Technology ‘net 0x1339ECA: 2015 Measured and Plumbed

technology-netOne of the great things about APNIC is the amount of information about the state of the Internet Geoff Huston puts out each year. He’s recently posted two studies on the state of BGP and the state of IPv4 addresses as of 2015; they’re both well worth reading in full, but here are several key takeaways of particular interest.

BGP in 2015
Addressing in 2015

First, the size of the global (DFZ) table has crossed 512,000 routes. While the actual table size varies by your view of the network (BGP is a path vector protocol, which has many of the same attributes as a distance-vector protocol, including multiple views of the network), this is the first time the route view servers have actually crossed that number. Why is 512,000 a magic number? If there are 512,000 routes, there are likely 512,000 FIB entries (unless there’s some sort of FIB compression involved), and there are a number of older boxes that cannot support 512,000 routes in their FIB.

Second, the DFZ has been growing at a rate of about 7%-8% per year for a number of years. Given the number of new devices being added to the Internet, how can this Continue reading

Google fixes critical Wi-Fi and media-processing flaws in Android

Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same Wi-Fi network, if they have Broadcom chips.The two critical vulnerabilities are located in the Broadcom Wi-Fi driver and can be exploited by sending specially crafted wireless control packets to the affected devices. These messages could corrupt the kernel's memory and allow for the execution of arbitrary code in the kernel -- the highest privileged area of the operating system.These flaws are critical because the attack doesn't require any user interaction, can be exploited remotely and can lead to a complete device compromise.To read this article in full or to leave a comment, please click here

Skyport Systems: Fortress Infrastructure

The attitude of breach presumption is one that has fostered a family of seek-and-destroy security products. Find the infected system and fix it. Fair enough. Breach presumption is perhaps a wise posture to take, but it doesn’t mean we have to give up the perimeter. While some security consultants I’ve talked to tell me they […]

The post Skyport Systems: Fortress Infrastructure appeared first on Packet Pushers.

Skyport Systems: Fortress Infrastructure

The attitude of breach presumption is one that has fostered a family of seek-and-destroy security products. Find the infected system and fix it. Fair enough. Breach presumption is perhaps a wise posture to take, but it doesn’t mean we have to give up the perimeter. While some security consultants I’ve talked to tell me they […]

The post Skyport Systems: Fortress Infrastructure appeared first on Packet Pushers.

Decrypt SSL traffic to detect hidden threats

The percentage of encrypted Internet traffic continues to grow creating a space where not only private information but also criminals can travel about undetected. In the last five years, the advent of SSL traffic from major companies like Google, YouTube, and Twitter has spawned an expansive movement toward encrypting Internet traffic for enterprises as well. The risk in taking this security measure, though, is that while the exchange of information via the Internet is secured, bad guys can also linger unnoticed. Criminals, of course, know this and use it to their advantage, cloaking their attacks within Transport Layer Security (TLS) or Secure Sockets Layer (SSL) traffic.To read this article in full or to leave a comment, please click here

Survey: Average successful hack nets less than $15,000

The majority of cyber attackers are motivated by money, but make less than $15,000 per successful attack, according to a survey of hackers in the U.S., U.K. and Germany released yesterday by the Ponemon Institute.The hackers, who were promised anonymity, netted, on average, less than $29,000 a year."In the more established countries, that is not a lot of money," said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study. "They're making a quarter of what a cybersecurity professional makes."To read this article in full or to leave a comment, please click here

Debug Generator – Fortigate Flow Trace

I’ve found that when working with Fortigate firewalls and needing to be able to use the debug flow command set, it takes a bit too long to manually type out the commands. If you’re in a pressurised environment saving a few seconds here and there can be valuable. First we need to grab the script […]

The post Debug Generator – Fortigate Flow Trace appeared first on Packet Pushers.

Debug Generator – Fortigate Flow Trace

I’ve found that when working with Fortigate firewalls and needing to be able to use the debug flow command set, it takes a bit too long to manually type out the commands. If you’re in a pressurised environment saving a few seconds here and there can be valuable. First we need to grab the script […]

The post Debug Generator – Fortigate Flow Trace appeared first on Packet Pushers.

Should Firewalls Track TCP Sequence Numbers?

It all started with a tweet by Stephane Clavel:

Trying to fit my response into the huge Twitter reply field I wrote “Tracking Seq# on FW should be mostly irrelevant with modern TCP stacks” and when Gal Sagie asked for more elaboration, I decided it’s time to write a blog post.

Read more ...

Some notes on the Norse collapse

Recently, cybersec company "Norse Security" imploded. Their leaders and most the employees were fired, and their website is no longer available. I thought I'd write up some notes on this.

All VC-funded startups are a scam

Here's how VCs think. They see that there is a lot of industry buzz around "threat intel". They'll therefore fund a company in that space. This company will spend a 5% of that money to create a cool prototype, and 95% in marketing and sales. They'll have fancy booths at trade shows. They'll have a PR blitz to all the reporters who cover the industry. They'll bribe Gartner to be named a Cool Vendor or Magic Quadrant Leader. They'll win industry kudos. They have some early sales 'wins' with some major customers. These customers will give glowing reviews of the product they bought -- even before turning it on.

In other words, it's a perfect "Emperor Has No Clothes" story, where neither customers, nor Gartner, nor the press is competent to realize the Emperor is not wearing clothes.

VCs know it's a scam, but they are hoping it'll become real. As a well-known leader in this space, employees with the needed expertise will flock Continue reading

FireEye acquires Invotas for faster incident response

FireEye said Monday it has acquired Invotas, a company that develops a platform that helps administrators respond faster to security incidents.The deal closed on Monday, but terms were not disclosed.FireEye, which started out with an end-point protection product, has been seeking to expand the range of security products and services it offers as cybersecurity has become a growing concern for companies.Invotas, based in Alexandria, Virginia, has a single product, its Security Orchestrator. The platform is designed to take in information from a range of security products from different vendors and automate responses when an incident is detected.To read this article in full or to leave a comment, please click here

Data Center Networking – Openstack Neutron networking terms demystified!

Coming from a networking background I am used to the various TLAs (ironically: Three Letter Acronyms) and terms that sometime mean the same but completely different otherwise. Networking in the data-center is no different. People have now slowly moved away from a leaf-spine topology where an advanced pricey piece of equipment sits in the spine and relatively cheaper leaf devices connect the hosts and servers. We now have an old architecture that was used during telephony in a new form with new terms. Terms such as "Clos topology" where the the leaf-spine architecture is replaced by layers or levels of similar cheaper hardware allowing flexibility in its configuration forming a sort of mesh making it both scalable and reliable; and special protocols such as DCTCP (Data Center TCP) being interspersed in technical papers and company technology presentations. An outlook of these technologies is big enough to be a completely separate read and so I will not venture into it here.

Google's datacenter - Clos Topology research & implementation
Facebooks' datacenter  architecture - 5 stage clos topology

With all these changes in the data center we now also see administrators isolating a complete data center/s or carving them Continue reading

This bird could be a drone’s worst enemy

When it comes to the problem of stopping errant drones, there's been a number of high-tech solutions -- from radio jamming to laser beams to nets launched by other drones  --  but a group in The Netherlands is proposing a low-tech solution that's much more elegant.Guard From Above says it is training birds of prey to attack drones, taking advantage of their natural predatory instincts and precision in the sky.A video posted by the company on YouTube shows a bird attacking a DJI Phantom drone as it hovers, grabbing the drone with its feet and flying away with it.To read this article in full or to leave a comment, please click here

1 3,174 3,175 3,176 3,177 3,178 3,859