Showing posts with label network. Show all posts
Showing posts with label network. Show all posts

Tuesday, September 18, 2018

Firewalls and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Need for Speed

I was looking for resources on campus network design and found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se slides (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention:



This bocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365red me, so I Tweeted about it.

This started some discussion, and prompted me to see what NSRC suggests for architecture cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days. You can find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest, from April 2018, here. Here is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bottom line for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir suggested architecture:






What do you think of this architecture?

My Tweet has attracted some attention from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 high speed network researcher community, some of whom assume I must be a junior security apprentice who equates "firewall" with "security." Long-time blog readers will laugh at that, like I did. So what was my problem with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original recommendation, and what problems do I have (if any) with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2018 version?

First, let's be clear that I have always differentiated between visibility and control. A firewall is a poor visibility tool, but it is a control tool. It controls inbound or outbound activity according to its ability to perform in-line traffic inspection. This inline inspection comes at a cost, which is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 major concern of those responding to my Tweet.

Notice how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 presentation author thinks about firewalls. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 slides above, from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2018 version, he says "firewalls don't protect users from getting viruses" because "clicked links while browsing" and "email attachments" are "both encrypted and firewalls won't help." Therefore, "since firewalls don't really protect users from viruses, let's focus on protecting critical server assets," because "some campuses can't develop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 political backing to remove firewalls for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 campus."

The author is arguing that firewalls are an inbound control mechanism, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are ill-suited for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most prevalent threat vectors for users, in his opinion: "viruses," delivered via email attachment, or "clicked links."

Mail administrators can protect users from many malicious attachments. Desktop anti-virus can protect users from many malicious downloads delivered via "clicked links." If that is your worldview, of course firewalls are not important.

His argument for firewalls protecting servers is, implicitly, that servers may offer services that should not be exposed to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet. Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than disabling those services, or limiting access via identity or local address restrictions, he says a firewall can provide that inbound control.

These arguments completely miss cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point that firewalls are, in my opinion, more effective as an outbound control mechanism. For example, a firewall helps restrict adversary access to his victims when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y reach outbound to establish post-exploitation command and control. This relies on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall identifying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attempted C2 as being malicious. To cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extent intruders encrypt cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir C2 (and sites fail to inspect it) or use covert mechanisms (e.g., C2 over Twitter), firewalls will be less effective.

The previous argument assumes admins rely on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall to identify and block malicious outbound activity. Admins might alternatively identify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 activity cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves, and direct cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall to block outbound activity from designated compromised assets or to designated adversary infrastructure.

As some Twitter responders said, it's possible to do some or all of this without using a stateful firewall. I'm aware of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cool tricks one can play with routing to control traffic. Ken Meyers and I wrote about some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se approaches in 2005 in my book Extrusion Detection. See chapter 5, "Layer 3 Network Access Control."

Implementing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se non-firewall-based security choices requries a high degree of diligence, which requires visibility. I did not see this emphasized in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 NSRC presentation. For example:


These are fine goals, but I don't equate "manageability" with visibility or security. I don't think "problems and viruses" captures cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 magnitude of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 threat to research networks.

The core of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reaction to my original Tweet is that I don't appreciate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 need for speed in research networks. I understand that. However, I can't understand cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 requirement for "full bandwidth, un-filtered access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet." That is a recipe for disaster.

On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, if you define partner specific networks, and allow essentially site-to-site connectivity with exquisite network security monitoring methods and operations, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I do not have a problem with eliminating firewalls from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 architecture. I do have a problem with unrestricted access to adversary infrastructure.

I understand that security doesn't exist to serve itself. Security exists to enable an organizational mission. Security must be a partner in network architecture design. It would be better to emphasize enhance monitoring for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 networks discussed above, and think carefully about enabling speed without restrictions. The NSRC resources on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 science DMZ merit consideration in this case.

Friday, September 22, 2006

Generating Multicast Traffic

If you're a protocol junkie like me, you probably enjoy investigating a variety of network traffic types. I don't encounter multicast traffic too often, so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following caught my eye.

I'm using Iperf for some simple testing, and I notice it has a multicast option. Here's how I used it.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following scenario, I have two hosts (cel433 and cel600) on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same segment. This is important because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 router(s) in this test network are not configured to support multicast.

I set up cel433 as a Iperf server listening on multicast address 224.0.55.55.

cel433:/root# iperf -s -u -B 224.0.55.55 -i 1
------------------------------------------------------------
Server listening on UDP port 5001
Binding to local address 224.0.55.55
Joining multicast group 224.0.55.55
Receiving 1470 byte datagrams
UDP buffer size: 41.1 KByte (default)

Now I generate multicast traffic from cel600.

cel600:/root# iperf -c 224.0.55.55 -u -T 32 -t 3 -i 1
------------------------------------------------------------
Client connecting to 224.0.55.55, UDP port 5001
Sending 1470 byte datagrams
Setting multicast TTL to 32
UDP buffer size: 9.00 KByte (default)
------------------------------------------------------------
[ 3] local 10.1.10.3 port 51296 connected with 224.0.55.55 port 5001
[ 3] 0.0- 1.0 sec 129 KBytes 1.06 Mbits/sec
[ 3] 1.0- 2.0 sec 128 KBytes 1.05 Mbits/sec
[ 3] 2.0- 3.0 sec 128 KBytes 1.05 Mbits/sec
[ 3] 0.0- 3.0 sec 386 KBytes 1.05 Mbits/sec
[ 3] Sent 269 datagrams

Here is what cel433 sees:

------------------------------------------------------------
[ 3] local 224.0.55.55 port 5001 connected with 10.1.10.3 port 51296
[ 3] 0.0- 1.0 sec 128 KBytes 1.05 Mbits/sec 0.146 ms 0/ 89 (0%)
[ 3] 1.0- 2.0 sec 128 KBytes 1.05 Mbits/sec 0.100 ms 0/ 89 (0%)
[ 3] 2.0- 3.0 sec 128 KBytes 1.05 Mbits/sec 0.110 ms 0/ 89 (0%)
[ 3] 0.0- 3.0 sec 386 KBytes 1.05 Mbits/sec 0.098 ms 0/ 268 (0%)
[ 3] 0.0- 3.0 sec 1 datagrams received out-of-order

The traffic looks like this:

cel433:/root# tcpdump -n -i xl0 -s 1515 udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on xl0, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet), capture size 1515 bytes
15:29:53.669508 IP 10.1.10.3.51296 > 224.0.55.55.5001: UDP, length 1470
15:29:53.680789 IP 10.1.10.3.51296 > 224.0.55.55.5001: UDP, length 1470
15:29:53.691934 IP 10.1.10.3.51296 > 224.0.55.55.5001: UDP, length 1470
...truncated...

This is a simple way to generate multicast traffic and ensure a member of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 multicast group actually receives it.

Update: I forgot to show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IGMP messages one would see when starting a multicast listener.

This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interface listening for multicast:

cel433:/root# ifconfig xl0
xl0: flags=8843 mtu 1500
options=9
inet6 fe80::2c0:4fff:fe1c:102b%xl0 prefixlen 64 scopeid 0x6
inet 10.1.10.2 netmask 0xffffff00 broadcast 10.1.10.255
ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r 00:c0:4f:1c:10:2b
media: Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet autoselect (100baseTX )
status: active

Here are IGMP report and leave messages.

cel433:/root# tcpdump -nevv -i xl0 -s 1515 igmp
tcpdump: listening on xl0, link-type EN10MB (Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet), capture size 1515 bytes
06:28:40.887868 00:c0:4f:1c:10:2b > 01:00:5e:00:37:37, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 46: (tos 0x0, ttl 1, id 59915, offset 0, flags [none], proto: IGMP (2),
length: 32, options
( RA (148) len 4 )) 10.1.10.2 > 224.0.55.55: igmp v2 report 224.0.55.55

06:28:42.196233 00:c0:4f:1c:10:2b > 01:00:5e:00:00:02, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 46: (tos 0x0, ttl 1, id 59920, offset 0, flags [none], proto: IGMP (2),
length: 32, options
( RA (148) len 4 )) 10.1.10.2 > 224.0.0.2: igmp leave 224.0.55.55

I used cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 -e option to show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 MAC addresses. Notice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 destination MAC for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se multicast packets.

06:31:21.467919 00:b0:d0:14:b2:11 > 01:00:5e:00:37:37, ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rtype IPv4 (0x0800),
length 1512: (tos 0x0, ttl 32, id 1652, offset 0, flags [none], proto: UDP (17),
length: 1498)
10.1.10.3.58479 > 224.0.55.55.5001: [udp sum ok] UDP, length 1470

The 01:00:5e:00:37:37 MAC address is a mapping derived from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 24-bit IANA multicast OUI 01:00:5e and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 multicast IP address 224.0.55.55.

Monday, September 18, 2006

SwitchProxy and Tor

I just wrote about Web Browsing with Tor. You might wonder if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's an easy way to switch to using Tor while running Firefox. I looked at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Torbutton extension, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I found SwitchProxy. I like SwitchProxy because can you configure multiple proxies and decide when to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

If you click on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 thumb image above you'll see me accessing a Hidden Service using Tor while I have Privoxy and Tor working togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r. Notice cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 URL -- http://6sxoyfb3h2nvok2d.onion/

I can just as easily switch to my production proxy, or even import a list of anonymous proxies and have SwitchProxy cycle through cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m every X seconds.

Installing Privoxy

A task I'm going to blog shortly recommends that I install Privoxy. I encounted some troubles using FreeBSD so I thought I would document cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

First I installed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package.

orr:/root# pkg_add -vr privoxy
...edited...
Running pre-install for privoxy-3.0.3_4..
extract: Package name is privoxy-3.0.3_4
extract: CWD to /usr/local
extract: /usr/local/man/man1/privoxy.1.gz
extract: /usr/local/sbin/privoxy
extract: /usr/local/etc/privoxy/config
extract: /usr/local/etc/privoxy/default.action
extract: /usr/local/etc/privoxy/default.filter
extract: /usr/local/etc/privoxy/trust
...edited...

***********************************************************
** Before running privoxy you must modify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file **
** /usr/local/etc/privoxy/config **
** **
** Start privoxy with: **
** /usr/local/sbin/privoxy /usr/local/etc/privoxy/config **
** **
** For documentation see: **
** /usr/local/share/doc/privoxy-manual or 'man privoxy' **
***********************************************************

Next I enabled Privoxy in /etc/rc.conf.

orr:/root# echo "privoxy_enable=YES" >> /etc/rc.conf

Next I tried starting Privoxy. I ran into some problems that I fixed with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

orr:/usr/local/etc/rc.d# mkdir /var/run/privoxy
orr:/usr/local/etc/rc.d# chown privoxy:privoxy /var/run/privoxy
orr:/usr/local/etc/rc.d# mkdir /var/log/privoxy
orr:/usr/local/etc/rc.d# chown privoxy:privoxy /var/log/privoxy

Here's what Privoxy looks like while running.

orr:/usr/local/etc/rc.d# ./privoxy start
Starting privoxy.
orr:/usr/local/etc/rc.d# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
privoxy privoxy 40053 3 tcp4 127.0.0.1:8118 *:*
richard firefox-bi 37850 22 tcp4 192.168.2.5:62936 66.249.83.83:80
richard ssh 691 3 tcp4 192.168.2.5:49499 172.16.3.2:22
root sendmail 468 4 tcp4 127.0.0.1:25 *:*
root sshd 462 4 tcp4 *:22 *:*
root syslogd 320 7 udp4 *:514 *:*

So what is this good for? Well, now that I have Privoxy listening on port 8118 TCP I can point my Web browser toward it. I tell Firefox to use localhost port 8118 and now all my Web requests use Privoxy.

I can test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 difference between normal Web browsing and Privoxy Web browsing by visiting http://config.privoxy.org/show-status. It shows information like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following.

Show-Request



Here you see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original headers that your client sent when requesting this page, along with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 headers that Privoxy would have sent to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remote server if this request hadn't been intercepted.


Original Client Request:


GET http://config.privoxy.org/show-request HTTP/1.1
Host: config.privoxy.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.7)
Gecko/20060917 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://config.privoxy.org/show-status
If-Modified-Since: Mon, 18 Sep 2006 15:25:41 GMT
Cache-Control: max-age=0

Processed Request:


GET /show-request HTTP/1.1
Host: config.privoxy.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.7)
Gecko/20060917 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Referer: http://config.privoxy.org/
If-Modified-Since: Mon, 18 Sep 2006 15:25:41 GMT
Cache-Control: max-age=0
X-Actions-File-Version: 1.8
Connection: close

This doesn't appear to be a big deal, but I'm using Privoxy's default configuration. In my next post I'll combine Privoxy with Tor to facilitate (but not guarantee) anonymous Web browsing.

Web Browsing with Tor

In my Installing Privoxy post I said I needed to install Privoxy for a certain task. I decided to use Privoxy with Tor to facilitate anonymous Web browsing.

First I installed Tor via package.

orr:/root# pkg_add -vr tor
...edited...
Package 'tor-0.1.1.23' depends on 'tsocks-1.8.b5_3' with 'net/tsocks' origin.
...edited...
extract: Package name is tsocks-1.8.b5_3
extract: CWD to /usr/local
extract: /usr/local/man/man1/tsocks.1.gz
extract: /usr/local/man/man5/tsocks.conf.5.gz
extract: /usr/local/man/man8/tsocks.8.gz
extract: /usr/local/bin/tsocks
extract: /usr/local/etc/tsocks.conf.sample
extract: /usr/local/lib/libtsocks.so.1
extract: /usr/local/lib/libtsocks.so
extract: /usr/local/share/examples/tsocks/tsocks.conf.complex.example
extract: /usr/local/share/examples/tsocks/tsocks.conf.simple.example
extract: /usr/local/share/examples/tsocks/README
...edited...
Package 'tor-0.1.1.23' depends on 'libevent-1.2' with 'devel/libevent' origin.
- already installed.
Running pre-install for tor-0.1.1.23..
Added group "_tor".
Added user "_tor".
extract: Package name is tor-0.1.1.23
extract: CWD to /usr/local
extract: /usr/local/man/man1/tor.1.gz
extract: /usr/local/man/man1/tor-resolve.1.gz
extract: /usr/local/man/man1/torify.1.gz
extract: /usr/local/bin/tor
extract: /usr/local/bin/tor-resolve
extract: /usr/local/bin/torify
extract: /usr/local/etc/tor/tor-tsocks.conf.sample
extract: /usr/local/etc/tor/torrc.sample
extract: CWD to /usr/local
extract: /usr/local/etc/rc.d/tor
...edited.
================================================================================
To enable cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tor server, set tor_enable="YES" in your /etc/rc.conf
and edit /usr/local/etc/tor/torrc. Also note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rc.subr script overrides
many torrc options and is tunable. See /usr/local/etc/rc.d/tor.sh for details
================================================================================
...truncated...

Next I made a copy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 config file and enabled Tor's startup script.

orr:/root# cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc
orr:/root# echo "tor_enable=YES" >> /etc/rc.conf

Finally I told Privoxy to accept connections and send cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to Tor, which would listen on port 9050 TCP.

orr:/root# echo "forward-socks4a / localhost:9050 ." >> /usr/local/etc/privoxy/config

Using SOCKS4A means my local host will not make DNS requests. Instead, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will be made by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SOCKS server (ostensibly through Tor).

Thanks to this guide for help!

Now I start Privoxy.

orr:/root# /usr/local/etc/rc.d/privoxy start
Starting privoxy.


Finally I start Tor.

orr:/root# /usr/local/etc/rc.d/tor start
/usr/local/etc/rc.d/tor: WARNING: /var/db/tor is not a directory.

That's no good. I make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 required directory. (Why isn't that a default?)

orr:/root# mkdir /var/db/tor
orr:/root# /usr/local/etc/rc.d/tor start
Starting tor.
Sep 18 10:50:59.336 [notice] Tor v0.1.1.23. This is experimental software.
Do not rely on it for strong anonymity.
Sep 18 10:50:59.346 [notice] Initialized libevent version 1.2 using method kqueue. Good.
Sep 18 10:50:59.348 [warn] /var/db/tor is not owned by this user (_tor, 256) but by root (0).
Perhaps you are running Tor as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wrong user?
Sep 18 10:50:59.349 [warn] Failed to parse/validate config: Couldn't access/create private data
directory "/var/db/tor"
Sep 18 10:50:59.350 [err] tor_init(): Reading config failed--see warnings above. For usage, try -h.

Shoot. I need to let cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 _tor user access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory I just made.

orr:/root# chown _tor:_tor /var/db/tor

Now I start Tor.

orr:/root# /usr/local/etc/rc.d/tor start
Sep 18 11:12:06.587 [notice] Tor v0.1.1.23. This is experimental software.
Do not rely on it for strong anonymity.
Sep 18 11:12:06.597 [notice] Initialized libevent version 1.2 using method kqueue. Good.
Sep 18 11:12:06.597 [notice] connection_create_listener(): Opening Socks listener on
127.0.0.1:9050
Sep 18 11:12:06.600 [warn] options_init_logs(): Can't log to stdout with RunAsDaemon set;
skipping stdout

Let's see what's listening.

orr:/root# sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
_tor tor 39325 4 tcp4 192.168.2.5:57518 62.35.214.207:9030
_tor tor 39325 5 tcp4 127.0.0.1:9050 *:*
_tor tor 39325 6 tcp4 192.168.2.5:56850 70.32.145.204:9001
_tor tor 39325 8 tcp4 192.168.2.5:64675 218.189.210.17:4806
root privoxy 39312 3 tcp4 127.0.0.1:8118 *:*
richard ssh 691 3 tcp4 192.168.2.5:49499 172.16.3.2:22
root sendmail 468 4 tcp4 127.0.0.1:25 *:*
root sshd 462 4 tcp4 *:22 *:*
root syslogd 320 7 udp4 *:514 *:*

Now I configure my Web browser to connect to port 8118 (where Privoxy is listening), and Privoxy will send my traffic to port 9050 TCP where Tor is listening.

Now if I browse to a site like whatismyip.com I get a result like 195.71.8.10, which is plug.rfc822.org.

You can see Tor node status at sites like serifos.eecs.harvard.edu/cgi-bin/exit.pl and node2.xenobite.eu/torstat.php.

Thursday, August 24, 2006

All Network Security Functions in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Switch

The ISS acquisition has me thinking again about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security space. I noticed Richard Stiennon wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:

Consolidation? Not even close. There are over 867 vendors in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IT-Harvest knowledge base this morning. When that number falls month to month we can start talking about consolidation.

I'm not sure that's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right way to look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 issue. How many of those companies are 1 year old or less? 2 years? 3 years? I'm guessing that many companies that were firewall development startups have eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r been bought or gone out of business. The same can be said for ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r product types. The vendor count may never decrease because new companies are always joining cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market to address new problems (or so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y claim). I think that process is consolidation.

The main reason I posted this entry, however, is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 title above. I am not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only person to discuss collapsing all network security functions into switches, and I have probably said something similar already. Nevercá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365less, I believe that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future is not bright for companies that want to introduce network security products but remain independent.

Let me define a few terms. By "network security" I mean products that interact with network traffic, for inspection or access control decisions. I do not mean products which work on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host level. When I say "remain independent" I mean start as a small company and grow to become a billion dollar plus company.

It seems as though all network security functions are going to collapse into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 devices which carry traffic -- switches. Consider a router to be a "layer 3 switch" for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sake of this argument. If you can't accept that, imagine I said "switches and routers" earlier.

I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 shelf life of point products is going to become increasingly short. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, I could see IBM eventually selling or abandoning its ISS network security product line. Why? IBM doesn't make switches or routers that compete with Cisco. The functions that ISS network security products provide, however, are going to end up in Cisco switches. Those features are going to be available as upgrades to sufficiently powerful switches, leaving managers with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 choice of running Cisco plus ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r boxes, or just Cisco. They will choose "just Cisco."

Am I Cisco hack? No (but I do have my CCNA). Do I think this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best of all possible worlds? No, since I prefer Cisco's routing and switching to its security products. Nevercá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365less, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 drive to consolidate products is going to eventually collapse network security functionality down to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only boxes which absolutely must remain -- switches.

I expect to see network security point products continue to be developed. However, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will continue to be outsourced research, development, and viability testing factories for Cisco. When Cisco sees a product it likes, it will buy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n integrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 functionality into its own equipment.

Where does this leave cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security gorillas, and gorilla wanna-bes? Those that focus on host-centric products may continue to exist, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a good chance that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y will be continue to be bought by Microsoft. Those that provide services to make all this work will grow. I think this is where IBM and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r giant integrators can make a good living.