How bad is the OSPF vulnerability exposed by Black Hat?

ddos-attack

I was asked a few weeks ago by our field engineers to provide a fix for the OSPF vulnerability exposed by Black Hat last month. Prima facie there appeared nothing new in this attack as everyone knows that OSPF (or ISIS) networks can be brought down by insider attacks. This isnt the first time that OSPF vulnerability has been announced at Black Hat. Way back in 2011 Gabi  Nakibly, the researcher at Israel’s Electronic Warfare Research and Simulation Center, had demonstrated how OSPF could be brought down using insider attacks.  Folks were not impressed, as anybody who had access to one of the routers could launch attacks on the routing infrastructure. So it was with certain skepticism that i started looking at yet another OSPF vulnerability exposed by Gabi, again at Black Hat. Its only when i started delving deep into the attack vector that the real scale of the attack dawned on me. This attack evades OSPF’s natural fight back mechanism against malacious LSAs which makes it a bit more insidious than the other attacks reported so far.

I exchanged a few emails with Gabi when i heard about his latest exposé. I wanted to understand how this attack Continue reading

Plumbing OpenBSD Software with gdb(1)

This post is about finding and fixing a memory leak I discovered in the SNMP daemon, snmpd(8), in OpenBSD. This sort of analysis is foreign territory for me; I’m not a software hacker by day. However, using instructions written by Otto Moerbeek as my Rosetta stone and Google to fill in the blanks when it came to usage of the GNU debugger, gdb(1), I was able to find and fix the memory leak.

I’m documenting the steps I used for my future self and for others.

The Problem

When walking the pfTblAddrTable in the OPENBSD-PF-MIB, the unprivileged snmpd process would grow in terms of SIZE and RES. Querying other parts of PF-MIB or other MIBS altogether resulted in no memory usage increase.Memory Leak

Since I knew roughly which code path must have the leak, I first examined it manually. I could not see where memory wasn’t being given back. I needed to instrument the process as it was running in order to find the leak.

Before Starting

This set of instructions from Otto Moerbeek was my guide. As per his guide, you have to rebuild libc with MALLOC_STATS enabled. This enables statistics collection that is used later on.

Edit /usr/src/lib/libc/stdlib/malloc. Continue reading

Plumbing OpenBSD Software with gdb(1)

This post is about finding and fixing a memory leak I discovered in the SNMP daemon, snmpd(8), in OpenBSD. This sort of analysis is foreign territory for me; I'm not a software hacker by day. However, using instructions written by Otto Moerbeek as my Rosetta stone and Google to fill in the blanks when it came to usage of the GNU debugger, gdb(1), I was able to find and fix the memory leak.

I'm documenting the steps I used for my future self and for others.

NFD6 Vendor Preview: Nuage Networks

Nuage Networks is making an appearance at both Network Field Day 6 and the Software-Defined Datacenter Symposium the day before. Nuage is new to me, but after perusing some of their literature, I was very comfortable with some of the concepts. First, you’ll recognize the three-tier architecture that’s being used in most SDN discussions in most of their visuals (data plane / controller / NB API) Nuage uses an product called the VSD (Virtual Services Directory) to define network policies and business logic integration.

NFD6 Vendor Preview: Nuage Networks

Nuage Networks is making an appearance at both Network Field Day 6 and the Software-Defined Datacenter Symposium the day before. Nuage is new to me, but after perusing some of their literature, I was very comfortable with some of the concepts. First, you’ll recognize the three-tier architecture that’s being used in most SDN discussions in most of their visuals (data plane / controller / NB API) Nuage uses an product called the VSD (Virtual Services Directory) to define network policies and business logic integration.

Professional Loneliness

Lately I’ve been bouncing some generic DMVPN questions off the twittersphere.  I’ve used DMVPN sporadically in tiny single-use cases before, but now I am planning to roll out a somewhat larger implementation with a dual cloud and dual hub, complicated by the fact that I don’t control the perimeter router at our DC and I […]

Author information

Matthew Mengel

Matthew was a Senior Network Engineer for a regional educational institution in Australia for over 15 years, working with Cisco equipment across many different product areas. However, in April 2011 he resigned, took seven months of long service leave to de-stress and re-boot before becoming a network engineer for a medium sized non-profit organisation. At the end of 2013, he left full-time networking behind after winning a scholarship to study for a PhD in astrophysics. He is on twitter infrequently as @mengelm.

The post Professional Loneliness appeared first on Packet Pushers Podcast and was written by Matthew Mengel.

Don’t Need No Stinking Underlays

Why’s everyone complaining about overlays; it’s the underlays that are the problem. I’ve been in this awful game for years, I’m tellin ya, me and the dinosaurs were buddies back in the medieval donkey days – so listen up losers, I’m diatribin from experience. That Greg Ferrous, he’s a wise fella; almost like a father to me […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post Don’t Need No Stinking Underlays appeared first on Packet Pushers Podcast and was written by Steven Iveson.

Exploring OSPF Messages Between New Neighbors

image

A basic network is setup and OSPF is configured.  R1 is then prevented from forming an OSPF adjacency with R2 due to R1’s serial interface being configured as a passive interface.

Only Hello packets are seen from R2.

image

From this Wireshark output we can see:

  1. OSPF Version 2 is utilized
  2. This is a Hello packet
  3. The Hello packet is sourced from a router with OSPF Router ID 2.2.2.2.  Duplicate RIDs will prevent an OSPF adjacency and cause other issues.
  4. The interface that sourced this Hello packet resides in OSPF area 0.  This item is used to verify that the two connected router interfaces are within the same OSPF area – this is a requirement in order to form an OSPF adjacency.
  5. No authentication is used
  6. A /30 network mask is used on R2’s connected interface.  This item is used to verify that the two connected router interfaces are using the same subnet mask, which is a requirement in order to form an OSPF adjacency in addition to the two interfaces being within the same primary subnet.
  7. Hello and Dead timers.  These must be the same on both connected routers in order to Continue reading

MrsJanitor’s Aus-Some Tour of SFO / SJC

Well I just got my itinerary for my trip to Sunnyvale for the Juniper Ambassador’s Summit in October and my wife and I have decided to spend an extra couple of days either side to get out and see the sites. We will be arriving in San Francisco at 11am Sat 5th of October and flying out around 11pm on Friday 12th, and we are looking to fill our schedule!

This is my wife’s first trip to the US, and I know she wants to get out and about and see things (also probably while Im in conference too). I know her list includes seeing the Golden Gate Bridge and Alcatraz… oh… and… “The Full House House”.

Thankfully we have the company of two of my good friends who are locals – Ashton (from Juniper) and my old work mate Cooper Lees, and we are working out “what we should see”.

So what do you consider “must see” things in this area? Let me know in the comments and we will see what we can fit in.

Also, while we’re in town, I would love to catch up with any locals in the area for drinks/coffee/food etc so Continue reading

The Priorities Bill of Rights – 10 practical steps to managing group priorities

Managers everywhere are abusing their employees by using priorities to convey to-do lists. It is not because of anything insidious in their objectives, but the average manager (both low- and high-level, by the way) simply doesn’t think enough about priorities to really do anything meaningful with them. For teams I lead, our entire existence revolves […]

Author information

Michael Bushong

The post The Priorities Bill of Rights – 10 practical steps to managing group priorities appeared first on Packet Pushers Podcast and was written by Michael Bushong.

[Overlay Networking] Part 3 – The Underlay

We finally arrive at the physical topology that all of the stuff I discussed in the previous posts is built upon. “Underlay” is a term that is starting to catch on - this describes the infrastructure that all of the overlay networks ride on top of, and I’ll be using it to describe this physical infrastructure in this post. Keep in mind the term is used no matter how our physical infrastructure is laid out - there’s quite a few different ways to build this thing.

NFD6 Vendor Preview: Big Switch

Big Switch will be making their first appearance at Network Field Day 6 next week, and I’m pretty excited to hear their session. This isn’t their first appearance at a Tech Field Day event, however. They first appeared at the OpenFlow Symposium back in 2011. I re-watched that video and realized that they were talking about network virtualization a long time ago. They even made the statement that they viewed SDN “like VMware but for networking” - something we’re hearing a lot of these days.

NFD6 Vendor Preview: Aruba Networks

I’ll be the first to admit, I don’t really know that much about Aruba Networks. They’re most widely known for their work in the wireless area and that’s an area of technology I have yet to play with. As someone who is admittedly wireless-green, I’m eager to get schooled. While they may be new to me, they are heavily involved with the Tech Field Day community, especially at Wireless Field Day events.

[Overlay Networking] Part 3 – The Underlay

We finally arrive at the physical topology that all of the stuff I discussed in the previous posts is built upon. “Underlay” is a term that is starting to catch on - this describes the infrastructure that all of the overlay networks ride on top of, and I’ll be using it to describe this physical infrastructure in this post. Keep in mind the term is used no matter how our physical infrastructure is laid out - there’s quite a few different ways to build this thing.

NFD6 Vendor Preview: Big Switch

Big Switch will be making their first appearance at Network Field Day 6 next week, and I’m pretty excited to hear their session. This isn’t their first appearance at a Tech Field Day event, however. They first appeared at the OpenFlow Symposium back in 2011. I re-watched that video and realized that they were talking about network virtualization a long time ago. They even made the statement that they viewed SDN “like VMware but for networking” - something we’re hearing a lot of these days.

[Overlay Networking] Part 3 – The Underlay

We finally arrive at the physical topology that all of the stuff I discussed in the previous posts is built upon. “Underlay” is a term that is starting to catch on - this describes the infrastructure that all of the overlay networks ride on top of, and I’ll be using it to describe this physical infrastructure in this post. Keep in mind the term is used no matter how our physical infrastructure is laid out - there’s quite a few different ways to build this thing.

NFD6 Vendor Preview: Aruba Networks

I’ll be the first to admit, I don’t really know that much about Aruba Networks. They’re most widely known for their work in the wireless area and that’s an area of technology I have yet to play with. As someone who is admittedly wireless-green, I’m eager to get schooled. While they may be new to me, they are heavily involved with the Tech Field Day community, especially at Wireless Field Day events.

NFD6 Vendor Preview: Plexxi

Plexxi was first involved with Network Field Day about 5 months ago at Network Field Day 5. There, they demo’d their very unique approach to networking. You won’t hear about Plexxi without hearing about their WDM-based optical network design. You may even hear it referred to unofficially as Layer 1 SDN - and that’s a pretty apt description. Plexxi uses special From a logical perspective (kind of semi-logical and semi-physical) I think it’s great.

[Overlay Networking] Part 1 – The Basics

Wow. Lots of talk regarding overlay networking, both last week, and now this week. No doubt largely caused by the VMware NSX announcement last week. This post is an attempt on my part to clarify some fundamental ideas regarding overlay networking for my own benefit, but hopefully it helps you too. After all, we’re all learning. I’ll also be referring a LOT to some community content from blogs and twitter, because there’s a lot of great opinions out there.

[Overlay Networking] Part 2 – VTEPs and Software

In the previous post, we discussed the role of the overlay network, and the virtual switches they connect to. In this post, we’re going to talk about a few additional components. The Role of the Hardware VTEP There’s been a lot of talk about VTEP, and how virtually every networking vendor but Cisco is part of this elaborate ecosystem of vendors that contribute to the angelic glory that is NSX.
1 3,779 3,780 3,781 3,782 3,783 3,841