While playing around with AWS CloudWatch Log Insights to analyze VPC flow logs, I thought of a couple of fun ways to identify (probably) malicious traffic.
Finding Vulnerability Scanners These are the guys that hammer your box looking for anything from silly SQL injection attacks (so 2005) to CSRF vulnerabilities. The tell: look for hosts that reuse the same source port.
The Query filter (srcPort > 1024 and srcAddr !
Puzzled by networking on AWS? Check out my AWS networking deep dive series!
AWS Networking Deep Dive: Route 53 DNS Configure Route 53 for any domain name, and configure health checks and routing policies.
AWS Networking Deep Dive: Virtual Private Cloud (VPC) Create secure and scalable VPCs. Implement multi-VPC topologies, build peering connections, network address translation, and more.
AWS Networking Deep Dive: Elastic Load Balancing (ELB) Securely configure load balancing for any public or private application.
I think it’s time to stop using the term “network function virtualization”. Why? Because it doesn’t exist, at least not in the way the term suggests. The term is a category error, and when people try to make sense of the term, confusion and frustration ensue.
Think of it like this: what’s the difference between a “virtual network function” and a “non-virtual network function”? For example, how is “virtual IP forwarding” different than “non-virtual IP forwarding?
I know what you’re thinking. “Why use Visual Studio Code instead of the PowerShell ISE?” Well, if you’re using Mac OS or Linux, you don’t have the option to use the PowerShell ISE natively. And that’s a problem if you want to take advantage of the cross-platform capabilities of PowerShell Core. In this article, I’ll show you how to use Visual Studio Code (free!) to perform the key functions of the PowerShell ISE, namely:
If you haven’t learned IPv6 yet, well, you’re not the only one. In December 2016, IPv6 (as we know it today) turned 18 years old. Children who were in the womb when RFC 2460 was being drafted are now old enough to vote, get married, and purchase firearms in some states.
In honor of IPv6’s 18th birthday, allow me to share my theories on why people have been so slow to adopt it.
Forget using scripts and group policies to configure a new Windows Server machine. Using Chocolatey and Puppet, you can do it faster & easier than ever (and it’s more fun too). This is especially true if you’re using a Server Core installation and don’t have a GUI to help you along. Oh, and if you don’t know Puppet, you really should watch my course Puppet Fundamentals for System Administrators on Pluralsight 🙂
I recently ran into a bizarre issue with users not being able to launch applications from a very old Citrix Presentation Server 4.0 farm when trying to launch from Citrix Web Interface 5.4. They were getting the eminently unhelpful, “An error occurred while making the requested connection.”
The Diagnosis In the web interface application logs, I noticed this:
An error of type IMA with an error ID of 0x80000003 was reported from the Citrix XML Service at address (servername)