CloudShark 2018 Halloween Challenge

CloudShark 2018 Halloween Challenge

Well, Tom and the team at CloudShark have put together an excellent packet capture challenge on their blog once again. It has actually been awhile since I've dug into a capture due to my recent shift in focus to Amazon Web Services, so this was a lot of fun for me. I feel like once you're a "packet junkie" you are always one! *SPOILER ALERT* The rest of this post describes the challenge and the process I followed for solving the challenge. If you have not completed it and intend to do so please stop reading here.   The Challenge This challenge essentially boiled down to exporting the shared capture file and then analyzing it to find 5 (or more) hidden pumpkins. My time is limited these days, so I found 5 and stopped there.   My Approach I approached this challenge similar to how I handle most cases. I thought up a few possible scenarios that I could chase down quickly, a few more that could...
Read More
Monitor Submarine Cables

Monitor Submarine Cables

We spend a lot of time monitoring our internal networks. Obviously, this is where we have the most tools at our disposal and where our actual responsibility lies. But, to provide good service to our customers and/or end users we also need to be aware of what is happening at our Internet providers and above. If you have global services then I recommend you monitor the submarine cables as well. For example, this was the latest submarine cable damage that impacted regions in Africa. https://subtelforum.com/angola-wacs-submarine-cable-damage/ Here is a map of the cable(s) that were impacted. If you want to go further and receive notifications on your mobile device then you can use the IFTTT app I created....
Read More
Enable DNSSec

Enable DNSSec

Performance and security is always a balancing act, but in the case of DNSSec it's a no-brainer. In short, DNSSec allows a client to trust the domain owner when performing DNS queries. It’s another step to defending your domain (and subsequently your content and network) from the bad guys. An added benefit is there is no noticeable impact to performance! CloudFlare just released a great blog post on their DNSSec offerings and how they are expanding. In that post they discuss DNSSec in much more detail along with their implementation of it. After reading the post I enabled it on my site and it was very straightforward. Enable DNSSec in CloudFlare Log into your CloudFlare account Select the DNS option at the top for the domain Scroll down to the DNSSec option and click the button to enable it. Make note of the values presented for the DS Record Add the DS Record to Your Registrar In this case my registrar is NameSilo, so...
Read More

Shuffle Sharding

So, all credit goes to Colm MacCárthaigh for this one. I think his recent post on Shuffle Sharding is so go it deserves a share and a place on my blog to serve as a reminder for me from time-to-time. This is one way AWS achieves the level of reliability and stability it has for its customers. Some of the methodology can easily be applied to traditional and on-prem infrastructure though as well. Check it out here!...
Read More
Case Study: Out of Memory

Case Study: Out of Memory

Symptoms Website randomly goes down a few times a week Server stopped responding Network and CPU logs show a small spike, but not enough to lock up a server Stopping and starting the server resolves the problem Details This pattern repeated several weeks until the customer grew tired of rebooting the server. The evidence did not seem to lead to a system issue or network or security security problem such as a denial of service. The application logs were clean as well. Also of importance is that this server was a Linux EC2 instance in AWS. Troubleshooting Being that rebooting the server resolved the problem every time, it was decided to duplicate the EC2 instance from its snapshot image. This was completed quickly, but the issue appeared again that night and several times the following day. Finally, an error was seen in the system logs which pointed directly to a memory issue. Solution After this, it was discovered that the server was a T2.micro instance with...
Read More
Secure Your Amazon Profile

Secure Your Amazon Profile

Did you know you have a public Amazon profile that is automatically created when you sign up for an Amazon account? This profile doesn't provide too much information publicly by default, but it is another data point for 3rd parties. Michael Bazzell from Intel Techniques provided a quick guide in his latest email newsletter on how to take a few easy steps to secure your Amazon profile. The following is an excerpt taken from his email, and is intended only for a quick reference. For the complete guide and his other material, please see his website listed above. I claim no credit for this tutorial. 1) Remove your Amazon public profile Your Amazon profile is created automatically, whether you want it or not, and it contains comments, ratings, public Wish Lists, biographical information, and other site interaction. This profile doesn’t include your purchases or your browsing history, but it’s very informative. If you want to control what activity is visible on your public...
Read More

Wireshark Webinars

I have attended multiple Wireshark webinars presented by Riverbed and leaders in the field. They title this series "Return to the Packet Trenches" with some sort of variation or subtitle for the different sessions. I always walk away with something new. This latest webinar was no exception. It reviewed several CLI options for creating, analyzing, and editing packet captures. I highly recommend attending these webinars if you have any interest in Wireshark and staring at packets. For more resources I recommend or to see the tools I've created, please look at my "Network Performance" drop-down menu at the top of this page. Here are links to their resources as sent to me in their follow-up email: Wireshark CLI tools & scripting (by Sake Blok) https://sharkfestus.wireshark.org/assets/presentations18/33.zip Presentation Video https://youtu.be/IZ439VNvJqo (1:11:14) TShark Command Line using PowerShell (by Graham Bloice) https://sharkfesteurope.wireshark.org/assets/presentations17eu/33.7z Custom LUA dissectors to the rescue in root cause analysis (by Sake Blok) https://sharkfesteurope.wireshark.org/assets/presentations17eu/21.pdf Review the SharkFest’18 EUROPE agenda and other information, For more "Packet Trenches"  resources, check out these links. Watch the replay...
Read More

Toys R Us

So, I had the Toys 'R Us theme song randomly stuck in my head today. After running through it a couple of times I realized they are no more and we can't be Toys 'R Us kids anymore. We all have to grow up...depressing....
Read More