U.S.-China agreement on cyber espionage is a first step at best

Presidents Obama and Xi agree that the U.S. and China won’t steal corporate secrets from each other, but the wording is so full of loopholes that CISOs shouldn’t take too much comfort in the pact for quite a while.The agreement sets up high-level talks twice a year to deal with complaints the U.S. and China have about whether the other is responding quickly and thoroughly to claims by the other side about malicious cyber activity.It also takes a run at corporate spying in particular: “[N]either country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”To read this article in full or to leave a comment, please click here

Cisco DHCP client bummer

It looks to me like the Cisco IOS DHCP client mis-handles the DNS server option when it's working in a VRF.

I'm working on an IOS 15.4 router with an empty startup-config and only the following configuration applied:
 interface FastEthernet4  
  ip address dhcp  
  no shutdown

debug dhcp detail produces the following when the DHCP lease is claimed:
 Sep 25 19:48:23.316: DHCP: Received a BOOTREP pkt  
 Sep 25 19:48:23.316: DHCP: Scan: Message type: DHCP Offer  
 ...  
 Sep 25 19:48:23.316: DHCP: Scan: DNS Name Server Option: 192.168.100.4

Indeed, we can resolve DNS. We can also see that the DNS server learned from DHCP has been configured (is there a better way to see this?):
 lab-C881#ping google.com  
 Translating "google.com"...domain server (192.168.100.4) [OK]  
 Type escape sequence to abort.  
 Sending 5, 100-byte ICMP Echos to 205.158.11.53, timeout is 2 seconds:  
 !!!!!  
 Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms  
 lab-C881#show hosts summary  
 Default domain is fragmentationneeded.net  
 Name/address lookup uses domain service  
 Name servers are 192.168.100.4  
 Cache entries: 5  
 Cache prune timeout: 50  
 lab-C881#

If I put the interface into a VRF, Continue reading

Nasty Multicast VSS bug on Catalyst 4500-X

I ran into an “exciting” bug yesterday. It was seen in a 4500-X VSS pair running 3.7.0 code. When there has been a switchover meaning that the secondary switch became active, there’s a risk that information is not properly synced between the switches. What we were seeing was that this VSS pair was “eating” the packets, essentially black holing them. Any multicast that came into the VSS pair would not be properly forwarded even though the Outgoing Interface List (OIL) had been properly built. Everything else looked normal, PIM neighbors were active, OILs were good (except no S,G), routing was there, RPF check was passing and so on.

It turns out that there is a bug called CSCus13479 which requires CCO login to view. The bug is active when Portchannels are used and PIM is run over them. To see if an interface is misbehaving, use the following command:

hrn3-4500x-vss-01#sh platfo hardware rxvlan-map-table vl 200 <<< Ingress port

Executing the command on VSS member switch role = VSS Active, id = 1


Vlan 200:
l2LookupId: 200
srcMissIgnored: 0
ipv4UnicastEn: 1
ipv4MulticastEn: 1 <<<<<
ipv6UnicastEn: 0
ipv6MulticastEn: 0
mplsUnicastEn: 0
mplsMulticastEn: 0
privateVlanMode: Normal
ipv4UcastRpfMode: None
ipv6UcastRpfMode: None
routingTableId: 1
rpSet: 0
flcIpLookupKeyType: IpForUcastAndMcast
flcOtherL3LookupKeyTypeIndex: 0
vlanFlcKeyCtrlTableIndex: 0
vlanFlcCtrl: 0


Executing the command on VSS member switch role = VSS Standby, id = 2


Vlan 200:
l2LookupId: 200
srcMissIgnored: 0
ipv4UnicastEn: 1
ipv4MulticastEn: 0 <<<<<
ipv6UnicastEn: 0
ipv6MulticastEn: 0
mplsUnicastEn: 0
mplsMulticastEn: 0
privateVlanMode: Normal
ipv4UcastRpfMode: None
ipv6UcastRpfMode: None
routingTableId: 1
rpSet: 0
flcIpLookupKeyType: IpForUcastAndMcast
flcOtherL3LookupKeyTypeIndex: 0
vlanFlcKeyCtrlTableIndex: 0
vlanFlcCtrl: 0

From the output you can see that "ipv4MulticastEn" is set to 1 on one switch and 0 to the other one. The state has not been properly synched or somehow misprogrammed which leads to this issue with black holing multicast. It was not an easy one to catch so I hope this post might help someone.

This also shows that there are always drawbacks to clustering so weigh the risk of running in systems in clusters and having bugs affecting both devices as opposed to running them stand alone. There's always a tradeoff between complexity, topologies and how a network can be designed depending on your choice.

5 takeaways from Adobe Flash’s death march

Rumors of the demise of Flash have been greatly exaggerated, to paraphrase Mark Twain. The multimedia and software platform's days may well be numbered, but today it’s still alive, even if its kicks are not exactly vigorous.It’s now five years since the late Steve Jobs published his famous Thoughts on Flash memo, in which he put the knife in to Flash on the grounds that it was proprietary, unreliable and insecure, that it drains mobile device batteries and is a cross-platform development tool that results in developers using only a lowest common denominator set of features.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers It's certainly true that Flash has been plagued by security issues – prompting Mozilla to block Flash plugins in Firefox and Google to block most Flash content from its Chrome browser. Google also converts many Flash ads on its AdWords system into HTML5, and Amazon has also stopped accepting Flash ads entirely.To read this article in full or to leave a comment, please click here

British spies cast net to monitor every web surfer, leaked documents show

When British spies gave their Internet surveillance program the codename Karma Police they may have given away a little too much about its epic purpose: "To build a web-browsing profile for every visible user on the Internet."The system ultimately gathered trillions of metadata records about Internet users' browsing habits.In official documents obtained by The Intercept, the intent of Karma Police stands out alongside more cryptically named projects such as Moose Milk (using data mining to detect suspicious use of telephone kiosks) or Salty Otter (a technique for detecting when use of one medium, such as a telephone call, is used to trigger another, such as a chat service).To read this article in full or to leave a comment, please click here

Mobile Ad Networks as DDoS Vectors: A Case Study

CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets.

Recently an unusual flood caught our attention. A site reliability engineer on call noticed a large number of HTTP requests being issued against one of our customers.

The request

Here is one of the requests:

POST /js/404.js HTTP/1.1  
Host: www.victim.com  
Connection: keep-alive  
Content-Length: 426  
Origin: http://attacksite.com  
User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.4; zh-cn; MI 4LTE Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/42.0.0.0 Mobile Safari/537.36 XiaoMi/MiuiBrowser/2.1.1  
Content-Type: application/x-www-form-urlencoded  
Accept: */*  
Referer: http://attacksite.com/html/part/86.html  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,en-US;q=0.8

id=datadatadasssssssssssssssssssssssssssssssssssssssssssassssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssadatadata

We received millions of similar requests, clearly suggesting a flood. Let's take a deeper look at this request.

First, let's note that the headers look legitimate. We often see floods issued by Python or Ruby scripts, with weird Accept-Language or User-Agent headers. But this one doesn't look like it. This request is a proper request issued by a real browser.

Next, notice the request is a POST and contains an Origin header — it was issued by an Ajax (XHR) cross Continue reading

PlexxiPulse—The Key to Hyperconverged Success

Earlier this week, my colleague Bob Noel wrote a blog post on converged networking. As industry buzz surrounding hyperconvergance gets louder and louder, it is important to take into account the network that underpins these hyperconverged systems of tomorrow. Here at Plexxi we know that the network has to be more dynamic, innovative and agile to deliver on the promise of hyperconverged infrastructure and we’re thrilled to be a part of the conversation and the solution. Take a look at Bob’s blog post to learn more about our converged networks and why the network is so important for successful converged deployments.

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

CBR: What does hyper-converged infrastructure mean for the future of enterprise application delivery?
By Gary Newe
Hyper-convergence is an extension of a converged infrastructure, where compute, server, storage, networking resources and software are pooled together on commodity hardware. They are usually systems from separate companies but designed to work very well together. The benefits of this include massively simplified management, which makes things faster, more agile and more efficient. It’s one of the foundations of virtualisation, but hyper-convergence allows for even Continue reading

Researchers tout technology to make electronics out of old tires

Researchers are working with a process that turns old tires – and there are some 300,000 tossed yearly – into electrodes for supercapacitors that would be used on the grid or in cars and other electronics applications.+More on Network World: Real Jobs for Real Robots+ The technology developed at the Department of Energy’s Oak Ridge National Laboratory and Drexel University produces carbon composite papers through a process described like this: “the researchers soaked crumbs of irregularly shaped tire rubber in concentrated sulfuric acid. They then washed the rubber and put it into a tubular furnace under a flowing nitrogen gas atmosphere. They gradually increased the temperature from 400 degrees Celsius to 1,100 degrees. After several additional steps, including mixing the material with potassium hydroxide and additional baking and washing with deionized water and oven drying, researchers have a material they could mix with polyaniline, an electrically conductive polymer, until they have a finished product.”To read this article in full or to leave a comment, please click here

Researchers tout technology to make electronics out of old tires

Researchers are working with a process that turns old tires – and there are some 300,000 tossed yearly – into electrodes for supercapacitors that would be used on the grid or in cars and other electronics applications.+More on Network World: Real Jobs for Real Robots+ The technology developed at the Department of Energy’s Oak Ridge National Laboratory and Drexel University produces carbon composite papers through a process described like this: “the researchers soaked crumbs of irregularly shaped tire rubber in concentrated sulfuric acid. They then washed the rubber and put it into a tubular furnace under a flowing nitrogen gas atmosphere. They gradually increased the temperature from 400 degrees Celsius to 1,100 degrees. After several additional steps, including mixing the material with potassium hydroxide and additional baking and washing with deionized water and oven drying, researchers have a material they could mix with polyaniline, an electrically conductive polymer, until they have a finished product.”To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For September 25th, 2015

Hey, it's HighScalability time:


 How long would you have lasted? Loved The Martian. Can't wait for the game, movie, and little potato action figures. Me, I would have died on the first level.

  • 60 miles: new record distance for quantum teleportation; 160: size of minimum viable Mars colony; $3 trillion: assets managed by hedge funds; 5.6 million: fingerprints stolen in cyber attack; 400 million: Instagram monthly active users; 27%: increase in conversion rate from mobile pages that are 1 second faster; 12BN: daily Telegram messages; 1800 B.C: oldest beer recipe; 800: meetings booked per day at Facebook; 65: # of neurons it takes to walk with 6 legs

  • Quotable Quotes:
    • @bigdata: assembling billions of pieces of evidence: Not even the people who write algorithms really know how they work
    • @zarawesome: "This is the most baller power move a billionaire will pull in this country until Richard Branson finally explodes the moon."
    • @mtnygard: An individual microservice fits in your head, but the interrelationships among them exceeds any human's ability. Automate your awareness.
    • Ben Thompson~ The mistake that lots of BuzzFeed imitators have made is to imitate Continue reading

Cookie handling in browsers can break HTTPS security

Cookies, the files that websites create in browsers to remember logged-in users and track other information about them, could be abused by attackers to extract sensitive information from encrypted HTTPS connections.The issue stems from the fact that the HTTP State Management standard, or RFC 6265, which defines how cookies should be created and handled, does not specify any mechanism for isolating them or checking their integrity.As such, Web browsers don't always authenticate the domains that set cookies. That allows malicious attackers to inject cookies via plain HTTP connections that would later be transmitted for HTTPS connections instead of those set by the HTTPS sites themselves, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University said in an advisory Thursday.To read this article in full or to leave a comment, please click here

How Encryption of Network Traffic Works?

How does Internet work - We know what is networking

I recently started studying again, this time as an attempt of deep-diving into some security concepts for one of my PhD courses. It’s interesting how, as much as you try to escape from it, mathematics will sooner or later catch you somewhere and you will need to learn a bit more of it. At least that happened to me… In this process I realised that if you go beyond simple security theory and network device configuration all other stuff is pure mathematics. The reason behind my unplanned course in mathematics is explained through the rest of this text. It will

How Encryption of Network Traffic Works?

1 3,223 3,224 3,225 3,226 3,227 3,756