Skip to content

Category: Uncategorized

When MTR does you dirty

MTR is an excellent tool for identifying packet-loss or latency suspects when troubleshooting networking path issues. However, I’ve seen many who don’t really understand what MTR is doing (or even engineers) act on false positives produced from this tool. I’ve learned these lessons the hard way about MTR and iperf…

Comments closed

MTU and MSS for IPsec Overhead

A Deep Dive and Byte-for-Byte breakdown of IPsec overhead to aid in calculating MSS Clamping, understanding why it’s needed, and its effects. Whats the difference between MTU and MSS? MTU or Maximum Transmission Unit is the largest IP Payload an interface can accept. It applies to the whole IP Packet.…

Comments closed

Pushing Emerging Threats to ASA

Nothing too crazy, but maybe useful to someone else. I’ve been getting more alerts regarding IP’s coming from the Emerging Threats list, found here. https://rules.emergingthreats.net/ There’s some resources there for automating block rules for some platforms like linux hosts, but nothing like an ASA. Choices for automating an ASA are…

Comments closed

Azure Express Route – Route injection attack vector.

    Express route is a great way to get some private routing into your Azure space. Larger organizations may implement the peering themselves with a Cloud Exchange provider like Equinix. Smaller organizations may utilize a middle man who handles the peering on behalf of them. A good example is…

Comments closed

Wet feet with netmiko

I still haven’t ran into much need for automating network tasks. In fact if I’m going to do much in that realm it’s probably going to be in Cloud platforms, not on iron in a rack. However, let’s say I wanted to block some inbound IPs to resources behind an…

Comments closed

DNS over TLS

This one has been a long time coming, I’ve been trying to get to this for over a month. It’s small on work but big on ideas. The Push for Encryption There incoming tide is pushing hard on everyone to encrypt all traffic on the web. I think it’s great…

Comments closed

Lessons Learned

I recently found a pretty big issue with an appliance I work with. The manufacturer documentation stated that a local TFTP service to appliance was protected by DOS detection and mitigation. This should block any TFTP brute force attacks on the appliance. However, because of quite a few circumstances we…

Comments closed