pello's network security

Text Post

Posted 4 months ago

802.3x prezo

Breaking the myth about 802.3x usage. Here is a public prezo I did for a customer.

Click here to download the prezo.

Table of contents:

Do you really know Flow Control?
802.3x standard
Places where you will find 802.3x
Pause frames were created to defeat non wirerates switches
Symetric vs Asymetric 802.3x
Asymetric speed connected to the same L2 device
Flow control on trunk/etherchannel impact
Where to use flow control
(some) Cisco switches behavior
Pause frames in wireshark
802.3x Black Hat
802.3x versus QoS
Datacenter
Ethernet over MPLS
Operational tips
Best practices summary

Enjoy …

Link Post

Posted 4 months ago

Wireshark · OUI Lookup Tool

The Wireshark OUI lookup tool provides an easy way to look up OUIs and other MAC address prefixes. It uses the Wireshark manufacturer database, which is a list of OUIs and MAC addresses compiled from a number of sources.

Text Post

Posted 4 months ago

Wireshark: extract HTTP objects from captured traffic

Looking for an elegant way to extract HTTP objects (images, javascript, …) from a pcap file?

Open the pcap file under wireshark then click on FILE => Export => Objects => HTTP.

Text Post

Posted 4 months ago

802.3x blackhat pownage

Little leak from a future prezo for a customer:

802.3x flow control is a quick&dirty protocol. If you have physical access to install a hub anywhere on the network or already have a victim host under control it could lead to a massive Ethernet Denial of Service.

It’s very easy to kill a network at layer 2 if mitm is possible and flow control receive is on by replaying quanta 65535 pause frames.

Impact:

No new flows creation will be possible.

Existing connections breaks if DoS is longer than upper layers timeout.

Reply from 10.162.112.45: bytes=32 time<1ms TTL=255

Request timed out.

…

Request timed out.

Reply from 10.162.112.45: bytes=32 time=1729ms TTL=255 <— Attack stopped

Reply from 10.162.112.45: bytes=32 time<1ms TTL=255

2960_lab_test#sh int flow | inc (Fa0/48|Port)

Port Send FlowControl Receive FlowControl RxPause TxPause

Fa0/48 Unsupp. Unsupp. on on 385552 0

Text Post

Posted 4 months ago

Haha received another inquiry from PHP.Hop willing users! yes! phphop rstack page is down. Pls look at HiHat or glastopf projects.

Photo Post

Posted 4 months ago

bought 3 pieces of spitfire wax

Photo Post

Posted 4 months ago

Clap! Clap! Clap! this morning I got this pop-up in firefox in order to prevent the latest java epic flaw: http://seclists.org/fulldisclosure/2010/Apr/119

Text Post

Posted 4 months ago

cleaning python code after a fast and furious session

Text Post

Posted 4 months ago

ldpscapy

My last intern developped a MPLS LDP scapy layer.

You can find it here : http://savannah.nongnu.org/p/ldpscapy

Usage example:

LDP(id=”10.2.1.2”)/LDPHello(params=[180,1,1])/LDPInit(id=0x18,rid=rid)/LDPKeepAlive(id=0x19)

Link Post

Posted 4 months ago

LINUX Kernel Debugging and Crash Dump Analysis

User-land & kernel-land debugging tools, lkcd toolchain, k(g)db, …

printk is your friend! Could be better than a crontab with few userland commands output - priv8 j0ke! :)

Link Post

Posted 4 months ago

Offensive Security - The Exploit Database

The ultimate archive of exploits and vulnerable software - A great resource for vulnerability researchers and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Photo Post

Posted 4 months ago