Undecided

I’m just throwing away some old notes, figured I’d transcribe them in to my online notepad.

• 802.3af is the POE specification.
• FAST is Flexible Advanced Stacking Technology
• DVMRP is Distance Vector Multicast Routing Protocol
• Deep Packet Filtering – Match any field in the first 80 bytes.
• CANA is Custom Auto-Negotiation Advertisements
• MPLS is Multi-Protocol Layer Switching
• PIM is Protocol Independent Multicast
• IGMP is Internet Group Management Protocol
• IDS is Intrusion Detection System
• IPS is Intrusion Prevention System

• Stackable vs Modular ERS
  • Small – 1-1500 users
  • Medium 500-3000 users
  • Large 2000+ users

Start with a high MTU value (say 1500)

ping www.google.com -n 1 -f -l 1500

If the response includes

Packet needs to be fragmented but DF set

then lower the -l value by 10 and re-test.  Once you get a reply from your target address, increment the -l value by 1 until you cannot increment -l without receiving the above framentation message as a ping result.

This is your maximum MTU

Wired: Gathering ‘Storm’ Superworm Poses Grave Threat to PC Nets, by Bruce Schneier.

Thanks to Digg for finding this.

I’ve read some of Bruce’s work from time to time for over 8 years and have always been impressed with his work in cryptography and security.  The interesting points in this article include things like

“Not that we really have any idea how to mess with Storm. Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it.“  – Bruce Schneier [Wikipedia Bio / Bruce's Website]

And a link from the post to the author of an analysis of Storm’s (the name of the Worm) potential, leads us to:

“It is worth mentioning that multiple DDoS attacks have occurred in the December and January timeframe, targeted at anti-spam sites and anti-rootkit software developers. An attack was even launched against the personal website of the author of this analysis, in retaliation for research into botnet-controlled pump-and-dump stock spam. These attacks have been determined to be from no fewer than three independent and unrelated botnets. We see now the spam war is escalating to new levels. It could be that the spammers have been emboldened by the successful attack on BlueFrog last year, which shut down a service that was affecting the spammers’ ability to conduct their “business.” With no repercussions from that attack, or even older attacks which shut down certain DNS blocklists, it seems that more spammers are willing and able to attack anyone who threatens their profit potential.”  – Joe Stewart

I’ve always thought that the design of a worm or virus that does damage is self defeating, as Bruce points out:

“Old style worms — Sasser, Slammer, Nimda — were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they’re different. These worms spread more subtly, without making noise. Symptoms don’t appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.” – Bruce Schneier

Talk like this always wants me to go in to the cryptography and security industry.  A challege like this (to thwart the constant evolution of destructive or disruptive software) would be exciting.  Perhaps if my career moves more towards networking it would be possible to pursue this at some future point in my life, but to do so now would be such a huge change in direction for my career track that I would be entry level at best.