NetworkingNexus.net

The Citadel and Gameover Campaigns of 5CB682C10440B2EBAF9F28C1FE438468

As the infosec community waits for the researchers involved to present their Zeus Gameover take down spoils at the next big conference; ASERT wanted to profile a threat actor that uses both Citadel, “a particularly sophisticated and destructive botnet”, and Gameover, “one of the most sophisticated computer viruses in operation today”, to steal banking credentials.

Citadel Campaign

When a threat actor decides that they would like to start a Citadel campaign they: buy the builder software, build the malware, distribute it to the wild, and then, unfortunately, usually profit. A “login key” in Citadel parlance identifies a specific copy of the builder. This key is also copied into the generated binaries so a link between malware builder and malware is formed. Login keys are supposed to be unique, but due to builders being leaked to the public, some aren’t. For all intents and purposes though, malware researchers use login keys to distinguish between distinct Citadel campaigns.

On October 29, 2013, security researcher Xylitol tweeted that login key 5CB682C10440B2EBAF9F28C1FE438468 was not associated with any of the defendants in Microsoft’s Citadel botnet lawsuit:

ASERT has the following command and control (C2) URLs linked with that campaign. Most Continue reading

SDN/NFV Management & Orchestration

SDN/NFV Management and Orchestration

by Steve Harriman, VP of Marketing - June 24, 2014

At last week’s Big Telecom Event in Chicago, Caroline Chappell, senior analyst with Heavy Reading (the sister organization of Light Reading) moderated a panel discussion on SDN/NFV Management and Orchestration. Readers of this blog will know that’s a subject near and dear to us at Packet Design, and Cengiz Alaettinoglu, our CTO, was a member of the panel. He was joined by speakers from Infoblox, Overture, UBIqube, and NTT America.

Packet Design CTO, Cengiz Alaettinoglu, speaks at the BTE Conference

Ms. Chappell opened the discussion by posing the question, “How real is SDN/NFV, and how quickly will network operators move from proofs of concept to production deployments?” In keeping with what we had heard in earlier conference keynotes and panel sessions, Doug Junkins with NTT America, the only operator on this panel, stated they are already implementing SDN/NFV in 50 data centers globally. He said the primary business drivers are: (1) driving down the cost of provisioning services and (2) new services creation. When asked how NTT views SDN in the context of NFV, he explained that they use the term network automation in Continue reading

Network Automation or SDN?

With all of the activity going on in the networking industry right now, and all of the new terminology (as well as old re-invented terminology), it’s quite easy to get messages mixed up. After all, there’s no centralized dictionary for all of this stuff. I’d like to address something that has bugged me for a while. I’ve now heard from quite a few folks that SDN to them means the ability to automate network tasks.

Network Automation or SDN?

Docker essentials – More work with images

Images – Messing with the stack
So we’ve had some time to digest what containers and images are. Now let’s talk in a little greater detail about images and how they layer. A key piece of docker is how the images stack. For instance, let’s quickly build a container that has 3 user image layers in it. Recall, images are the read-only pieces of the container so having 3 user layers implies that I have done 3 commits and any changes after that will be in the 4th read/write layer that lives in the container itself…

Note: Im using the term ‘user images’ to distinguish between base images and the ones that I create. We’ll see in a minute that a base image can even have multiple images as part of the base. I’m also going to use the term ‘image stack’ to refer to all of the images that are linked together to make a running image or container.

I’ve highlighted each user image creation to break it out. Essentially this is what happened…

-Ran the base CentOS image creating a container called stacking
-Created a file in the container called Continue reading

Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored

Global telecom giant Huawei continues to grow their substantial networking footprint by pushing into the enterprise and data center spaces with competitive products. In this podcast, Ian Foo, Director for Data Center Products & Solutions Enterprise Global Marketing at Huawei, joins co-hosts Ethan Banks and Greg Ferro in a discussion focused on Huawei’s CloudEngine switches […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 193 – Huawei CloudEngine & CloudFabric for the DC + Enterprise – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Cisco IOS – Understanding IGP Network Statements

One of the things that I find both counterintuitive and often misunderstood is the role of the network command in interior gateway protocols. This command is used in the router configuration mode on Cisco devices. While there are some protocol specifics that should be understood, it behaves similarly between RIP, EIGRP and OSPF. The common misconception is that the network statement determines what will be advertised. While it can affect what is being advertised, that is not the direct purpose of this command.

If you have mistakenly thought the network command determines what is being advertised, you’re certainly not alone. We can even find verbiage in the output of “show ip protocols” that lends credibility to this position. Let’s take a look at the following configuration.

In the above example, I have enable EIGRP on all of the interfaces.

R1 Configuration

interface Loopback0
 ip address 1.1.1.1 255.255.255.0
interface Loopback1
 ip address 2.2.2.1 255.255.255.0
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
router eigrp 1
 network 1.1.1.1 0.0.0.0
 network 2.2.2.1 0.0.0.0
 network 192. Continue reading

How to simulate an IPv6 network using the cloonix network simulator

As we work through this tutorial, we will learn how to use the cloonix graph interface to build a simulation scenario that includes two small IPv6 networks connected to each other by two routers via static routes. We will also learn how cloonix saves network topologies and guest virtual machine root filesystems.

Linux IPv6 network simulation running on the cloonix open-source network simulator

The cloonix open-source network simulator uses KVM virtual machines in the simulated network so, in this tutorial, we will demonstrate real Linux router and host configuration procedures.

Procedure summary

First, let’s review the high-level steps we will execute to set up and configure a simulated IPv6 network and then save a network topology and node configurations.

Create root filesystems, one for each virtual machine we plan to create in the simulation
Create static guest virtual machines with the previously-created root filesystems
Connect nodes to create a network topology
Configure each node in the simulated network
Save the network simulation scenario for future use
(Optional) Make changes and save another version of the topology
(Optional) Load a saved network simulation scenario

Step 1: Create root filesystems

We intend to create a scenario made up of static root filesystems Continue reading

VXLAN MTU vs IP MTU Consideration

Audience

This post is for anyone who’s thought about deploying VXLAN on their network and who like me thinks deeply about stuff, to the point of utter confusion, which hit me on a very hot sunny afternoon. The good news with confusion is, once you’ve cracked the issue (normally one’s correct understanding), the clouds clear and the birds sing.

VXLAN

Virtual Extensible Local Area Network functionality is beginning to hit a wide range of vendor devices. VXLAN provides 16 million (and then some) segments for Layer 2 networks. Some organisations, especially those providing cloud infrastructure currently have or will have problems with the number of VLANs available in 12 bits, which is 4096. In that 4096 number, some are not usable either are reserved for certain things like token-ring and platform specific internal communication.

VXLAN is a simple encapsulation method or a tunnel. It encapsulates the original payload in to UDP packets for transit across an IP network and adds another 50 bytes on to the header tax. At a very high level, VXLAN can be deployed in multicast mode and with unicast. Virtual Network IDs (VNIDs) represent VXLAN segment identifiers. In order to gain connectivity, a network construct Continue reading

Book Recommendations — Jeff Aiken Series by Mark Russinovich

BookSmall Last week, I spent a the majority of my commute time listening to a cybercrime novel by Mark Russinovich. This book, Trojan Horse, is the second of three books in the Jeff Aiken Novel series and didn’t disappoint in any way. In the past I read the electronic version of the first book, Zero Day. Whether or not you work in information security, you’ll likely find these books enjoyable. Having some grasp of the reach and dependance on information systems, I find these books are reasonably plausible. I plan to listen to the final installment in the series during my travels this week.

HPN Scripting on Github

Dear network community, Based on the feedback of Lindsay Hill on my last post I created a HPN Scripting GitHub repository. The repository is completely free with MIT license. After HP ETSS event next week I’ll post my scripts under … Continue reading →

Reading a Certification Blueprint

Those studying for certification exams should know what they’re studying for. This is typically found on some sort of syllabus or blueprint. In Cisco parlance, we simply call this the exam blueprint. So those taking ICND1 in hopes of achieving CCENT, would typically research the ICND1 exam blueprint. This is found selecting the link in the Exam Topics section of the exam overview page.

While reading through this type of document, it is important to keep a few things in mind. For example, it is beneficial to continually think about how a vendor may validate knowledge of a particular competency. It is also important to pay attention to keywords like describe, configure and troubleshoot. The keyword describe would typically indicate only a conceptual understanding is required. Configure or troubleshoot might be used to indicate working proficiency with a technology is expected.

As a candidate assesses a given blueprint, they should think about how they could assess someone else’s knowledge. For example, one might consider the task of hiring a network administrator. How could the understanding of collision domains and broadcast domains be assessed? By thinking in these terms, the challenges that networking vendors face in assessing candidates begins to surface

Looking at a blueprint Continue reading

The Open Internet?

I hear the virtues of the “open Internet” being extolled so much these days that I can’t help but wonder what exactly we are referring to. So let’s ask the question. What is an “open” Internet?

Brent’s Technology Bookmarks from June

Lots going on in the past couple of months. While current projects have me pretty busy I wanted to share some good reads and interesting developments in the industry. In no particular order: Thats all for now. Have a great weekend.

...

Python Sets: Handy for Network Data

Interview with David Major, Discussing CLN

During Cisco Live 2014, the Cisco team tracked me down and talked to me about my role and the value of the Cisco Learning Network.

Broadcast live streaming video on Ustream

Links

Readers of this article may also enjoy:

The post Interview with David Major, Discussing CLN appeared first on PacketU.

Who Understands Network Statements?

A couple of weeks ago, I asked some questions about an obscure OSPF configuration. I found the scenario fun to write and share. Therefore, I wanted to offer another odd configuration that might challenge readers to think through the resulting behavior of a Cisco device. This particular challenge is a quick and dirty RIP configuration based on the following scenario.

R1 Configuration

interface FastEthernet0/0
 description To Host1
 ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/1
 description To R2
 ip address 10.100.100.1 255.255.255.0
!
router rip
 network 10.100.100.0

R2 Configuration

interface FastEthernet0/0
 description To Host2
 ip address 10.2.2.2 255.255.255.0
!
interface FastEthernet0/1
 description To R1
 ip address 10.100.100.2 255.255.255.0
!
router rip
 network 10.100.100.0

Question

Assuming Host1 and Host2 are configured with the appropriate address and default gateway, which following two statements are true?

Host1 can reach Host2
Host2 cannot reach Host1
show run will reveal the configuration above
show run will reveal differences from what is shown

A question like this can reveal whether or not an individual has experience configuring interior gateway protocols. Those who have worked with IOS will Continue reading

Thought: What Facebook Wedge, Cumulus Linux Shows About Network Operating Systems

Facebook develops it's own operating system for switches. This shows that OS's like Cisco's IOS and Juniper's Junos are under attack and devalues those business. The destruction of the software moat means that customers have far more choice for their networks.

The post Thought: What Facebook Wedge, Cumulus Linux Shows About Network Operating Systems appeared first on EtherealMind.

Network Management a forgotten art? Part 2!

A while back I wrote a quick article about network management and tools you can rely on. As you could imagine network management is a quite a broad topic and definitely one definitely can talk about till I turn blue. So I figured I would throw out some other interesting considerations when dealing with Network […]

« Previous 1 … 3,744 3,745 3,746 3,747 3,748 … 3,855 Next »