Posts Tagged With ‘best practices’

  1. Introducing DNS Hammer, Part 2: Auditing a Name Server’s Rate Limiting Configuration

    Introducing DNS Hammer, Part 2: Introducing a new tool Part one of the series discusses DNS reflection attacks and DNS rate limiting. This post shows how to use DNS Hammer to audit a DNS server’s rate limit configuration. A dedicated web site offers the tool for download and instructions how to use it.

  2. Introducing DNS Hammer, Part 1: DDoS Analysis – From DNS Reflection to Rate Limiting

    This article discusses DNS reflection, a technique used in DDoS attacks. DNS rate limiting can be used as mitigation against DNS reflection attacks. This paves the way to our new tool DNS Hammer. The program can help auditing a DNS server’s rate limiting configuration.

  3. Attacking Wireshark

    Every once in a while there is some news about Wireshark being vulnerable to being attacked/exploited/pwned, meaning that there is a way to craft frames/packets in a pcap/pcapng file to make Wireshark crash and (if done right) execute malicious code. So let’s take a look at what that means and what can be done about […]

  4. Wireshark Column Setup Deepdive

    Every once in a while I check the blog statistics for the searches that have brought visitors here. Most of them are more or less concealed versions of “how can I grab the password of others/my ex partner/my children/friends”, which comes as no surprise. Today I saw one search expression that I used as inspiration […]

  5. PCAP Split and Merge

    Sometimes it also happens during network troubleshooting engagements, but it is also common for analysis jobs regarding network forensics: dealing with huge number of packets, sometimes millions or more. Two typical situations may have you scratch your head: either you have one huge file containing all packets at once, or you have a ton of […]

  6. The Network Capture Playbook Part 5 – Network TAP Basics

    Most network captures are recorded using SPAN ports, as we’ve seen in the previous part of this series. Now that we know what SPAN is all about, it’s time to find out what TAPs are all about, and why you would want (or need) to use them in network capture. TAP is an acronym for […]

  7. The Network Capture Playbook Part 4 – SPAN Port In-Depth

    We have briefly covered SPAN ports in previous posts of this series, but there are so many things to consider that we have to look at the advantages and problems more closely. Even more so since it looks like there is a constant “battle” going on between SPAN and TAP supporters – some analysts will […]

  8. How millisecond delays may kill database performance

    Mike, an old buddy of mine is one of the best database application development consultants I have ever met. We worked together for the same company for a couple of years before I got into network analysis and he started his own company. A couple of months ago I found out that there was going […]

  9. Tweaking Wireshark Columns and Decodes

    It’s a funny thing about using Wireshark – I think I am pretty good at using it in an efficient way, but there are always some new tricks that I learn every once in a while. The Multi IP layer problem Maybe you have seen this in a trace before: some packets contain more than […]