device and application generates its own logs, and they are often overlooked until something happens and someone needs to dig into the logs to try to discover a root cause of the issue. Companies that treat logs in this way are missing out on an opportunity to improve their business.Logs have an interesting property that makes them quite valuable: they are the only common thread across a company's entire technology stack. It doesn't matter if it's network devices, security devices, operating systems or applications—all generate logs. Because of that, and with the proper tools, it's possible to look end-to-end in the infrastructure and the application stack using logs. The result is the ability to see what is happening from node to node, and from process to process.To read this article in full or to leave a comment, please click here

1 2,502 2,503 2,504 2,505 2,506 3,763