Author Archives: sr71rocks

Verizon 2016 Data Breach Investigations Report is Available

Verizon 2016 Data Breach Investigations Report

Verizon 2016 DBIR

Verizon has released their 2016 Data Breach Investigations Report. (You can download it without registering…note the “Download Only” link.) It’s a big read (and getting bigger every year), but there is a lot of good data in there if you take the time to dig through it. And once again, the level of growth and sophistication of nation-state and organized crime players is incredible…and scary.

Why didn’t I become a farmer?? I should have been a farmer…out in the middle of Kansas somewhere…

Happy Mothers Day to my Mom

My mother and me!

My mother and me!

My mother passed away, back in 2007, due to the awful effects of Alzheimer’s (such a horrible disease!). I still miss her (along with my Dad)…it’s amazing how strong the parental ties are, even after these many years. My Mom was a “southern belle” (born and raised in Georgia), but lived during the feminist era (which caused many interesting “discussions” with my Dad, I’m sure). Yet she always tried her best in raising my brother and I…she loved us, was firm with us, taught us right from wrong, and always wanted the best for us. She gave a lot of herself to us…and I will be forever grateful.

Couple of quick stories…

During my late elementary school years, I wanted to learn basketball (which was fine with my parents…they both played during their high school years). My Mom spent many hours with me in our backyard court, showing me how to dribble, pivot, and shoot the ball. She really enjoyed that!

Another thing my Mom could do was cook!! And like no one else, let me tell you! She was of the old school…no recipes, all from memory…and she almost never measured anything. Here is how she made biscuits:  she would grab the large Tupperware bowl of flour, press her fist into it to make a “bowl”, and then pour milk, a raw egg, and some other stuff, and then mixed it all up in the flour bowl! She would then grab the dough, flatten it out, then cut out the biscuits and cook them. Yum!!…they were great!!

Thank you Mom for your love and devotion. And Happy Mother’s Day!!

Cisco VIRL Network Simulation Features

If you haven’t checked out all the features available through VIRL, take a look at this features page located on the VIRL website…you can scroll down to the bottom, and under “All Features” click the “OPEN ALL” button.  As you can see VIRL is a feature rich environment. One note of interest is the expected release of an updated Nexus switch object later this year…looks like it might include a number of layer 2 features, perhaps even vPC!!

Cisco VIRL Features

Enjoy!!

Nexus Switches – Time to do Some Serious Learning!

I have yet to work with the Cisco Nexus line of switches…just never had the opportunity. I’ve worked a lot over the years with Cisco’s chassis class line of switches (5500’s and 6500’s), and a bunch of their stackable switches (3600’s and 3700’s). So, all of a sudden, I need to learn about Cisco’s 9000 line of Nexus switches…and fast. What to do??

Read…a lot. I spent a fair amount of time this weekend just reading up on a bunch of technical papers from Cisco. Here is a great starting point…scroll down to see a large variety of topics pertaining to the 9000 series…

Cisco Nexus 9000 Line of Switches

The next thing I did was setup a small two-tier Nexus network simulation within VIRL.  This is very cool…I am able to check out configurations, learn the NX-OS syntax, and just have some fun playing with the Nexus switches. Topology was straight forward, and I have BGP and OSPF in the mix…(AutoNetkit is your friend)…

Simple Nexus switch simulation running in Cisco VIRL

Simple Nexus switch simulation running in Cisco VIRL

Now, running a Nexus simulation within VIRL is not perfect…there are still some features that don’t work, such as vPC (Virtual Port-Channel), but it is a good start. And it is sure helping me out a lot.

Note:  There is a bug in the NX-OSv VIRL node that ends up creating all of the switch interfaces with the same MAC address (0000.0000.002f).  Obviously, nothing works if this is the case. The VIRL team is working on this, but there is a work-around…simply use AutoNetkit to create the switch configs, and each interface will have proper MAC addresses created. If you would rather do most of the configuration yourself, then still use AutoNetkit but choose the “Infrastructure Only” option…you will end up with a minimal starting configuration, but with working MAC addresses. AND…remember to click the “Build Initial Configurations” button before you start the simulation!!

Enjoy!!

Run the Race – Resurrection is a Fact (Charles Colson)

Came across this incredible quote…

“I know the resurrection is a fact, and Watergate proved it to me. How? Because 12 men testified they had seen Jesus raised from the dead, then they proclaimed that truth for 40 years, never once denying it. Every one was beaten, tortured, stoned and put in prison. They would not have endured that if it weren’t true. Watergate embroiled 12 of the most powerful men in the world-and they couldn’t keep a lie for three weeks. You’re telling me 12 apostles could keep a lie for 40 years? Absolutely impossible.”  (Charles W. Colson)

A powerful statement if there ever was one!! If you are not familiar with Charles Colson, he was one of several powerful men in President Nixon’s administration, and he was the only one to serve prison time for the Watergate scandal. During this time, he became a Christian and spent the rest of his life ministering to prison populations and their families. His work has touched hundreds of thousand lives.

And then there is little ole’ me. It is difficult to look at my life thus far, and try to measure it against Charles Colson. Come on Brad, get it in gear…

US-CERT Alert – Ransomware and Recent Variants (Read this!!)

The US-CERT and Homeland Security just released an alert concerning recent ransomware events targeting the medical industry, along with businesses in general…

US-CERT Alert – Ransomware and Recent Variants

This is important information which ALL network engineers should be aware of  and act upon! Please…do not delay!!

PS:  And no, this isn’t an April Fools joke…I sure wish it was!

Run the Race – See Others as God Does

We had our first performance of our Easter program at church this evening…it was a wonderful time of worship and remembering Christ’s sacrifice on the cross. It got me thinking…there are so many things wrong in this world…politics, race, religion, just to name a few. If the Christian church could just move past all of that and see people as God sees them, and then act accordingly, the changed lives as a result would be incredible!!

So can we all do that? Please?

I’m going to really try…

Office Phones Down on Monday Morning – DHCP Issue

If you are a Network Engineer, then having your phone ring early on a Monday morning is never a good thing. And that’s what happened this morning. Seems that none of our Cisco phones were working at the Corporate office…yep, none, as in 150 employees. (And it always seems to be the big offices…why does nothing go down at a little remote office that only has 3 employees?)

After talking to a couple of users (via cell phone of course), I realized that all of the phones were trying to get an IP address but were unable to.  (Phones were displaying:  Configuring IP). Well that is very interesting…and I recalled that the DHCP server was just replaced this past Friday. (Grrrrrr….how do you mess up a DHCP server?)

Well, it’s easy to mess things up if you don’t use the same IP address on the new server as the old server. Remember, DHCP is a layer two broadcast mechanism…the device booting up sends out a DHCP Request packet destined for all F’s, and the server responds.  Now, if the server is NOT on the same local network, then you need an IP helper statement such as this to properly forward the DHCP request…

interface Vlan11
description VoIP VLAN for Corporate office
ip address 10.11.2.1 255.255.255.0
ip helper-address 10.10.2.10

As you can see the switch will take any DHCP requests and forward as a unicast packet to the DHCP server. However, the new DHCP server had a different IP address. Why? I don’t know…however the server guy did fix the issue quickly, which was much appreciated. He simply changed the IP address of the new server to that of the old server…and boom, all of the phones started registering. You may be wondering about all of the PC’s on the network…they were working just fine as they were on the same local network as the DHCP server.

I then was able to finish shaving and get ready for the day. You just have to love Mondays…

GLIBC getaddrinfo Vulnerability in Linux Systems

A pair of Google researchers recently released a vulnerability report on the GLIBC function “getaddrinfo”, which if exploited, could crash the system or even give a hacker command line control. (Yikes!!) MANY Linux systems are vulnerable to this so please patch your systems quickly. GLIBC packages affected by this are versions 2.9 and newer…2.9 was released way back in 2008, so you can see that the size of the affected systems is huge! Note…”getaddrinfo” is used by systems in resolving DNS names to an IP address. Talk about important…right??

To see what version of GLIBC you are using, simply run the command:  ldd –version

Here is an example from one of my test Linux systems at work…

Example of affected GLIBC package

Example of affected GLIBC package

As you can see, this system is running version 2.10.1 of GLIBC and needs to be patched. For CentOS (which I’m running), you can obtain a more detailed listing about GLIBC this way…

GLIBC info from my CentOS system

GLIBC info from my CentOS system

Most Linux distributors have patches ready to fix the issue, so running the appropriate update commands should take care of things. For CentOS, just run “yum update” and it will grab the fix and apply it…a reboot of your system will be required.

Related links…
Google announcement
SANS InfoSec Post

Cisco Security Advisory – IKE Vulnerability in ASA Code (CRITICAL)

Cisco ASA (via cisco.com)

Cisco ASA (via cisco.com)

Cisco released a critical security advisory today concerning an IKE vulnerability within the ASA software OS…and let me tell you, this will affect a LOT of people! If you are running one of the affected software versions (and I am), then you will want to update your ASA appliance very soon. I’ll have mine updated in the next couple of days.

Don’t delay. Once you read the advisory, you will know why!