0

CVE-2022-47929: traffic control noqueue no problem?

USER namespaces power the functionality of our favorite tools such as docker, podman, and kubernetes. We wrote about Linux namespaces back in June and explained them like this:

Most of the namespaces are uncontroversial, like the UTS namespace which allows the host system to hide its hostname and time. Others are complex but straightforward - NET and NS (mount) namespaces are known to be hard to wrap your head around. Finally, there is this very special, very curious USER namespace. USER namespace is special since it allows the - typically unprivileged owner to operate as "root" inside it. It's a foundation to having tools like Docker to not operate as true root, and things like rootless containers.

Due to its nature, allowing unprivileged users access to USER namespace always carried a great security risk. With its help the unprivileged user can in fact run code that typically requires root. This code is often under-tested and buggy. Today we will look into one such case where USER namespaces are leveraged to exploit a kernel bug that can result in an unprivileged denial of service attack.

Enter Linux Traffic Control queue disciplines

In 2019, we were exploring leveraging Linux Traffic Control's queue Continue reading

0

Red Hat Enterprise Linux arrives in Oracle’s cloud

Red Hat and Oracle announced jointly Tuesday that they have partnered to bring Red Hat Enterprise Linux (RHEL) to Oracle Cloud Infrastructure, broadening Oracle’s available public cloud options and creating a measure of détente between two long-standing competitors.The announcement couched the news as step one in a broader partnership between Red Hat and Oracle, but provided details mostly of the OCI integration. RHEL will be available on Oracle’s VMs, ranging in size from 1 to 80 CPU cores and from 1GB of memory up to 1024GB. Initial support will be limited to the newer OCI virtual machine shapes, which use AMD, Intel and Arm processors.To read this article in full, please click here

0

Red Hat Enterprise Linux arrives in Oracle’s cloud

Red Hat and Oracle announced jointly Tuesday that they have partnered to bring Red Hat Enterprise Linux (RHEL) to Oracle Cloud Infrastructure, broadening Oracle’s available public cloud options and creating a measure of détente between two long-standing competitors.The announcement couched the news as step one in a broader partnership between Red Hat and Oracle, but provided details mostly of the OCI integration. RHEL will be available on Oracle’s VMs, ranging in size from 1 to 80 CPU cores and from 1GB of memory up to 1024GB. Initial support will be limited to the newer OCI virtual machine shapes, which use AMD, Intel and Arm processors.To read this article in full, please click here

0

What is hybrid cloud computing? The benefits of mixing private and public cloud services

A hybrid cloud is a computing platform built from both private and public cloud components. A public cloud is what usually comes to mind when we talk about cloud computing: storage and compute resources offered by a vendor to customers who pay on a metered basis and don't have to worry about provisioning and managing the underlying infrastructure.One drawback to using public cloud resources is that they often run in virtualized environments, and customers share hardware and other resources.  As an alternative, a customer could set up a private cloud themselves on their own infrastructure, offering the same sort of flexible access to compute resources to internal users.To read this article in full, please click here

0

Design Clinic: Small-Site IPv6 Multihoming

I decided to stop caring about IPv6 when the protocol became old enough to buy its own beer (now even in US), but its second-system effects keep coming back to haunt us. Here’s a question I got for the February 2023 ipSpace.net Design Clinic:

How can we do IPv6 networking in a small/medium enterprise if we’re using multiple ISPs and don’t have our own IPv6 Provider Independent IPv6 allocation. I’ve brainstormed this with people far more knowledgeable than me on IPv6, and listened to IPv6 Buzz episodes discussing it, but I still can’t figure it out.

0

Design Clinic: Small-Site IPv6 Multihoming

I decided to stop caring about IPv6 when the protocol became old enough to buy its own beer (now even in US), but its second-system effects keep coming back to haunt us. Here’s a question I got for the February 2023 ipSpace.net Design Clinic:

How can we do IPv6 networking in a small/medium enterprise if we’re using multiple ISPs and don’t have our own IPv6 Provider Independent IPv6 allocation. I’ve brainstormed this with people far more knowledgeable than me on IPv6, and listened to IPv6 Buzz episodes discussing it, but I still can’t figure it out.

0

Systems Turn In A Good Year for Big Blue

You can’t turn back the hands of time, but if you are lucky enough in business, you can continue to find some modicum of relevance that outlasts your initial success and even adapt to new conditions as they inevitably and often unexpectedly change. …

Systems Turn In A Good Year for Big Blue was written by Timothy Prickett Morgan at The Next Platform.

0

Global Microsoft cloud-service outage traced to rapid BGP router updates

Outages that made Microsoft Azure and multiple Microsoft cloud services widely unavailable for 90 minutes on Jan. 25 can be traced to the cascading effects of repeated, rapid readvertising of BGP router prefixes, according to a ThousandEyes analysis of the incident.The Cisco-owned network intelligence company traced the Microsoft outage to an external BGP change by Microsoft that affected service providers. (Read more about network and infrastructure outages in our top 10 outages of 2022 recap.)Multiple Microsoft BGP prefixes were withdrawn completely and then almost immediately readvertised, ThousandEyes said. Border gateway protocol (BGP) tells Internet traffic what route to take, and the BGP best-path selection algorithm determines the optimal routes to use for traffic forwarding.To read this article in full, please click here

0

Tech Bytes: Fortinet’s FortiRecon Customizes Digital Risk Protection (Sponsored)

On today's Tech Bytes podcast we discuss security reconnaissance with sponsor Fortinet. We drill into FortiRecon, a service that can provide critical information, personalized for your organization, about potential threats to company assets, employees, and customers.

0

Tech Bytes: Fortinet’s FortiRecon Customizes Digital Risk Protection (Sponsored)

On today's Tech Bytes podcast we discuss security reconnaissance with sponsor Fortinet. We drill into FortiRecon, a service that can provide critical information, personalized for your organization, about potential threats to company assets, employees, and customers.

The post Tech Bytes: Fortinet’s FortiRecon Customizes Digital Risk Protection (Sponsored) appeared first on Packet Pushers.

0

MacOS Ventura 13.1 Breaks Wireshark

If you recently updated your Mac to Ventura 13.1 or 13.2, and you had installed Wireshark previously, then you may be having some trouble. If you open Wireshark, you will likey see the message “You don’t have permission to capture on local interfaces” and “You can fix this by installing ChmodBPF“. Even after installing this […]

The post MacOS Ventura 13.1 Breaks Wireshark appeared first on Packet Pushers.

0

Network Break 415: WAN Update Severs Microsoft Cloud Services; Intel To Wind Down Network ASIC Biz

Take a Network Break! This week we discuss new capabilities in Juniper's Astra data center automation software; a major Microsoft outage that affected Outlook, Teams, and more; reports that Intel will discontinue selling the Tofino programmable ASIC; a heap of financial results; and more.

0

Network Break 415: WAN Update Severs Microsoft Cloud Services; Intel To Wind Down Network ASIC Biz

Take a Network Break! This week we discuss new capabilities in Juniper's Astra data center automation software; a major Microsoft outage that affected Outlook, Teams, and more; reports that Intel will discontinue selling the Tofino programmable ASIC; a heap of financial results; and more.

The post Network Break 415: WAN Update Severs Microsoft Cloud Services; Intel To Wind Down Network ASIC Biz appeared first on Packet Pushers.

0

Dictionary : Watermelon Project

Define Watermelons

0

Cisco Certification Changes of Changes

Continous delivery of updates to certification programs

0

Response: Free College Algebra Course (with Python Code!)

It’s been a long time since I was using mathematics in my daily life. I’d like to think I managed to retaine much of the basic principles but I not easily able to apply it. For example, having some knowledge of Fourier Transforms and Antenna Physics has been hugely useful in understanding wireless propagation in […]

0

Navigating the Global Technology Skills Gap with AI-Moderated Upskilling

The future workforce is already here, and it is more than ready to adapt – the vast majority of workers simply need the tools to upskill efficiently.

0

netlab Release 1.5.0: Larger Lab Topologies

netlab release 1.5.0 includes features that will help you start very large lab topologies (someone managed to run over 90 Mikrotik routers on a 24-core server):

• You can start libvirt virtual machines in batches to reduce the CPU overload that causes startup failures on large topologies.
• You can combine virtual machines and containers in the same lab, further reducing the memory footprint for devices available as true containers (Linux hosts, Cumulus/FRR routers, Arista cEOS)
• Use custom management network IP subnet if you’re running out of management IP addresses

To get more details and learn about additional features included in release 1.5.0, read the release notes. To upgrade, execute pip3 install --upgrade networklab.

New to netlab? Start with the Getting Started document and the installation guide.

0

netlab Release 1.5.0: Larger Lab Topologies

netlab release 1.5.0 includes features that will help you start very large lab topologies (someone managed to run over 90 Mikrotik routers on a 24-core server):

• You can start libvirt virtual machines in batches to reduce the CPU overload that causes startup failures on large topologies.
• You can combine virtual machines and containers in the same lab, further reducing the memory footprint for devices available as true containers (Linux hosts, Cumulus/FRR routers, Arista cEOS)
• Use custom management network IP subnet if you’re running out of management IP addresses

To get more details and learn about additional features included in release 1.5.0, read the release notes. To upgrade, execute pip3 install --upgrade networklab.

New to netlab? Start with the Getting Started document and the installation guide.

0

Noction Flow Analyzer v 23.01 is here, featuring bidirectional traffic grouping.

The post Noction Flow Analyzer v 23.01 is here, featuring bidirectional traffic grouping. appeared first on Noction.