NetworkingNexus.net

Illuminating The Etumbot APT Backdoor

The Arbor Security Engineering Response Team (ASERT) has released a research paper concerning the Etumbot malware.

Etumbot is a backdoor used in targeted attacks since at least March 2011. Indicators suggest that Etumbot is associated with the Numbered Panda group, also known as IXEHSE, DynCalc, and APT12. Although previous research has covered related malware, little has been publicly discussed regarding Etumbot’s capabilities.

Indicators suggest that the Etumbot dropper is delivered via spear phishing and is contained inside an archive file intended to be of interest to the target. The attackers use the Unicode Right to Left Override technique and document icons to disguise malicious executable content as document files. Once the dropper is executed, the backdoor is activated and a distraction file of interest to the target is opened for viewing. ASERT has observed several Etumbot samples using distraction documents involving Taiwanese and Japanese topics of interest, and has also observed recent development activity which indicates that attack campaigns are ongoing.

Once installed, the backdoor connects to it’s Command & Control server and receives an encryption key. RC4 encryption, along with HTTP transactions intended to blend in with typical traffic are used for backdoor communications. Etumbot’s core functionality Continue reading

Platforms, Code, and Why I do it

If you read this site often, you already know I’ve been doing quite a bit of work with Ansible specifically as it pertains to networking. While I will be showing another video very soon in a follow up post, I wanted to take a step back and cover a few things before doing so. The focus here is less about the technology and more my general mindset around automation PLATFORMS, code, open source, and why I do it. Just something I’d like to share because I’m occasionally asked questions around these topics.

Culture

It’s not about the tool, in my case Ansible, it’s about the process, methodology, and ideas that go into thinking differently. For me personally, Ansible just had a lower barrier for entry, but I’ve grown to quite like it. Actually, I liked it from the get-go. In order to effectively embrace platforms like Ansible, there needs to be a change in culture first. It was amazing to see the emphasis on culture during the recent DevOps days in Pittsburgh. I tuned in and out during the live stream and it seemed every time I had a chance to watch, it Continue reading

Response: Bare-metal Switches And SDN controllers At Facebook

Facebook has telling people more about it's in-house designed and developed whitebox Ethernet switching based on Broadcom silicon (not sure if it's Trident2 or Arad), their own Linux distribution and OpenCompute standards.

The post Response: Bare-metal Switches And SDN controllers At Facebook appeared first on EtherealMind.

Coffee Break – Show 8

[player] This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Thanks to Steven Hill from Current Analysis for joining us this week. Show... Read more »

Coffee Break – Show 8

The post Coffee Break – Show 8 appeared first on Packet Pushers.

Coffee Break – Show 8

This is “The Coffee Break”. A podcast on state of the networking business where we discuss vendors moves and news, analysis on product and positioning, and look at the business of networking. In the time it takes to have coffee break. Thanks to Steven Hill from Current Analysis for joining us this week. Show Links […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Coffee Break – Show 8 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

NANOG 61

The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow, and there was a strong European contingent, as well as some Japanese and a couple of Australians. The meeting continues to have a rich set of corridor conversations in addition to the meeting schedule. These corridor conversations are traditionally focused on peering, but these days there are a number of address brokers, content networks, vendors and niche industry service providers added to the mix. Here’s my impressions of some of the presentations at NANOG 61.

Cumulus Networks, sFlow and data center automation

Cumulus Networks and InMon Corp have ported the open source Host sFlow agent to the upcoming Cumulus Linux 2.1 release. The Host sFlow agent already supports Linux, Windows, FreeBSD, Solaris, and AIX operating systems and KVM, Xen, XCP, XenServer, and Hyper-V hypervisors, delivering a standard set of performance metrics from switches, servers, hypervisors, virtual switches, and virtual machines - see Visibility and the software defined data center

The Cumulus Linux platform makes it possible to run the same open source agent on switches, servers, and hypervisors - providing unified end-to-end visibility across the data center. The open networking model that Cumulus is pioneering offers exciting opportunities. Cumulus Linux allows popular open source server orchestration tools to also manage the network, and the combination of real-time, data center wide analytics with orchestration make it possible to create self-optimizing data centers.

Install and configure Host sFlow agent

The following command installs the Host sFlow agent on a Cumulus Linux switch:

sudo apt-get install hsflowd

Note: Network managers may find this command odd since it is usually not possible to install third party software on switch hardware. However, what is even more radical is that Cumulus Linux allows users to download source Continue reading

Conferences: Go

It is slightly paradoxical that since I left networking for the student life I’ve actually been reading more about networking than I was able to during the last years of my working life. Similarly, I’ve had more time to follow the goings on in the social media, especially when the big conferences were on. Over […]

Author information

Matthew Mengel

Matthew was a Senior Network Engineer for a regional educational institution in Australia for over 15 years, working with Cisco equipment across many different product areas. However, in April 2011 he resigned, took seven months of long service leave to de-stress and re-boot before becoming a network engineer for a medium sized non-profit organisation. At the end of 2013, he left full-time networking behind after winning a scholarship to study for a PhD in astrophysics. He is on twitter infrequently as @mengelm.

The post Conferences: Go appeared first on Packet Pushers Podcast and was written by Matthew Mengel.

CCIE renewed

In the very last day of availability of the CCIE v4 350-001 written exam I’ve renewed my CCIE for a couple of years more: My plan was to recertify with another track – Wireless or Security – but life happens…

/31 subnet in point-to-point links. Is that possible?

How does the internet work - We know what is networking

On point to point links we actually do not need special broadcast address of that subnet because there's only one way you can send a packet across point to point link.

/31 subnet in point-to-point links. Is that possible?

Response: SDN Disruption to Networking Monitoring & Gartner’s NPMD

Gartner has defined itself a new market segment in “Network Performance Monitoring and Diagnostics” (NPMD) that highlights “solutions from AppNeta, CA Technologies, Corvil, Fluke Networks, Genie Networks, HP, Infovista, JSDU (via Network Instruments acquisition), Lancope, NetScout Systems, Niksun, Orsyp, Paessler, Riverbed, and SevOne.” These are all good companies but these companies mostly rely on hardware […]

The post Response: SDN Disruption to Networking Monitoring & Gartner’s NPMD appeared first on EtherealMind.

A Wi-Fi Gamble That Pays Off @Interop Las Vegas?

"Good Luck!" That’s what I was told when an industry friend heard that we were providing the Wi-Fi service for this year's Interop Las Vegas. To be fair, the bar for Wi-Fi at Interop was quite low. Historically the Wi-Fi...

What’s the best approach to building next-generation data center networks?

Experts are in agreement that Software Defined Networking/Network Virtualization will make the network world more efficient and more agile, but opinions vary on the best path forward. We reached out to two of the most prominent players to ask them to spell out why they think their approach is best.

The Experts

Chris King

vice president of product marketing in VMware’s Networking & Security Business Unit, argues that network virtualization – embodied in the company’s NSX product -- is the way to go because it abstracts network control from network hardware while replicating everything the application expects to see, vastly simplifying the task of building and managing complex network environments. View debate

To read this article in full or to leave a comment, please click here

Internets of Interest for 5th June 2014

Collection of useful, relevant or just fun places on the Internets for 5th June 2014 and a bit commentary about what I’ve found interesting about them: VMware NSX, Multi-Hypervisor Capability, and FUDslinging — The Peering Introvert – An outbreak of FUD slinging from Cisco at Cisco Live last week which was poorly executed. Factually […]

The post Internets of Interest for 5th June 2014 appeared first on EtherealMind.

Musing: Cisco UCS is leading vendor for server blades, in the Americas, by revenue

There are two sides to Cisco's success with UCS announced today. It's a great achievement that has a hidden challenges.

The post Musing: Cisco UCS is leading vendor for server blades, in the Americas, by revenue appeared first on EtherealMind.

Outlier or Leader? Learning from Google’s Andromeda SDN

Outlier or Leader? Learning from Google's Andromeda SDN

by Brian Boyko, Technology Contributor - June 4, 2014

A bit like how physics breaks down when you start talking about the supermassive black holes, all the conventional wisdom about best practices regarding SDN deployment goes out the window when you start talking about the outliers of the biggest companies.

There's a very good reason that "Google" was named after a really big number.

Google, and companies like them (Amazon, Microsoft, etc.) who have super-large, complex network infrastructures, face challenges that 99.99% of enterprises will never have. It makes financial sense for them to invest in custom technologies to address their unique challenges and give them competitive advantages. Not surprisingly then, their SDN deployments are full of unique, in-house solutions to unique, in-house problems.

Google's SDN is codenamed Andromeda, and not only is it used with Google's own servers but also in two zones of Google’s IaaS, Compute Engine.

As Google’s Cloud Platform Blog states, its virtual network has to compete with the physical network when it comes to performance, availability, and security. This has to be done "across virtual machines, hypervisors, operating systems, network interface Continue reading

Cisco now #1 on bladeservers in US with the Cisco UCS

Five years ago, Cisco started out on their journey to get in on the server market.
Very few people believed that Cisco would get a big share of the market.
Today, just five years later we are reached by the news that Cisco is now
the largest seller of blade servers in the US! From nothing to #1 in five
years, that is an impressive feat for sure!

This slide provides a summary of some of the statistics for UCS:

Over 33000 customers are now using UCS and it’s growing! Cisco is still showing
significant growth at 39% The only other vendors to show growth are Dell and Hitachi.

Cisco now has 40.9% of the blade server market in the US. Worldwide, Cisco is at #2
behind HP. I’m expecting this gap to decrease and I wouldn’t be surprised if Cisco
passes HP globally within a year or two as well.

The next slide is very interesting. Cisco went from nothing to #1 in five years.
IBM used to be a major player but now only has 10% of the market.

Not only has UCS been selling really well, it also has a lot of performance records.
Currently UCS Continue reading

HP Unified Wireless: AP Based (decentral) 802.1x authentication

This is a follow-up on the post which shows the basic 802.1x authentication. Make sure to read that post first before continuing with the this local authentication article: http://abouthpnetworking.com/2014/06/03/hp-unified-wireless-central-802-1x-configuration/ This post configuration will result in: Decentral (local AP) authentication: AP … Continue reading →

How to build CCIE V5 Lab – with CSR 1000V

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
How to build CCIE V5 Lab using ESXi and CSR 1000v The basis of this topology is centered around the INE Hardware build which is detailed here – INE CCIE V5 Hardware Topology This post will detail how to build ccie v5 lab using Vmware and CSR 1000v routers and the issues I faced which […]

Other pages of interest:

Post taken from CCIE Blog

Original post How to build CCIE V5 Lab – with CSR 1000V

« Previous 1 … 3,645 3,646 3,647 3,648 3,649 … 3,751 Next »