Archive for the ‘Protocols’ category

  1. Introducing DNS Hammer, Part 2: Auditing a Name Server’s Rate Limiting Configuration

    Introducing DNS Hammer, Part 2: Introducing a new tool Part one of the series discusses DNS reflection attacks and DNS rate limiting. This post shows how to use DNS Hammer to audit a DNS server’s rate limit configuration. A dedicated web site offers the tool for download and instructions how to use it.

  2. Introducing DNS Hammer, Part 1: DDoS Analysis – From DNS Reflection to Rate Limiting

    This article discusses DNS reflection, a technique used in DDoS attacks. DNS rate limiting can be used as mitigation against DNS reflection attacks. This paves the way to our new tool DNS Hammer. The program can help auditing a DNS server’s rate limiting configuration.

  3. Attacking Wireshark

    Every once in a while there is some news about Wireshark being vulnerable to being attacked/exploited/pwned, meaning that there is a way to craft frames/packets in a pcap/pcapng file to make Wireshark crash and (if done right) execute malicious code. So let’s take a look at what that means and what can be done about […]

  4. SMB System Error 384

    This blog post highlights a very specific detail of Microsoft’s implementation of SMB. It might help those, who try to get rid of SMB version 1 and support staff dealing with inaccessible file shares.

  5. System Error 58 – Wireshark to the rescue

    The other day I was called to investigate a problem where a user could no longer mount a share. The client was running Windows 7. The user got the somewhat obscure message “System error 58 occurred”.

  6. Trace File Case Files: SMB2 Performance

    We had an interesting question regarding SMB2 performance on the Wireshark Q&A forum recently. Upon request the person asking the question was able to add a couple of trace files (=”capture” files).  The question and a link to the traces can be found here: Since the question nicely fits into the scope my talk […]