Hairpinning traffic through ASA with State Bypass

Several years ago I wrote an article about the Woes of Using an ASA as a Default Gateway. I have received a lot of feedback about this post and recently had a request for an update around ASA > 8.3. When building this scenario out with current ASA code, I found that the base NAT configuration (internet only PAT) had no bearing on the hairpin configuration. As expected, I found the same challenge around state bypass. I wanted to share a current post that demonstrates the challenges and solutions when traffic is bounced off the inside interface of the ASA.

The requirements of the configuration are as follows–

• TestHost must be able to Telnet and Ping to Internet and PartnerHost
• The inside interface of asav-1 must be the default gateway for TestHost
• asav-1 is doing PAT for Internet destined traffic
• PartnerRTR and ParnterHost have been preconfigured as shown above

The following are the base configurations for all of the devices. The configuration of asav-1 does not seem to allow communication from TestHost to PartnerHost (100.1.1.0/24 network).

TestHost Configuration

hostname TestHost
!
interface GigabitEthernet2
 description to iosvl2-1
 ip address 10.1.1.5 255.255.255.0
!
ip route 0.0. Continue reading

23% off HDMI Cloner Box for Gaming or HD Video Stream Capture, No PC needed – Deal Alert

Here's a device any gamer or video enthusiast may want to have on hand. Connect a game console, DVD, or any video source to this gadget via its HDMI input, and with the push of a button it captures and saves the video stream to any attached USB flash drive, with no PC required. Advanced hardware H.264 encoding captures your live gameplay or video playback in 1080p Full HD, while keeping the file size low and capturing speeds high. Averaging 4 out of 5 stars on Amazon from over 170 customers (read reviews), the gadget's $129.99 list price has been reduced 23% to $99.99. With the unit you'll get a free 16gb USB stick to get you started (enough for several hours of video). See the discounted cloner box now on Amazon.To read this article in full or to leave a comment, please click here

Hacking computer monitors to spy, steal data and manipulate what you see

The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here

Hacking monitors for spying, stealing data, manipulating what you see on the screen

The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here

Hacking monitors for spying, stealing data, manipulating what you see on the screen

The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here

High-security electronic safes can be hacked through power and timing analysis

Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.To read this article in full or to leave a comment, please click here

High-security electronic safes can be hacked through power and timing analysis

Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.To read this article in full or to leave a comment, please click here

Microduino mCookie; a platform for experimenting with the Internet of Things. Great idea but …

If you’re experimenting with the Internet of Things, you now have a huge range of platforms to choose from. Many of these platforms are essentially bare boards and hooking up sensors often requires adding breadboards, breaking out the soldering iron, and down and dirty wiring. While there’s nothing actually wrong with any of this as a way to experiment and develop ideas, it’s less than ideal where getting quickly from a concept to a working device is the goal. So it was that Microduino’s mCookie system was designed to make IoT experimentation fast and easy as well as inexpensive.To read this article in full or to leave a comment, please click here

A supercomputer is taking on humans in a hacking contest at DEF CON

Can a supercomputer beat humans in a hacking contest? We're about to find out.For the first time, a fully automated supercomputer is trying to compete with humans in a major hacking contest, and so far the machine is hanging in there.The supercomputer, known as Mayhem, is among the teams taking part in this year’s Capture the Flag contest at the DEF CON security conference in Las Vegas.The game involves detecting vulnerabilities in software and patching them, and humans have been playing it at DEF CON for years.Now computers are getting in on the act. DARPA, a U.S. defense agency, recently held an all-machine competition, awarding $2 million to the team that did best.To read this article in full or to leave a comment, please click here

A supercomputer is taking on humans in a hacking contest at DEF CON

Can a supercomputer beat humans in a hacking contest? We're about to find out.For the first time, a fully automated supercomputer is trying to compete with humans in a major hacking contest, and so far the machine is hanging in there.The supercomputer, known as Mayhem, is among the teams taking part in this year’s Capture the Flag contest at the DEF CON security conference in Las Vegas.The game involves detecting vulnerabilities in software and patching them, and humans have been playing it at DEF CON for years.Now computers are getting in on the act. DARPA, a U.S. defense agency, recently held an all-machine competition, awarding $2 million to the team that did best.To read this article in full or to leave a comment, please click here

This PC monitor hack can manipulate pixels for malicious effect

Don’t believe everything you see. It turns out even your computer monitor can be hacked.On Friday, researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.To read this article in full or to leave a comment, please click here

This PC monitor hack can manipulate pixels for malicious effect

Don’t believe everything you see. It turns out even your computer monitor can be hacked.On Friday, researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.To read this article in full or to leave a comment, please click here

Bigfoot data: Disney patent to track visitors by their shoes

We are truly in the era of all-encompassing analytics. Today, everything you click on, everything you post, where you go, what you purchase, and who you’re connected to are all data points to be captured, categorized, cross-indexed, tabulated, and analyzed. “O! M! G!” you may be muttering “Will surveillance never end?” Sure it will end. When hell freezes over. Nope, the surveillance cat is out of the bag, the monitoring pigeon has flown the coup, and the privacy bridge has been burnt. Welcome to the future. As if to underline that reality, the latest foray into quantifying you, has just been patented by Disney. In a recent filing titled System and method using foot recognition to create a customized guest experience, the company that bought you “a people trap run by a rat” (I kid you with love, Disney) has raised (lowered?) the bar on knowing who you are by proposing that they will track you by looking at ... wait for it ... your footwear.To read this article in full or to leave a comment, please click here

Bigfoot data: Disney patent to track visitors by their shoes

We are truly in the era of all-encompassing analytics. Today, everything you click on, everything you post, where you go, what you purchase, and who you’re connected to are all data points to be captured, categorized, cross-indexed, tabulated, and analyzed. “O! M! G!” you may be muttering “Will surveillance never end?” Sure it will end. When hell freezes over. Nope, the surveillance cat is out of the bag, the monitoring pigeon has flown the coup, and the privacy bridge has been burnt. Welcome to the future. As if to underline that reality, the latest foray into quantifying you, has just been patented by Disney. In a recent filing titled System and method using foot recognition to create a customized guest experience, the company that bought you “a people trap run by a rat” (I kid you with love, Disney) has raised (lowered?) the bar on knowing who you are by proposing that they will track you by looking at ... wait for it ... your footwear.To read this article in full or to leave a comment, please click here

SDxCentral Weekly News Roundup — August 5, 2016

Big Switch Networks announced the company’s launch in Australia.

Docker SF Meetup #47; Docker 1.12, Docker for Mac and Tugbot

On Wednesday members of the Docker SF Meetup community joined us at Docker HQ for our 47th Docker meetup in San Francisco! It was a great evening with talks and demos from Docker’s own Ben Bonnefoy, Nishant Totla, as well as Neil Gehani from HPE.

Continue reading

Continuous Integration Testing on Docker Cloud

This is a guest post by Stephen Pope & Kevin Kaland from Project Ricochet

Docker Cloud is a SaaS solution hosted by Docker that gives teams the ability to easily manage, deploy, and scale their Dockerized applications.
Continue reading

Best Deals of the Week, August 1-5 – Deal Alert

Best Deals of the Week - Deal AlertCheck out this roundup of the best deals on gadgets, gear and other cool stuff we have found this week, the week of August 1st. All items are highly rated, and dramatically discounted!53% off Inateck USB 3.0 Dual-Bay Hard Drive Cloning StationThis gadget from Inateck will duplicate any 2.5 inch or 3.5 inch SATA HDD/SSD drive quickly and automatically without the need for a computer, by just pushing a button. The unit currently averages 4.5 out of 5 stars on Amazon from over 530 customers (read reviews). With a typical list price of $69.99, this 53% off deal puts it at just $32.99. See the discounted Inateck HDD/SSD cloning station now on Amazon.To read this article in full or to leave a comment, please click here

Worth Reading: Top performance items to watch

What’s eating your network? What is (quietly) killing performance? What performance items should you be watching, but probably are not? I’m a big fan of appropriate network management data, with the right tool(s). If you don’t monitor absolutely every interface, and capture historical data, you’re flying blind. —Netcraftsmen

The post Worth Reading: Top performance items to watch appeared first on 'net work.

IoT security suffers from a lack of awareness

As consumers we have become obsessed with connected devices. We like the idea of smart homes, smart cars, smart TVs, smart refrigerators or any machine that can be automated with sensors and an IP address. Yet fewer tasks in IT today inspire more fear than the prospect of protecting corporate networks from this proliferating wave of connected devices. The internet of things phenomenon expands the threat surface exponentially, in turn boosting business risk.But CIOs often aren’t aware of all of the devices that make inviting targets for hackers. "One of the fundamental issues that faces the internet of things is knowing that they're there and giving them some identity,” says Gartner analyst Earl Perkins. "You can't manage what you can't see."To read this article in full or to leave a comment, please click here