So –we’ve covered on of the two cases dealing with calculating a new path, and then I left you hanging for a week. What’s the second case? Let’s return to our small network for a moment to figure it out. What happens if D’s cost to reach the destination isn’t lower than E’s cost? E […]
Next Generation Virtualization Demands for Critical Infrastructure and Public Services
Introduction
In recent decades communication technologies have realized significant advancement. These technologies now touch almost every part of our lives, sometimes in ways that we do not even realize. As this evolution has and continues to occur, many systems that have previously been treated as discrete are now networked. Examples of these systems are power grids, metro transit systems, water authorities and many other public services.
While this evolution has brought on a very large benefit to both those managing and using the services, there is the rising spectre of security concerns and the precedent of documented attacks on these systems. This has brought about strong concerns about this convergence and what it portends for the future. This paper will begin by discussing these infrastructure environments that while varied have surprisingly common theories of operation and actually use the same set or class of protocols. Next we will take a look at the security issues and some of the reasons of why they exist. We will provide some insight to some of the attacks that have occurred and what impacts they have had. Then we will discuss the traditional Continue reading
This article discusses the solutions for quiz 15. Yes, I know, I know... it's about RIP ! But you need to be ready for anything when facing the challenges of a CCIE exam. Read along to review some things about auto-summarization (which is "on" by default).
This article is a continuation of previous post about RIP Auto-Summarization and it's impact on discontiguous networks in Cisco networks, but this time from Juniper's perspective. Using the default auto-summary on Cisco devices can lead to routing loops in case of discontiguous networks, as shown in quiz 15.
When I was at Juniper, my job was basically to sell internally those ideas that were deemed so controversial or hotly contested that no one could get them through the corporate machinery. This put me in a position that I was almost always leading cross-functional teams whose members did not directly report to me. I […]
The post Leading cross-functional teams: foot-in-the-door theory appeared first on Packet Pushers Podcast and was written by Michael Bushong.
Lets be honest. It is hard to justify the time needed to interview people. It can be really hard to motivate yourself to interview potential new hires when project deadlines are looming. It is perfectly fair to ask yourself, “what’s in it for me?” I think there is a payoff for time spent on hiring. […]
The post Five selfish reasons to interview candidates appeared first on Packet Pushers Podcast and was written by John Harrington.
In my last installment on the topic of fast convergence, I said I’d be discussing the calculation stage of fast convergence next. Orhan tried to scoop me in the comments, but that’s okay –I’m working at this through the process switched path, rather than interrupt context. In parallel with flooding information about the topology change […]
Deep diving on VMware NSX ? You bet. Download the PDF file and read along with us as we unpack how VMware NSX works with Brad Hedlund and Scott Lowe. Network Virtualization is the certainly the biggest architecture shift in our careers and probably yours. And make no mistake, this is about networking. Greg Ferro often says that […]
The post Show 161 – VMware NSX – Real World SDN – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.
I was asked a few weeks ago by our field engineers to provide a fix for the OSPF vulnerability exposed by Black Hat last month. Prima facie there appeared nothing new in this attack as everyone knows that OSPF (or ISIS) networks can be brought down by insider attacks. This isnt the first time that OSPF vulnerability has been announced at Black Hat. Way back in 2011 Gabi Nakibly, the researcher at Israel’s Electronic Warfare Research and Simulation Center, had demonstrated how OSPF could be brought down using insider attacks. Folks were not impressed, as anybody who had access to one of the routers could launch attacks on the routing infrastructure. So it was with certain skepticism that i started looking at yet another OSPF vulnerability exposed by Gabi, again at Black Hat. Its only when i started delving deep into the attack vector that the real scale of the attack dawned on me. This attack evades OSPF’s natural fight back mechanism against malacious LSAs which makes it a bit more insidious than the other attacks reported so far.
I exchanged a few emails with Gabi when i heard about his latest exposé. I wanted to understand how this attack Continue reading
This post is about finding and fixing a memory leak I discovered in the SNMP daemon, snmpd(8), in OpenBSD. This sort of analysis is foreign territory for me; I’m not a software hacker by day. However, using instructions written by Otto Moerbeek as my Rosetta stone and Google to fill in the blanks when it came to usage of the GNU debugger, gdb(1), I was able to find and fix the memory leak.
I’m documenting the steps I used for my future self and for others.
When walking the pfTblAddrTable in the OPENBSD-PF-MIB, the unprivileged snmpd process would grow in terms of SIZE and RES. Querying other parts of PF-MIB or other MIBS altogether resulted in no memory usage increase.
Since I knew roughly which code path must have the leak, I first examined it manually. I could not see where memory wasn’t being given back. I needed to instrument the process as it was running in order to find the leak.
This set of instructions from Otto Moerbeek was my guide. As per his guide, you have to rebuild libc with MALLOC_STATS enabled. This enables statistics collection that is used later on.
Edit /usr/src/lib/libc/stdlib/malloc. Continue reading
This post is about finding and fixing a memory leak I discovered in the SNMP daemon, snmpd(8), in OpenBSD. This sort of analysis is foreign territory for me; I'm not a software hacker by day. However, using instructions written by Otto Moerbeek as my Rosetta stone and Google to fill in the blanks when it came to usage of the GNU debugger, gdb(1), I was able to find and fix the memory leak.
I'm documenting the steps I used for my future self and for others.
