Friday, August 29, 2008

Coming to a bookshelf near you

My book on IPv6 Security is now available for ordering on

Eric and I are both very excited about this step in the process.
It won't be long before copies are flying off book store shelves. ;-)

Monday, August 11, 2008

BlackHat and DEFCON-16

I just got back from Black Hat and DEFCON. It really opened my eyes to the world of attackers and defenders. The keynotes at both day's briefings were very good. It seemed that the common themes were about DNS vulnerabilities, Web Application Firewalls, Citrix/Zen/VMWare/Hypervisor risks, and Cisco IOS attacks.

I am going to start testing ModSecurity for a WAF and comparing it to other WAFs. I am also going to start using DAVIX for visualizing network data.

Psyche also looks to be a pretty good NetFlow analysis tool. It is too bad that it only supports NetFlow v5 and no IPv6 data.

the Cisco Incident Response (CIR) tool looks promising for Cisco IOS diagnostics and forensics.

Old Stuff

This is a set of items that I had posted in previous years.

January 10 2007
I have been doing testing on IPv6 technologies in my lab and I have used
Dibbler which is a DHCPv6 server and client. My tests showed that this software works well on a LAN and with a DHCPv6 relay on a separate subnet from the client. Give it a try!

November 30, 2006
I have been using
FREEping from tools4ever to ping multiple systems all at the same time and give stats about the min/avg/max response times. I like using FREEping in addition to PingPlotter which I purchased many years ago. Nessoft also offers MultiPing but I haven't tested that yet. VisualRoute is also a good tool that gives a graphical output from Traceroute data.

November 28, 2006
I have been playing with
Wireshark. This is the latest version of Ethereal. I like the color coding of decoded packets. As an extra feature it also has the ability to create ACLs for any packet. The price is right and the code is tight. Check it out!
I also discovered
KDiff3 as a utility to compare two files. I have used it to compare two Cisco router configurations.

November 25, 2006
This weekend I discovered
Ubuntu. It is a great Linux distribution. It is easy to configure and get going and has a good look and feel.

November 2006
I have been continuing to work on my
EIGRP presentation for the December Colorado Cisco User Group meetings. The presentation will use a Cisco 871W wireless router to give the attendees remote access to the lab/demo. That should be cool!

October 2006
I have been playing with
The Metasploit Framework. This is a great utility for helping perform vulnerability assessments and general security testing. Version 3.0 is out now and is very cool.

Summer 2006
I have continued to perform research on IPv6. More and more vendors are talking about their IPv6 compatibility/conformance. It will be exciting to see how
Microsoft Vista will cause organizations to create a plan for their IPv6 migration.

Summer 2006
I have been studying a lot about wireless LAN technologies. In particular, Cisco's Wireless LAN Controller and WCS. It is great to see that the integration of Cisco and
airespace has culminated in an integrated product set that is fully deployable.

May 2006
I have been working with
ActiveState Perl on my laptop and I like it. I have been using the Net::Telnet::Cisco Perl module to connect to routers and switches and backup configuration information. The next step is to get my Perl scripts to work with SSH to connect to net devices.

April 10, 2006
This weekend I updated this web page and made it a lot more attractive.

April 5, 2006
I went to the annual 1-day conference and I learned a few new things.
Richard Bejtlich told us about Sguil which is a sessionizer of connections for NSM or forensics testing.

April 2, 2006
I have been testing IPv6 multicast applications and I ran into
Video LAN Client (VLC). This is the coolest little utility for playing and then streaming content. You can stream content to IPv6 or IP multicast addresses and then retrieve those streams with the exact same client. I have also tested Microsoft's ConferenceXP with IPv6 privacy addresses as a way to conduct a conference over IPv6.

January 2006
I have been using a whole disk encryption application on my laptop that has worked our great. I am using
SecureDoc from WinMagic with AES 256 and it works fantastically. There is no noticeable performance impact on my system and it has installed and operated so smooth it is unbelievable. I highly recommend that if you haven't used a whole disk encryption system that you check out SecureDoc.