FlowSpec – Using BGP for Rapid DOS Response

Using BGP FlowSpec to Push an ACL to the Edge of the Network, to Stop a DOS Attacks, and Build a DOS Response Architecture Version (0.7) FlowSpec provides large networks with an ability to push a layer 4 ACL rapidly to the edge of the network using the Network Layer Reachability Information (NRLI) expansion of Read More

Hardware & Software Vulnerabilities are Guaranteed

The long years of experience have taught me through experience, hardware & software vulnerabilities are guaranteed. It is not a matter of “if” but when. The sad reality is that most hardware and software vendors are not ready for vulnerabilities when they happen. Their response ranges from “I’m going to take legal suit” against the Read More

BGP Route Hijack – What can be done Today

Protecting your Business, Customers, & the Internet from BGP Route Hijack Chaos? (DRAFT – Version 0.5) The Internet is glued together with the Board Gateway Protocol (BGP). It may not be perceived as the “perfect” protocol, but it has delivered a transformative global network that spans the Internet and all telecommunications. It is stable, transparent, Read More

Are your customers infected with VPNFilter?

Everyone is talking about VPNFilter, but there is little information to know if my customers, my staff, or my own home is at risk? How do can I get plugged in? Understanding if you are at risk would be helpful to know if you need to drop everything and fix it now, fix it this Read More

Demand Security from your Vendors

There has been a lot of discussion in the security community about the Juniper Network disclosure of “inserted code.” Through the conversation, one element was missing. “What should an Operator do?” What should an Operator do? Simple, have meaningful security conversations that would help determine what their vendors are really doing with the security of Read More

Public Cloud DNS Resolvers (which offer services)

Public Cloud DNS Resolvers are now well known in the industry.  Google DNS has opened the door for many solutions offering a variety of DNS Resolver base solutions. Today, there is a multitude of cloud-based DNS Resolvers. These are services individuals might wish to explore. Everyone has the ability to control which DNS Resolver they Read More

memcached on port 11211 UDP & TCP being exploited

  TLP:WHITE UPDATE: As of 2018-03-17 ( Morning Update), more attack using the memcached reflection vector have been unleashed on the Internet. As shared by  Akamai Technologies “memcached-fueled 1.3 Tbps Attacks,” the application factors are “Internet Impacting.” Mitigation and Remediation Efforts are reducing the number of potential memcached reflectors. Please keep up the good work. Operators are asked Read More

Using the DNS Resolver to Protect Networks

Smart organizations use the DNS Resolver to Protect Networks.  Here is why …   A typical story ….. Imagine walking in to work the first thing in the morning. Your staff comes into the office. They get their coffee, fire up their computer, and check out the morning industry news. Your staff is alert, applies Read More

Preparing for DOS Attacks – the Essentials

Are you Prepared for your Next DoS Attack? Reporting DoS Attacks are the Key to Fighting Back!   A PDF copy of this paper can be downloaded here: [Download Reporting DoS Attacks] Don’t sit and be the victim of a DoS attack. Reporting DoS Attacks & Fighting Back against DoS attack require work before the Read More

Remote Triggered Black Hole (RTBH) Filtering

  RTBH Fundamentals You have three choices when you stand in front of an on rushing force. You can push back directly against that force. You can step aside and let the force push past you. Or, you can redirect the force to a location that you choose. Now think of that “force” in the Read More