ZTE Jumps Into OPNFV Testing
ZTE opens an OPNFV test bed and starts collecting NFV partners.
ZTE opens an OPNFV test bed and starts collecting NFV partners.
Join SDxCentral and Brocade for the SDN Controller Report webinar on September 29th at 10:00am PT. Register today!
When I made a stab at defining SD WAN recently, I noted that Cisco’s IWAN solution had provided a bit of a contrast to some of the other Software Defined WAN solutions I’d seen; not in a bad way, but I was certainly interested in the approach.
I’m going to “do a Joe Onisick” here and quote myself as a reference for what I might be hoping for from the Cisco IWAN solution:
“SD WAN is a solution that uses real time WAN link performance monitoring and data packet inspection to autonomously manage the distribution of network traffic across multiple, likely heterogenous, WAN links with the aim of improving and optimizing WAN performance in alignment with the business requirements.” – John Herbert
One thing my definition doesn’t mention is how these systems get deployed, and since that’s interesting, perhaps let’s start there.
It seems to me that ZTD has become a checkbox requirement for all the SD WAN solutions, and perhaps it’s about time. Zero Touch Deployment in the context of SD WAN means being able to ship a box to a spoke site, have ‘Dumb Hands’ on site plug in the Continue reading
The post Worth Reading: Energy Prices and the Data Center appeared first on 'net work.
I recently ran into some limitations of IPv6 ACLs on the Catalyst 3750 platform. I had developed an ACL to protect from receiving traffic from unwanted address ranges such as ::, ::1, ::FFFF:0:0/96. The first address is the unspecified address, the second one is the loopback address and the last one is IPv4 mapped traffic. The ACL also contained an entry to deny traffic with routing-type 0.
Note that no error is output when adding the entries in the ACL, only when applying the ACL to an interface.
% This ACL contains following unsupported entries. % Remove those entries and try again. deny ipv6 any any routing-type 0 sequence 20 deny ipv6 host ::1 any sequence 290 deny ipv6 host :: any sequence 310 deny ipv6 ::FFFF:0.0.0.0/96 any sequence 330 % This ACL can not be attached to the interface. SW1(config-if)# %PARSE_RC-4-PRC_NON_COMPLIANCE: `ipv6 traffic-filter v6-ACL-IN in'
From the configuration guide, the following limitations apply to the Catalyst 3750 platform.
What this means is that we can’t match on flowlabel, routing-header and undetermined transport upper layer protocol. We also need to match on networks ranging from /0 to /64 and host addresses that are belonging to global unicast Continue reading
Ericsson and Huawei pitch in for the fourth ONOS code release in 10 months.
For the past few months ASERT has been keeping an eye on a relatively new banking malware (“banker”) known as “Pkybot”. It is also being classified as a variant of “Bublik”, but the former is much more descriptive of the malware.
This post will take a peek at some of the bits and pieces of Pkybot and the campaign using it. The visibility provided can help organizations better understand, detect, and protect against this current threat.
Sample
One of the recent samples analyzed by ASERT has the following hashes:
MD5: 9028d9b64a226b750129b41fbc43ed5e
SHA256: 38eb7625caf209ca2eff3fa46b8528827b7289f1
At the time of this writing it has a VirusTotal detection ratio of 16/57 with just about all the detections being generic in nature. One positive for reverse engineers though is that this sample comes unpacked.
Pkybot
While there’s been some research into the malware already [1] [2], a review and fleshing out never hurts.
Encrypted Bits
Pkybot contains a number of interesting items that are encrypted with the XTEA encryption algorithm. The key used is generated at runtime from a hardcoded seed value (DWORD):
It can also be generated using this Python code snippet. Along with the generated XTEA key, this IDA Continue reading
One of my subscribers asked me: “My subscription is valid till early December. How could I renew it now (due to budgetary reasons)?”
While I already had the process to do just that, there was no link that one could use (you had to know the correct URL). I’ve fixed that – you’ll find the renewal link on the first page of my.ipSpace.net