Junos Conditional Route Advertisement

University network borders tend to be more complicated than those in similarly sized corporate organizations. I recently helped a peer from another university transition from IOS to Junos for border routing. While most of the configuration was straightforward, he required a unique  conditional routing policy. Since I’ve been working with Junos for many years (starting […]

The post Junos Conditional Route Advertisement appeared first on Packet Pushers.

Junos Conditional Route Advertisement

University network borders tend to be more complicated than those in similarly sized corporate organizations. I recently helped a peer from another university transition from IOS to Junos for border routing. While most of the configuration was straightforward, he required a unique  conditional routing policy. Since I’ve been working with Junos for many years (starting […]

The post Junos Conditional Route Advertisement appeared first on Packet Pushers.

‘Unbreakable’ security that wasn’t: True tales of tech hubris

The $30,000 lockImage by Library of CongressEighteenth century British engineer Joseph Bramah invented a lock that, he was sure, could never be picked. He was so sure that he offered 200 guineas (roughly $30,000 today) to anyone who could defeat it. Cris Thomas, a 21st-century strategist at Tenable Network Security, calls this one of the first bug bounties in history. The lock remained seemingly impregnable for more than 67 years, until an American locksmith named Alfred Charles Hobbs defeated it in 1851, prompting a contemporary observer to remark that "the mechanical spirit, however, is never at rest, and if it is lulled into a false state of listlessness in one branch of industry, and in one part of the world, elsewhere it springs up suddenly to admonish and reproach us with our supineness."To read this article in full or to leave a comment, please click here

Arctic Wolf offers SIEM in cloud

Arctic Wolf Networks is trying to address the problem many security techs have of receiving too many false-positive incident alerts to respond to effectively.The company is offering a security service made up of its home-grown SIEM in the cloud backed by security engineers who filter out the security-event noise and trigger alerts only when they come across incidents actually worth investigating further.The company is four years old but just last year started serving up its service – AWN Cyber-SOC - that quickly analyzes security data from a range of other security devices. Brian NeSmithTo read this article in full or to leave a comment, please click here

AttackIQ tests networks for known weaknesses attackers exploit

Startup AttackIQ can run attack scenarios against live networks to see whether the defenses customers think are in place are actually doing their job.The platform, called FireDrill, consists of an agent that is deployed on representative endpoints, and a server that stores attack scenarios and gathers data.The platform’s function is similar to that of another startup SafeBreach. Both companies differ from penetration testing in that they continuously test networks whereas a pen test gives a snapshot in time with large gaps between each snapshot.To read this article in full or to leave a comment, please click here

IBM launches new mainframe with focus on security

A new IBM mainframe includes security hardware to encrypt data without slowing down transactions and can integrate with IBM security software to support secure hybrid-cloud services. Ravi Srinivasan, vice president of strategy and offering management for IBM Security Thanks to an encryption co-processor, the new IBM z13s mainframe offloads encryption and doubles the speed at which previous mainframes could perform transactions, making for faster completion times and lower per-transaction costs, says Ravi Srinivasan, vice president of strategy and offering management for IBM Security.To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

Tim Cook says Apple will oppose court order rather than hack customers

Apple's CEO Tim Cook has reacted sharply to a federal court order in the U.S. that would require the company to help the FBI search the contents of an iPhone 5c seized from Syed Rizwan Farook, one of the terrorists in the San Bernardino, California, attack on Dec. 2.The U.S. government "has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter to customers posted on Apple's website on Wednesday. He added that the moment called for a public discussion and he wanted customers and people around the country "to understand what is at stake."To read this article in full or to leave a comment, please click here

vBrownBag: Troubleshooting Multicast High Level

For “basic” multicast I have always found that >70% of the problems I troubleshoot end up being the same things over and over and over again.

  1. Missing “trigger” to “pull” the multicast down to the receiver
  2. Multicast Distribution Tree (MDT) not built cause router doesn’t know
    1. WHO the root of the MDT is
    2. WHERE the root of the MDT is
    3. WHAT is the PIM RPF Neighbor toward the root of the MDT

Thank you, vBrownBag for asking me to present this.  :)   It was lots of fun.

When adding a VLAN doesn’t add a VLAN

Vendor: Cisco
Software version: 12.2(33)SXI7
Hardware: 6509-E

So this is a typical stupid question. How do you add VLANs to a trunk?

Assuming you started with a port with default configuration on it, it would be:

 interface
 switchport
 switchport mode trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan
 switchport trunk native vlan

Now, I was interrupted while doing this by someone interjecting and stating categorically, that

 switchport trunk allowed vlan
 ```

Should be:

```
 switchport trunk allowed vlan add
 ```

Not really the way I would do it on a new switchport, but not wanting to hurt feelings I proceeded and saw this:

```
 TEST(config-if)#switchport trunk allowed vlan add 10,20,30
 TEST(config-if)#do show run int gi9/14
 Building configuration...
Current configuration : 279 bytes
 !
 interface GigabitEthernet9/14
 description TEST
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 shutdown
 storm-control broadcast level 0.50
 storm-control multicast level 0.50
 no cdp enable
 no lldp transmit
 no lldp receive
 end
 ```

To cut a long story short, the switch takes the configuration, but doesn’t apply it. It lead to a lot of head scratching, because you’d think it should work. Switchport state when doing:

```
 show interface gi9/14 trunk
 ```

Shows a state Continue reading

‘Locky’ ransomware, which infects like Dridex, hits the unlucky

A new flavor of ransomware, similar in its mode of attack to the notorious banking software Dridex, is causing havoc with some users.Victims are usually sent via email a Microsoft Word document purporting to be an invoice that requires a macro, or a small application that does some function.Macros are disabled by default by Microsoft due to the security dangers. Users who encounter a macro see a warning if a document contains one.If macros are enabled, the document will run the macro and download Locky to a computer, wrote Palo Alto Networks in a blog post on Tuesday. The same technique is used by Dridex, a banking trojan that steals online account credentials.To read this article in full or to leave a comment, please click here

Apple ordered to assist in unlocking iPhone used by San Bernardino attacker

Apple was ordered Tuesday by a federal judge in California to provide assistance to the FBI to search a locked iPhone 5c that was used by Syed Rizwan Farook, one of the terrorists said to have been involved in an  attack in San Bernardino, California, on Dec. 2.The government's request under a statute called the All Writs Act will likely give a boost to attempts by law enforcement to curb the use of encryption by smartphone vendors.Apple is fighting in a New York federal court a similar move by the Department of Justice to get the company's help in unlocking the iPhone 5s smartphone of an alleged methamphetamine dealer. On Friday, it asked the New York court to give a final order as it has received additional similar requests from law enforcement agencies, and was advised that more such requests could come under the same statute.To read this article in full or to leave a comment, please click here

Some notes on Apple decryption San Bernadino phone

Today, a judge ordered Apple to help the FBI decrypt the San Bernadino shooter's iPhone 5C. Specifically:
  1. disable the auto-erase that happens after 10 bad guesses
  2. enable submitting passcodes at a high speed electronically rather than forcing a human to type them one-by-one
  3. likely accomplish this through a fimware update
The text of the court order almost exactly matches that of the "IOS Security Guide". In other words, while it may look fairly technical, actually the entirety of the technical stuff they are asking is described in one short document.

The problem the FBI is trying to solve is that when guessing passcodes is slow. The user has two options. One option is that every bad guess causes the wait between guesses to get longer and longer, slowing down guessing, forcing an hour between guesses. The other option is to have the phone erase itself after 10 bad guesses. Ether way, it makes guessing the passcode impractical. The FBI is demanding the Apple update the software of the phone to prevent either of these things from happening.

The phone is an iPhone 5C, first released in September 2013, so is quite old. This increases the chance that Continue reading

Craigslist fails to flag most scam rental ads, study finds

Craigslist, the popular online listings service, has waged a long fight against scammers, but a new academic study suggests it's been losing the battle.The study focussed on listings for housing rentals, and found that Craigslist failed to remove a majority of those that were fraudulent.The researchers analyzed two million ads over a five-month period in 2014 and determined that Craigslist had flagged and removed fewer than half the listings that likely weren't genuine.Looking for housing can be stressful, and people are vulnerable to schemes that advertise below-market pricing or ways to get ahead of the rental game.To read this article in full or to leave a comment, please click here

Network Simulation – Cisco VIRL Now Available in the Cloud

There has been a lot happening around VIRL the last few weeks. A new release of VIRL just got released and today the VIRL team announced that they are adding support for running VIRL in the cloud.

Cisco has chosen to work together with Packet, a bare metal cloud provider. This is how Packet describes themselves.

At Packet, we're out to build a better internet by supercharging the container revolution with smart, API-driven bare metal. Our platform brings the price and performance benefits of bare metal servers to the cloud, powering highly-available performance workloads through a unique, never-congested network.

The following picture summarizes why Cisco has chosen Packet.

Packet Bare Metal Cloud
Packet Bare Metal Cloud

Compared to Amazon AWS, Packet is a bare metal cloud provider which means that the resources you rent will be dedicated to you. Packet does not run any hypervisors, meaning that the workloads are not virtualized.

If you have an existing install of VIRL, you can use Terraform by Hashicorp to provision your new VIRL server at Packet. I had never heard of Terraform before, this is how Hashicorp describes Terraform.

Today we announce Terraform, a tool for safely and efficiently building, combining, and launching infrastructure. From  Continue reading

Use Linux? Stop what you’re doing and apply this patch

A buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users.Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side resolver that opens the door to remote code execution when a particular library function is used. Software using the function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers or man-in-the-middle attacks.Glibc, which was also at the core of the "Ghost" vulnerability found last year, is a C library that defines system calls and other basic functions on Linux systems. Its maintainers had apparently been alerted of the new problem last July, but it's not clear if any remediation effort was launched at that time.To read this article in full or to leave a comment, please click here

1 3,150 3,151 3,152 3,153 3,154 3,856