WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

 


There is a new flavor of protocol reflection attacks on the streets!  

The TCP Middlebox reflection attack is the first reflection attack to utilize the TCP protocol. Traditionally the TCP protocol was not susceptible to spoofed source packets because of its state based nature (three way handshake).  Researchers at University of Maryland and the University of Colorado discovered that many network devices, such as load balancers, proxies, and firewalls, could be susceptible to specifically-crafted packets that could generate amplified traffic (up to 65x) at a victim.  These devices could be inherently susceptible to the spoofing because many of these devices have to contend with Asynchronous network traffic and out of order packets.

 

Akamai did a really great write up on what they saw and how they mitigated the attack. https://www.akamai.com/blog/security/tcp-middlebox-reflection

 

Shadow Server also has a write up. https://www.shadowserver.org/news/over-18-8-million-ips-vulnerable-to-middlebox-tcp-reflection-ddos-attacks/


So on to your firewalls:

The out of the box Palo Alto Firewalls do not appear to have any mitigation configured by default to protect against this attack.  But its not the end of the world.  Palo Alto and many other security vendors have low level TCP protection that basically normalizes TCP traffic and cuts out the flood attacks, malformed protocol attacks, etc., before they are even processed by your firewall. This minimizes  impact on the device resources like CPU and memory for these types of attacks.

 

In the Palo Alto world this is called "Zone Protection Profiles". If you run BPA (Best Practice Assessment) - which you should - then the Zone Protection Profiles are often flagged if you don't have them configured. 

 

The zone protection profile is pretty strait-forward to set up but, before you start, you need to do a little research and investigation into your device

  1. You need to determine the maximum CPS or connections per second your device can handle. This is a list of devices and their specs on the Palo Alto Networks site. https://www.paloaltonetworks.com/products/product-selection
  2. Next you will want capture some metrics around how many CPS your devices are seeing. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps
  3. Next you will want to do a few calculations and configure your zone protection profile. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles

 

Here is the "Cool SH*T Props" to Palo Alto Networks...when you create a zone protection profile, by default under the Packet Based Protection > and > 'TCP Drop the TCP SYN with Data' and 'TCP SYN ACK with Data' are already checked. This means when you apply your newly configured zone protection profile to your security zone it will protect you from current Middlebox vulnerability by dropping any of the cleverly crafted SYN packets because they would be larger then 0 bytes.

 


Yeah!


So I wanted to post a little bonus. Here is a quick and easy flood protection calculator I threw together in google sheets, just add your average CPS.








 

It's official!  Formula 1 has announced their newest US Grand Prix in Sin City.  I admit, I watched some Formula 1 in the late 90s but kind of fell out of following it...but since becoming a Covid hermit, and stumbling across Netflix's Drive to Survive, I am back in. 

 

Thanks to Netflix's Drive to Survive and the dramatic conclusion to the 2021 season driver championship, Formula 1 has taken hold in the US and F1 is taking advantage of the increased popularity.  Over the last few years there has been only 1 US GP at CODA in Austin, but the 2022 F1 calendar will be racing in Miami at the Miami International Autodrome for the first time. 

 

Lets get down to what we came for: the Las Vegas GP... 

 

The track is going to be a high-speed street course that races through the streets of Las Vegas and down the Strip.  It will be 3.8 miles long and have an estimated top speed of 212 mph.  With 14 corners, 3 straits, and 2 DRS zones the experts are predicting this is going to be low drag, high-speed course like Monza or Spa. 

 

Race Circuit


The race dates have not officially been released, but the rumors are it will be the weekend after Thanksgiving.  Also to take advantage of the venue, it will be a Saturday night race 10pm to midnight-ish... That time-frame makes sense because it would be early Sunday morning in Europe and afternoon in Asia and the Middle East.  Also how spectacular will it look having those cars racing through all the sights and lights of Las Vegas at night??  Seriously this could be a spectacular race.  

 

Prior to the race they will resurface all the roads that will be raced on to ensure they are smooth and ready for racing, and I cant imagine the amount of lighting and infrastructure they will need to build to accommodate the race. That would be an interesting documentary, behind the scenes of what it takes to put on the Las Vegas GP... Just Saying! 

 

Formula 1 Live Las Vegas Announcement


There is not a lot of information about race specifics since we are still a ways out.  I imagine people including myself might be booking rooms.  But before you book - one word of warning - last time I looked hotels in Las Vegas do not allow the windows to be opened so if you were expecting to book a room over-looking the strip, it may not be what you where hoping for, but we will wait and see.  

 

One thing is for sure, those of us who have been to Las Vegas and been on the strip know how epic the occasional Lambo or Ferarri sounds when they blaze by.  I cant wait to hear 20 F1 cars tearing down the same road - it will be epic.

 

Driver Reactions about Las Vegas Race

 

Best guess course route

 

I wanted to provide some links to Las Vegas GP resources. Its pretty few and far between but I will add them as I come across them.

 

https://www.f1lasvegasgrandprix.com

 

https://joesaward.wordpress.com/2022/03/31/las-vegas-and-formula-1/ 




 



Ingredients:

  • 1 oz. Malibu rum
  • 1/2 oz. Kahlua
  • 1/2 oz. dark cocoa liquor
  • 1 C hot chocolate
  • Whipped cream and chocolate shavings for topping if desired.

 

 Directions: 

Prepare hot chocolate as per your recipe. Add rum and Kahlua. Top with whipped cream and shavings if used.

So we are going on year two of this Pandemic thing, and so far it looks like it might be here longer then we thought,  That being said with the new normal it has changed what we carry with us when we have to leave the house. Below are a few of the items I have come across that have worked really well for me.

Face Masks: I have tried quite a few but a few masks and mask accessories have risen to the top.
  • My Number One mask so far I just purchased and I have to say it is comfortable and provides really good protection. It is the U mask, https://www.u-mask.eu . I found this mask because quite a few of the Formula 1 teams actually use them. Here is a link to their protection information https://www.u-mask.eu/certifications
  • My second favorite mask is a cloth mask that was a included with SF B-Sides conference. It has been my go to for almost the entire pandemic. With the addition of the next item on my list.
  • This has been a life saver for me and can turn a mediocre face mask into a great fitting comfortable face mask. Its the 4ocean face mask support frame, this thing is awesome and your purchase goes to an awesome charity removing plastic from our oceans. 
  • Last but not least the good old fashion disposable masks. These masks have proven to be affective and are really comfortable. I am not a fan of one use masks but in a pinch.
  • Updated addition: I have been wearing a new mask from Cambridge Masks and I  really like it. They are super comfortable and offer a lot of protection. check them out https://cambridgemask.com/ . Also here is a link to their protection information https://info.cambridgemask.com/hc/en-us/categories/360005482191-Certifications-

Hand Sanitizer
  • I purchased a case of alcohol hand sanitizer at the initial onset of the pandemic from Raff Distillery in San Francisco and I am still using it. It doesn't look like they are producing it any more but here is a link to their web site. https://raffdistillerie.com/handsanitizer.html
  • I also purchased reusable flat pocket sprayers that fit in your pocket and are discreet so you can carry them anywhere. I filled them with the alcohol based hand sanitizer above and a little Vitamin E and inessential oils for smell. 
  • The travel size Purell hand sanitizers are the best if the spray just doesn't feel strong enough.
  • Lastly a small travel size Clorox wipes these are awesome to wipe down airline seats, hotel countertops, or pretty much any where sketchy.

I am become pretty comfortable with the new normal, in-fact I kind of like wearing face masks in public locations. It makes me feel covert.... In addition to the above I have a couple more things that I do that are probably not necessary but I do them anyway.  

The first is when I fly or I am stuck in a crowded indoor location I like to wear my glasses. I don't need to wear my glasses all the time, but I feel like it might add a small additional layer of protection, and does not look as paranoid as the entire face shield. 

Finally if I am traveling on the road or staying in a hotel or AirBNB I will bring a can of lysol to just spray and sanitize the general counter tops restrooms etc. I have a few friends that did this before there was such a thing as coronavirus but since the pandemic I have picked up the habit. 

Remember Get Vaccinated, Stay Safe and be Compassionate, the first two are obvious but Compassion for our fellow human beings is really what is going to get us through this Pandemic and the Stressful times many are experiencing.

Thanks!