Posts

Showing posts from May, 2019

Know Your Limitations

Image
At the end of the 1973 Clint Eastwood movie Magnum Force , after Dirty Harry watches his corrupt police captain explode in a car, he says "a man's got to know his limitations." I thought of this quote today as the debate rages about compromising municipalities and other information technology-constrained yet personal information-rich organizations. Several years ago I wrote If You Can't Protect It, Don't Collect It . I argued that if you are unable to defend personal information, then you should not gather and store it. In a similar spirit, here I argue that if you are unable to securely operate information technology that matters, then you should not be supporting that IT . You should outsource it to a trustworthy cloud provider , and concentrate on managing secure access to those services. If you cannot outsource it, and you remain incapable of defending it natively, then you should integrate a capable managed security provider . It's clear to

Dissecting Weird Packets

Image
I was investigating traffic in my home lab yesterday, and noticed that about 1% of the traffic was weird. Before I describe the weird, let me show you a normal frame for comparison's sake. This is a normal frame with Ethernet II encapsulation. It begins with 6 bytes of the destination MAC address, 6 bytes of the source MAC address, and 2 bytes of an Ethertype, which in this case is 0x0800, indicating an IP packet follows the Ethernet header. There is no TCP payload as this is an ACK segment. You can also see this in Tshark. $ tshark -Vx -r frame4238.pcap Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)     Encapsulation type: Ethernet (1)     Arrival Time: May  7, 2019 18:19:10.071831000 UTC     [Time shift for this packet: 0.000000000 seconds]     Epoch Time: 1557253150.071831000 seconds     [Time delta from previous captured frame: 0.000000000 seconds]     [Time delta from previous displayed frame: 0.000000000 seconds]     [Time since referen