MTR is an excellent tool for identifying packet-loss or latency suspects when troubleshooting networking path issues. However, I’ve seen many who don’t really understand what MTR is doing (or even engineers) act on false positives produced from this tool. I’ve learned these lessons the hard way about MTR and iperf…
Comments closedCategory: Uncategorized
MTU and MSS for IPsec Overhead
A Deep Dive and Byte-for-Byte breakdown of IPsec overhead to aid in calculating MSS Clamping, understanding why it’s needed, and its effects. Whats the difference between MTU and MSS? MTU or Maximum Transmission Unit is the largest IP Payload an interface can accept. It applies to the whole IP Packet.…
Comments closedUpdate aws WAFv2 with all PubIps in Account
Quick POC here, I may update later… But probably not. The idea here is that I might want a WAF rule to auto-permit public IPs from my own account, and I might want this to dynamically update. This Python code can be leveraged in a Lambda function that can be…
Comments closedHigh Level AWS & Azure Networking Comparison
I’ve been comparing the two platforms recently and wanted to lay out key differences so I can consolidate my thoughts and summarize key points. This is an active scratchpad. New Networks When creating a new network or VNET in Azure, a default subnet is created as part of the processes…
Comments closedMac/Apple iOS devices on 802.11x with NPS
I was having a conversation on reddit about setting up apple devices on certificate based 802.11x over a year ago and since then, I’ve received quite a few PM’s asking for details or instructions. I’ve been meaning to throw the internal instructions I wrote up into a sanitized blog post…
Comments closedPushing Emerging Threats to ASA
Nothing too crazy, but maybe useful to someone else. I’ve been getting more alerts regarding IP’s coming from the Emerging Threats list, found here. https://rules.emergingthreats.net/ There’s some resources there for automating block rules for some platforms like linux hosts, but nothing like an ASA. Choices for automating an ASA are…
Comments closedAzure Express Route – Route injection attack vector.
Express route is a great way to get some private routing into your Azure space. Larger organizations may implement the peering themselves with a Cloud Exchange provider like Equinix. Smaller organizations may utilize a middle man who handles the peering on behalf of them. A good example is…
Comments closedWet feet with netmiko
I still haven’t ran into much need for automating network tasks. In fact if I’m going to do much in that realm it’s probably going to be in Cloud platforms, not on iron in a rack. However, let’s say I wanted to block some inbound IPs to resources behind an…
Comments closedDNS over TLS
This one has been a long time coming, I’ve been trying to get to this for over a month. It’s small on work but big on ideas. The Push for Encryption There incoming tide is pushing hard on everyone to encrypt all traffic on the web. I think it’s great…
Comments closedLessons Learned
I recently found a pretty big issue with an appliance I work with. The manufacturer documentation stated that a local TFTP service to appliance was protected by DOS detection and mitigation. This should block any TFTP brute force attacks on the appliance. However, because of quite a few circumstances we…
Comments closed