Archive for Blog - page 3

Palo Alto: Instant Commit

Finally! With PAN-OS 11.0 Palo Alto Networks introduced an “instant commit”. That is: You no longer have to commit (and wait and wait and wait) until your changes are live, but everything you do is IMMEDIATELY active. Just as on any other firewall, e.g., the…

Continue reading →

Scanning SSH Servers

For administrative purposes, SSH is used quite often. Almost everyone in IT knows it. Keywords: OpenSSH, simply using “ssh <hostname>” on your machine, PuTTY for Windows, username + password or public key authentication, TCP port 22, simple firewall rules, ignoring the fingerprints… Source link Author:…

Continue reading →

#heiseshow: IPv6 setzt sich langsam durch – die wichtigsten Fragen

Ich durfte zu Gast bei der #heiseshow zum Thema IPv6 sein. In Anlehnung an die Artikelserie über IPv6 in der c’t 7/2022, in der auch mein Artikel über die Vorteile von IPv6-Adressen erschienen ist, ging es bei diesem Video-Podcast um gängige Fragen zu IPv6 sowohl…

Continue reading →

Partial NTP Pool: The leap second that wasn’t

An analysis of some falsified leap second warnings that appeared in November 2021 on public NTP servers out of the NTP Pool Project. Introduction When using time scales such as UTC that do not use daylight saving time, each day has a strict 60 x…

Continue reading →

PAN: Logging of Packet-Based Attack Protection Events e.g. Spoofed IP

I just had a hard time figuring out that a network routing setup was not working due to a correctly enforced IP Spoofing protection on a Palo Alto Networks firewall. Why was it a hard time? Because I did not catch that the IP spoofing…

Continue reading →

Palo Packet Capture: Choosing the Right Filter

Palo Alto firewalls have a nice packet capture feature. It enables you to capture packets as they traverse the firewall. While you might be familiar with the four stages that the Palo can capture (firewall, drop, transmit, receive), it’s sometimes hard to set the correct…

Continue reading →

Server-Verfügbarkeit: Monitoring-Werkzeuge

Angreifer verwenden gern Ping und Traceroute, um Server im Internet ausfindig zu machen. Das bringt viele Security-Admins in Versuchung, den Ping- und Traceroute-Verkehr mittels ihrer Firewall in ihrem Netz zu unterbinden. Doch damit behindern sie nur die Arbeit von Server-Administratoren, denn… Source link Author: legendary…

Continue reading →

Netzwerkmitschnitte mit tshark analysieren

Haben Sie mal Netzwerkmitschnitte untersucht, ohne zu wissen, was genau Sie suchen? Mit Wireshark wird das leicht zu einer Odyssee: Das Analysewerkzeug filtert zwar fabelhaft, reagiert bei großen Datenmengen aber schnell zäh. Was bei solchen Problemstellungen hilft ist: tshark! Ein Tool, mit… Source link Author:…

Continue reading →

Page 3 of 5 1 2 3 4 5