Events

The Kings in your Castle

At the second day of the TROOPERS16 conference an interesting talk about Advanced Persistent Threats took place from Marion Marschalek and Raphaël Vinot. Marion Marschalek is a Security Researcher, focusing on the analysis of emerging threats and exploring novel methods of threat detection. Marion started her career within the anti-virus industry and also worked on advanced threat protection systems where she built a thorough understanding of how threats and protection systems work and how both occasionally fail. Continue reading “The Kings in your Castle”

Continue reading
Events

Imma Chargin Mah Lazer-How to protect against (D)DoS attacks

Denial of Service (DoS) attacks aim to make services and systems unavailable to legitimate users . If these attacks are performed by multiple sources at the same time and for the same target, they are called Distributed Denial of Service (DDoS) attacks. This talk “Imma Chargin Mah Lazer” describes different types of (D)DoS attacks that are out in the wild and are seen on a daily basis by different corporations. Furthermore,  a multi-layered strategy to mitigate such kinds of attacks has been presented within the talk. The speaker is Dr. Oliver Matula, an IT security researcher at ERNW who holds a PHD degree in physics. He presented the topic in a simple way which eases the delivery of information to audience of different technical levels and backgrounds.

Continue reading “Imma Chargin Mah Lazer-How to protect against (D)DoS attacks”

Continue reading
Events

Troopers Netmon

Hi everybody,

Christopher talked already about our WiFi Network during the IPv6 Security Summit and mentioned our monitoring system (we like to call “netmon”). As there were quite some people interested in the detailed setup and configuration, we would like to share the details with you. This year we used a widely known frontend called Grafana and as backend components InfluxDB and collectd. During Troopers the monitoring system was public reachable over IPv6 and provided statistics about Uplink Bandwidth, IP Protocol Distribution, Clients and Wireless Bands.

Continue reading “Troopers Netmon”

Continue reading
Events

Reflections on the IPv6-only WiFi Experience during Troopers

Hello,

Troopers is (unfortunately) over. It was a blast (but I may be biased ;-))! After things have settled, I want to take the opportunity to reflect my thoughts and impressions on the IPv6-only WiFi we had deployed during the conference. To make sure that everybody is on the same page let’s start at the beginning.

In the last couple of years we had provided Dual-Stack connectivity on the main “Troopers” SSID but also had an additional IPv6-only SSID. This year we decided to spice things up and made the “Troopers“ SSID IPv6-only (with NAT64) while providing Dual-Stack connectivity on the “Legacy“ SSID. We wanted to get a feeling how many clients and applications can work properly in an IPv6-only environment. We intentionally didn’t announce it vastly beforehand, hoping that attendees would just connect to the main SSID without noticing anything. We were aware that some applications might expose issues but, as I said , we wanted to get a feeling to which degree problems actually occured. Continue reading “Reflections on the IPv6-only WiFi Experience during Troopers”

Continue reading
Breaking

Cisco and the Maintenance Operation Protocol (MOP)

Howdy,

this is a short write up about the Maintenance Operation Protocol (MOP), an ancient remote management protocol from the DECnet protocol suite. It’s old, rarely used and in most cases not needed at all. But as we stumbled across this protocol in some network assessments, it seems like a lot of network admins and other users don’t know about it. Even various hardening guides we’ve seen don’t mention MOP at all.

Continue reading “Cisco and the Maintenance Operation Protocol (MOP)”

Continue reading
Events

NANOG64

I recently had the pleasure to join the 64th NANOG (North American Network Operators’ Group) meeting in San Francisco, which can be understood as one of the largest Internet engineering conferences at all. It takes place three times a year at different locations in North America.

What I personally like about NANOG is its strong collaborative and cooperative character. It is not about single persons and also not too much about spectacular projects but more about discussing technologies, ideas, challenges and numbers. Every talk has a comparatively large time slot reserved for discussion, which is often more than fully used. Discussion is typically actively focused and is more time-consuming (and even more relevant) than the talk itself. Which often is intended by the community. The climate of discussion is almost always impressively polite and constructive, even for controversially discussed topics.

Continue reading “NANOG64”

Continue reading
Misc

ASCII Protocol Scheme Generator

As we historically have a strong connection to network technologies (not surprising, given the “NW” in “ERNW” stands for “Networks”), I developed a small script to create RFC-style ASCII representations of protocol schemes. The following listing shows an example created for a fictitious protocol:

 0                   1                   2                   3  
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------------------------------------------------------+
|             type              |              id               |
+---------------------------------------------------------------+
|     flags     |                   reserved                    |
+---------------------------------------------------------------+
|                            payload                            |
+---------------------------------------------------------------+

 

The command line to create this output is

./ascii_header.py 16-type 16-id 8-flags 24-reserved 32-payload

and of course the script also provides a help message which explains the parameters in detail.

Download: https://www.ernw.de/download/ascii_protocol_scheme_generator.zip

Enjoy and feel free to leave feedback and comments,

Benedikt 🙂

Continue reading