Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns
Point of Sale systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C and most recently to highly targeted attacks that require a substantial amount of lateral movement and custom malware created to blend in with the target organization.
While contemporary PoS attackers are still successful in using older tools and methodologies that continue to bring results due to poor security, the more ambitious threat actors have moved rapidly, penetrating organizational defenses with targeted attack campaigns. Considering the substantial compromise lifespans within organizations that have active security teams and managed infrastructure, indicators shared herein will be useful to detect active as well as historical compromise.
Organizations of all sizes are encouraged to seriously consider a significant security review of any PoS deployment infrastructure to detect existing compromises as well as to strengthen defenses against an adversary that continues to proliferate and expand attack capabilities.
In addition to recent publications discussing Dexter and Project Hook malware activity, Arbor ASERT is currently Continue reading
Recap of ONUG Conference 2014
Last week I attended the Open Networking User Group conference. My main reason for attending was to participate in three roundtable discussions put on by Tech Field Day. These sessions were recorded, and I’ll be following up with specific thoughts on each session in later blog posts. These round-tables only occupied a portion of the two-day conference, so I spent the remainder of the time speaking with some of the vendors and sitting in a few of the sessions.Recap of ONUG Conference 2014
Last week I attended the Open Networking User Group conference. My main reason for attending was to participate in three roundtable discussions put on by Tech Field Day. These sessions were recorded, and I’ll be following up with specific thoughts on each session in later blog posts. These round-tables only occupied a portion of the two-day conference, so I spent the remainder of the time speaking with some of the vendors and sitting in a few of the sessions.Beamforming Basics for the Wi-Fi Challenged
With every new Wi-Fi technology or standard, industry fortune tellers are quick to cast adaptive antenna arrays into an early grave. This gets a little (actually, a lot) technical, but it's required. Distinctly different from chip-based beamforming, for which every...Quiz #24 – OSPF Default-Information Originate Always
Type: Lab Difficulty: Intermediate Company ABC has multiple buildings (A, B, C and D) and two internet connections to ISP-1 (in Building-B) and ISP-2 (in Building-C). Building-A has a CORE router connected to the Border Router in Building-B (BR-B). Both BR-B and BR-C receive a default route via eBGP from the ISPs and are configured identically to inject it into the OSPF Area 0 that covers all internal routers as... [read more]QUIZ #24 – OSPF Default-Information Originate Always
Company ABC has multiple buildings and two internet connections via 2 different ISPs. Both BR-B and BR-C receive a default route via eBGP from the ISPs and they inject it in OSPF. For some reason, when ISP-1 link goes down, entire Building-A looses the internet access ! Something must be wrong...
Musing: Ethernet Connected Hard Drives, Network Designs
Ethernet Hard Drives are coming. Nothing to do with networking.
The post Musing: Ethernet Connected Hard Drives, Network Designs appeared first on EtherealMind.
Internets of Interest for 8th May 2014
Collection of useful, relevant or just fun places on the Internets for 8th May 2014 and a bit commentary about what I’ve found interesting about them: Whitebox Switching: Would You? Should You? — The Peering Introvert – Ethan Banks takes a good hard look at Whitebox Switches after a session at ONUG inspired some […]
The post Internets of Interest for 8th May 2014 appeared first on EtherealMind.
Community Show – CCDE Preparation and Recommendations
[player] Cisco Certified Design Expert exam is the popular expert level vendor independent certification. In this podcast Orhan Ergun – CCIE & CCDE talks with his three guests who have CCDE certificate as well , about preparation, resources, recommendations and many other topics. We also discussed whether CCIE is losing its value. Please share […]
The post Community Show – CCDE Preparation and Recommendations appeared first on Packet Pushers.
Community Show – CCDE Preparation and Recommendations
Cisco Certified Design Expert exam is the popular expert level vendor independent certification. In my first podcast I talked with my three guests who have CCDE as well , about preparation, resources, recommendations and many other topics. We also discussed whether CCIE is losing its value. Please share your comments about this podcast. Participants […]
Author information
The post Community Show – CCDE Preparation and Recommendations appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
Cisco Live 2014 Schedule
We are just a little over a week away from Cisco Live and I think I have my schedule finalized. In case you are interested – here is my schedule for the event. When I am not in a class, there is a good chance you may find me in the Social Media Lounge. Feel […]Show 188 – Introducing A10 Networks
In this sponsored show we introduce A10 Networks and it's all about application deliver controllers, load balancers and speed like you have never seen because of smart software architecture.
Author information
The post Show 188 – Introducing A10 Networks appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Packet pushers podcast – Hardware Resources
It’s been quite a while since I’ve posted here but I wanted to highlight some work I’ve been doing with Greg Ferro and Simon Chatterjee on the Packet Pushers podcast. We recorded a three part series where we dive deep … Continue reading
The post Packet pushers podcast – Hardware Resources appeared first on The Network Sherpa.
Anycast HSRP and Design Considerations
HSRP is the first hop redundancy Cisco property protocol which allows a transparent failover of the first-hop gateway. Many technologies have been slightly modified to use it efficiently. In this article although Anycast hsrp will be explained but first I want to first explain how basically HSRP works. HSRP has Version 1 and 2. […]
Author information
The post Anycast HSRP and Design Considerations appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
HTIRW: The Business Side of DNS (2)
</a>continued from part 1 The top level server is either paid for by the domain owner (if they are managing the TLD name space internally), or by the company contracted to manage the TLD name space. This accounts for the top level servers in our diagram. What about the thirteen root servers? These are owned […]
Author information
Making Sense of the SDN Landscape
Making Sense of the SDN Landscape
by Brian Boyko, Technology Contributor - May 7, 2014
Understanding SDN, as a concept, is relatively simple. But understanding the SDN landscape can be difficult. Here are some of the major players in the SDN standards bodies landscape and why they're significant.
The Open Networking Foundation:
The Open Networking Foundation (ONF) is in charge of the OpenFlow standard, which defines how the control layer and delivery layer are meant to function, and the protocols for how they interact. It enables remote controllers to correctly route packets through the network, separating control from forwarding – the technological foundation of SDN. OpenFlow allows for remote administration of packet forwarding tables, and can add, modify, and remove packet matching rules and actions. ONF is a user-led organization that promotes the adoption of SDN. A number of switch and router vendors have announced to support or are shipping supported gear for OpenFlow, including Alcatel-Lucent, Big Switch Networks, Brocade Communication, Arista Networks, Cisco, Dell Force10, Extreme Networks, IBM, Juniper Networks, Larch Networks, HP, NEC, and MikroTik.
OpenDaylight Project:
OpenDaylight is a collaborative open source project hosted by The Linux Foundation. It's a consortium of about 20 Continue reading
PSA: Global IPv4 Routing Table Hits 500k Routes
Last week, the global IPv4 routing table has surpassed the 500 thousand route benchmark, according to the CIDR Report. The graph below shows its progression since the early nineties:
I last wrote about global IPv4 growth in August of 2009, when the table size was at a mere 300 thousand routes. While that benchmark was largely ceremonial, this one crosses a threshold which should may be of grave concern for many.
As has been pointed out on the NANOG mailing list, we are quickly approaching the hard forwarding plane capacity limits which exists on several very popular platforms, namely the Cisco 7600/6500 and RSP720/Sup720. The default TCAM partitioning scheme of these platforms allows for a maximum of 512 thousand IPv4 routes.
If you accept full Internet routes anywhere on your network, you'll want to verify the maximum table sizes for those platforms. On the 6500/7600 platform, the current partitioning scheme can be inspected with show mls cef maximum-routes:
Router# show mls cef maximum-routes FIB TCAM maximum routes : ======================= Current : --------- IPv4 + MPLS - 512k (default) IPv6 + IP Multicast - 256k (default)
The good news is that it's easy to repartition the default scheme (e. Continue reading
NFV and SDN – The death knell for the huge clunky routers?
Last IETF i ran into a couple of hallway discussions where the folks were having a lively debate on whether Network Function Virtualization (NFV) and Software Defined Networking (SDN) will eventually sound the death knell for huge clunky hardware vendors like Cisco, Juniper, Alcatel-Lucent, etc. I was quickly apprised about some Wall Street analyst’s report that projected a significant drop in Cisco’s revenue over the next couple of years as service providers moved to SDN and NFV solutions . I heard claims about how physical routers (that i so lovingly build in AlaLu) will get replaced by virtual routers (vRouters) and other server based software that even small startups could build. The barrier to entry in the service provider markets had suddenly been lowered and the monopoly of the big 3 was being ominously challenged. There was talk about capex spending reduction happening in the service provider networks and how a few operators were holding on to their purchase orders to see how the SDN and NFV story unfurled. There was then a different camp that believed that while SDN and NFV promised several things, it would take time before things got really deployed and started affecting capex spending and OEM’s revenues.
So whats the deal?
Based on my conversation with several Continue reading