I had a hard time figuring out how to configure OSPFv3 authentication on a Palo Alto Networks NGFW due to its different configuration formats compared to a Cisco router. TL;DR: The SPI must be set in hexadecimal, while the actual key (40 chars, hexadecimal) must…
This post guides through a basic DNS tunneling setup with the usage of the appropriate tool “iodine“. It shows how DNS tunneling works and lists the commands needed to run this type of attack. That is, you can tunnel IPv4 packets through this DNS channel…
I was presenting at the annual “Wireshark Developer and User Conference“, the SharkFest’25 EUtalking about “Securing DNS – Attacks and Defences“. It covered all the buzzwords related to DNS security, such as malware using DNS, DNS spoofing, DNS exfiltration & tunnelling, while defending them… Source…
On the Internet, it’s not only “always DNS” – it’s also about securing DNS. DNS faces a wide range of attack vectors, each requiring different defensive strategies. Here comes an overview of DNS securitywhich gives you all the keywords at a glance. This blog post…
While I was working on my presentation about “Secure DNS” for this year’s SharkFestthe Wireshark Developer and User Conference, I recognised that I’m still missing some DNS-related packet captures in the Ultimate PCAPthat is DNS over TLS and DNS over HTTPS. And while working on…
The other day, I was troubleshooting an issue where users reported that “some websites are working while some are not“. Uh. This is almost the worst scenario to face from a networker’s perspective. It’s way easier if things do or don’t work at all, but…
I just ran into a partially working Palo Alto firewall — a PA-1410 shipped with PAN-OS 11.0.3-h10 and ZTP (Zero-Touch Provisioning) enabled — as I exited ZTP mode to configure the firewall in standalone mode. However, this config shortcut did not work as expected. 🙁…
For a few weeks, our PlayStation stopped downloading game updates. I figured it was just a temporary issue with the PS4. Since it didn’t affect me directly but only the kids, I didn’t pay much attention at first. I planned to wait for a firmware…
