Beat – An Acoustics Inspired DDoS Attack

Beat - An Acoustics Inspired DDoS Attack
Beat - An Acoustics Inspired DDoS Attack

On the week of Black Friday, Cloudflare automatically detected and mitigated a unique ACK DDoS attack, which we’ve codenamed “Beat”, that targeted a Magic Transit customer. Usually, when attacks make headlines, it’s because of their size. However, in this case, it’s not the size that is unique but the method that appears to have been borrowed from the world of acoustics.

Acoustic inspired attack

As can be seen in the graph below, the attack’s packet rate follows a wave-shaped pattern for over 8 hours. It seems as though the attacker was inspired by an acoustics concept called beat. In acoustics, a beat is a term that is used to describe an interference of two different wave frequencies. It is the superposition of the two waves. When the two waves are nearly 180 degrees out of phase, they create the beating phenomenon. When the two waves merge they amplify the sound and when they are out of sync they cancel one another, creating the beating effect.

Beat - An Acoustics Inspired DDoS Attack
Beat DDoS Attack

Acedemo.org has a nice tool where you can create your own beat wave. As you can see in the screenshot below, the two waves in blue and red are out Continue reading

Feedback: AWS Networking

Deciding to create AWS Networking and Azure Networking webinars wasn’t easy – after all, there’s so much content out there covering all aspects of public cloud services, and a plethora of certification trainings (including free training from AWS).

Having that in mind, it’s so nice to hear from people who found our AWS webinar useful ;)

Even though we are working with these technologies and have the certifications, there are always nuggets of information in these webinars that make it totally worthwhile. A good example in this series was the ingress routing feature updates in AWS.

It can be hard to filter through the noise from cloud providers to get to the new features that actually make a difference to what we are doing. This series does exactly that for me. Brilliant as always.

Other engineers use our webinars to prepare for AWS certifications – read this blog post by Jedadiah Casey for more details.

AWS Networking and Azure Networking webinars are available with Standard ipSpace.net Subscription. For even deeper dive into cloud networking check out our Networking in Public Cloud Deployments online course.

Feedback: AWS Networking

Deciding to create AWS Networking and Azure Networking webinars wasn’t easy – after all, there’s so much content out there covering all aspects of public cloud services, and a plethora of certification trainings (including free training from AWS).

Having that in mind, it’s so nice to hear from people who found our AWS webinar useful ;)

Even though we are working with these technologies and have the certifications, there are always nuggets of information in these webinars that make it totally worthwhile. A good example in this series was the ingress routing feature updates in AWS.

It can be hard to filter through the noise from cloud providers to get to the new features that actually make a difference to what we are doing. This series does exactly that for me. Brilliant as always.

AWS Networking and Azure Networking webinars are available with Standard ipSpace.net Subscription. For even deeper dive into cloud networking check out our Networking in Public Cloud Deployments online course.

IBM Leverages Cloud To Push The Encryption Envelope

The rapid adoption by enterprises of hybrid cloud and multicloud environments along with the rise of the Internet of Things, a much more remote workforce and other trends that have contributed to the increasingly distributed nature of modern IT has put the vast amounts of data that is being generated in a precarious position.

IBM Leverages Cloud To Push The Encryption Envelope was written by Jeffrey Burt at The Next Platform.

Deloitte: 5G to drive edge, open RAN to the forefront in 2021

Edge computing is flagged as a key networking technology for 2021 as well as open radio-access framework, both of which are fundamentally driven forward by mobile data carriers and their rush to deploy 5G, according to Deloitte.The EdgeEdge computing, including compute workloads being handled on or close to endpoints deployed outside the data center, will be among the biggest technological growth areas in 2021. Deloitte predicts that the global market for edge products will rise to $12 billion in 2021, and will continue to grow at a rate of 35% per year thereafter. Close to three-quarters of all businesses, by 2023, will deploy some form of edge computing, the researchers said.To read this article in full, please click here

Navigating Supply-Chain Vulnerabilities with a Zero-Trust Architecture

In light of the SolarWinds breach, we want to help our customers who may have questions on how a Zero Trust Architecture can act as an effective approach to limit the impact of such attacks. VMware has been steadfastly monitoring the evolving situation as we learn more about the supply chain compromise.  

The SolarWinds Compromise 

At this point, the consensus is that organizations with a SolarWinds product that downloaded the SolarWinds-Core-v2019.4.5220-Hotfix5.msp update package should consider themselves breached and start an investigation. In addition, given the extent of the breach, every organization that uses SolarWinds products should be on alert for the possibility of an intrusion.   

Note that the update package was signed on March 24, 2020, which means that the victims of this attacks might have been compromised in late March or early April 2020. Once the attackers successfully compromised the SolarWinds Orion hosts, they may have moved laterally to the hosts monitored by the tool, and possibly beyond those hosts by using additional credentials collected in the exploitation process. Some actions to be taken in order to address this breach are provided by DHS CISA’s Continue reading

On Important Things

I tend to be a very private person; I rarely discuss my “real life” with anyone except a few close friends. I thought it appropriate, though, in this season—both the season of the year and this season in my life—to post something a little more personal.

One thing people often remark about my personality is that I seem to be disturbed by very little in life. No matter what curve ball life might throw my way, I take the hit and turn it around, regain my sense of humor, and press forward into the fray more quickly than many expect. This season, combined with a recent curve ball (one of many—few people would suspect the path my life has taken across these 50+ years), and talking to Brian Keys in a recent episode of the Hedge, have given me reason to examine foundational principles once again.

How do I stay “up” when life throws me a curve ball?

Pragmatically, the worst network outage in the world is not likely to equal the stresses I’ve faced in the military, whether on the flight line or in … “other situations.” Life and death were immediately and obviously present in those times. Continue reading

The Week in Internet News: Google Faces Third U.S. Antitrust Lawsuit

Another game of monopoly: Attorneys general from 38 U.S. states and territories have filed an antitrust lawsuit against Google, just days after 46 states and the U.S. Federal Trade Commission filed antitrust lawsuits against Facebook. The new lawsuit against Google is the third recent antitrust action against the company in recent weeks, CNet says. Ten states previously filed a lawsuit related to Google’s ad auctions, and the U.S. Department of Justice previously filed a lawsuit on Google’s browser deals with smartphone makers. The newest lawsuit targets Google’s search functionality, saying it delivered results that favored its own products over those of competitors.

Order from chaos: Meanwhile, the European Commission is threatening new regulation of big tech firms with rules to aim to “curb the hegemony of dominant multinationals and force them to be more transparent about how content is ranked, advertised and removed,” Euronews reports. Part of the goal is to allow European businesses to “freely and fairly compete online just as they do offline,” said Margrethe Vestager, executive vice president for a Europe Fit for the Digital Age.

The perimeter is breached: Hackers have gotten into the IT systems of several U.S. government agencies and Continue reading

WSL 2 GPU Support is Here

At Microsoft Build in the first half of the year, Microsoft demonstrated some awesome new capabilities and improvements that were coming to Windows Subsystem for Linux 2 including the ability to share the host machine’s GPU with WSL 2 processes. Then in June Craig Loewen from Microsoft announced that developers working on the Windows insider ring machines could now make use of GPU for the Linux workloads. This support for NVIDIA CUDA enabled developers and data scientists to use their local Windows machines for inner-loop development and experimentation. 

Last week, during the Docker Community All Hands, we announced the availability of a developer preview build of Docker Desktop for WSL 2 supporting GPU for our Developer Preview Program. We already have more than 1,000 who have joined us to help test preview builds of Docker Desktop for Windows (and Mac!). If you’re interested in joining the program for future releases you should do it now!

Today we are excited to announce the general preview of Docker Desktop support for GPU with Docker in WSL2. There are over one and a half million users of Docker Desktop for Windows today and we saw in our roadmap how excited you Continue reading

NTC – Damien Garros – Source Of Truth

In this episode, we talk with Damien Garros from Network to Code. Damien works with clients on a daily basis architecting and implementing Source of Truth strategies for network automation solutions.  We spend time talking through how to best approach source of truth, how to solve the age-old problem of populating the source of truth, and talk about several open source projects that can help you on your source of truth journey.

Reference Links:

Damien Garros
Guest
Jason Edelman
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post NTC – Damien Garros – Source Of Truth appeared first on Network Collective.

Configure identity-based policies in Cloudflare Gateway

Configure identity-based policies in Cloudflare Gateway
Configure identity-based policies in Cloudflare Gateway

During Zero Trust Week in October, we released HTTP filtering in Cloudflare Gateway, which expands protection beyond DNS threats to those at the HTTP layer as well. With this feature, Cloudflare WARP proxies all Internet traffic from an enrolled device to a data center in our network. Once there, Cloudflare Gateway enforces organization-wide rules to prevent data loss and protect team members.

However, rules are not one-size-fits-all. Corporate policies can vary between groups or even single users. For example, we heard from customers who want to stop users from uploading files to cloud storage services except for a specific department that works with partners. Beyond filtering, security teams asked for the ability to audit logs on a user-specific basis. If a user account was compromised, they needed to know what happened during that incident.

We’re excited to announce the ability for administrators to create policies based on a user’s identity and correlate that identity to activity in the Gateway HTTP logs. Your team can reuse the same identity provider integration configured in Cloudflare Access and start building policies tailored to your organization today.

Fine-grained rule enforcement

Until today, organizations could protect their users' Internet-bound traffic by configuring DNS and HTTP Continue reading

How Ansible Configuration Parsing Made Me Pull My Hair Out

Yesterday I wrote a frustrated tweet after wasting an hour trying to figure out why a combination of OSPF and IS-IS routing worked on Cisco IOS but not on Nexus OS. Having to wait for a minute (after Vagrant told me SSH on Nexus 9300v was ready) for NX-OS to “boot” its Ethernet module did’t improve my mood either, and the inconsistencies in NX-OS interface naming (Ethernet1/1 is uppercase while loopback0 and mgmt0 are lowercase) were just the cherry on top of the pile of ****. Anyway, here’s what I wrote:

Can’t tell you how much I hate Ansible’s lame attempts to do idempotent device configuration changes. Wasted an hour trying to figure out what’s wrong with my Nexus OS config… only to find out that “interface X” cannot appear twice in the configuration you want to push.

Not unexpectedly, I got a few (polite and diplomatic) replies from engineers who felt addressed by that tweet, and less enthusiastic response from the product manager (no surprise there), so it’s only fair to document exactly what made me so angry.

Update 2020-12-23: In the meantime, Ganesh Nalawade already implemented a fix that solves my problem. Thanks you, awesome job!

Continue reading

How Ansible Configuration Parsing Made Me Pull My Hair Out

Yesterday I wrote a frustrated tweet after wasting an hour trying to figure out why a combination of OSPF and IS-IS routing worked on Cisco IOS but not on Nexus OS. Having to wait for a minute (after Vagrant told me SSH on Nexus 9300v was ready) for NX-OS to “boot” its Ethernet module did’t improve my mood either, and the inconsistencies in NX-OS interface naming (Ethernet1/1 is uppercase while loopback0 and mgmt0 are lowercase) were just the cherry on top of the pile of ****. Anyway, here’s what I wrote:

Can’t tell you how much I hate Ansible’s lame attempts to do idempotent device configuration changes. Wasted an hour trying to figure out what’s wrong with my Nexus OS config… only to find out that “interface X” cannot appear twice in the configuration you want to push.

Not unexpectedly, I got a few (polite and diplomatic) replies from engineers who felt addressed by that tweet, so it’s only fair to document exactly what made me so angry.

Read more …

Goodbye 2020… and never come back!

As we approach the end of the year, we can finally say goodbye to 2020. Goodbye 2020… and never come back! But, it is also time to look back at 2020 and try to see what the year 2021 promises us. So, in 2020…   COVID-19! The first thing that comes to mind when we talk about this year, and I think this will be the case for a long time, is the COVID-19! Who could have foreseen at the beginning of January that the entire world would be masked…

The post Goodbye 2020… and never come back! appeared first on AboutNetworks.net.

1 816 817 818 819 820 3,834