Rearchitecting L3-Only Networks
One of the responses I got on my “What is Layer-2” post was
Ivan, are you saying to use L3 switches everywhere with /31 on the switch ports and the servers/workstation?
While that solution would work (and I know a few people who are using it with reasonable success), it’s nothing more than creative use of existing routing paradigms; we need something better.
Update 2015-04-22 14:30Z - Added a link to Cumulus Linux Redistribute Neighbor feature.
Read more ...Pica8 Digs Up Labeled BGP for Network Virtualization
As if VXLAN needed another rival. But labeled BGP, ancient by SDN standards, has carrier appeal, Pica8 claims.
HOL Head-of-line blocking
How does Internet work - We know what is networking
Head-of-line blocking (HOL blocking) in networking is a performance issue that occurs when a bunch of packets is blocked by the first packet in line. It can happen specially in input buffered network switches where out-of-order delivery of packets can occur. A switch can be composed of input buffered ports, output buffered ports and switch fabric. When first-in first-out input buffers are used, only the first received packet is prepared to be forwarded. All packets received afterwards are not forwarded if the first one cannot be forwarded. That is basically what HOL blocking really is. If there’s no HOL blocking
Bedep’s DGA: Trading Foreign Exchange for Malware Domains
As initially researched by Trend Micro [1] [2], Zscaler [1] [2], Cyphort, and Malware don’t need Coffee, the Bedep malware family focuses on ad / click fraud and the downloading of additional malware. ASERT’s first sample dates from September 22, 2014, which is in line with when Trend Micro started seeing it in their telemetry. In early 2015, the family got some more attention when it was being observed as the malware payload for some instances of the Angler exploit kit, leveraging the Adobe Flash Player exploit (CVE-2015-0311) which at the time was a 0day. It was also observed that this newer version was using a domain generation algorithm (DGA) to generate its command and control (C2) domain names.
This post provides some additional notes on the DGA including a proof of concept Python implementation, a look at the two most recent sets of DGA generated domains, and concludes with some sinkhole data.
Samples
The following Bedep samples were used for this research:
- MD5 e5e72baff4fab6ea6a1fcac467dc4351
- MD5 1b84a502034f7422e40944b1a3d71f29
The former was originally sourced from KernelMode.
Algorithm
I’ve posted a proof of concept (read: works for me) Python implementation of the DGA to ASERT’s Github.
At the time of Continue reading
Intel and Ericsson Deepen Ties in Managed Security Services
Another partnership between the two giants, this time targeting telco-managed security.
Using the POX SDN controller
In this tutorial, we will demonstrate basic software-defined networking (SDN) concepts using the POX SDN controller, POX components, and the Mininet network simulator.
We will show how to use the POX SDN controller to create software defined networks that can be used to forward packets from one host to another and create flows on the SDN switches in the network. We will use the Mininet network simulator to create the network of emulated SDN switches and hosts that will be controlled by the POX SDN controller.
About Mininet
Mininet is an open-source network simulator designed to support research and education in the topic of software defined networks. If you are not already familiar with Mininet, you should review the following posts before starting this tutorial:
- Set up the Mininet netork simulator VM
- Using the Mininet network simulator
- Using MiniEdit, the Mininet GUI
More information about Mininet is available at the Mininet web site.
About POX
POX provides a framework for communicating with SDN switches using either the OpenFlow or OVSDB protocol. Developers can use POX to create an SDN controller using the Python programming language. It is a popular tool for teaching about and researching software defined networks and Continue reading