WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

 


There is a new flavor of protocol reflection attacks on the streets!  

The TCP Middlebox reflection attack is the first reflection attack to utilize the TCP protocol. Traditionally the TCP protocol was not susceptible to spoofed source packets because of its state based nature (three way handshake).  Researchers at University of Maryland and the University of Colorado discovered that many network devices, such as load balancers, proxies, and firewalls, could be susceptible to specifically-crafted packets that could generate amplified traffic (up to 65x) at a victim.  These devices could be inherently susceptible to the spoofing because many of these devices have to contend with Asynchronous network traffic and out of order packets.

 

Akamai did a really great write up on what they saw and how they mitigated the attack. https://www.akamai.com/blog/security/tcp-middlebox-reflection

 

Shadow Server also has a write up. https://www.shadowserver.org/news/over-18-8-million-ips-vulnerable-to-middlebox-tcp-reflection-ddos-attacks/


So on to your firewalls:

The out of the box Palo Alto Firewalls do not appear to have any mitigation configured by default to protect against this attack.  But its not the end of the world.  Palo Alto and many other security vendors have low level TCP protection that basically normalizes TCP traffic and cuts out the flood attacks, malformed protocol attacks, etc., before they are even processed by your firewall. This minimizes  impact on the device resources like CPU and memory for these types of attacks.

 

In the Palo Alto world this is called "Zone Protection Profiles". If you run BPA (Best Practice Assessment) - which you should - then the Zone Protection Profiles are often flagged if you don't have them configured. 

 

The zone protection profile is pretty strait-forward to set up but, before you start, you need to do a little research and investigation into your device

  1. You need to determine the maximum CPS or connections per second your device can handle. This is a list of devices and their specs on the Palo Alto Networks site. https://www.paloaltonetworks.com/products/product-selection
  2. Next you will want capture some metrics around how many CPS your devices are seeing. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps
  3. Next you will want to do a few calculations and configure your zone protection profile. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles

 

Here is the "Cool SH*T Props" to Palo Alto Networks...when you create a zone protection profile, by default under the Packet Based Protection > and > 'TCP Drop the TCP SYN with Data' and 'TCP SYN ACK with Data' are already checked. This means when you apply your newly configured zone protection profile to your security zone it will protect you from current Middlebox vulnerability by dropping any of the cleverly crafted SYN packets because they would be larger then 0 bytes.

 


Yeah!


So I wanted to post a little bonus. Here is a quick and easy flood protection calculator I threw together in google sheets, just add your average CPS.








 

It's official!  Formula 1 has announced their newest US Grand Prix in Sin City.  I admit, I watched some Formula 1 in the late 90s but kind of fell out of following it...but since becoming a Covid hermit, and stumbling across Netflix's Drive to Survive, I am back in. 

 

Thanks to Netflix's Drive to Survive and the dramatic conclusion to the 2021 season driver championship, Formula 1 has taken hold in the US and F1 is taking advantage of the increased popularity.  Over the last few years there has been only 1 US GP at CODA in Austin, but the 2022 F1 calendar will be racing in Miami at the Miami International Autodrome for the first time. 

 

Lets get down to what we came for: the Las Vegas GP... 

 

The track is going to be a high-speed street course that races through the streets of Las Vegas and down the Strip.  It will be 3.8 miles long and have an estimated top speed of 212 mph.  With 14 corners, 3 straits, and 2 DRS zones the experts are predicting this is going to be low drag, high-speed course like Monza or Spa. 

 

Race Circuit


The race dates have not officially been released, but the rumors are it will be the weekend after Thanksgiving.  Also to take advantage of the venue, it will be a Saturday night race 10pm to midnight-ish... That time-frame makes sense because it would be early Sunday morning in Europe and afternoon in Asia and the Middle East.  Also how spectacular will it look having those cars racing through all the sights and lights of Las Vegas at night??  Seriously this could be a spectacular race.  

 

Prior to the race they will resurface all the roads that will be raced on to ensure they are smooth and ready for racing, and I cant imagine the amount of lighting and infrastructure they will need to build to accommodate the race. That would be an interesting documentary, behind the scenes of what it takes to put on the Las Vegas GP... Just Saying! 

 

Formula 1 Live Las Vegas Announcement


There is not a lot of information about race specifics since we are still a ways out.  I imagine people including myself might be booking rooms.  But before you book - one word of warning - last time I looked hotels in Las Vegas do not allow the windows to be opened so if you were expecting to book a room over-looking the strip, it may not be what you where hoping for, but we will wait and see.  

 

One thing is for sure, those of us who have been to Las Vegas and been on the strip know how epic the occasional Lambo or Ferarri sounds when they blaze by.  I cant wait to hear 20 F1 cars tearing down the same road - it will be epic.

 

Driver Reactions about Las Vegas Race

 

Best guess course route

 

I wanted to provide some links to Las Vegas GP resources. Its pretty few and far between but I will add them as I come across them.

 

https://www.f1lasvegasgrandprix.com

 

https://joesaward.wordpress.com/2022/03/31/las-vegas-and-formula-1/ 




 



Ingredients:

  • 1 oz. Malibu rum
  • 1/2 oz. Kahlua
  • 1/2 oz. dark cocoa liquor
  • 1 C hot chocolate
  • Whipped cream and chocolate shavings for topping if desired.

 

 Directions: 

Prepare hot chocolate as per your recipe. Add rum and Kahlua. Top with whipped cream and shavings if used.