1. The document discusses how the assumption of scarcity is built into many current security models and products but may not apply in an internet with abundant resources;
2. It notes that a post-scarcity internet will require new trust models for both clients and servers as current infrastructure changes;
3. The document outlines several changes required for IPv6 including new protocols, packet formats, and address configuration methods that could introduce new vulnerabilities.
The document describes the Simple Mail Transfer Protocol (SMTP) which is used for sending and receiving email. It outlines the key components of SMTP including Mail Transfer Agents (MTAs), Mail Delivery Agents (MDAs), and the core SMTP commands used to send mail such as HELO, MAIL FROM, RCPT TO, and DATA. It also provides examples of using the telnet command line tool to interact with an SMTP server and send a basic email.
This document discusses visualizing logfiles using graphs. It begins with an introduction on how graphs can help detect both expected and unexpected events while reducing analysis and response times. It then covers graphing basics like how to generate a graph by parsing a logfile and normalizing the data. Different types of visual graphs are presented, including link graphs and tree maps. Link graph configurations using different node types like source IP, name, destination IP are demonstrated. Tree maps can organize data hierarchically by protocol and service to visualize network traffic proportions.
Over 91% percent malware uses DNS(As Cisco 2016 Annual Cyber security report).Nearly all the cryptominer stuffs uses DNS based C&C(As Cisco 2016 Annual Cyber security report)
RPZ allows a recursive server to control the behavior of responses to queries.Administrator to overlay custom information on
top of the global DNS to provide alternate responses to queries.
RPZ data is supplied as a DNS zone, and can be
loaded from a file or retrieved over the network by AXFR/IXFR.It works like firewall on cloud.DNS RPZ will block DNS resolution, machines connecting to the C&C via IP add
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
The document discusses IPv6 first hop security features like DHCP snooping and dynamic ARP inspection for IPv6. It provides an overview of the security issues with IPv6 neighbor discovery such as router advertisements being sent without authentication, allowing for man-in-the-middle attacks and denial of service. It then describes various IPv6 first hop security features that can help mitigate these issues, such as RA guard, DHCP guard, and IPv6 neighbor discovery inspection.
This document provides an overview of IPv6 including its history, addressing formats, integration strategies with IPv4, application development considerations, and troubleshooting tips. IPv6 was developed to address the limited address space of IPv4 and enable new features. It uses a 128-bit address space compared to 32-bits in IPv4. Popular transition technologies like dual-stack, 6to4 tunnels, and Teredo tunnels are discussed for integrating IPv6 into existing IPv4 networks. Application developers need to support both address families using new socket functions and data structures.
This document discusses IPv6 deployment in cellular networks. It notes the need to support IPv6 due to IPv4 address exhaustion and increasing number of devices and addresses per device. Dual-stack is presented as the best solution, but alternatives like IPv6-only with NAT64 are also discussed. NAT64 allows IPv6-only clients to access IPv4 content by translating IPv6 to IPv4, though it has limitations. 464XLAT provides a more robust transition technology that works better with applications using literal IPv4 addresses. The document reviews performance and deployment considerations for various IPv6 transition technologies in cellular networks.
Things I wish I had known about IPv6 before I startedFaelix Ltd
The document discusses things the author wishes they had known about IPv6 before starting to implement it for their small provider network. It covers IPv6 justification in terms of IPv4 address scarcity and rising costs, advice on IPv6 addressing plans and transition technologies, and gotchas like IPv6 neighbor discovery exhaustion issues. The author advocates for embracing IPv6 to avoid expensive IPv4 solutions and make the most of the large IPv6 allocations provided.
This presentation covers routing security at the Internet Scale in detail with a focus on IRR. It talks about how IRRs work, the challenges in IRR based filtering as well as some of the tools which can be used. It also touches RPKI as well as developments IRR-RPKI integration in the next version of IRR daemon.
The document describes the Simple Mail Transfer Protocol (SMTP) which is used for sending and receiving email. It outlines the key components of SMTP including Mail Transfer Agents (MTAs), Mail Delivery Agents (MDAs), and the core SMTP commands used to send mail such as HELO, MAIL FROM, RCPT TO, and DATA. It also provides examples of using the telnet command line tool to interact with an SMTP server and send a basic email.
This document discusses visualizing logfiles using graphs. It begins with an introduction on how graphs can help detect both expected and unexpected events while reducing analysis and response times. It then covers graphing basics like how to generate a graph by parsing a logfile and normalizing the data. Different types of visual graphs are presented, including link graphs and tree maps. Link graph configurations using different node types like source IP, name, destination IP are demonstrated. Tree maps can organize data hierarchically by protocol and service to visualize network traffic proportions.
Over 91% percent malware uses DNS(As Cisco 2016 Annual Cyber security report).Nearly all the cryptominer stuffs uses DNS based C&C(As Cisco 2016 Annual Cyber security report)
RPZ allows a recursive server to control the behavior of responses to queries.Administrator to overlay custom information on
top of the global DNS to provide alternate responses to queries.
RPZ data is supplied as a DNS zone, and can be
loaded from a file or retrieved over the network by AXFR/IXFR.It works like firewall on cloud.DNS RPZ will block DNS resolution, machines connecting to the C&C via IP add
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
The document discusses IPv6 first hop security features like DHCP snooping and dynamic ARP inspection for IPv6. It provides an overview of the security issues with IPv6 neighbor discovery such as router advertisements being sent without authentication, allowing for man-in-the-middle attacks and denial of service. It then describes various IPv6 first hop security features that can help mitigate these issues, such as RA guard, DHCP guard, and IPv6 neighbor discovery inspection.
This document provides an overview of IPv6 including its history, addressing formats, integration strategies with IPv4, application development considerations, and troubleshooting tips. IPv6 was developed to address the limited address space of IPv4 and enable new features. It uses a 128-bit address space compared to 32-bits in IPv4. Popular transition technologies like dual-stack, 6to4 tunnels, and Teredo tunnels are discussed for integrating IPv6 into existing IPv4 networks. Application developers need to support both address families using new socket functions and data structures.
This document discusses IPv6 deployment in cellular networks. It notes the need to support IPv6 due to IPv4 address exhaustion and increasing number of devices and addresses per device. Dual-stack is presented as the best solution, but alternatives like IPv6-only with NAT64 are also discussed. NAT64 allows IPv6-only clients to access IPv4 content by translating IPv6 to IPv4, though it has limitations. 464XLAT provides a more robust transition technology that works better with applications using literal IPv4 addresses. The document reviews performance and deployment considerations for various IPv6 transition technologies in cellular networks.
Things I wish I had known about IPv6 before I startedFaelix Ltd
The document discusses things the author wishes they had known about IPv6 before starting to implement it for their small provider network. It covers IPv6 justification in terms of IPv4 address scarcity and rising costs, advice on IPv6 addressing plans and transition technologies, and gotchas like IPv6 neighbor discovery exhaustion issues. The author advocates for embracing IPv6 to avoid expensive IPv4 solutions and make the most of the large IPv6 allocations provided.
This presentation covers routing security at the Internet Scale in detail with a focus on IRR. It talks about how IRRs work, the challenges in IRR based filtering as well as some of the tools which can be used. It also touches RPKI as well as developments IRR-RPKI integration in the next version of IRR daemon.
The document provides an overview of 6RD (IPv6 Rapid Deployment), describing how it was developed from 6to4 to allow ISPs to deliver IPv6 connectivity to customers over their existing IPv4 networks using a stateless encapsulation method, and details the key components and configuration parameters needed for implementing 6RD including the 6RD prefix, IPv4 common bits, and border relay address.
This document discusses next-generation sequencing (NGS) techniques and data relevant for metagenomics analyses. It provides an overview of how 454 and Illumina sequencing platforms work, the type of data generated, including read length and throughput. It also discusses quality control measures like assessing quality scores, filtering low quality reads and removing duplicates. The document demonstrates tools for quality control like Prinseq and FastQC, and filtering techniques including removing adapters and trimming low quality bases.
The document discusses IPv6 and the transition from IPv4 to IPv6. It provides details about:
- The author who manages the IIT Kanpur campus network and internet services.
- Reasons for adopting IPv6 like shortage of IPv4 addresses and new features in IPv6.
- Elements of IPv6 including the 128-bit address format, address types and scopes, stateless and stateful address autoconfiguration, routing, and neighbor discovery.
- Transition mechanisms from IPv4 to IPv6 like dual stack, tunnels, and translation.
- Current status of IPv6 deployment and recommended steps for migration including checking IPv6 compliance and planning IPv6 addressing.
This document summarizes Natasha Rooney's presentation on QUIC and the evolution of HTTP. Some key points include:
- QUIC aims to improve performance over TCP by eliminating head-of-line blocking and reducing latency through 0-RTT connections.
- It achieves this by multiplexing streams over a UDP connection and integrating TLS 1.3 for encryption to provide security.
- Early results show QUIC reducing page load times by 15-18% for video and 3.6-8% for search queries on Google's services.
- As QUIC becomes more widely adopted, it may continue to improve performance for a "long tail" of users on slower or more unreliable networks.
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet
The document contains configuration for a network device using Puppet automation. It configures items like logging, SNMP, NTP, routing, interfaces, and BGP to standardize the configuration for improved operations agility, service velocity, and configuration consistency across devices. Variables are used throughout to parameterize settings like hostnames, IP addresses, and credentials.
This document discusses using visual approaches to analyze security event data. It introduces the concept of generating graphs from log or event data to more easily identify patterns and relationships compared to raw text. Specific visualization types that the AfterGlow security event visualization tool supports are event graphs and treemaps. Event graphs show relationships between nodes, while treemaps display a hierarchical view of event data. The document argues that visual analysis can improve situational awareness, incident response, and forensic investigations compared to only examining text logs.
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
Netconf can be used for automating peering configuration by programmatically generating and pushing XML configuration templates. This avoids manual configuration which is prone to human error. Basic scripts can pull peer details from sources like PeeringDB and generate configuration for groups like BGP neighbors, then use Netconf handlers to validate and push the changes. More advanced automation could integrate peering workflow and status monitoring. Netconf provides an API to generate validated configuration at scale for peering automation compared to traditional manual methods.
The document discusses visual log analysis using graphs. It begins with an introduction to the speaker and covers graphing basics such as how to generate graphs from log files by processing them with a parser and visualizer. Different types of graphs are demonstrated, including link graphs with various node configurations and tree maps that can organize data by protocol or protocol and service. The presentation also promotes the open source tool AfterGlow for generating these visualizations.
This document summarizes Evans Ye's presentation on using Apache HBase to search network traffic logs. It describes the problem of searching large netflow logs, an initial solution design using HBase, and lessons learned. Performance testing showed the initial design did not scale to their needs. The solution was improved by changing the HBase row keys and using filters to better query the data and meet requirements. Flume was used to ingest netflow logs into HBase.
PLNOG 8: Nicolai van der Smagt - IPv6: Transition mechanisms PROIDEA
This document discusses IPv6 transition mechanisms. It describes the drivers for IPv6 adoption due to IPv4 address exhaustion and growing demand. It then covers some of the challenges of migration, including updating systems like DNS servers, billing, security, and support systems. It also outlines some transition technologies like dual stack, 6RD tunneling, DS-Lite, and NAT64. Specifically, it discusses using NAT444/LSN to mitigate IPv4 exhaustion in the short term but notes the challenges it poses for applications and user control. It provides a Junos configuration example of NAT444 LSN topology and configuration.
Handy Networking Tools and How to Use ThemSneha Inguva
Linux networking tools can be used to analyze network connectivity and performance. Tools like ifconfig show interface configurations, route displays routing tables, arp shows the ARP cache, dig/nslookup resolve DNS, and traceroute traces the network path. Nmap scans for open ports, ping checks latency, and tcpdump captures traffic. Iperf3 and wrk2 can load test throughput and capacity, while tcpreplay replays captured traffic. These CLI tools provide essential network information and testing capabilities from the command line.
This slide is presented in Dec., 2013 as part of Triangle OpenStack meet up sponsored by Cisco System in Raleigh-Durham area, North Carolina.
We did proof of concept back in June, 2013 to evaluate IPv6 readiness of OpenStack as the initial step to make IPv6 and Cloud work together seamlessly.
After 6-week of intensive efforts, we enabled OpenStack Grizzly release over IPv6. Later on, we also successfully launched dual-stack VM in Havana release. This slide summarized what problems we tried to tackle and how we resolved them. The presentation is based on the whitepaper we published at:
http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf.
The ideas captured in this slide will be leveraged by OpenStack Neutron IPv6 sub team to fulfill mid-term goals suggested by Neutron IPv6 roadmap. The target release is IceHouse in April, 2014.
We will publish more white papers and slides when we reach next milestone. Stay tuned!
This document summarizes a large European service provider's plans for deploying IPv6 across its various networks, including residential, L3 MPLS VPN, and public networks. It discusses challenges around operating multivendor networks with interdependent services. The service provider is taking a dual-stack approach, initially exposing only external-facing services to IPv6. Configuration details are provided for residential broadband network elements like Juniper E320/ERX routers, covering topics like interfaces, routing, subscriber addressing, DNS servers, accounting, and LNS configuration. The goal is a transparent rollout that maintains existing IPv4 customer experiences while introducing IPv6 connectivity.
Network Interview Questions documents common networking concepts and protocols. It defines networking as interconnecting computers, describes bandwidth as the maximum data transfer rate of a connection, and VLAN as a logical grouping of ports on a switch. It also summarizes protocols like CIDR for IP address allocation, VLSM for subnetting, unicast for one-to-one transmission, multicast for one-to-many, and broadcast for one-to-all transmission. Key networking protocols like CDP, SNMP, OSPF, RIP, BGP, and PPPoE are also outlined.
Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we discussed the use cases we had tried to cover, the architectural design we had proposed and the solution being implemented. A demo was provided by the end of the session to showcase the IPv6 connectivity between a dual-stack VM and its default gateway using recently released OpenStack Icehouse.
This slide, "OpenStack Icehouse on IPv6", was presented on April 24 in Triangle OpenStack Meetups sponsored by Cisco System in Raleigh-Durham area, NC, USA.
We will periodically publish more slides to share our key findings or key learnings from other stackers or our customers with respect to OpenStack and IPv6.
Stay tuned!
Shixiong
This document summarizes key topics related to IPv6 and routing in IP networks. It discusses IPv6 addressing architecture, including unicast addresses, link-local addresses, and multicast addresses. It also covers IPv6 packet format, extension headers, fragmentation, and ICMPv6. The document then discusses routing within IP networks, including IPv6 subnets, routing organization with autonomous systems, and interdomain routing protocols.
IPv4 addresses are 32 bits in length. The host portion of an IP address identifies a specific device on a network. Given a host with the IP address 172.32.65.13 and a default subnet mask, the host belongs to network 172.32.0.0. The default subnet mask 255.0.0.0 provides the most host bits. Private IP addresses include 10.1.1.1, 172.16.4.4, and 192.168.5.5.
This document provides a 3 sentence summary of the installation and configuration guide for TekTape version 2.0:
TekTape is an audio recorder and call detail records generator that runs on Windows and is used to monitor and record SIP calls, with features like real-time call monitoring, recording, CDR generation, and a web-based interface for configuration and management. The guide provides instructions on installing TekTape, configuring settings like packet filtering, audio capturing and TLS decoding, and managing recorded calls, active sessions, and system logs through the web interface. Packet filters use a declarative syntax to select packets for capture based on attributes like source/destination, protocol, port and length.
The latest emerging tools and frameworks allow us to write applications (and test them!) much more productively than ever before. This talk explores that concept through a whirlwind tour of numerous advanced testing techniques. A significant emphasis will be on the use of testing DSLs and the use of advanced scripting aproaches using the Groovy programming language (though the principals apply equally well with numerous recent innovative languages).
The Next Generation MOP, Jochen Theodorou, GR8Conf 2013 GR8Conf
The document discusses proposed changes to Groovy's Meta Object Protocol (MOP). It notes that the current MOP has many inconsistencies, makes optimizations difficult, and has an API that is difficult to extend and modify. The author proposes simplifying the MOP by having a single entry point for method calls, making metaclasses immutable to improve threading, and using realms to isolate classes from unintended metaclass changes. Realms would allow classes to control which metaclass changes are visible to them. The changes aim to address issues, improve optimizations, and make the MOP more consistent and flexible.
The document provides an overview of 6RD (IPv6 Rapid Deployment), describing how it was developed from 6to4 to allow ISPs to deliver IPv6 connectivity to customers over their existing IPv4 networks using a stateless encapsulation method, and details the key components and configuration parameters needed for implementing 6RD including the 6RD prefix, IPv4 common bits, and border relay address.
This document discusses next-generation sequencing (NGS) techniques and data relevant for metagenomics analyses. It provides an overview of how 454 and Illumina sequencing platforms work, the type of data generated, including read length and throughput. It also discusses quality control measures like assessing quality scores, filtering low quality reads and removing duplicates. The document demonstrates tools for quality control like Prinseq and FastQC, and filtering techniques including removing adapters and trimming low quality bases.
The document discusses IPv6 and the transition from IPv4 to IPv6. It provides details about:
- The author who manages the IIT Kanpur campus network and internet services.
- Reasons for adopting IPv6 like shortage of IPv4 addresses and new features in IPv6.
- Elements of IPv6 including the 128-bit address format, address types and scopes, stateless and stateful address autoconfiguration, routing, and neighbor discovery.
- Transition mechanisms from IPv4 to IPv6 like dual stack, tunnels, and translation.
- Current status of IPv6 deployment and recommended steps for migration including checking IPv6 compliance and planning IPv6 addressing.
This document summarizes Natasha Rooney's presentation on QUIC and the evolution of HTTP. Some key points include:
- QUIC aims to improve performance over TCP by eliminating head-of-line blocking and reducing latency through 0-RTT connections.
- It achieves this by multiplexing streams over a UDP connection and integrating TLS 1.3 for encryption to provide security.
- Early results show QUIC reducing page load times by 15-18% for video and 3.6-8% for search queries on Google's services.
- As QUIC becomes more widely adopted, it may continue to improve performance for a "long tail" of users on slower or more unreliable networks.
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet
The document contains configuration for a network device using Puppet automation. It configures items like logging, SNMP, NTP, routing, interfaces, and BGP to standardize the configuration for improved operations agility, service velocity, and configuration consistency across devices. Variables are used throughout to parameterize settings like hostnames, IP addresses, and credentials.
This document discusses using visual approaches to analyze security event data. It introduces the concept of generating graphs from log or event data to more easily identify patterns and relationships compared to raw text. Specific visualization types that the AfterGlow security event visualization tool supports are event graphs and treemaps. Event graphs show relationships between nodes, while treemaps display a hierarchical view of event data. The document argues that visual analysis can improve situational awareness, incident response, and forensic investigations compared to only examining text logs.
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
Netconf can be used for automating peering configuration by programmatically generating and pushing XML configuration templates. This avoids manual configuration which is prone to human error. Basic scripts can pull peer details from sources like PeeringDB and generate configuration for groups like BGP neighbors, then use Netconf handlers to validate and push the changes. More advanced automation could integrate peering workflow and status monitoring. Netconf provides an API to generate validated configuration at scale for peering automation compared to traditional manual methods.
The document discusses visual log analysis using graphs. It begins with an introduction to the speaker and covers graphing basics such as how to generate graphs from log files by processing them with a parser and visualizer. Different types of graphs are demonstrated, including link graphs with various node configurations and tree maps that can organize data by protocol or protocol and service. The presentation also promotes the open source tool AfterGlow for generating these visualizations.
This document summarizes Evans Ye's presentation on using Apache HBase to search network traffic logs. It describes the problem of searching large netflow logs, an initial solution design using HBase, and lessons learned. Performance testing showed the initial design did not scale to their needs. The solution was improved by changing the HBase row keys and using filters to better query the data and meet requirements. Flume was used to ingest netflow logs into HBase.
PLNOG 8: Nicolai van der Smagt - IPv6: Transition mechanisms PROIDEA
This document discusses IPv6 transition mechanisms. It describes the drivers for IPv6 adoption due to IPv4 address exhaustion and growing demand. It then covers some of the challenges of migration, including updating systems like DNS servers, billing, security, and support systems. It also outlines some transition technologies like dual stack, 6RD tunneling, DS-Lite, and NAT64. Specifically, it discusses using NAT444/LSN to mitigate IPv4 exhaustion in the short term but notes the challenges it poses for applications and user control. It provides a Junos configuration example of NAT444 LSN topology and configuration.
Handy Networking Tools and How to Use ThemSneha Inguva
Linux networking tools can be used to analyze network connectivity and performance. Tools like ifconfig show interface configurations, route displays routing tables, arp shows the ARP cache, dig/nslookup resolve DNS, and traceroute traces the network path. Nmap scans for open ports, ping checks latency, and tcpdump captures traffic. Iperf3 and wrk2 can load test throughput and capacity, while tcpreplay replays captured traffic. These CLI tools provide essential network information and testing capabilities from the command line.
This slide is presented in Dec., 2013 as part of Triangle OpenStack meet up sponsored by Cisco System in Raleigh-Durham area, North Carolina.
We did proof of concept back in June, 2013 to evaluate IPv6 readiness of OpenStack as the initial step to make IPv6 and Cloud work together seamlessly.
After 6-week of intensive efforts, we enabled OpenStack Grizzly release over IPv6. Later on, we also successfully launched dual-stack VM in Havana release. This slide summarized what problems we tried to tackle and how we resolved them. The presentation is based on the whitepaper we published at:
http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf.
The ideas captured in this slide will be leveraged by OpenStack Neutron IPv6 sub team to fulfill mid-term goals suggested by Neutron IPv6 roadmap. The target release is IceHouse in April, 2014.
We will publish more white papers and slides when we reach next milestone. Stay tuned!
This document summarizes a large European service provider's plans for deploying IPv6 across its various networks, including residential, L3 MPLS VPN, and public networks. It discusses challenges around operating multivendor networks with interdependent services. The service provider is taking a dual-stack approach, initially exposing only external-facing services to IPv6. Configuration details are provided for residential broadband network elements like Juniper E320/ERX routers, covering topics like interfaces, routing, subscriber addressing, DNS servers, accounting, and LNS configuration. The goal is a transparent rollout that maintains existing IPv4 customer experiences while introducing IPv6 connectivity.
Network Interview Questions documents common networking concepts and protocols. It defines networking as interconnecting computers, describes bandwidth as the maximum data transfer rate of a connection, and VLAN as a logical grouping of ports on a switch. It also summarizes protocols like CIDR for IP address allocation, VLSM for subnetting, unicast for one-to-one transmission, multicast for one-to-many, and broadcast for one-to-all transmission. Key networking protocols like CDP, SNMP, OSPF, RIP, BGP, and PPPoE are also outlined.
Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we discussed the use cases we had tried to cover, the architectural design we had proposed and the solution being implemented. A demo was provided by the end of the session to showcase the IPv6 connectivity between a dual-stack VM and its default gateway using recently released OpenStack Icehouse.
This slide, "OpenStack Icehouse on IPv6", was presented on April 24 in Triangle OpenStack Meetups sponsored by Cisco System in Raleigh-Durham area, NC, USA.
We will periodically publish more slides to share our key findings or key learnings from other stackers or our customers with respect to OpenStack and IPv6.
Stay tuned!
Shixiong
This document summarizes key topics related to IPv6 and routing in IP networks. It discusses IPv6 addressing architecture, including unicast addresses, link-local addresses, and multicast addresses. It also covers IPv6 packet format, extension headers, fragmentation, and ICMPv6. The document then discusses routing within IP networks, including IPv6 subnets, routing organization with autonomous systems, and interdomain routing protocols.
IPv4 addresses are 32 bits in length. The host portion of an IP address identifies a specific device on a network. Given a host with the IP address 172.32.65.13 and a default subnet mask, the host belongs to network 172.32.0.0. The default subnet mask 255.0.0.0 provides the most host bits. Private IP addresses include 10.1.1.1, 172.16.4.4, and 192.168.5.5.
This document provides a 3 sentence summary of the installation and configuration guide for TekTape version 2.0:
TekTape is an audio recorder and call detail records generator that runs on Windows and is used to monitor and record SIP calls, with features like real-time call monitoring, recording, CDR generation, and a web-based interface for configuration and management. The guide provides instructions on installing TekTape, configuring settings like packet filtering, audio capturing and TLS decoding, and managing recorded calls, active sessions, and system logs through the web interface. Packet filters use a declarative syntax to select packets for capture based on attributes like source/destination, protocol, port and length.
The latest emerging tools and frameworks allow us to write applications (and test them!) much more productively than ever before. This talk explores that concept through a whirlwind tour of numerous advanced testing techniques. A significant emphasis will be on the use of testing DSLs and the use of advanced scripting aproaches using the Groovy programming language (though the principals apply equally well with numerous recent innovative languages).
The Next Generation MOP, Jochen Theodorou, GR8Conf 2013 GR8Conf
The document discusses proposed changes to Groovy's Meta Object Protocol (MOP). It notes that the current MOP has many inconsistencies, makes optimizations difficult, and has an API that is difficult to extend and modify. The author proposes simplifying the MOP by having a single entry point for method calls, making metaclasses immutable to improve threading, and using realms to isolate classes from unintended metaclass changes. Realms would allow classes to control which metaclass changes are visible to them. The changes aim to address issues, improve optimizations, and make the MOP more consistent and flexible.
This document summarizes the Grails webflow plugin, which allows managing page flows and state in Grails applications. It demonstrates a sample webflow for creating a project, and discusses key concepts like flow states, subflows, scopes, and Ajax integration. Tips are provided for testing flows, generating views, and handling breadcrumbs. Potential pitfalls and alternatives to webflows are also outlined. The extended validation plugin is briefly introduced as a way to validate non-domain objects in Grails.
Spring Web flow. A little flow of happinessStrannik_2013
Spring Web Flow is a framework that introduces the concept of flows to extend the navigation capabilities of the Spring MVC framework. It allows expressing navigation rules and managing conversational state through the use of flow definitions composed of states and transitions. This provides advantages over traditional approaches like JSP, Struts, and JSF by making the navigation logic more modular, reusable, and visually understandable through tools like the Spring Tools Suite flow editor. While it adds capabilities, it also introduces some performance overhead and complexity that may not be suitable for all applications.
Geosophic is a platform of online services for mobile games. It offers both user engagement features (such as leaderboards and achievements) and analytics.
In this talk I would like to share with you our experience building this platform with Grails with the goal to support a big load. I’ll focus on the system architecture, the problems we have found and how we are solving them.
Creating and testing REST contracts with Accurest Gradle GR8Conf
REST does not come with an in-built contract compliance mechanism, which in many ways is a great thing. However, while working with microservice-based systems, it often appears that a practical mechanism that would provide help in shaping and describing REST contracts would come in handy. Similarly, creating integration and acceptance tests in such systems presents many challenges.
In this talk, I will present Accurest, a Gradle plugin that allows for both: easily shaping REST contracts and verifying if our app adheres to them using automatically generated Spock tests. I will show how, using Accurest, we can quickly generate automatically-tested stubs from simple Groovy DSL scripts. I will talk about the typical usages and script examples, as well as possible problems and ways of handling them.
- IPv6 is needed to address the impending exhaustion of IPv4 address space. It features a 128-bit address compared to 32-bit in IPv4, vastly expanding the available addresses.
- Security issues in transitioning from IPv4 to IPv6 include weaknesses in enumeration, scanning and managing the large IPv6 address space. Firewalls and other perimeter defenses must also protect both IPv4 and IPv6 networks to prevent bypass.
- Attacks can exploit protocols like neighbor discovery in IPv6, as well as vulnerabilities in applications that operate over both IPv4 and IPv6. Proper implementation and maintenance of defenses is needed to secure the transition.
The document discusses network protocol analysis, including defining a protocol as rules determining data format and transmission. It describes network protocol analysis as decoding protocol headers and trailers to analyze network problems, detect intrusions, monitor usage, and gather statistics. The document lists potential users as programmers, network administrators, company managers, parents, and website owners wanting to check employee internet usage. It provides an overview of IP and TCP packet structures.
The document discusses network protocol analysis, including defining a protocol as rules determining data format and transmission. It describes network protocol analysis as decoding protocol headers and trailers to analyze network problems, detect intrusions, monitor usage, and gather statistics. The document lists potential users as programmers, network administrators, company managers, parents, and website owners wanting to monitor employee internet usage. It provides an overview of IP and TCP packet headers.
The document discusses network protocol analysis, including defining a protocol as rules determining data format and transmission. It describes network protocol analysis as decoding protocol headers and trailers to analyze network problems, detect intrusions, monitor usage, and gather statistics. The document lists potential users as programmers, network administrators, company managers, parents, and website owners wanting to monitor employee internet usage. It provides an overview of IP and TCP packet structures.
The document discusses network protocol analysis, including defining a protocol as rules determining data format and transmission. It describes network protocol analysis as decoding protocol headers and trailers to analyze network problems, detect intrusions, monitor usage, and gather statistics. The document lists potential users as programmers, network administrators, company managers, parents, and website owners wanting to monitor employee internet usage. It provides an overview of IP and TCP packet structures.
The document discusses security issues with IPv6 and proposed mitigation techniques. It covers topics such as router advertisements, neighbor discovery protocol, and fragmentation. Specifically, it notes that router advertisements and neighbor solicitations are not authenticated by default, allowing for spoofing attacks. The document proposes several mitigation approaches including cryptographically generated addresses, router authorization, port access control lists, and host isolation to secure IPv6 networks.
[CB19] New threats are already around you, the IPV6 attack must be understood...CODE BLUE
Due to the exhaustion of IPv4 free address space, the use of IPv6 on the Internet is gradually increasing. All Windows operating systems since Windows Vista have IPv6 enabled by default. IPv6 brings a series of improvements compared to IPV4, but these improvements are also put a double-edged sword.
Recently, we have been focusing on "IPv6" attack research and found that in the IPV6 environment, there are many attack points, such as Iptables will fail, use IPV6 to bypass the Web defense strategy and abuse IPV6-specific protocols for man-in-the-middle attacks, and Other attack ideas!
In this speech, I will disclose the attack methods and ideas I have found for IPV6, and will also release tools for IPV6 attacks.
This document summarizes the results of measuring IPv6 performance by embedding scripts in online ads. IPv6 connections were found to be about as fast as IPv4 connections, with IPv6 being faster around half the time and within 10ms of IPv4 for most connections. However, IPv6 connections were also found to be less reliable, with an average failure rate of 1.5% compared to 0.2% for IPv4. While speeds are generally comparable once established, the higher failure rate of IPv6 connections means IPv4 still has an advantage in reliability of initial connections.
BGP: Whats so special about the number 512?GeoffHuston
It was reported that parts of the Internet crashed when the number of routes in the Internet's Inter-domain routing table (BGP) exceeded 512K routes. This presentation looks at the growth of the Internet's routing table and how this correlates to the capacity and speed of memory in hardware routers.
The document discusses how the number 512 relates to routing table sizes on Cisco and Brocade networking equipment. It analyzes growth trends in IPv4 and IPv6 BGP routing tables based on historical data. While absolute sizes are increasing, the annual growth rates have slowed slightly. Projections indicate routing tables could continue growing within the capabilities of current router technologies for the foreseeable future if trends continue.
The document provides an overview of IPv6 including:
- Why IPv6 was created due to IPv4 address exhaustion and other limitations
- Key aspects of the IPv6 protocol such as larger 128-bit addresses, simplified fixed-length header, and extension headers
- Main IPv6 address types including global unicast, link-local, unique local, and multicast addresses
- Protocols that support IPv6 including Neighbor Discovery Protocol (NDP), ICMPv6, and DHCPv6
- Methods for transitioning from IPv4 to IPv6 including dual stack and tunneling technologies.
Einbrüche, Viren, Trojaner, machen auch unter IPv6 nicht Halt. Als Marktführer im Bereich Unified-Threat-Management (UTM) entwickelt Fortinet umfassende Sicherheitslösungen zur Bekämpfung solcher Bedrohungen - für IPv4 und IPv6 Netzwerke. Der Workshop orientierte Vortrag zeigt die Notwendigkeit von umfassenden Security Lösungen bei der Migration zu IPv6 auf.
4. IPv6 Security - Workshop mit Live Demo - Marco Senn FortinetDigicomp Academy AG
Einbrüche, Viren, Trojaner, machen auch unter IPv6 nicht Halt. Als Marktführer im Bereich Unified-Threat-Management (UTM) entwickelt Fortinet umfassende Sicherheitslösungen zur Bekämpfung solcher Bedrohungen - für IPv4 und IPv6 Netzwerke. Der Workshop orientierte Vortrag zeigt die Notwendigkeit von umfassenden Security Lösungen bei der Migration zu IPv6 auf.
IPv6 IAB/IETF Activities Report from ARIN 32 given by Cathy Aronson
Full meeting report from ARIN 32 available at: https://www.arin.net/participate/meetings/reports/ARIN_32/index.html
The document discusses IPv6 and transitioning from IPv4 to IPv6. Some key points include:
- IPv6 addresses larger address space and other improvements over IPv4 like more efficient routing and built-in security.
- Transition technologies like IPv6 over IPv4 tunneling can help transition from IPv4 to IPv6 networks.
- There are some valid concerns about transitioning like needing larger packet headers but overall the benefits of IPv6 outweigh these issues. Proper hardware support can alleviate performance concerns.
Today's Internet faces severe challenges including:
* IPv4 address exhaustion
* explosion of BGP tables and IP routing tables
* exponential traffic growth (which might not be a problem after all)
From KubeCon to ContainerDays, eBPF is trendy in the Cloud Native world. What is eBPF, and why is it revolutionary, and what can it bring to you specifically?
Through concrete examples applied to observability, networking, and security, this talk will explain the principles of eBPF and its concrete advantages to connect and secure Cloud Native applications.
This talk will explain what is eBPF, why it is revolutionary is several fields, give examples of tools using eBPF and what they gain from it, and open up to the future of that technology.
Similar to How You Will Get Hacked Ten Years from Now (20)
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
1. The Myth of Twelve More Bytes
Security on the Post-Scarcity Internet
2. Our Conclusions
1. The Internet infrastructure is undergoing
fundamental change for the first time in decades
2. The assumption of scarcity is deeply woven into
many security assumptions and products
3. The new Internet will face significant problems with
trust on both the client and server side
4. New Enterprise Architectures will look very different
5. Everything you have bought will break
3. IPv6
HTTP
DHCP HTTP TLS
TCP UDP ICMP
ARP Internet Protocol
Link Layer
Physical Layer
4. The Myth of 12 More Bytes
HTTP
DHCP HTTP TLS
TCP UDP ICMP
ARP Internet Protocol
Link Layer
Physical Layer
5. The Myth of 12 More Bytes
HTTP
DHCP HTTP TLS NDP MLD MRD
TCP UDP ICMP
ARP Internet Protocol
Link Layer
Physical Layer
7. Stateless Address Auto-Configuration
• Give Yourself a local address in your subnet
• Prefix: fe80:0:0:0: :
• IPv6 Address: fe80::f03c:91ff:fe96:d927
• Ask what network you’re in
• example: 2600:3c03::
• Take your MAC Address, use it in the prefix
• MAC: f2:3c:91:96:d9:27
• IPv6 Address: 2600:3c03::f03c:91ff:fe96:d927
8. Privacy Addresses
• Using your MAC in the last 64 bits identifies you, globally, to
every website you visit, no matter where you are
• Super-Mega Evercookie
• RFC 4941 Privacy Addresses
• Generate a random /64 address
• Prefer it for outgoing communications
10. The Default For Windows
• Windows will happily perform SLAAC
• Windows Prefers IPv6 over IPv4
11. The Default For Windows
• Windows will happily perform SLAAC
• Windows Prefers IPv6 over IPv4
Your computers are just sitting around,
waiting for someone to help them talk IPv6
And it doesn’t have to be you.
23. IPv6 Packet Format
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
Data
24. IPv6 Packet Format
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
Extension
Next Header Options / Padding
Length
Options / Padding
Data
25. Extension Headers + Fragmentation
IPv6 Header
Hop By Hop Header
Fragment 1
Routing Header
Fragmentation Header
TCP Header
Fragment 2
Data
26. Stateless Filtering is Impossible
IPv6 Header
Hop By Hop Header
Fragment 1
Routing Header
Fragmentation Header
TCP Header
Fragment 2
Data
28. Translation & Transition
Transition Translation
IPv6 Island
|
IPv4 Internet IPv6 < -- > IPv4
|
IPv6 Island
29. Transition
6to4
IPv6 Island to IPv4 Network to IPv6 Island
Relies on Nice people to run border routers
6rd or IPv6 Rapid Deployment
6to4 but instead of nice people, it’s an ISP running it, applicable only to their customers
ISATAP
Host supporting IPv6 sits on an IPv4 Network
Can talk to IPv6 Internet, but not the reverse IPv6
Teredo
Host supporting IPv6 sits on an IPv4 Network
Magic NAT-punching IPv6 –in-IPv4 to a Teredo Service Provider (Can be open, can be paid)
Allows an IPv6 Server to sit in an IPv4 Network
30. Translation
NAT-PT
Old, Deprecated
IPv4 or 6 Clients to IPv6 or 4 Servers
Has External IPv4 addresses for Internal IPv6 Servers
Breaks a lot of stuff
NAT64
IPv6 Clients to IPv4 Servers
Fakes a IPv6 Address for the IPv4 Server
I talk to the NAT64 device, it forwards to IPv4
40. Everything Is Signed
$ dig +dnssec nic.cz +short
217.31.205.50
A 5 2 1800 20120719160302 20120705160302
40844 nic.cz.
IWGHqGORGO0jh4UuZnwx1P2qoCGYDOcHLhJBIQVJm
h6+0Fskr6Sh2dgj
E6BHQJQJ9HuzSDCHOvJkH98QkK4ZUgMCLSN5DHuVc
mJ/J/g5VMjeWS3i
NmLQVmcvpizwfYVo7cuCg1OteazB2QH7JRp+/KhR+Q
+P8tNpDZKe2kEN VMQ=
41. Everything Is Signed
$ dig +dnssec nic.cz
;; ANSWER SECTION:
nic.cz. 1797 IN A 217.31.205.50
nic.cz. 1797 IN RRSIG A 5 2 1800 20120719160302 20120705160302 40844 nic.cz. IWGHqGORGO0jh4UuZnwx1P2qoCGYDOcHLhJBIQVJmh6+0Fskr6Sh2dgj
E6BHQJQJ9HuzSDCHOvJkH98QkK4ZUgMCLSN5DHuVcmJ/J/g5VMjeWS3i NmLQVmcvpizwfYVo7cuCg1OteazB2QH7JRp+/KhR+Q+P8tNpDZKe2kEN VMQ=
;; AUTHORITY SECTION:
nic.cz. 1797 IN NS a.ns.nic.cz.
nic.cz. 1797 IN NS b.ns.nic.cz.
nic.cz. 1797 IN NS d.ns.nic.cz.
nic.cz. 1797 IN RRSIG NS 5 2 1800 20120719160302 20120705160302 40844 nic.cz. aAWmFODbEaHEt6NxuaIu82wWiL+9jMMH+EvBx4jDS5ViydnSV/lb+hLr
dEZlVgBOSG5VdGKZ2y7cx8fGF8w9/9U1FioVowFfP0dOnZ5ZGAS9dNxm CzHV0+1LiiY0KKSUvPHq9y+thOOwfgkwkFEiofvvRtck1rh8fGfZCFL8 4JY=
;; ADDITIONAL SECTION:
a.ns.nic.cz. 1797 IN A 194.0.12.1
b.ns.nic.cz. 1797 IN A 194.0.13.1
d.ns.nic.cz. 1797 IN A 193.29.206.1
a.ns.nic.cz. 1797 IN AAAA 2001:678:f::1
b.ns.nic.cz. 1797 IN AAAA 2001:678:10::1
d.ns.nic.cz. 1797 IN AAAA 2001:678:1::1
a.ns.nic.cz. 1797 IN RRSIG A 5 4 1800 20120719160302 20120705160302 40844 nic.cz. Aj/zemlwTy2FM8+XDZPlDSKhcoKtKSSySugtqrQ8YZx/nOe7i3l/4H3D
XW7cQO/ND1lpW5VR+1RLbsQuovhAcQRtJj47WTkxYwWa4GdWH327aNn2 aklCdCOz6F8bGqZ2Af9EGqIZY+0Rk22FIqZc2qLpNoukI0Hfc0a6OP82 9/E=
b.ns.nic.cz. 1797 IN RRSIG A 5 4 1800 20120719160302 20120705160302 40844 nic.cz. XZVf0rEBg1R1j1KHGXt/2lx76s5EbBqfe9a2tU3eyO0MnudsKiPu1VM4
+cBLIgVDUsZMhOaX7i/qHaLAaTa98CucKIQKiwsVVG9kQEWV+OmMrZE3 01xjVd6KNGq77jDyEVz2l6yiTIt/8U7KHDtM3haUXITeyUGJZcJvZ3Ta IOc=
d.ns.nic.cz. 1797 IN RRSIG A 5 4 1800 20120719160302 20120705160302 40844 nic.cz. nFN5NWMibodVQYurwwdOlLIQbEWR0hSH+6OJDGRnsCpGGXiWr9VdeAhM
XFWehN/uVa6a+TpwJgnJFYkPzDVrVaFxTGdgNqqTFNcVtwLupbvc6Qq0 Nh6/0yKxbFEkK7n4R0m9Akwnr0BXVkdkpwy3xvZZGlMvfJMq/AKESqlD t3A=
a.ns.nic.cz. 1797 IN RRSIG AAAA 5 4 1800 20120719160302 20120705160302 40844 nic.cz. ghUpNuAs+8F08OfPucZg3/P+dOqQRdTYHoZVH8toyEcFqSTU3+yIp7HB
+O9hStK2RASMLi8lonzASZ2YbQRPZXmoBN+zEAZi6s3PIf3EFx7V388A UMowRyTyeh1qvf7fHn0llHDc2K1L4TZ5ZFuUg2PVNBaqcSSdI1mLDHsX AUM=
b.ns.nic.cz. 1797 IN RRSIG AAAA 5 4 1800 20120719160302 20120705160302 40844 nic.cz. MxlTDSe0Dkfyzbf9qdDj0Cs0oWrMpzkRsN8g4mfi1uWMuYlHTdUuu9d/
ec27we65x5B/SJJ6+Lb40A030BuuzJyvpuPNvpXh1fFCLZuvNuFPbhs9 MbptJmuEKjutraaA8jnxgK1KLT4kB+Nekf2IrwSC3oxAoyn5wXZJF0Fu /6o=
d.ns.nic.cz. 1797 IN RRSIG AAAA 5 4 1800 20120719160302 20120705160302 40844 nic.cz. AIRg88oIb4AR1QYeu5J0VBd6pjgeHI8vWAvJzy7m7O6Mmpn+KldrHu4M
gz7vOYPWZK8qNSvE/lDm7GZ3vERbVvprCwsvzaZCTb8h2wo1VxPx9tVA GQLo2yPTtX9gUqNBMRr/xS7CwyJLVNy3ZJTrQ3G8HyYOyRUVf/SubxPr srI=
42. Signatures Are Large
• DNS UDP Limit is 512
• EDNS UDP Limit is 4096
• DNS TCP has no limit
• 24 Residential and SOHO routers were tested
• 18 of 24 Devices tested couldn’t support EDNS
• 23 of 24 Devices tested couldn’t support TCP
• http://www.icann.org/en/groups/ssac/documents/sac-053-en.pdf
43. Everything Is Signed - Including No’s
Where is doesntexist.att.com?
There is no doesntexist.att.com
RRSIG(“There is no doesntexist.att.com”, ATT-KeyZSK )
44. Denial of Service
Where is doesntexist1.att.com?
There is no doesntexist1.att.com
RRSIG(“There is no doesntexist1.att…”, ATT-KeyZSK )
Where is doesntexist2.att.com?
There is no doesntexist2.att.com
RRSIG(“There is no doesntexist2.att…”, ATT-KeyZSK )
Where is doesntexist3.att.com?
There is no doesntexist3.att.com
RRSIG(“There is no doesntexist3.att…”, ATT-KeyZSK )
45. Sign a Single Response?
Where is doesntexist.att.com?
No Record
RRSIG(“No Record”, ATT-KeyZSK )
46. Man in the Middle
att.com
att.com
RRSIG(“10.6.7.3”)
RRSIG(“No Record”)
47. Sign The Ranges
Where is doesntexist.att.com?
There is nothing between admin.att.com and keyserver.att.com
RRSIG(“There is nothing between…”, ATT-KeyZSK )
Called NSEC
48. Sign The Ranges
Where is doesntexist.att.com?
admin.att.com and
There is nothing between
keyserver.att.com
RRSIG(“There is nothing between…”, ATT-KeyZSK )
49. Hash, then Sign The Ranges
Where is doesntexist.att.com?
doesntexist.att.com -> hash it -> da739562…..
There is nothing between a847629…. and ff572645….
RRSIG(“There is nothing between…”, ATT-KeyZSK )
Called NSEC3!
64. A Little History
• Jon Postel basically used to run the Internet by himself
• ICANN was charted in 1998 to:
• Diversify management of the Internet
• Introduce democratic, “multi-stakeholder” model
• Preempt UN Action
75. Top Level Websites
• Supposed to be outlawed
• How do you represent them
• http://ai
• http://ai.
• http://ai/
• AC has address 193.223.78.210
• AI has address 209.59.119.34
• BT has address 192.168.42.202
• CM has address 195.24.205.60
• DK has address 193.163.102.24
• GG has address 87.117.196.80
76. The Big Picture
• The Death of Reputation
• Redesigning Enterprise Networks and Attacks
• External Attacks and Enumeration
• Product Promises and Failures
78. The Death of Reputation
Scarcity makes certain assumptions reasonably true:
• An individual user has a high attachment rate for a small number of IPs
• A trademarked domain name has likely been taken by the most recognizable holder
• IP spoofing is highly limited in full-connection situations
79. Uses of IP Reputation
• Anti-Fraud and Adaptive Authentication
• RSA, SilverTail, EnTrust
• DDoS Prevention and Rate Limiting
• Arbor Networks, RadWare, every load balancer
• IDS, SIEM and Event Correlation
• ArcSight, Splunk, Sourcefire
A simple example:
rate_filter
gen_id 135, sig_id 1,
track by_src, Per IP
count 100, seconds 1,
new_action drop, timeout 10
80. What options to attackers now have?
Per-Machine IP spoofing
• Use rotating
Network prefix spoofing
81. How can you Adapt?
Switch to “Network Reputation”
• Intelligent detection of subnetting
• Correlation to other data to determine flows
• Positive, not negative reputation
• Con: One bad actor could DoS a popular network
• Con: State table will need to be ginormous
Filter out network bogons
• Reverse BGP lookups
• Central databases of assigned and utilized spaces
Implement intelligent egress filtering
82. Domain Reputation
• A lot of security thinking goes into securing this relationship:
www.paypal.com <-> 173.0.84.2
• This is also an important mapping:
www.paypal.com <-> The Real PayPal with all the Money
• With 1400 potential new gTLDs, this mapping becomes more difficult for
consumers to keep in their head
87. Enterprise Architecture
IPv6 is intended to restore the “end-to-end principal”
Will it?
True IPv6 Enterprises would include:
1. Publicly addressable end-points
2. Firewalls doing actual firewalling
3. NAT64 mechanisms for IPv4 access
4.Portable VPN system, like DirectAccess
89. Will this happen?
Probably not…
1. Mix of real IPv6 and NAT
2. Lots of public addressing with private routing
3. Proxies will become even more important for egress control
90. Pros and Cons for Attackers
Pros:
• Possibility of routable end-points
91. Everything is Going To Break
• Existing products have years or decades of customer testing.
• Almost everything smarter than a router does not really work with
IPv6.
INSERT EXAMPLE
92. Thank You
Alex Stamos
alex@artemis.net
Artemis
Tom Ritter
tritter@isecpartners.com
iSEC Partners