Archive for the ‘TCP/IP’ Category

Don’t ever count on L2 segmentation for security

Friday, May 1st, 2009

Recently I have done a penetration test and it once again showed why you should never trust the L2 segmentation for security.
The obvious reason not to trust L2 segmentation is that by using arp poisoning all your data between one ore more machines can be routed through another machine, and thus one is able to read all data sent and received between these machines. Introducing VLANs would help a lot, but even then there are techniques to circumvent these limitations.
(more…)

Tags:
Posted in Cisco Switching, Security, TCP/IP | No Comments »

Network problem turned out to be AD problem

Sunday, October 26th, 2008

Last week one of our stores had a problem with seemingly slow starting workstations. These workstations where hanging for at least 15 minutes on “Applying computers settings”.
The workstations that where affected at first seemed to be randomly.

Because the local admin had created a new master-copy a few weeks earlier, and he couldn’t remember whether the machines that where affected had received this new image I decided to first investigate the master before attempting to monitor the network.
All dynamic DHCP settings where okay, netsh int ip reset didn’t work, neither did deleting the whole network card and re-adding it.
(more…)

Tags:
Posted in Cisco Switching, TCP/IP, Windows | 1 Comment »

Strange MST ( Multiple Spanning Tree ) loop problem

Thursday, September 27th, 2007

A few months ago, before I started working for the company I now work for, one of the store outlets of the company had a big networking issues.
They figured out that the source of the problem was a local employee of the store who had connected a small US Robotics switch to the outlet, to provide for more UTP connections.
Recently, I had to logon to that switch and noticed that Spanning Tree had been enabled, and because I was told that the switch configuration had never been changed since the issue, I thought this was strange. Spanning Tree should have seen the loop, and prevented it by just disabling the port with the switch on it.
(more…)

Posted in Cisco Switching, Security, TCP/IP | No Comments »

Traffic Policing on Linux (Ubuntu)

Tuesday, August 29th, 2006

After users ( or your family at home ) have discovered the peer-to-peer program’s and are saturating your internet connection
you probably want to do something about it and give the really important connections a vast amount of traffic guarantee.
But what if you are running a mail server and you do not want your internet connection being filled with datatraffic from spammers?
Then we should do traffic shaping on the ingress interface. This is called Traffic Policing.
(more…)

Posted in Linux, TCP/IP, Ubuntu | No Comments »