Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - deanwebb

#941
Forum Lobby / If the CLI had attitude...
July 02, 2015, 12:25:02 PM
Inspired by discussions of Turing tests in another thread... what if the gear we work on was capable of expressing human sarcasm, complaining, and frustration?

Router# sh run

What, you have no clue what you're looking for?

Router# sh run

Seriously, are you just hunting for errors?

Router# sh run

Look, how about you get some stats? I bet that will tell you what the problem is.

Router# sh run

At least use a pipe command, I've got a huge running-config, I'd really rather not go through the whole thing.

Router# sh run

You obviously have no clue, I'm afraid I'll have to take matters into my own hand

Router>
Router>
Router>
Router> conf t

I don't think so. Log off and let someone with a clue have a go at things.

Router> enable

Just walk away. Do it now, and I won't warn the other gear about you.

Router>
#944
Security / The Myth of Efficiency
June 23, 2015, 11:49:09 AM
I don't always link from my blog, but I felt a need to write about security, so I'll link it now...

http://zzzptm.com/wordpress/?p=1889

Executive summary:

DEVELOPERS!!! GAAAH!!!  :developers:
#945
Security / TCP Vulnerability in Embedded OS
June 23, 2015, 10:22:08 AM
https://threatpost.com/tcp-vulnerability-haunts-wind-river-vxworks-embedded-os/113429

"The VxWorks software generates predictable TCP initial sequence numbers that may allow an attacker to predict the TCP initial sequence numbers from previous values, which may allow an attacker to spoof or disrupt TCP connections," the ICS-CERT advisory says.

The systems in question are industrial control systems.
#946
Security / Localhosed
June 23, 2015, 09:04:38 AM
http://www.securitygalore.com/site3/localhosed

MSFT has said it will not patch for this: upgrade to Win 10, which won't use IE.
#947
Forum Lobby / The Internet of Robocalling Things
June 22, 2015, 09:21:15 AM
http://www.scmagazine.com/federal-communications-commission-clarifies-telephone-consumer-protection-act/article/421804/

So imagine a data breach that then makes a robocall to all customers to say that everything is fine with their account, no need to worry...

:steamtroll:
#948
Forum Lobby / Movie Recommendation
June 21, 2015, 07:39:48 AM
It's not religion or politics, so none of those minefields...  C:-)

Just saw "Inside Out" with the family. It is an absolutely delightful coming-of-age film that gets its science pretty much 100% right. It was amazing to watch a movie and, as stuff happened, check off all the boxes in the "good science" column and none in the "bad". It has everything: neural pathways getting torn down, id, ego, Piagetian development, the works. The science makes the story, drives the story, and even resolves the story. Great voice work by Amy Poehler as the lead, and Lewis Black is perfect as "Anger".

Thematically, there is some powerful storytelling that one doesn't see too often in Hollywood. It's a kid-friendly film, but it's not a film made just for kids. Specifically, there are no fart jokes, which seem to be the go-to for every other kid's film these days. The film deals with very real emotions, as well as ideas of sacrifice, maturity, and what it means to have a bad day.

The fact that the main cast reflected perfectly my current project team made all the more memorable to me. I kid you not, those five emotions are running my project.  ;D Three of our team even look like their characters. Total hilarity for me.

Pixar totally hit it out of the ballpark with this one. I can't wait to see it again.
#949
http://blog.fibermountain.com/blog/fiber-mountain-and-facebook-fabric-networks-similarities-and-differences

One thing's for sure, if something is cheaper to do and pretty much as effective as a costlier alternative, the cheaper thing will be done.
#950
I have three virtual network appliances in one of our data centers. I had two virtual NICs set up for each one. QIP had a MAC address and a corresponding IP address that could be reserved for each virtual NIC. So, I had 10.0.0.1 through .6 set aside and assigned to my virtual network appliances. (IP addresses changed to protect my firm's internal addressing scheme)

That was two months ago.

Today, I tried to SSH to one of the devices and got some really funky intermittent connectivity. I mention this to a manager who tells me that he'll look into the issue after he resolves another issue in the data center... well, it turns out that the issues are connected.

See, we changed staffing partners for our VM environment a month and a half ago, and apparently those guys didn't pay full attention to the whole "Don't assign MAC addresses and IP addresses that have already been assigned" instruction. We weren't using the second IP address on those devices as yet, so those all got assigned to Windows Server VMs. But the main address for the device I was trying to connect to, 10.0.0.5, was assigned to another Windows Server VM. That box had the same MAC address, as well.

:developers:

So, tomorrow, I get to get on the phone and holler at the guys responsible for stealing my four IP addresses. I got there first, I have to have the addresses be consecutive, so those four servers have to get new IP addresses. Too bad so sad.

... unless those are mission-critical windows servers that can't easily change their IP addresses. Then the secondary IP addresses will be lost and the primary address on the third appliance will be my last-ditch stand.
#951
https://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237

https://threatpost.com/duqu-2-0-attackers-used-stolen-foxconn-certificate-to-sign-driver/113315

Some key infos:
1. Duqu 2.0 hangs out in memory and is capable of being persistent even without normal persistence mechanisms (IE, file on the hard drive)
2. Code most likely originates from a nation state. Although the articles above won't name names, other sources indicate the nation state in question may be one where Hebrew is an official language.
3. It uses breaches in Microsoft Windows to elevate privileges. The patch for the first breach was issued in November 2014. The most recent breach was patched in early June 2015. Be sure your boxes are patched up!
4. Because the code resides in memory and lacks a typical malware persistence feature, it's very hard to detect.
5. Persistence after reboot is maintained by a few devices that will provide communication tunnels for attackers. Attackers can use credentials picked up in #3 to redeploy Duqu as needed.
6. Duqu uses a stolen cert from Apple manufacturing partner Foxconn to sign its drivers. The Duqu team is using multiple Foxconn certs to sign different drivers, just in case one cert gets ganked.

Kaspersky says:

"Finally, it's interesting that the Duqu attackers are also careful enough not to use same digital certificate twice. This is something we have seen with Duqu from both 2011 and 2015. If that's true, then it means that the attackers might have enough alternative stolen digital certificates from other manufacturers that are ready to be used during the next targeted attack. This would be extremely alarming because it effectively undermines trust in digital certificates."

Yes, it is extremely alarming.

:steamtroll:
#952
Security / NAC PROTIP
June 15, 2015, 12:34:04 PM
When you put a VTY ACL on all the routers and switches in an environment, always be sure to include the IP addresses of the NAC appliances in that ACL.

The R&S boys did a great job of locking out all the NAC appliances over the weekend. If we were in enforcement mode, we'd be having "issues" right about now.

:developers:
#953
https://threatpost.com/cisco-patches-ipv6-vulnerability-in-carrier-grade-router-system/113295

Affects versions before 4.2.1. Vulnerability can result in reloading of the line card, causing a DOS.
#954
 :problem?:

Yay I have the on-call phone and I can confirm that the phone works just fine, even at 4AM...

:glitch:
#955
http://shadow-file.blogspot.com/2015/06/abandoned-intermission.html

How to have way too much fun with zombie code in a Netgear R6200 wireless router.

:matrix:
#956
http://thebulletin.org/cyberwarfare-ethics-or-how-facebook-could-accidentally-make-its-engineers-targets7404

SUMMARY: If your company's infrastructure or servers are used as part of a cyberattack, even unknowingly, the Geneva Convention permits the target of the attack to rain hell down on your head. You became an "unlawful combatant" at that point, or perhaps a "civilian directly participating in hostilities".

:wtf:

That's right. In IT, we have danger for breakfast, peril for lunch, and extreme hazard for dinner.
#957
Currently, my experience is with BT. Our primary WAN link is dropping about 40%+ of its packets, and we didn't switch over to the secondary link. We had to call *them* to tell them of our service degradation, even though we have some pretty high-level support we're paying for that's supposed to alert us of issues.

I'm actually getting better Internet on the guest wireless network than on the corporate one. Lolz.

Current opinion of BT:  :developers:

My WAN manager, however, feels more like:
:rage:

What are your WAN vendor experiences like?
#958
Forum Lobby / Toys Can Hack Garage Doors
June 04, 2015, 10:02:52 AM
https://threatpost.com/using-a-toy-to-open-a-fixed-code-garage-door-in-10-seconds/113146

:problem?:

Thankfully, I have a carport, so I don't keep anything valuable near my car, other than my other car.
#959
Wireless / "Don't Use Our DCHP in Production"
June 04, 2015, 09:53:32 AM
"Don't Use Our DCHP in Production" - Cisco rep to our Wireless guy, in regards to the WLC we're using for our guest wireless network.

:zomgwtfbbq:

Apparently, that DHCP in the WLC is not RFC compliant.  :eek:

Fortunately, we have another solution to use, but there goes the easy one of just letting the WLC hand out IP addresses. It'll now relay DHCP back to our IP system, but we'll have to take an outage to make the switcheroo.
#960
Forum Lobby / The Internet of Nuclear Things
June 03, 2015, 10:01:07 AM
http://www.un.org/apps/news/story.asp?NewsID=51018#.VW3vws9VhBf

I know it's not what John Chambers wants us to think about in his glorious "Internet of Everything!" vision, but this is the reality that we face. Even if we say that US, Russian, French, British, Israeli, and Chinese nuclear facilities and weapons are at the tip-top level of security with no worries possible or imaginable, could we really say the same things with the same level of confidence (and truth) for Indian, Pakistani, and North Korean facilities and weapons? And while they may have the best security in the nation, how well does that security stack up against what is needed to keep those things truly secure?

Then there is the matter of nuclear facilities in the rest of the world. http://en.wikipedia.org/wiki/Nuclear_power_by_country

Some nations that make me raise an eyebrow... Ukraine, Bulgaria, Armenia, Spain, Romania, Mexico, Argentina, Brazil, and Iran. These are places that are not famous for their attention to detail in matters of industrial safety. Without a dot every i and cross every t mentality, nuclear safety simply doesn't exist. Even normally fastidious Japan had massive errors in how it ran Fukushima, so who's to say that the famously easy-going Brazilians are doing the Japanese one better in this regard?  :eek: