Two Minutes of Hate: Marriot deauthing competing WiFi

Do you stand for principle -- even when it's against your interests? Would you defend the free-speed rights of Nazis, for example? The answer is generally "no", few people stand for principle. We see that in this morning's news story about Marriott jamming (actually deauthing) portable WiFi hotspots in order to force customers to use their own high-priced WiFi.

The principle I want to discuss here is "arbitrary and discriminator enforcement". It was the principle behind the Aaron Swartz and Andrew "weev" Auernheimer cases. The CFAA is a vague law where it is impossible to distinguish between allowed and forbidden behavior. Swartz and Weev were prosecuted under the CFAA not because what they did was "unauthorized access", but because they pissed off the powerful. Prosecutors then interpreted the laws to suite their purposes.


The same thing is true in the Marriott case. Deauthing Wifi is common practice on large campuses everywhere, at company headquarters, hospitals, and college campuses. They do this for security reasons, to prevent rogue access-points from opening up holes behind the firewall. It's also used at the DefCon conference, to prevent hostile access-points from tricking people by using "DefCon" in their name.

Section 333 of the Communications Continue reading

CCIE RSv5 Workbook Full Scale Lab 1 Now Available

Full Scale Lab 1 has been added to the CCIE Routing & Switching v5 Workbook. More Foundation, Troubleshooting, and Full Scale Labs will be coming soon, including additional updates before the end of the weekend. I will post more information about additional content and its release schedule shortly.

This lab uses a 20 router topology which will be available through our rack rental system shortly.  In the meantime if you have your own lab built on CSR1000v, IOU/IOL, etc. the initial configs are available to download on the lab 1 tasks page.  For technical discussion of this lab, please visit the Full Scale Labs section of our Online Community here.

Renesys Team Launches Dyn Research

shutterstock_128775836

Welcome to the new Dyn Research Blog!   We’re certainly glad you’re here, and we hope you like the snazzy new look.

Since the Renesys team joined Dyn in May, the number one question we’ve received is “will you keep publishing the blog?”   The answer is yes, absolutely, and we hope to bring you some diverse perspectives on Internet performance from other members of the Dyn technical team as well.    Please do let us know what you think of the new Dyn Research Blog, and feel free to suggest topics you’d like us to cover.

 

A moment for reflection

Looking back over the eight years that we’ve been publishing our observations about Internet structure and operations, I’m struck mostly by how you, our audience, have evolved and grown.    In the early days, news about Internet infrastructure appealed to a pretty narrow group of readers within the network operations community.   We never had to buy beer at conferences like NANOG, but the rest of the world was more or less content to ignore the dirty details of IPv6, peering and depeering, Net Neutrality, and the evolution of the IP wholesale transit industry.

A Continue reading

Plexxi Pulse—HadoopWorld 2014: Is your network ready for Big Data?

We are two short weeks away from HadoopWorld, one of the world’s largest Big Data conferences. October 15—17 our team will be in in New York City to demo our Big Data fabric and answer questions about preparing networks for Big Data. Stop by booth 552 to catch up with our team and pick up a pair of Plexxi Socks. We look forward to seeing you there.

hw3.2

In this week’s PlexxiTube of the week, Dan Backman describes how Plexxi manages load balancing in Big Data networks.

Check out what we’ve been up to on social media this week. Have a great weekend!

The post Plexxi Pulse—HadoopWorld 2014: Is your network ready for Big Data? appeared first on Plexxi.

Opt-in for upcoming Heartbleed results

On October 8, the 6-month anniversary of Heartbleed, I'm going to scan the Internet again for it. I should find about 250k devices are still vulnerable. These are things like webcams, NAS boxes, forgotten VM instances, development machines, and so on -- few real "web servers" will be vulnerable.

I will, of course, exclude from my scan everyone who has asked to be excluded. My scan list is down to only 3.5 billion hosts because of all the exclusions I do. However, asking for whitehats to exclude you from their scans is not a smart security strategy. Therefore, if you are on our exclude list, I suggest you do the reverse: opt back in.

I mention this because we are going to try something new: allow people to opt-in to the results. Send us an email, and we'll send the results of our Heartbleed scan for your address range to the "abuse" address registered for that address range.

IPv6 Adoption in the UK

One of my biggest annoyances for a while has been the lack of interest in IPv6 in the UK. There just isn’t a thirst for it. I’m pretty convinced it’s down to lack of sales support by out coin operated fraternity of technology touting army of salesmen (and women). Justifications like “IPv4 is running out” and “IPv6 when wielded correctly gives us huge growth potential” just isn’t enough to convince anyone that it’s here and is ready for adoption in enterprises nationally. The commoditisation of last mile circuits and consumer grade connectivity has also driven down profit and therefore as these businesses run with tightly controlled finances, the ability to invest in additional functionality with no perceivable gain is frowned upon somewhat. So, a quote that I thumbed in to Twitter was “Would you expect sparkling vitamin water to come out of the same taps as your current still cold feed? Who would pay £1 a month more?”. The answer to this somewhat pointless frustrated question is probably not of any value to anyone barring technologists who get it. Of course you wouldn’t get it out of the same tap! Whilst it would be delivered from the same set Continue reading

Arista vEOS on GNS3

EOS (Extensible Operating System) is Linux-based network operating system developed by Arista Networks that runs on all Arista switches. Virtual EOS (vEOS) is single image and can be run in a virtual machine. The article describes how to set up vEOS virtual machine and connects it to GNS3 in order to test EOS functionality.

Host Requirements
Linux x86-64
Qemu or VirtualBox installed

Virtual Machine Requirements
1024 MB RAM
IDE CD-ROM drive with mounted Aboot-veos-serial-2.0.8.iso
2GB flash IDE disk - vEOS-4.14.2F.vmdk
NICs e1000 type

1. Download Bootloader and Virtual EOS

Clik the link to create a new account. The guest account (when no corporate email is used for registration e.g. gmail.com) is sufficient to download vEOS software. Click the link and login with the credentials you entered during the registration. You have to accept License Agreement in order to download vEOS software.

Download the bootloader and a virtual disk:

Aboot-veos-serial-2.0.8.iso
vEOS-4.14.2F.vmdk

2. Arista Switch First Boot on Qemu

Use Qemu to boot Arista switch virtual machine for the first time.

$ /usr/local/bin/qemu-system-x86_64 -m 1024 -enable-kvm -cdrom ./Aboot-veos-serial-2.0.8.iso -boot d vEOS-4.14.2F.vmdk -serial telnet::3355,server,nowait

Connect to the Continue reading

Reading the Silk Road configuration

Many of us believe it wasn't the FBI who discovered the hidden Silk Road server, but the NSA (or other intelligence organization). We believe the FBI is using "parallel construction", meaning creating a plausible story of how they found the server to satisfy the courts, but a story that isn't true.

Today, Brian Krebs released data from the defense team that seems to confirm the "parallel construction" theory. I thought I'd write up a technical discussion of what was found.

The Tarbell declaration


A month ago, the FBI released a statement from the lead investigator, Christopher Tarbell, describing how he discovered the hidden server ("the Tarbell declaration"). This document had four noticeable defects.

The first is that the details are vague. It is impossible for anybody with technical skill (such as myself) to figure out what he did.

The second problem is that some of the details are impossible, such as seeing the IP address in the "packet headers".

Thirdly, his saved none of the forensics data. You'd have thought that had this been real, he would have at least captured packet logs or even screenshots of what he did. I'm a technical blogger. I document this sort Continue reading

Right-winger explains what’s wrong with ComputerCop

The EFF has a good article on ComputerCop. Police departments have lashed back, saying the EFF is an "ultra-liberal organization that is not in any way credible on this". While it's true the EFF is a bunch of leftists, I'm a right-winger -- and I agree with them in this case. Maybe they'll find my right-wing criticisms of ComputerCop more believable.


The basic issue is that this program isn't "protection", but is instead a "virus". It's the same software hackers use to spy on computers. It's the same software that jealous lovers secretly install on their partner's computer. Some of the copies the police give out will be used for the intended purpose (parents hacking their children's computers), but also some copies will end-up in the hands of evil-doers who use it for hacking. When investigating domestic abuse cases over the next few years, police will find their own software on the victim's computer, placed there by the abuser.

Monitoring your child's online activities is a good thing. Hacking your child's computers is probably a bad thing. It's not the sort of activity police departments should be encouraging.

The software maker exploits the fact that rural county sheriffs are Continue reading

Route leak incident on October 2, 2014

Today, CloudFlare suffered downtime which caused customers’ sites to be inaccessible in certain parts of the world. We take the availability of our customers’ web properties very seriously. Incidents like this get the absolute highest priority, attention, and follow up. The pain felt by our customers is also felt deeply by the CloudFlare team in London and San Francisco.

This downtime was the result of a BGP route leak by Internexa, an ISP in Latin America. Internexa accidentally directed large amounts of traffic destined for CloudFlare data centers around the world to a single data center in Medellín, Colombia. At the same time Internexa also leaked routes belonging to Telecom Argentina causing disruption in Argentina. This was the result of Internexa announcing via BGP that their network, instead of ours, handled traffic for CloudFlare. This miscommunication caused a flood of traffic to quickly overwhelm the data center in Medellín. The incident lasted 49 minutes, from 15:08UTC to 15:57UTC.

The exact impact of the route leak to our customers’ visitors depended on the geography of the Internet. Traffic to CloudFlare’s customers sites dropped by 50% in North America and 12% in Europe. The impact on our network in Asia was isolated Continue reading

Meet the new ISR Series – ISR 4000 running IOS-XE

In June of 2013 Cisco released the newest member of the ISR family, the ISR4451-X router (Cisco –  blog post).  At that time it was the only model in the ISR44xx line, but today it now has some new siblings.  Today, October 2, 2014, Cisco has introduced some companious, namely the ISR 4321, 4331, 4351, and 4431.   The […]

Announcing Docker Global Hack Day #2

DockerCon Europe is sold out! But wait…

Here, at Docker HQ, since the announcement of DockerCon Europe 2014, we have been sprinting to keep up with the overwhelming response and today, we must inform you that the conference is sold out. Tickets went faster than expected so we want to give you one last opportunity to attend.

Today, we are super excited to announce Docker Global Hack Day #2 on October 30th! The prize will be full conference passes including roundtrip airfare for all members of the winning team. Last year, the event was a big success, and we expect this year to be even more awesome with more cities and more hackers around the world involved!

The San Francisco edition will kickoff with talks by Ben Golub, CEO of Docker, and Solomon Hykes, Founder and CTO of Docker, who will demonstrate the power and new features of Docker 1.3 and how they facilitate the creation of distributed applications.  The agenda will include a number of Docker customers who are building their next generation of applications based upon our open platform. In addition, the event will have a surprise announcement to the community. The talks and demo will be Continue reading

Cables, Transceivers and 10GBASE-T

In the past few weeks at Plexxi we spend probably an unreasonable amount of time talking about, discussing and even arguing over ethernet cables and connectors. As mundane as it may sound, the options, variations, restrictions and cost variations of something that is usually an afterthought is mind boggling. And as a buyer of ethernet networks, you have probably felt that the choices you make will significantly change the price you pay for the total solution.

During our quarterly Product Management get together, my colleague Andre Viera took 25GbE as a trigger to walk the rest of the team through all the variations of cables and transceivers. As a vendor it is a rather complicated topic and as a customer I can only imagine how the choices may put you in a bad mood.

Most of today’s 10GbE switches ship with SFP+ cages and a handful of QSFP cages. Now comes the hard part. What do I plug into these cages? There are lots of choices all with their own pros and cons.

Direct Attach Cable

The cheapest solution is a Direct Attach Cable or DAC. These are copper based cables that have SFP+ transceivers molded onto the cable. It Continue reading

Cisco Expressway Setup

I am currently working on a Cisco Jabber project and my customer main requirement is that every users must be able to place calls in an easy way regardless from their location. Since the BYOD and Mobility are the trends I recommended the Cisco Expressway product line. I won’t go deep on how the expressway is […]

Can I Be Brutally Honest?

There are several reasons I love being on the road. One of them is the sense of accomplishment I get from doing a particular job in a set amount of time. There is a defined period in which I will be on site with a client to do a job, or a set number of days I will be sitting in training. The light is always at the end of the tunnel. I find that when I am involved in projects around where I live, that they tend to drag on. Time is always important, but not as important as when I am on the road.

Another reason I love being on the road is the fact that I get to interact with a number of my fellow IT professionals on their home turf. I love talking to them about their networks and seeing how they solve the particular issues of their business with technology. I also love to help them improve their networks when needed. Depending on the engagement length, a good working relationship may develop to the point where you seek each other out for conversation or shared meals when you are in the same general vicinity. In Continue reading

Bufferbloat Killed my HTTP Session… or not?

Every now and then I get an email from a subscriber having video download problems. Most of the time the problem auto-magically disappears (and there’s no indication of packet loss or ridiculous latency in traceroute printout), but a few days ago Henry Moats managed to consistently reproduce the problem and sent me exactly what I needed: a pcap file.

TL&DR summary: you have to know a lot about application-level protocols, application servers and operating systems to troubleshoot networking problems.

Read more ...
1 3,712 3,713 3,714 3,715 3,716 3,856