Wednesday, February 16, 2011
bloggy hiatus
I'm taking some time off from blogtastic bloggity blogging. Not sure how long. Several weeks at the least.
Sunday, February 13, 2011
What I'm reading this weekend
I've been reading posts from Ethereal Mind, having started out finding a site to the "Network Zen" post on standardization.
Wednesday, February 9, 2011
Random network history and make-up trivia
A chicks-in-tech factoid that amuses me and that a lot of folks don't seem to know is that one of the cofounders of cisco Systems, Sandra Lerner, took the proceeds from sale of her founder's stock and created a venture capital firm that, among other things, funded the creation of Urban Decay cosmetics.
Sunday, February 6, 2011
DHCP snooping
Worried about rogue DHCP servers mucking with your network? DHCP snooping can help. For cisco catalyst switches, these docs might be helpful: understanding and configuring DHCP snooping and configuring DHCP features and IP Source Guard.
Wednesday, February 2, 2011
The abyss gazes also
It's easy to see how your packets are leaving your network, but hard to see what happens to them after that. Differences in routing and preferential traffic shaping mean that your traffic may take a very different route coming back as going out.
One way to get more information about what's happening is with "looking glass" servers. These provide snapshots of routing at various points around on the Internet so you can see what the path to your network looks like from out there.
There are a bunch of them out there, with some lists here and here.
One way to get more information about what's happening is with "looking glass" servers. These provide snapshots of routing at various points around on the Internet so you can see what the path to your network looks like from out there.
There are a bunch of them out there, with some lists here and here.
Sunday, January 30, 2011
Sniffing tools, and camera obscura
This Linux Journal article looks at the linux sniffing tools. It looks at the most common sniffing tool, tcpdump, but also has info on a few tools I wasn't familiar with like p0f, which attempts to do passive OS fingerprinting to see what versions of software are on your net and dsniff, which follows network traffic to look inside traffic like mail, web, etc. if you want to create your own wall of sheep.
And while I'm looking at security and unintended shared content, Schneier's blog has a post about unsecured webcams.
And while I'm looking at security and unintended shared content, Schneier's blog has a post about unsecured webcams.
Wednesday, January 26, 2011
Some useful commands for the Juniper Netscreen CLI
"dbuf" is the debug output buffer. so "get dbuf str" will show you a stream of debug info, if you're doing a debug flow or something like that. If you need a bigger dbuf buffer, though, you can resize it with the command "set dbuf size ". The default is 32K, but you can make it bigger.
"get session" will show you all the sessions the netscreen is currently handling. For more or less detail, you have the following options:
So you can look at a specific session, or all sessions on a given port, or any number of other ways to drill down to the info you actually want.
Not listed in that set of options, however, is "info". "get session info" will give you the summary of session info that is the first two lines of the full 'get session' output. Useful if you just want to get an overview rather than the full firehose of sessions.
"get session" will show you all the sessions the netscreen is currently handling. For more or less detail, you have the following options:
dst-ip destination ip address dst-mac destination mac address dst-port destination port number or range id show sessions with id ike-nat show ike-nat ALG info policy-id policy id protocol protocol number or range rm show sessions for resource management service show sessions with service type src-ip source ip address src-mac source mac address src-port source port number or range tunnel show tunnel sessions vsd-id get vsd-id specified sessions
So you can look at a specific session, or all sessions on a given port, or any number of other ways to drill down to the info you actually want.
Not listed in that set of options, however, is "info". "get session info" will give you the summary of session info that is the first two lines of the full 'get session' output. Useful if you just want to get an overview rather than the full firehose of sessions.
Sunday, January 23, 2011
Speaking of worms...
I made a post the other day about worms without mentioning Stuxnet, which may have hosed the nuclear processing going on in Iran. Current theory is that the worm was a joint US/Israel venture, but there are other theories out there.
There have certainly been other instances of computer worms endangering infrastructure both online and offline:
In 2003, the SQL Slammer worm caused network problems in an Ohio nuclear plant, although there was an analog backup for much of the functionality and furthermore the plant was offline.
There have certainly been other instances of computer worms endangering infrastructure both online and offline:
In 2003, the SQL Slammer worm caused network problems in an Ohio nuclear plant, although there was an analog backup for much of the functionality and furthermore the plant was offline.
Wednesday, January 19, 2011
worms! or, a note on computer security
It's been twenty five years since the release of @Brain, the first PC computer virus.
It wasn't until November of 1988 that the Morris worm[1] ran around the Internet and mucked things up, spurring the creation of CERT.
Trivia: The use of the term "worm" to refer to self-replicating computer worms comes from Brunner's excellent novel "The Shockwave Rider".
[1] When I first encountered the term "RTFM", it was shortly after the worm, and I assumed it meant "Robert T Fucking Morris", which led to a bit of confusion on my part.
It wasn't until November of 1988 that the Morris worm[1] ran around the Internet and mucked things up, spurring the creation of CERT.
Trivia: The use of the term "worm" to refer to self-replicating computer worms comes from Brunner's excellent novel "The Shockwave Rider".
[1] When I first encountered the term "RTFM", it was shortly after the worm, and I assumed it meant "Robert T Fucking Morris", which led to a bit of confusion on my part.
Sunday, January 16, 2011
Wednesday, January 12, 2011
My 802.1x problem
I straightened out the Windows side of my 802.1x issue (previously discussed here), but was still having problems on the switch side of things.
Basically, the switch would request authentication twice. Which is not just weird but wrong. After a bunch of back and forth with the excellent folks at Cisco tech support, I upgraded the code on the catalyst switch and the aberrant behavior stopped.
Serves me right for running 5 or 6 year old code. :)
Basically, the switch would request authentication twice. Which is not just weird but wrong. After a bunch of back and forth with the excellent folks at Cisco tech support, I upgraded the code on the catalyst switch and the aberrant behavior stopped.
Serves me right for running 5 or 6 year old code. :)
Sunday, January 9, 2011
History!
Thanks to metafilter, I found this set of pictures of a data center room from back in the day (late 1960's). It looks like many, if not most, of the computer operators (but not the programmers) were women. Some of that comes from the cultural categorization of that sort of computer operations work as 'clerical'.
I'd like to think that some of it goes back to a number of computer pioneers being women back when "computer" was a job title for a person, not the name of a machine. It looks like the eniacprogammers.org folks are trying to get a documentary made about the women who did the initial programming on the ENIAC, and they're taking donations.
Women keep being part of tech and hacking and history and repeatedly forgotten. Every once in a while there's a spate of stories in media about "OH MY GOD! LOOK! WOMEN NERDS AND WOMEN HACKERS!" And every time, it seems like they're newly discovering it. We're here. We've always been here, and we're *still* here, not just newly arriving. But somehow, we're never quite remembered as having been there.
Back to the present and into the future... The CCC (that's chaos computer club not concourse computer center) is having their conference right now, which led to a wired article I just read about the Haecksen group of women hackers. Yay more women hackers! We're here -- still here, not just newly arrived.
I'd like to think that some of it goes back to a number of computer pioneers being women back when "computer" was a job title for a person, not the name of a machine. It looks like the eniacprogammers.org folks are trying to get a documentary made about the women who did the initial programming on the ENIAC, and they're taking donations.
Women keep being part of tech and hacking and history and repeatedly forgotten. Every once in a while there's a spate of stories in media about "OH MY GOD! LOOK! WOMEN NERDS AND WOMEN HACKERS!" And every time, it seems like they're newly discovering it. We're here. We've always been here, and we're *still* here, not just newly arriving. But somehow, we're never quite remembered as having been there.
Never introduced, they never became a part of history. Forty years later, Kathy Kleiman was told that the women in pictures with ENIAC (1946) were "Refrigerator Ladies," models posed in front of the machine.
Back to the present and into the future... The CCC (that's chaos computer club not concourse computer center) is having their conference right now, which led to a wired article I just read about the Haecksen group of women hackers. Yay more women hackers! We're here -- still here, not just newly arrived.
Wednesday, January 5, 2011
Blocking skype with Cisco's NBAR
ciscotips.wordpress.com has an old post on how to block skype on a Cisco Router. IOS 12.4(4)T and later include a classification for skype, so you can filter and block it using Cisco's Network Based Application Recognition (aka "NBAR")
The Cisco whitepaper on IOS Flexible Packet Matching and this thread in the Cisco support forums are both likely to be helpful.
The Cisco whitepaper on IOS Flexible Packet Matching and this thread in the Cisco support forums are both likely to be helpful.
Subscribe to:
Comments (Atom)
Followers
About Me

- regis
- Regis has worked as a network engineer since 1994 for small companies and for large companies.