Reading the Silk Road configuration

Many of us believe it wasn't the FBI who discovered the hidden Silk Road server, but the NSA (or other intelligence organization). We believe the FBI is using "parallel construction", meaning creating a plausible story of how they found the server to satisfy the courts, but a story that isn't true.

Today, Brian Krebs released data from the defense team that seems to confirm the "parallel construction" theory. I thought I'd write up a technical discussion of what was found.

The Tarbell declaration


A month ago, the FBI released a statement from the lead investigator, Christopher Tarbell, describing how he discovered the hidden server ("the Tarbell declaration"). This document had four noticeable defects.

The first is that the details are vague. It is impossible for anybody with technical skill (such as myself) to figure out what he did.

The second problem is that some of the details are impossible, such as seeing the IP address in the "packet headers".

Thirdly, his saved none of the forensics data. You'd have thought that had this been real, he would have at least captured packet logs or even screenshots of what he did. I'm a technical blogger. I document this sort Continue reading

Right-winger explains what’s wrong with ComputerCop

The EFF has a good article on ComputerCop. Police departments have lashed back, saying the EFF is an "ultra-liberal organization that is not in any way credible on this". While it's true the EFF is a bunch of leftists, I'm a right-winger -- and I agree with them in this case. Maybe they'll find my right-wing criticisms of ComputerCop more believable.


The basic issue is that this program isn't "protection", but is instead a "virus". It's the same software hackers use to spy on computers. It's the same software that jealous lovers secretly install on their partner's computer. Some of the copies the police give out will be used for the intended purpose (parents hacking their children's computers), but also some copies will end-up in the hands of evil-doers who use it for hacking. When investigating domestic abuse cases over the next few years, police will find their own software on the victim's computer, placed there by the abuser.

Monitoring your child's online activities is a good thing. Hacking your child's computers is probably a bad thing. It's not the sort of activity police departments should be encouraging.

The software maker exploits the fact that rural county sheriffs are Continue reading

Route leak incident on October 2, 2014

Today, CloudFlare suffered downtime which caused customers’ sites to be inaccessible in certain parts of the world. We take the availability of our customers’ web properties very seriously. Incidents like this get the absolute highest priority, attention, and follow up. The pain felt by our customers is also felt deeply by the CloudFlare team in London and San Francisco.

This downtime was the result of a BGP route leak by Internexa, an ISP in Latin America. Internexa accidentally directed large amounts of traffic destined for CloudFlare data centers around the world to a single data center in Medellín, Colombia. At the same time Internexa also leaked routes belonging to Telecom Argentina causing disruption in Argentina. This was the result of Internexa announcing via BGP that their network, instead of ours, handled traffic for CloudFlare. This miscommunication caused a flood of traffic to quickly overwhelm the data center in Medellín. The incident lasted 49 minutes, from 15:08UTC to 15:57UTC.

The exact impact of the route leak to our customers’ visitors depended on the geography of the Internet. Traffic to CloudFlare’s customers sites dropped by 50% in North America and 12% in Europe. The impact on our network in Asia was isolated Continue reading

Meet the new ISR Series – ISR 4000 running IOS-XE

In June of 2013 Cisco released the newest member of the ISR family, the ISR4451-X router (Cisco –  blog post).  At that time it was the only model in the ISR44xx line, but today it now has some new siblings.  Today, October 2, 2014, Cisco has introduced some companious, namely the ISR 4321, 4331, 4351, and 4431.   The […]

Announcing Docker Global Hack Day #2

DockerCon Europe is sold out! But wait…

Here, at Docker HQ, since the announcement of DockerCon Europe 2014, we have been sprinting to keep up with the overwhelming response and today, we must inform you that the conference is sold out. Tickets went faster than expected so we want to give you one last opportunity to attend.

Today, we are super excited to announce Docker Global Hack Day #2 on October 30th! The prize will be full conference passes including roundtrip airfare for all members of the winning team. Last year, the event was a big success, and we expect this year to be even more awesome with more cities and more hackers around the world involved!

The San Francisco edition will kickoff with talks by Ben Golub, CEO of Docker, and Solomon Hykes, Founder and CTO of Docker, who will demonstrate the power and new features of Docker 1.3 and how they facilitate the creation of distributed applications.  The agenda will include a number of Docker customers who are building their next generation of applications based upon our open platform. In addition, the event will have a surprise announcement to the community. The talks and demo will be Continue reading

Cables, Transceivers and 10GBASE-T

In the past few weeks at Plexxi we spend probably an unreasonable amount of time talking about, discussing and even arguing over ethernet cables and connectors. As mundane as it may sound, the options, variations, restrictions and cost variations of something that is usually an afterthought is mind boggling. And as a buyer of ethernet networks, you have probably felt that the choices you make will significantly change the price you pay for the total solution.

During our quarterly Product Management get together, my colleague Andre Viera took 25GbE as a trigger to walk the rest of the team through all the variations of cables and transceivers. As a vendor it is a rather complicated topic and as a customer I can only imagine how the choices may put you in a bad mood.

Most of today’s 10GbE switches ship with SFP+ cages and a handful of QSFP cages. Now comes the hard part. What do I plug into these cages? There are lots of choices all with their own pros and cons.

Direct Attach Cable

The cheapest solution is a Direct Attach Cable or DAC. These are copper based cables that have SFP+ transceivers molded onto the cable. It Continue reading

Cisco Expressway Setup

I am currently working on a Cisco Jabber project and my customer main requirement is that every users must be able to place calls in an easy way regardless from their location. Since the BYOD and Mobility are the trends I recommended the Cisco Expressway product line. I won’t go deep on how the expressway is […]

Can I Be Brutally Honest?

There are several reasons I love being on the road. One of them is the sense of accomplishment I get from doing a particular job in a set amount of time. There is a defined period in which I will be on site with a client to do a job, or a set number of days I will be sitting in training. The light is always at the end of the tunnel. I find that when I am involved in projects around where I live, that they tend to drag on. Time is always important, but not as important as when I am on the road.

Another reason I love being on the road is the fact that I get to interact with a number of my fellow IT professionals on their home turf. I love talking to them about their networks and seeing how they solve the particular issues of their business with technology. I also love to help them improve their networks when needed. Depending on the engagement length, a good working relationship may develop to the point where you seek each other out for conversation or shared meals when you are in the same general vicinity. In Continue reading

Bufferbloat Killed my HTTP Session… or not?

Every now and then I get an email from a subscriber having video download problems. Most of the time the problem auto-magically disappears (and there’s no indication of packet loss or ridiculous latency in traceroute printout), but a few days ago Henry Moats managed to consistently reproduce the problem and sent me exactly what I needed: a pcap file.

TL&DR summary: you have to know a lot about application-level protocols, application servers and operating systems to troubleshoot networking problems.

Read more ...

Universal SSL: How It Scales

On Monday, we announced Universal SSL, enabling HTTPS for all websites using CloudFlare’s Free plan. Universal SSL represents a massive increase in the number of sites we serve over HTTPS—from tens of thousands, to millions. People have asked us, both in comments and in person, how our servers handle this extra load. The answer, in a nutshell, is this: we found that with the right hardware, software, and configuration, the cost of SSL on web servers can be reduced to almost nothing.

Modern Hardware

CloudFlare’s entire infrastructure is built on modern commodity hardware. Specifically, our web servers are running on CPUs manufactured by Intel that were designed with cryptography in mind.

All Intel CPUs based on the Westmere CPU microarchitecture (introduced in 2010) and later have specialized cryptographic instructions. Important for CloudFlare’s Universal SSL rollout are the AES-NI instructions which speed up the Advanced Encryption Standard (AES) algorithm. There’s also a set of instructions called Carry-less Multiplication (CLMUL) that computes mathematical operations binary finite fields. CLMUL can be used to speed up AES in Galois Counter-mode (GCM): our preferred mode of encryption due to its resistance against recent attacks like BEAST.

As we described in our primer on TLS Continue reading

Traveling Light – 15 Things in an Engineer’s Bag (including the bag)

My day job involves traveling around northern Europe and occasionally further afield. I often get little notice of where I’m going, or how long I’m going for. This makes for a lot of trudging along train platforms and across departure lounges. Hauling too much stuff around is guaranteed to ruin my day. Traveling light becomes a necessity, […]

Author information

Glen Kemp

Professional Services Consultant at Fortinet, Inc

Professional Services Consultant. Designing & deploying “keep the bad guys out” technologies. Delivering elephants and not hunting unicorns.

Please free to add me on , follow me on Twitter or check out my other blogs on Fortinet Blog, sslboy.net and SearchNetworking.

TwitterGoogle+

The post Traveling Light – 15 Things in an Engineer’s Bag (including the bag) appeared first on Packet Pushers Podcast and was written by Glen Kemp.

Interop Debate – What-to-Study 2-minute Drill

We’re holding the Interop debate today about traditional certifications versus studying SDN. During the debate, we expect to discus the specific topics we should be studying to learn SDN. And we each get roughly two minutes each, so the answer doesn’t easily fit. This post is here so I can point people at the show here, since they might not be able to furiously write it all down.

I will circle back to this topic following the show.

Prerequisites

  1. CCNA  + CCNP R/S
  2. CCNA + CCNP DC
  3. VCP-DCV and VCAP-DCV
  4. Some OpenStack Neutron

And on the first three, you can back off one cert level on one, or possibly two, depending on your goals.

 

Foundational SDN

  1. Mininet w/ options
  2. POX w/ options
  3. Wireshark of it all
  4. OpenFlow protocol (for learning’s sake)

Basically try as many command-line options as you can with Mininet and POX. Try the options to make POX act like a hub, switch, and router. Understand the resulting OpenFlow flows.

Pick a few more SDN controllers, install, and repeat similar exercises using Mininet.

Mininet lets you easily point to any controller by IP address and port. Try Open Daylight and a vendor’s controller.

Make a choice of Continue reading

Datacenter resource fragmentation

The concept of resource fragmentation is common in the IT world. In the simplest of contexts, resource fragmentation occurs when blocks of capacity (compute, storage, whatever) are allocated, freed, and ultimately re-allocated to create noncontiguous blocks. While the most familiar setting for fragmentation is memory allocation, the phenomenon plays itself out within the datacenter as well.

But what does resource fragmentation look like in the datacenter? And more importantly, what is the remediation?

The impacts of virtualization

Server virtualization does for applications and compute what fragmentation and noncontiguous memory blocks did for storage. By creating virtual machines on servers, each with a customizable resource footprint, the once large contiguous blocks of compute capacity (each server) can be divided into much smaller subdivisions. And as applications take advantage of this architectural compute model, they become more distributed.

The result of this is an application environment where individual components are distributed across multiple devices, effectively occupying a noncontiguous set of compute resources that must be unified via the network. It is not a stretch to say that for server virtualization to deliver against its promise of higher utilization, the network must act as the Great Uniter.

Not just a virtual phenomenon

While Continue reading

Cumulus Linux: First Impressions

Typically, when you buy a network router or switch, it comes bundled with some version of the manufacturer's operating system. Cisco routers come with IOS (or some derivative), Juniper routers come with Junos, and so on. But with the recent proliferation of merchant silicon, there seem to be fewer and fewer differences between competing devices under the hood. For instance, the Juniper QFX3500, the Cisco Nexus 3064, and the Arista 7050S are all powered by an off-the-shelf Broadcom chipset rather than custom ASICs developed in-house. Among such similar hardware platforms, the remaining differentiator is the software.

One company looking to benefit from this trend is Cumulus Networks. Cumulus does not produce or sell hardware, only a network operating system: Cumulus Linux. The Debian-based OS is built to run on whitebox hardware you can purchase from a number of partner Original Device Manufacturers (ODMs). (Their hardware compatability list includes a number of 10GE and 40GE switch models from different vendors.)

Cumulus Linux is, as the name implies, Linux. There is no "front end" CLI as on, for example, Arista platforms. Upon login you are presented with a Bash terminal and all the standard Linux utilities (plus a number of Continue reading

Rome Wasn’t Software Defined In A Day

Everywhere you turn, people are talking about software defined networking.  The influence can be felt in every facet of the industry.  Major players are trying to come to grips with the shift in power.  Small vendors are ramping up around ideas and looking to the future.  Professionals are simultaneously excited for change and fearful of upsetting the status quo.  But will all of these things happen overnight?

Not Built In A Day, But Laying Bricks Every Hour

The truth of SDN is that it’s going to take some time for all the pieces to fall into place.  Take a look at the recent Apple Pay launch.  Inside of a week, it has risen to become a very significant part of the mobile payment industry, even if the installed base of users is exclusive to iPhone [6,6+] owners.  But did this revolution happen in the span of a couple of days?

Apple Pay works because Apple spent months, if not years, designing the best way to provide transactions from a phone.  It leverages TouchID for security, a concept introduced last year.  It uses Near Field Communication (NFC) readers, which have been in place for a couple of Continue reading

Inside Shellshock: How hackers are using it to exploit systems

On Wednesday of last week details, of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash.

CloudFlare immediately rolled out protection for Pro, Business, and Enterprise customers through our Web Application Firewall. On Sunday, after studying the extent of the problem, and looking at logs of attacks stopped by our WAF, we decided to roll out protection for our Free plan customers as well.

Since then we've been monitoring attacks we've stopped in order to understand what they look like, and where they come from. Based on our observations, it's clear that hackers are exploiting Shellshock worldwide.

(CC BY 2.0 aussiegall)

Eject

The Shellshock problem is an example of an arbitrary code execution (ACE) vulnerability. Typically, ACE vulnerability attacks are executed on programs that are running, and require a highly sophisticated understanding the internals of code execution, memory layout, and assembly language—in short, this type of attack requires an expert.

Attacker will also use an ACE vulnerability to upload or run a program that gives them a simple way of controlling the targeted machine. This is often achieved by running a "shell". Continue reading

1 3,709 3,710 3,711 3,712 3,713 3,853