April 29, 2012

The so-called Skype SDK IP leaks

For the last few days, there has been a buzzing news in the community, following the recent discovery of a so-called information leak in the skype SDK. [email protected], published a python code sample “exploiting this vulnerability” https://github.com/zhovner/Skype-iplookup/ using a de-obfuscated SDK and published a demo site @http://skype-ip-finder.tk/. More related information on the skype-open-source project can be found @ http://skype-open-source.blogspot.de/ So to sump-up, the “so-called leak” takes place by: 1. having “debug logging enabled” in the hi-jacked SDK 2. ... Read more

January 13, 2012

DCB 101 - Priority-based Flow Control

DCB - Data Center Bridging is set of standard which defines 4 set of independent technologies/concepts to pretty much make Ethernet lossless, hence to support storage traffic. We will not go into a debate over FCoE, whether you should consider a single fabric for both storage and “standard/Ethernet” traffic in your data center design strategy or go a more traditional way. As we said earlier, DCB is a set of standards, actually a set of 4 standards, which we will depict over the “DCB 101” posts series. ... Read more

January 21, 2011

FDP - Foundry Discovery Protocol

If you are familiar with CDP (Cisco Discovery Protocol), then FDP from Brocade is just as the same. FDP allows each Foundry/Brocade devices to advertise themselves to MAC Address 01-E0-52-CC-CC-CC. FDP packets contain information such as hostname/device ID, software version, product platform and capability, vlan and layer 3 protocol address of the port sending the update. FDP can be enabled both globally by issuing in configuration [email protected](config)#fdp run or simply by enabling it on a specific interface ... Read more

November 27, 2010

MultiProtocol BGP (MP-BGP)

MP-BGP is simply an extended/enhanced BGP that primarily allows unicast routes for multicast routing to be carried in interconnect-networks - To this extend, MP-BGP allows protocols other than IPv4 to be carried (IPv6, CNLS, MPLS VPN etc…). This is of course different to native BGP which only allows unicast routes for IP Forwarding to be carried. Having said, they are 2 Attributes to keep in mind when dealing with MP-BGP: ... Read more

August 24, 2010

RPS and RFS - Kernel Network Stack

If you have been following the latest improvement in the release of the 2.6.35 kernel, you have probably noted 2 major network stack improvement which have create some buzz in the geek community. Ok not really! since the RPS and RFS project has been going on since a while now by the crowd @Google Inc. Since those 2 amaizing features have been fully implemented in the kernel and are now supported, I though it is a good opportunity to finally get down to the beast and try to shed some light on RPS and RFS. ... Read more

July 8, 2010

Dynamic Multipoint VPN - DMVPN

One of the most interesting feature of DMVPN as far as my personal opinion goes is its extended support for VRF on MPLS networks. Remember, VRF allows multiple instance of routing tables to co-exist on the same router at the same time. Having said that, DMVPN helps scalling out tradional IPSEC hub-and-spoke VPN configuration by setting permanent and temporary connections, respectively from the spoke routers to the hub router and between the spoker routers as needed. ... Read more

June 29, 2010

Catalyst 6500 and ASIC issues

Referral news can be found at http://www.networkworld.com/community/blog/asic-issues-delaying-cisco-switch Now keep in mind, I have not read the bulletin published by Rodman & Renshaw, LLC - nor can attest this is the fundamental reasons why the switches have been delayed. As for the lifespan of the Cat 6500 to be fully replaced by the Nexus 7000, remember that Cisco’s Supervisor Engines for Modular Switches have a lifespan of 10 to 12 years, that being said a new 720 Supervisor Engine was just released roughly 1 year and a half ago - you make the math now ;-) ... Read more

June 17, 2010

Cisco IOS Security: Quiet Period Login

Cisco’s IOS Quiet Period refers to the period in which telnet/ssh/http access are disabled for an X amount of time after an Y amount of failed attempt. While it is quite unusual to have router virtual access allowed from the WAN link, it may not hurt to go further by enabling this cisco feature to prevent a potential DOS dictionary attack from the WAN link or possibly as well from the LAN link. ... Read more

June 17, 2010

IPv6 support on alouche.net

[Edit: IPv6 is now directly provided over cloudflare proxies - 2400:cb00:2048:1::c71b:872b] Hello, This is just to announce that the blog is now available through IPv6. To be more precise through proto41 as this is just an experiment. [[email protected] ~]$ host alouche.net alouche.net has address 69.72.186.60 alouche.net has IPv6 address 2001:470:1f07:a4e::2 [[email protected] ~]#ip -6 route sh xxxx:xxx:xxxx:xxxx::/64 via :: dev t-ipv6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295 2001:470:1f07:a4e::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 via :: dev t-ipv6 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 4294967295 ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 ff00::/8 dev t-ipv6 metric 256 mtu 1480 advmss 1420 hoplimit 4294967295 default dev t-ipv6 metric 1024 mtu 1480 advmss 1420 hoplimit 4294967295 (tunnel IP has been obfuscated) ... Read more

June 11, 2010

OSPF Flood Reduction

By default OSPF floods its domain with LSAs every 30 mn, that is half of the Max-Age time which is of 1h to ensure that the LSA database across all routers of the domain are in sync and the network is properly converged. While this acts as good failsafe in case LSA’s are dropped and LS databases across downstream routers become inconsistent when topology changes occur, it is reasonable on stable networks, to completely disable the LSA scheduled updates and only propagate LSA updates only once the network topology changes. ... Read more