If you knock, I'll let you in. Marking UDP traffic as Established.
By Brandon James on 2021-04-29 Tags: Security, Linux, Networking, GoPro
Despite being a connectionless protocol, many firewalls are able to track the state of UDP communication. One such firewall is IPtables on Linux. Let's consider a simple IPtables input policy permitting related and established traffic, but dropping everything else.
No luck? sad! The Problem with TCP Checksums
By Brandon James on 2020-12-30 Tags: Route/Switch, Security
It's simple to craft packets with identical checksums. TCP datagrams with UTF-8 encoded payloads 'No muck? rad!' and 'No luck? sad!' have identical checksums if the rest of the packet is identical. Changing the 'm' in muck to an 'l' and the 'r' in rad to a 's' results in a binary 1 being flipped to 0 and vice versa. Since these binary digits lie in the same position in different 16-bit words, the changes cancel each other out, resulting in the same checksum.
Don't use FHRPs without Authentication
By Brandon James on 2019-02-17 Tags: Route/Switch, Security
You are most likely running a first hop redundancy protocol somewhere in your network. If you aren't routing at the access layer and your running a traditional redundant core (ie you aren't using a switch virtualization platform such as Cisco's VSS), one of those places is probably your user facing SVIs. If you aren't using encrypted authentication on your FHRP, you're putting your enterprise at risk.