Tag Archives: WIRESHARK

Episode 3 – Simple Network Design

We returned to record our third episode on Sunday April 4, 2013.

Interesting News and Events

  • Gumtree serves world’s worst exploit kit to scores of Aussies – Malware expert Jerome Segura says Australia’s most popular classifieds site, Gumtree.com.au, was serving the world’s most capable exploit kit to some of its millions of monthly visitors.
  • SAMSAM: THE DOCTOR WILL SEE YOU, AFTER HE PAYS THE RANSOM – Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom. A particular focus appears to have been placed on the healthcare industry.Adversaries have been seen leveraging JexBoss, an open source tool for testing and exploiting JBoss application servers, to gain a foothold in the network. Once they have access to the network they proceed to encrypt multiple Windows systems using SamSam.
  • BIOS upgrades needed for fre…..ezing Cisco switches – Too-talkative PCIe bus can leave Nexus 5600 and Nexus 6001 just hanging around
  • Digital Attack Map – Digital Attack Map is a live data visualization of DDoS attacks around the globe, built through a collaboration between Google Ideas and Arbor Networks. The tool surfaces anonymous attack traffic data to let users explore historic trends and find reports of outages happening on a given day.
  • Norse CorpNorse Live Attack Map – Sources: Security Firm Norse Corp. Imploding

Roundtable Discussion

  • Cables
  • Wiring closet
  • HVAC / Environmentals and Cooling
  • Data Center / MDF / IDF
  • Uninerruptible Power Supply / Generators
  • Start with templates for small, medium and large size networks
  • Try to stick to your design and don´t do every site completely different
  • WAN connectivity >> what is available?
    • >> ISP >> DSL, cable Modem , 4G backup
    • >> Dark Fibre , Metro Ethernet
    • SDWAN ?
  • Core Layer
  • redundant Core ?
  • modular or fixed form factor
  • Uplink capacity
  • L2 and L3 redundancy
  • Access Layer
  • Switch selection process:
  • single switch vs. stack
  • Uplinks,
  • VoIP and PoE
  • Port requirements
  • -How to deal with insufficient passive cables
  • WLAN
  • Site survey
  • AP deployment
  • 2.4Ghz or 5Ghz design and preferences
  • RollOut Planing
  • Project management
  • patching all the needed end user connections
  • Full patch deployment vs. patch only when required

What tools are you using?

If you need to perform a wireless packet trace across multiple 2.4Ghz or 5Ghz 802.11 channels you can leverage multiple AirPcap wireless adapters from Riverbed using WireShark to capture all the channels concurrently. The AirPcap multi channel aggregator helps mux all the 802.11 channels into a single WireShark capture saving you a lot of time and effort.

Cheers!