Earlier this week I described how I had dipped my toe in the waters of Docker and determined in the end that while the solution was pretty neat, it smacked of being too much solution for the problem at hand. … Continue reading
If you liked this post, please do click through to the source at Vagrant vs Docker on OSX – Tales From The Front and give me a share/like. Thank you!
Part #1 – I give you the facts and the clues. Part #2 – I give you what the problem ended up being. Ready to play? This is the IPv6 troubleshooting blog that started off as something else entirely. I was going to do a post on IPv6 Multicasting, so I grabbed 3 ASR1K and […]
The post IPv6 Networking Detection Case #141 – Part 1: The Facts and Clues appeared first on Packet Pushers Podcast and was written by Denise "Fish" Fishburne.
We announced Keyless SSL yesterday to an overwhelmingly positive response. We read through the comments on this blog, Reddit, Hacker News, and people seem interested in knowing more and getting deeper into the technical details. In this blog post we go into extraordinary detail to answer questions about how Keyless SSL was designed, how it works, and why it’s secure. Before we do so, we need some background about how encryption works on the Internet. If you’re already familiar, feel free to skip ahead.
Transport Layer Security (TLS) is the workhorse of web security. It lets websites prove their identity to web browsers, and protects all information exchanged from prying eyes using encryption. The TLS protocol has been around for years, but it’s still mysterious to even hardcore tech enthusiasts. Understanding the fundamentals of TLS is the key to understanding Keyless SSL.
TLS has two main goals: confidentiality and authentication. Both are critically important to securely communicating on the Internet.
Communication is considered confidential when two parties are confident that nobody else can understand their conversation. Confidentiality can be achieved using symmetric encryption: use a key known only to the two parties involved to encrypt Continue reading
If you mention open-source cloud orchestration tools these days, everyone immediately thinks about OpenStack (including the people who spent months or years trying to make it ready for production use). In the meantime, there are at least two other comparable open-source products (CloudStack and Eucalyptus) that nobody talks about. Obviously having a working product is not as sexy as having 50+ vendors and analysts producing press releases.
Read more ...
#!/bin/sh NAME=$1 COLOR=$2 DESC="Some random machine" QUALITY=h # or l for low, m for medium set -e dispcal -m -H -q $QUALITY -y l -F -t $COLOR -g 2.2 $NAME targen -v -d 3 -G -e 4 -s 5 -g 17 -f 64 $NAME dispread -v -H -N -y l -F -k $NAME.cal $NAME colprof -v -D $DESC -q m -a G -Z p -n c $NAME dispwin -I $NAME.icc
1 | /c/slb/real 1 |
1 | /c/slb/virt 6_13 |
1 | attach group Continue reading |
VolumeDrive is a Pennsylvania-based hosting company that uses Cogent and (since late May of this year) Atrato for Internet transit. A routing leak this morning by VolumeDrive was passed on to the global Internet by Atrato causing disruptions to traffic in places as far-flung from the USA as Pakistan and Bulgaria.
Background
The way Internet transit is supposed to work in BGP is that a provider announces the global routing table to its customers (i.e., a large number of routes). Then, in turn, the customers announce local routes to their respective providers (generally a small number of routes). Each customer selects the routes it prefers from the options it receives. When a transit customer accidentally announces the global routing table to back one of its providers, things get messy. This is what happened earlier today and it had far-reaching consequences.
At 06:49 UTC this morning (18-September), VolumeDrive (AS46664) began announcing to Atrato (AS5580) nearly all the BGP routes it learned from Cogent (AS174). The resulting AS paths were of the following format:
… 5580 46664 174 …
Normally, VolumeDrive announces 39 prefixes (networks) to Atrato: 27 it originates itself and 12 it transits for two of its downstream Continue reading
I have passed the CCIE SP Lab . I will share my experience here. I will only share things pertaining to the SP lab.
>Dont forget to take the config backup before starting the LAB
>Notepad is your best friend in lab. Many configurations are repetitive. You will save time and reduce the chance of making a mistake by using it.
>Read the LAB end to end carefully before starting.
>Speed and Accuracy is imp ingrediant to pass the LAB.
>Proctator wont help you much after providing intial instruction.You need to listen carefully to protector.
>I lost access to all the device while labbing.I asked protector to help but he advised to check myself.I cleared power cycle and got the access back.
>IMP : Don’t forget to create the BGP_PASS RPL to allow eBGP routes to pass.
Questions are welcome.I would try my best to help you .
Smiles
Crazyrouter
by Dennis Schwarz and Dave Loftus
NewPosThings is a point of sale (PoS) malware family that ASERT has been tracking for a few weeks. It operates similarly to other PoS malware by memory scraping processes looking for credit card track data and then exfiltrating the spoils to a command and control (C2) server. Based on compilation times, it has been in active development since at least October 20, 2013—with the latest timestamp being August 12, 2014. Since we haven’t come across any public details of this family, we’re releasing our malware analysis for posterity and to get ahead of the threat.
The analyzed sample has an MD5 of 4196c67648003a18f61573a77b6d3be6.
Naming
Its name comes from an embedded PDB pathname string from the analyzed sample:
C:UsersTomdocumentsvisual studio 2012ProjectsNewPosThingsReleaseNewPosThings.pdb
Initialization
The malware initializes itself as follows:
This blog post from Cloudflare should mean the end of big Internet pipes in Enterprise Data Centre with massive reductions in load balancers, IDS units and web servers.
The post Response: CloudFlare Keyless SSL Means The End of Big Pipes and Load Balancers in The Data Centre appeared first on EtherealMind.
When I first met Cumulus, they were working out of a borderline-sketchy kind of warehouse space they had outgrown long before I showed up.
My job was to “make things better.” Initially, this had a lot to do with boxes and taking out garbage. I threw out a pile of flattened boxes about three feet high early on. The boxes had been stacked and tossed and shoved into a massive pile that consumed the small loft that hovered over the space. These people have no idea how dangerously close they came to becoming an episode of Hoarders.
Despite the mess, they are very good people. I’d been there only a short time when, one day, the bottom fell out of a box of stuff I was moving. Instantly I was surrounded by people who had everything picked up before I’d even registered what happened. One of them was on the phone the entire time and never missed a beat, I think he even made a sale. They were halfway back to their desks before I managed to say “thank you.”
I am not an engineer, but I am married to one, which is almost the same thing. (That Continue reading
In this post i will show how and why to use a feature called IPv6 Prefix Delegation (PD).
IPv6 prefix delegation is a feature that provides the capability to delegate or hand out IPv6 prefixes to other routers without the need to hardcode these prefixes into the routers.
Why would you want to do this? – Well, for one is the administration overhead associated with manual configuration. If the end-customer only cares about the amount of prefixes he or she receives, then it might as well be handed out automatically from a preconfigure pool. Just like DHCP works today on end-user systems.
On top of that, by configuring a redistribution into BGP just once, you will automatically have reachability to the prefixes that has been handed out, from the rest of your SP network.
So how do you go about configuring this? – Well, lets take a look at the topology we’ll be using to demonstrate IPv6 Prefix Delegation.
First off, we have the SP core network which consists of R1, R2 and R3. They are running in AS 64512 with R1 being a BGP route-reflector for the IPv6 unicast address-family. As an IGP we are running OSPFv3 to provide Continue reading
CloudFlare is an engineering-driven company. This is a story we're proud of because it embodies the essence of who we are: when faced with a problem, we found a novel solution. Technical details to follow but, until then, welcome to the no hardware world.
The story begins on a Saturday morning, in the Fall of 2012, almost exactly two years ago. I got a call on my cell phone that woke me. It was a man who introduced himself as the Chief Information Security Officer (CISO) at one of the world's largest banks.
"I got your number from a reporter," he said. "We have an incident. Could you and some of your team be in New York Monday morning? We'd value your advice." We were a small startup. Of course we were going to drop everything and fly across the country to see if we could help.
I called John Roberts and Sri Rao, two members of CloudFlare's team. John had an air of calm about him and owned more khaki pants than any of the rest of us. Sri was a senior member of our technical operations team and could, already at that point, Continue reading
Last week Ivan Pepelnjak wrote an article about the failure domains of controller based network architectures. At the core of SDN solutions is the concept of a controller, which in most cases lives outside the network devices themselves. A controller as a central entity controlling the network (hence its name) provides very significant values and capabilities to the network. We have talked about these in this blog many times.
When introducing a centralized entity into any inherently distributed system, the architecture of such a system needs to carefully consider failure domains and scenarios. Networks have been distributed entities, with each device more or less independent and a huge suite of protocols defined to manage the distributed state between all of them. When you think about it, it’s actually quite impressive to think about the extend of distribution we have created in networks. We have created an extremely large distributed system with local decision making and control. I am not sure there are too many other examples of complex distributed systems that truly run without some form of central authority.
It is exactly that last point that we networking folks tend to forget or ignore. Many control systems in Continue reading
A while ago Cisco added dynamic FCoE support to Nexus 5000 switches. It sounded interesting and I wanted to talk about it in my Data Center Fabrics update session, but I couldn’t find any documentation at that time.
In the meantime, the Configuring Dynamic FCoE Using FabricPath configuration guide appeared on Cisco’s web site and J Metz wrote a lengthly blog post explaining how it all works, triggering a severe attack of déjà vu.
Read more ...Redirect, ICMP type 5, is used by routers to notify hosts of another router on the data link that should be used for a particular destination.
TOPOLOGY
——————–
———- ROUTER R3——|
| Internet | / |——PC2 10.10.10.1
——— /
| /
ROUTER R1 ROUTER R2
172.16.10.40| | 172.16.10.5
| |
—————-LAN——————————–
|
|
PC1
172.16.10.1
Gateway 172.16.10.40
—————————————-
Consider above topology,where PC1 has default gatway config as 172.16.10.40 .PC1 send packet to router R1 to reach remote destination 10.10.10.1.Router R1 checks its routing table and find that next-hop to reach 10.10.10.1 is Router R2.SO now the ROuter R1 has to fwd packet througth the same interface on which it was received.Router R1 fwd packet to Router R2 and also send ICMP redirect message to PC1.This informs about the best path to reach destination 10.10.10.1 is through Continue reading
Its very important for routing and is enabled default in IOS.
Its method by which router made himself available to the host.How ?
|——-ROuter——|
| |
PC1 PC2
IP 10.10.20.1/24 10.10.40.1/24
Consider that HostA(10.10.20.1/24) want to send traffic to HostB of diff subnet (10.10.40.1/24).
Host A neither have any default gateway configured nor it knows how to reach router.It will send arp request for 10.10.40.1,local router
when receives the request and also know how to reach subnet 10.10.40.0,will reply arp with its own hardware address.
Host A will see this reply, cache it, and send future IP packets for host B to the gateway. The gateway will forward such packets to
host B by the usual IP routing mechanisms. The gateway is acting as an agent for host B, which is why this technique is called “Proxy ARP”; we will refer to this as a transparent subnet gateway or ARP subnet gateway.
ARP cache entries generally shows multiple ip address are mapped to single hardware addresss ,It that case proxy arp is used and single hardware addresss is of router interface and multiple ip address is of hosts.
How the ARP works ? Basic question but very imp to know it.
ARP is address resolution protocol,used to resolve logical IP address to physical hardware address.
ROUTER
|
|
———LAN——-
| |
| |
PC1 PC2
10.10.10.1 10.10.10.14
Consider that PC1 want to communicate with PC2.What is the actual process to communicate b/w them ?
PC want to sent traffic to PC2 ,it has got layer 3 address for source(10.10.10.1) and also destination (10.10.10.14).
It will move from upper layer down to lower layer 2 i.e data link layer.Layer 2 need to have source and destination MAC
address information to process further.PC1 has layer 3 information for source and destination but no layer 2 information for destination .
Here comes the saviour known as ARP .PC1 will send broadcast into the LAN asking that whoever owns IP 10.10.10.14 respond with its mac address.
The broadcast packet will have following info.
Source Ip : 10.10.10.1
Destination IP : 10.10.10.14
Source MAC : MAC Continue reading
