This week’s Secret Sunday post is a pointer to a fairly well known blogger, Ethan Banks. Yes, he’s well known for co-hosting the popular Packet Pushers podcast and he is an all round good guy, but his blog – especially of … Continue reading
If you liked this post, please do click through to the source at Secret Sunday – Mr Ethan C Banks and give me a share/like. Thank you!
I've previously blogged about a secure connection between browser and proxy. Unfortunately that doesn't work on Android yet, since except if you use Google for Work (an enterprise offering) you can't set Proxy Auto-Config.
This post shows you how to get that working for Android. Also it skips the stunnel hop since it doesn't add value and only makes Squid not know your real address. I'm here also using username and password to authenticate to the proxy instead of client certificates, to make it easier to set up.
Hopefully this feature will be added to Chrome for Android soon (bug here) but until then you'll have to use the Android app Drony.
This way you can port forward one port from the NAT box to the proxy, and not have to use different ports everywhere.
I'll call this proxy corp-proxy.example.com.
Throughout this series, we have examined several fundamental building blocks of subnetting. In IP Subnetting Part 4, we looked at what was required to subnet a Class C network. This article takes the fundamentals one step further and looks at subnetting a Class A address. We will also add the complexity of crossing octet the octet boundary for both the subnet and the host portions of the address.
A Class A IP address has the following characteristics–
You will also recall that a single network can be subnetting into multiple, smaller networks.
Using a consistent syntax, we could represent a Class A network as follows.
10.0.0.0 In this example-- Green represents the Classful Network Blue represents the Host address
10.0.0.0 is would be a Network based on the fact that the host portion is 0.0.0. This is literally zero. Had the address been 10.0.0.1, 10.0.1.0 or 10.1.0.0 Continue reading
After watching the Tech Field Day (TFD) events for a while, I decided to fill out the form and apply to be a delegate. With the events being based in the USA, me being based in the UK and my status not being at the power blogger level of the likes of Ethan Banks, Greg Ferro or Ivan Pepelnjak, the perceived chances of actually being selected to go were negligible to none. So how surprised was I when I received an email with an invite? You could have blown me over with a feather, so much so, the whole side of the train carriage I was sitting in at the time all heard the “whoop whoop” I decided to share!
So for any new delegates or those that want to know how it plays out, your travel, accommodation and pretty much all arrangements are taken care of by Gestalt IT and the TFD team. You just have to worry about getting to and from your chosen airport to depart and return.
The week that the event takes place in is northing short of hectic and by my experience was superbly executed by Steve Foskett and Tom Hollingsworth. You can pretty Continue reading
ThousandEyes is a network monitoring company that provides application performance visibility across the Internet. They don’t just show how an application is performing, but can identify where across the Internet issues are occurring. Ethan Banks has written up some of the use cases. Recently I realised I could start thinking of them as a “NOC for the Internet.”
I was fortunate enough to attend Network Field Day 8, where ThousandEyes was one of the presenters. During their presentation Mohit Lad gave a demonstration of using ThousandEyes to investigate performance issues:
The problem with troubleshooting issues across the Internet is that it’s hard to get the complete visibility you need to track down where issues are happening. ThousandEyes helps, by giving you more viewpoints, but there’s still limits. Most of us can’t afford to run tests from hundreds of different public & private locations.
Interpreting data is also a challenge. ThousandEyes has done their best to make the data usable, but you might not have the networking resources to be able to fully understand what’s going on. You need both wider visibility, and the experience to fully interpret it.
That’s why I was very pleased to hear the exchange starting Continue reading
It’s been a busy week here at Plexxi. On Tuesday, we announced our partnership with Cari.net, a high-performance, scalable and flexible hosting platform based on Microsoft Cloud OS. CARI.net’s newly released CARIcloud service is powered by Plexxi and uses software-defined networking to allow companies to automatically adjust to conditions on their networks and make sure that the most important applications are never starved for performance. The platform enables customers to manage organizations and scale their data centers without being restricted to a single cloud service provider.
In this week’s PlexxiTube of the week, Dan Backman explains how Plexxi’s datacenter fabric transport solution is different from a more traditional WAN gateway.
Hardware Customization in a Software-Driven Universe
Art Cole contributed an interesting piece to Enterprise Networking Planet this week on customizing IT hardware in a “software-driven” universe. In my opinion, we tend to think about the discrete layers within information technology hardware—the boxes that make up the network, the servers that make up compute, and the devices that make up storage. Having flexibility in each layer of hardware is crucial, but we also want the same flexibility in the interconnect that ties them all together. We want programmability Continue reading
Take a stroll through the Intel IDF 2014 conference which was all about the Software Defined Network/Storage/Infrastructure/Architecture ......
The post Network Break 17 appeared first on Packet Pushers Podcast and was written by Greg Ferro.
Earlier this week I described how I had dipped my toe in the waters of Docker and determined in the end that while the solution was pretty neat, it smacked of being too much solution for the problem at hand. … Continue reading
If you liked this post, please do click through to the source at Vagrant vs Docker on OSX – Tales From The Front and give me a share/like. Thank you!
Part #1 – I give you the facts and the clues. Part #2 – I give you what the problem ended up being. Ready to play? This is the IPv6 troubleshooting blog that started off as something else entirely. I was going to do a post on IPv6 Multicasting, so I grabbed 3 ASR1K and […]
The post IPv6 Networking Detection Case #141 – Part 1: The Facts and Clues appeared first on Packet Pushers Podcast and was written by Denise "Fish" Fishburne.
We announced Keyless SSL yesterday to an overwhelmingly positive response. We read through the comments on this blog, Reddit, Hacker News, and people seem interested in knowing more and getting deeper into the technical details. In this blog post we go into extraordinary detail to answer questions about how Keyless SSL was designed, how it works, and why it’s secure. Before we do so, we need some background about how encryption works on the Internet. If you’re already familiar, feel free to skip ahead.
Transport Layer Security (TLS) is the workhorse of web security. It lets websites prove their identity to web browsers, and protects all information exchanged from prying eyes using encryption. The TLS protocol has been around for years, but it’s still mysterious to even hardcore tech enthusiasts. Understanding the fundamentals of TLS is the key to understanding Keyless SSL.
TLS has two main goals: confidentiality and authentication. Both are critically important to securely communicating on the Internet.
Communication is considered confidential when two parties are confident that nobody else can understand their conversation. Confidentiality can be achieved using symmetric encryption: use a key known only to the two parties involved to encrypt Continue reading
If you mention open-source cloud orchestration tools these days, everyone immediately thinks about OpenStack (including the people who spent months or years trying to make it ready for production use). In the meantime, there are at least two other comparable open-source products (CloudStack and Eucalyptus) that nobody talks about. Obviously having a working product is not as sexy as having 50+ vendors and analysts producing press releases.
Read more ...
#!/bin/sh NAME=$1 COLOR=$2 DESC="Some random machine" QUALITY=h # or l for low, m for medium set -e dispcal -m -H -q $QUALITY -y l -F -t $COLOR -g 2.2 $NAME targen -v -d 3 -G -e 4 -s 5 -g 17 -f 64 $NAME dispread -v -H -N -y l -F -k $NAME.cal $NAME colprof -v -D $DESC -q m -a G -Z p -n c $NAME dispwin -I $NAME.icc
1 | /c/slb/real 1 |
1 | /c/slb/virt 6_13 |
1 | attach group Continue reading |
VolumeDrive is a Pennsylvania-based hosting company that uses Cogent and (since late May of this year) Atrato for Internet transit. A routing leak this morning by VolumeDrive was passed on to the global Internet by Atrato causing disruptions to traffic in places as far-flung from the USA as Pakistan and Bulgaria.
Background
The way Internet transit is supposed to work in BGP is that a provider announces the global routing table to its customers (i.e., a large number of routes). Then, in turn, the customers announce local routes to their respective providers (generally a small number of routes). Each customer selects the routes it prefers from the options it receives. When a transit customer accidentally announces the global routing table to back one of its providers, things get messy. This is what happened earlier today and it had far-reaching consequences.
At 06:49 UTC this morning (18-September), VolumeDrive (AS46664) began announcing to Atrato (AS5580) nearly all the BGP routes it learned from Cogent (AS174). The resulting AS paths were of the following format:
… 5580 46664 174 …
Normally, VolumeDrive announces 39 prefixes (networks) to Atrato: 27 it originates itself and 12 it transits for two of its downstream Continue reading
I have passed the CCIE SP Lab . I will share my experience here. I will only share things pertaining to the SP lab.
>Dont forget to take the config backup before starting the LAB
>Notepad is your best friend in lab. Many configurations are repetitive. You will save time and reduce the chance of making a mistake by using it.
>Read the LAB end to end carefully before starting.
>Speed and Accuracy is imp ingrediant to pass the LAB.
>Proctator wont help you much after providing intial instruction.You need to listen carefully to protector.
>I lost access to all the device while labbing.I asked protector to help but he advised to check myself.I cleared power cycle and got the access back.
>IMP : Don’t forget to create the BGP_PASS RPL to allow eBGP routes to pass.
Questions are welcome.I would try my best to help you .
Smiles
Crazyrouter
by Dennis Schwarz and Dave Loftus
NewPosThings is a point of sale (PoS) malware family that ASERT has been tracking for a few weeks. It operates similarly to other PoS malware by memory scraping processes looking for credit card track data and then exfiltrating the spoils to a command and control (C2) server. Based on compilation times, it has been in active development since at least October 20, 2013—with the latest timestamp being August 12, 2014. Since we haven’t come across any public details of this family, we’re releasing our malware analysis for posterity and to get ahead of the threat.
The analyzed sample has an MD5 of 4196c67648003a18f61573a77b6d3be6.
Naming
Its name comes from an embedded PDB pathname string from the analyzed sample:
C:UsersTomdocumentsvisual studio 2012ProjectsNewPosThingsReleaseNewPosThings.pdb
Initialization
The malware initializes itself as follows:
