Tag Archives: poi

Packets of Interest (2015-06-19)

It’s been a while since I’ve done a POI so here we go.

The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns

https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/

Kaspersky Lab found this new variant of the Duqu malware in their own network. They wrote a paper based on their analysis of this new malware. It fascinates me how sophisticated these software packages are and how much effort the threat actors put into them.

Diffie-Hellman Key Exchange

Diffie-Hellman (DH) is the world’s first public key crypto system. It’s used in everything from secure browsing, to secure shell. This video visually demonstrates how the Diffie-Hellman key exchange works. The best part is that you don’t need to know anything about crypto to follow along.

Passphrases That You Can Memorize – But That Even the NSA Can’t Guess

https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

Use this informative guide to generate secure, human-memorizable passphrases that are suitable for protecting your private PGP key, your private SSH key, and your master key for your password safe.

Encrypting Your Laptop Like You Mean It

https://firstlook.org/theintercept/2015/04/27/encrypting-laptop-like-mean/

A well written article about encrypting one’s laptop. Covers topics such as what disk encryption does and does not protect against, attacks against disk encryption, and then encrypting disks in Windows and OS X.

Packets of Interest 2012-06-12 – OSPF Refresher

I was recently brushing up and refreshing my OSPF knowledge and I discovered some great resources that I wanted to document for my future use and also share with others. I found these resources great for explaining/detailing area types, packet types, and neighbor states.

This first document hosted at packetlife.net is one of the best explanations of packet types I’ve ever seen due to the visual aids that the author, Jeremy Stretch, incorporated. This is a must-read.

OSPF areas and the packet types within them
http://packetlife.net/blog/2008/jun/24/ospf-area-types/

Today’s topic is a source of considerable confusion for many people new to OSPF: area types. Recall that a large OSPF domain is typically broken into separate areas to restrict the propagation of routes and reduce the amount of resources required by each router to maintain its link state database. Each area is connected to a central backbone, area zero.

OSPF relies on several types of Link State Advertisements (LSAs) to communicate link state information between neighbors. A brief review of the most applicable LSA types…

This page on cisco.com is a basic list of neighbor states. It’s short and to the point.

OSPF Neighbor States
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0e.shtml

When OSPF adjacency is formed, a router goes through several state changes before it becomes fully adjacent with its neighbor. Those states are defined in the OSPF RFC 2328, section 10.1. The states are Down, Attempt, Init, 2-Way, Exstart, Exchange, Loading, and Full. This document describes each state in detail.

Lastly, this list of OSPF packet types is even more short and to the point. It’s perfect for turning into a flip card to memorize these facts for a cert exam.

OSPF type of packets
http://opalsoft.net/qos/OSPF-22.htm

OSPF uses Hello packets to discover and maintain neighbor relationships. Database Description (DDP) and Link State Request packets are used in the forming of adjacencies. OSPF’s reliable update mechanism is implemented by Link State Update and Link State Ack packets. 

Packets of Interest 11-11-16

I read two interesting articles on VTP (Cisco’s VLAN Trunking Protocol) this week.

The first is an older article from networkworld.com that reminds us all that VTP clients are also capable of updating VLANs on the network, not just servers.

When I first heard that a VTP client can update a VTP server under the right conditions, I was frankly a non-believer. No way. I’d seen evidence to the contrary in several documents at cisco.com and in Cisco courses – but all the evidence was written, without my doing any experiments. So, I spent some time experimenting a few years ago, and found that it’s true – clients can overwrite VTP server’s VLAN databases.

Full article is here http://www.networkworld.com/community/node/19931.

The second article comes from etherealmind.com and is one of the only positive articles I’ve ever read about VTP. Greg’s take is that VTP is not inherently bad but instead the way network engineers deploy it is the reason it’s capable of causing so much damage.

A lot of people regard Cisco’s Virtual Trunking Protocol(VTP) as nothing but trouble. Frankly it’s hard to find many people who will implement it on their network and most people have war stories about full site outages caused by VTP and switch installs. I find this baffling – it’s a great technology that dramatically reduces time, configuration errors, and improves troubleshooting – features that we should all embrace and use wherever we can. In this post, I want to suggest a different design method for effectively using VTP in your network.

Full post is here http://etherealmind.com/vtp-design-fate-sharing-failure-domains/.