When defining network addresses in IEN 19 John Shoch said:
Addresses must, therefore, be meaningful throughout the domain, and must be drawn from some uniform address space.
But what is a domain? Welcome to the address scope discussion ;)
When defining network addresses in IEN 19 John Shoch said:
Addresses must, therefore, be meaningful throughout the domain, and must be drawn from some uniform address space.
But what is a domain? Welcome to the address scope discussion ;)
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The vulnerability is as CVE-2022-26134 and affects Confluence Server version 7.18.0 and all Confluence Data Center versions >= 7.4.0.
No patch is available yet but Cloudflare customers using either WAF or Access are already protected.
Our own Confluence nodes are protected by both WAF and Access, and at the time of writing, we have found no evidence that our Confluence instance was exploited.
Cloudflare reviewed the security advisory, conducted our own analysis, and prepared a WAF mitigation rule via an emergency release. The rule, once tested, was deployed on June 2, 2022, at 23:38 UTC with a default action of BLOCK and the following IDs:
All customers using the Cloudflare WAF to protect their self-hosted Confluence applications have automatically been protected since the new rule was deployed.
Customers who have deployed Cloudflare Access in front of their Confluence applications were protected from external exploitation attempts even before the emergency release. Access verifies every request made to a Confluence application to Continue reading
We all intuitively know the DNS is complex—and becoming more complex over time. Describing just how complex, however, is difficult. Siva Kesava and Ryan Beckett just published a research paper taking on the task of describing DNS complexity, particularly in light of the new DNAME record type. It turns out its complex enough that you can no longer really validate zone files.
In this episode of IPv6 Buzz Ed, Scott, and Tom discuss "IPv4 thinking", what exactly it is, how it can be harmful to your IPv6 migration efforts, and—most importantly—how to avoid it.
The post IPv6 Buzz 102: The Problem With IPv4 Thinking appeared first on Packet Pushers.
Remote Triggered Black Hole Scenario describes how to use the Ixia-c traffic generator to simulate a DDoS flood attack. Ixia-c supports the Open Traffic Generator API that is used in the article to program two traffic flows: the first representing normal user traffic (shown in blue) and the second representing attack traffic (show in red).
The article goes on to demonstrate the use of remotely triggered black hole (RTBH) routing to automatically mitigate the simulated attack. The chart above shows traffic levels during two simulated attacks. The DDoS mitigation controller is disabled during the first attack. Enabling the controller for the second attack causes to attack traffic to be dropped the instant it crosses the threshold.
The diagram shows the Containerlab topology used in the Remote Triggered Black Hole Scenario lab (which can run on a laptop). The Ixia traffic generator's eth1 interface represents the Internet and its eth2 interface represents the Customer Network being attacked. Industry standard sFlow telemetry from the Customer router, ce-router, streams to the DDoS mitigation controller (running an instance of DDoS Protect). When the controller detects a denial of service attack it pushed a control via BGP to the ce-router, Continue reading
Like other kinds of computing, if you put garbage data into a machine learning training run and then pour new data through it, what comes out as the answer is puréed garbage. …
Neural Networks Are Only As Good As The Data They Are Fed was written by Jeffrey Burt at The Next Platform.
For the last few years, Graphcore has primarily been focused on slinging its IPU chips for training and inference systems of varying sizes, but that is changing now as the six-year-old British chip designer is joining the conversation about the convergence of AI and high-performance computing. …
Graphcore Thinks It Can Get An AI Piece Of The HPC Exascale Pie was written by Dylan Martin at The Next Platform.
A brief mention of Broadcom ASIC families in the Networking Hardware/Software Disaggregation in 2022 blog post triggered an interesting discussion of ASIC features and where one should use different ASIC families.
Like so many things in life, ASIC design is all about tradeoffs. Usually you’re faced with a decision to either implement X (whatever X happens to be), or have high-performance product, or have a reasonably-priced product. It’s very hard to get two out of three, and getting all three is beyond Mission Impossible.
A brief mention of Broadcom ASIC families in the Networking Hardware/Software Disaggregation in 2022 blog post triggered an interesting discussion of ASIC features and where one should use different ASIC families.
Like so many things in life, ASIC design is all about tradeoffs. Usually you’re faced with a decision to either implement X (whatever X happens to be), or have high-performance product, or have a reasonably-priced product. It’s very hard to get two out of three, and getting all three is beyond Mission Impossible.
In April 2021 I wrote a post on making Firefox use Private Browsing by default, in which I showed how to modify the GNOME desktop file so that Firefox would open private windows by default without restricting access to normal browsing windows and functionality. I’ve used that technique on all my Fedora-based systems since that time, until just recently. What happened recently, you ask? I switched to the Flatpak version of Firefox. Fortunately, with some minor tweaks, this technique works with the Flatpak version of Firefox as well. In this post, I’ll share with you the changes needed to make the Flatpak version of Firefox also use private browsing by default.
When working with the non-Flatpak version of Firefox, the GNOME desktop file installed with the Firefox package is found at /usr/share/applications. In my earlier article, I suggested editing that file to add the --private-window parameter to the Exec line. Unfortunately, that change gets overwritten every time the Firefox package is updated. It’s better, actually, to use a locally customized desktop file placed in ~/.local/share/applications instead, which will take precedence over the shared desktop file.
With the Flatpak version of Firefox, there is still a shared Continue reading