To enable the ability to capture traffic sent and received on other switch ports, Cisco Catalyst switches include a feature called the switch port analyzer feature (SPAN), as well as remote SPAN (RSPAN) and VLAN access control lists (VACLs).
SPAN is the traditional method of monitoring LAN traffic on Cisco switches. SPAN uses the concept of mirroring traffic from a set of source ports to a single destination port, which has a network capture tool connected to it.
Reconnaissance, while commonly overlooked and discounted, is a key phase providing successful targeted attackers (and penetration testers) with information about the target, the target’s server and application technologies in use, employees, location, and much more. Often called OSINT, or open-source intelligence because it uses publicly available sources, the recon phase is anything that can help the attacker obtain his goal. Security pros can leverage the same tools and techniques as the attackers to identify unintentionally exposed devices on the Internet and users leaking sensitive information via social networking sites, and address those issues before they’re used during an actual attack.
via Tech Insight: Better Defense Through Open-Source Intelligence – Dark Reading.
There’s also the excellent Shodan computer search engine that contains service banners from Internet-accessible servers all over the world. Security pros can find all sorts of juicy information, like internal network and host names exposed through DNS, or unintentionally exposed services that Shodan has found without scanning or touching the target network.
So what does SHODAN index then? Good question. The bulk of the data is taken from ‘banners’, which are meta-data the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client would like to know before interacting with the server.
via SHODAN – Computer Search Engine.
What ports does SHODAN index?
The majority of data is collected on web servers at the moment (port 80), but there is also some data from FTP (23), SSH (22) and Telnet (21) services. There are plans underway to expand the index for other services. Let me know if there are specific ports you would like to see included.
Cisco is using its Mobility Services Advertisement Protocol (MSAP) client as the frontend to triangulate location data from small cells and Wi-Fi so that it can map out the locations of stores and more on different floors inside a building. Qualcomm will build this capability into the next generation of its Snapdragon chips for mobile devices, but Cisco is offering the software to enterprises now.
via Cisco Takes Location Indoors – IP & Convergence – Telecom News Analysis – Light Reading Mobile.
To solve this problem, NC State University has devised a scheme called WiFox. In essence, WiFox is some software that runs on a WiFi access point (i.e. it’s part of the firmware) and keeps track of the congestion level. If WiFox detects a backlog of data due to congestion, it kicks in and enables high-priority mode. In this mode, the access point gains complete control of the wireless network channel, allowing it to clear its backlog of data. Then, with the backlog clear, the network returns to normal.
via New WiFi protocol boosts congested wireless network throughput by 700% | ExtremeTech.
As expected, the company is promoting a network architecture that uses OpenFlow to program Ethernet switches. As has been fashionable in SDN circles lately, Big Switch is also espousing the idea of a hybrid network — one where OpenFlow-enabled gear is installed next to traditional routers and switches.
via Big Switch Girds for SDN Battle – Telecom News Analysis – Light Reading Service Provider IT.
Service providers would prefer to see the northbound and southbound interfaces be open, Griliches says. That’s because a groundswell of applications is expected to emerge now that SDN has become a hot and venture-fundable area, and no carrier wants to suddenly find out its applications don’t work on a particular vendor’s gear.
The big difference between BP and IP is that, while IP assumes a more or less smooth pathway for packets going from start to end point, BP allows for disconnections, glitches and other problems you see commonly in deep space, Younes said. Basically, a BP network — the one that will the Interplanetary Internet possible — moves data packets in bursts from node to node, so that it can check when the next node is available or up.
via Vint Cerf and NASA’s BP and DTN Protocol: How It Works.
DTN = Disruption Tolerant Networking
This guide shows the basic requirements and steps to build a WISP (Wireless Internet Service Provider) using Ubiquiti AirMax devices; suggested equipments and examples are intended for a system of up to 400 subscribers based on a single Base Station and “centrally managed” from the principal router. It covers the following themes: basic legal and commercial requirements, required equipments and basic services on the Base Station, clients’ configuration and general recommendations for starters.
It’s staggering to me how few security teams have gotten wise to regularly interrogating the logs from their recursive DNS servers. In many ways DNS logging can be considered sprinkling flour on the floor to track the footsteps of the culprit who’s been raiding the family fridge. Each step leaves a visible impression of where and how the intruder navigated the kitchen, and their shoe size.
via Persistent Threat Detection on a Budget « Damballa.
To turn on logging in bind use:
# rndc querylog
This puts all DNS queries into /var/log/messages. Just grep for named and pipe that into some custom perl script or whatever to run against a blacklist.
# grep named /var/log/messages | run_my_blacklist_script.pl
The Coop was founded in 2001 because at the time, no one offered DSL or cable modem Internet access in our neighborhood, and because the voice telephone service to the neighborhood is of such poor quality that it was (and is) not possible to get modem connections faster than about 26K bits per second. The Coop is a Colorado nonprofit corporation and is federally tax-exempt under 501(c)(12).
The Coop’s launch of service in 2002 was made possible only by loans from “angels,” neighborhood residents who chose to lend money to the Coop with no assurance the loans would ever be repaid. The Coop reached a milestone in the first quarter of 2004 successfully repaying (ahead of schedule, and with interest) all of the “angel” loans. The Coop is now debt-free.
via Welcome to the Ruby Ranch Internet Cooperative Association.