Thinking problem management!

On the 11th, 21st and 22nd September Cool Ideas experienced several DDoS attacks. A DDoS = (Distributed Denial of Service) is simply the delivery of unwanted traffic to our highways. In this case the specific strain of attack is called a "DNS Amplification Attack", which affected certain customers. What is that in English? Well speaking figuratively, it's the equivalent of thousands uponthousands of "The Walking Dead" zombies on a highway heading to our network. They are everywhere. They're headed for your grandma's porch, your porch, and even your neighbour's porch. Even the highways were getting clogged. If you've ever been in a traffic jam after the school holidays on the N1, then you can picture it already! We wish to use this opportunity to apologise to our clients that were negatively impacted by these events. Whilst the details of the attack are quite technical in nature, the zombie analogy works very well. Read the article over at Co

The results found in this and subsequent sections within the report are based on a data set collected from a variety of sources such as publicly-disclosed security incidents, cases provided by the Verizon Threat Research Advisory Center (VTRAC) investigators, and by our external collaborators. The year-to-year data set(s) will have new sources of incident and breach data as we strive to locate and engage with organizations that are willing to share information to improve the diversity and coverage of real-world events. This is a convenience sample, and changes in contributors, both additions and those who were not able to participate this year, will influence the data set. Moreover, potential changes in their areas of focus can stir the pot o’ breaches when we trend over time. All of this means we are not always researching and analyzing the same fish in the same barrel. Still other potential factors that may affect these results are changes in how we subset data and l

Carpet bombing - the DDoS technique that's just perfect for attacking ISPs, cloud services, and data centers.   Read the article over at ZDNET: 'Carpet-bombing' DDoS attack takes down South African ISP for an entire day

Respeto said that "Just placing blocks on the UDP source port 3702 will prevent the traffic from hitting your servers. But that is only half of the issue, as the traffic is still congesting bandwidth on your router. This is where your DDoS mitigation provider would come in and add the needed ACL to block the attack traffic."  Read the article over at Techexplore:  Akamai speaks out on uptick of DDoS attacks

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.  Researchers from Netlab 360, who reported the mass infection late last week , have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Read the article over at ars technica:  A 100,000-router botnet is feeding on a 5-year-old UP

About six months ago, we first brought attention to the increasing number of high Mpps (high-rate) assaults DDoS perps are using—putting a new twist on tried-and-true attack vectors. Read the blog post over at Imperva: Can You Handle 300 Mpps? Forwarding vs Throughput Rate – The DDoS Perspective

UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it comes to keeping those networks secure.  It’s likely that many Hackaday readers provide some form of technical support to relatives or friends. We’ll help sort out Mom’s desktop and email gripes, and we’ll set up her new router and lock it down as best we can to minimise the chance of the bad guys causing her problems. Probably one of the first things we’ll have all done is something that’s old news in our community; to ensure that a notorious vulnerability exposed to the outside world is plugged, we disable UPnP on whatever cable modem or ADSL router her provider supplied. Read the article over at Hackaday: UPnP, Vulnerability As A Feature That Just Won’t Die

Internet routers are among the most ubiquitous devices home and business users depend on every day to carry out communications, banking, shopping and commercial transactions. IBM Security researcher Grzegorz Wypych (aka h0rac) took a closer look at one of the most widespread internet routers in use by consumers nowadays, the TP-Link WR-940, and found that a zero-day buffer overflow vulnerability in the router could allow malicious third parties to take control of the device from a remote location. Read the article over at Security Intelligence: Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

A new DDoS technique is adding a new twist to this common threat and upping the chance that an attack will have an impact on business operations. The new attack leverages a known vulnerability in Universal Plug and Play (UPnP) to get around many of the current defense techniques and swamp a target's network and servers. Read the article over at Dark Reading: New DDoS Attack Method Leverages UPnP

Back in May, Imperva researchers said they've seen botnets executing DDoS attacks via the DNS and NTP protocols, but using UPnP to disguise the traffic as coming from random ports, and not port 53 (DNS) or port 123 (NTP). Read the article on Bleeping Computer: Those Harder to Mitigate UPnP-Powered DDoS Attacks Are Becoming a Reality

Now that the technology has been with us for some time, interest in and adoption of software-defined wide-area networks (SD-WAN) is heating up. It’s a good time to look at what’s driving organizations to implement SD-WAN and what type of organizations the technology is best suited for.   Read the article over at Network World: 4 Common Use Cases for SD-WAN

A decision by pan-African telecommunications service provider Seacom to implement selective internet peering in South Africa could drive internet connectivity in the country “back to the Middle Ages”, experts have warned.  The announcement earlier this month that Seacom has ceased its open policy for peering – the process by which individual internet networks connect and exchange traffic – prevents the free exchange of internet traffic between service providers. Read the article over at The South African:  Here’s why internet connectivity in SA could be dealt a severe blow

Stories of Border Gateway Protocol (BGP) routing mishaps span the entire thirty-year period that we’ve been using BGP to glue the Internet together. Read the blog post over at APNIC: Why is securing BGP just so damn hard?

When weighing the choice between DIY and a managed service for SD-WAN, consider current WAN conditions, IT skill levels, geographic scope of the WAN, and how much control you’re willing to relinquish. Read the article over at Network World:  5 reasons to choose a managed SD-WAN and 5 reasons to think twice

The second quarter of 2019 saw DNS amplification DDoS attacks up m ore than 1,000 percent over the same period last year according to the latest threat report from Nexusguard .  Nexusguard researchers attribute Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65 percent of the attacks last quarter according to the team's evaluation of thousands of worldwide DDoS attacks. Read the article over at betanews:  DNS amplification attacks increase 1,000 percent

Bob was responsible for the IT in his mining investment company. In their new offices not to far from the bustling hub of economic activity that is central Johannesburg, Bob installed a new fibre service, the likes of which had been popping up all over the city. He ordered 50 Mb/s which was an order of magnitude better than the previous connection they had of a 20 Mb/s ADSL that never delivered more than 10 Mb/s. Bob then went the full enchilada and ordered a cloud based Voice over IP (VoIP) service. Read the article over at Medium: Providing crystal clear voice services over last mile link s

Before you purchase extremely expensive performance management software to analyze your applications check the basics. When you have done the basics then it is time to investigate further. Might save you some budget! Read the article on Medium: The 6 common things that make your application performance suck

Enterprises are flocking to buying express routes from a well known cloud provider. Here is the secret, it costs you more and helps you squat ! Read the article on Medium: Being on the express route to nowhere

In 2017, I realized a lot of the people I've worked with over the years were retiring. When these people leave the networking community, they take a wealth of knowledge about the intent, challenges, and inventions of the early Internet. I decided to capture as much of this history in oral format as possible--hence the history of networking recordings were started. I thought, at first, this would be a small, short-lived series, but I have been amazed by the reaction of the community, and the number of technologies and organizations involved in the design and operation of computer networks. Each of the recordings below is either someone who is intimately familiar with the origin of a technology or organization, or is one of the people who invented or popularized that technology. If you know of someone who should be here, please contact me, as I would like to collect as much oral history in this area as I can for this and future generations. These recordings

When building an IoT solution, you need to focus on what your target audience wants to use. To ensure that customers embrace your product, begin your journey by clearly defining your business requirements from the top down. Whether you’re a service provider or an enterprise building IoT products, make sure that you state the business requirements first and then move toward technological implementation s. Read the article over at Medium: Determining the Top Down Business Requirements for Deploying IoT

Many seem to imagine that IoT will deliver them a Harry Potter-esque “Marauder’s Map” — a magical dashboard by which they can see, track, and manage every “thing” where things are treated generically. Tracking chips have been around for decades. Although they’re technically viable, the generic commercial use case remains problematic. Early cycle racing technologies, which were effectively IoT by another name, can illuminate some of these problems and suggest solutions. Read the article over at Medium: Deploying IoT: Lessons Learned from Cycling Races

IoT solutions expand the digital world to previously remotely inaccessible buildings and infrastructure. IoT power sensors determine power-related failures within these future energy deployments in multiple physical locations. Read the article over on Medium: IoT and Smart Energy: Constructing Digital Building

Few IoT solutions are truly plug-and-play. Many IoT deployments are technically difficult and error-prone. Apple provides us with a blueprint for creating truly plug-and-play platforms. IoT developers and service providers should design their solutions according to Apple’s methodology. Read the article over at Medium: Plug & Play Best Practices for Wireless IoT Deployments

Currently, there is no standardized mechanism by which to determine dependencies in an IoT system. This article explores some example cases in which IoT sensors with this utility would be useful . Read the article over at Medium: Improving Infrastructure Reliability by Understanding IoT Dependencies

VPNs serve a great purpose as a secure access medium for administrators and road warriors. Administrators should by default use a VPN to access the management plane whether they are on a company’s LAN “trusted zone” or outside of it “the internet”. A normal user typically has trusted access from the LAN to company systems but not from the outside. Many people use port forwarding or other rules on a firewall to provide this type of access to these users from the outside. This is insecure as firewalls are nothing more than guards asleep at the gate. It is way better for these users to VPN into these systems using the typical road warrior configuration. Read the article over at Medium: Life in the VPN Lane

South Africa has been experiencing load-shedding yet again. These events have a detrimental effect on business productivity. Gridlock is a side-effect that demonstrates how these events impact the wider economy. This article explores how IoT is able to mitigate some of the effects of blackouts and load-shedding to allow businesses to better manage the resulting incidents. Read the article over at Medium: Using IoT to Reduce the Shock of Blackouts and Load-Shedding