Thursday, 28 April 2011

Sony PlayStation site hacked

Yes!!! you read it right, your and mine favorite Gaming platform companies Sony PlayStation site has been attacked (SQL injection Attack)

A hacker broke into the PlayStation video game online network and stole names, addresses and possibly credit card data belonging to 77 million people.

It is believed to be one of the biggest-ever Internet security breaches of its kind.

In a public statement Sony said an

"illegal and unauthorised person" obtained people's names, addresses, email address, birth dates, user names, passwords, logins, security questions and more

Sony is reassuring the users of the PlayStation that "All credit card information stored in there systems was encrypted",

But we cannot rule out the possibility that the credit card data was stolen. and the second question is how strong the encryption was ?

However on the second hand if hacker down know the credit card detail but he still have unencrypted data whihc means he still have accessed your name, address, email address, birthday, password, and so on.

"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Sony said it hoped to restore some of the PlayStation network's services within a week.

Tuesday, 26 April 2011

configuring 802.1X and RADIUS on Cisco Catalyst Switch

aaa new-model
aaa authetication dot1x default group radius
aaa authorization network default group radius

dot1x system-auth-control

interface fa 0/10

switchport mode access

dot1x pae autheniotcator (Set 802.1x interface pae type)

dot1x port-control auto

dot1x max-req 4 (Max No.of Reauthentication Attempts)

dot1x reauthentication

dot1x guest-vlan 20

radius-server host key Cisco123


Saturday, 23 April 2011

Who viewed your Facebook profile

Who viewed your
Facebook profile !!!

Hi every one, once again rouge application is spreading virally, among facebook users that says it will provide you the facility to find out who has viewed your profile.

This Messages spreading rapidly across the Facebook social network users saying :

OMG OMG OMG... I cant believe this actually works! Now you really can see who viewed your profile! on

if you do continue
, your profile will be another victim of the viral scam which will be spreading the message to all of your online Facebook friends and family. And by the end you still would not ever find out who has been viewing your profile.

Have you wonder how many users fall under this scam , yes, it is astonishing figure of 60, 000 users.

If you have already hit by this scam , remove references from your profile and revoke the rights of rouge application.

There are couple of videos available on the youtube as well to clean up your facebook profile.

at the end , don't forget to warn your friends.

have a nice Easter

Thursday, 21 April 2011

TCP split handshake , vulnerability in most of the firewalls

TCP split handshake , vulnerability in most of the firewalls

On April 12 NSS Labs reported the potential vulnerabilities in Next-Generation Firewalls (NGFW).
TCP Split Handshake is an attack that would fool the firewall into thinking the IP connection is a trusted one (inside the network).

Report published on 12th of April mentioned all the major firewalls Cisco, Fortinet, Juniper, Palo Alto Networks and SonicWall has failed, Check Point was the only one that passed.

Cisco Adaptive Security Appliance (ASA) was one of the products mentioned as vulnerable to these attacks.however Cisco says that Cisco customers are not exposed to this issue .

Cisco reply to this is as under:

As part of our standard investigation process, we filed bugs to document and investigate the issues, not only for the ASA, but other potentially affected products such as the Cisco IOS Firewall feature (IOS-FW) and the Cisco Intrusion Prevention System (IPS).

Once we set to work trying to reproduce the issue on the ASA, we began freely exchanging our lab configuration and testing results with NSS and asking for any additional guidance they could provide. To date, Cisco has tested using numerous configuration, software and platform combinations, and all of the aforementioned products have blocked the TCP split handshake negotiation correctly. NSS no longer had access to an ASA, so they have been unable to reproduce the suspected behavior or provide any detailed information to aid the investigation.

Fast-forward to April, and we’re still unable to reproduce the TCP split handshake issue. Last week we sent NSS Labs a Cisco ASA in the hopes that they can gather some evidence of their claims and we are awaiting their test results. The Cisco PSIRT has made the bugs that were filed for investigation public, and based on the lack of evidence has closed them effective today. The Cisco PSIRT will continue to work with NSS and re-open the bugs should an issue be discovered.

Source (Russ Smoak April 14, 2011)

Friday, 8 April 2011

Network Attacks and Mitigation

I am sure this will be beneficial to all the people who are planning to appear in CCIE SEC main attacks and mitigation cramm sheet.


Resolve with ACL using fragment keyword or usefragment inside or fragment outside in ASA command

  • SMURF Attack:

Drop and stop ICMP Echo . Also can do CAR

  • FRAGGLE Attack:

Drop and stop UDP echo. Also can do CAR


no ip unreachables under router interface or threat-detection in ASA

  • TCP SYNC DoS Attack :

static or nat in ASA setting , MPF is also in ASA to fix this up in tcp-map .on router, you can use tcp intercept command.

  • UDP DOS Attack:

CBAC or ZBF on router.Threat Detection on ASA.

  • MiTM Attack in BGP:

Password in BGP Peers,GTSM setting.

  • Stealthing FIREWALL:

Stop firewall from responding to PING or TRACE.

  • SinK Holes and Black Holes:

static route command play with BGP Routing

  • IP Spoofing ATTACK:

uRPF on router. BOGON Address filtering (RFC 3330, RFC 2827 , RFC 1918 , RFC 1700 etc)uRPF on ASA .

  • DHCP Starvation Attack:

DHCP Snooping protection and Binding database.

  • ARP Poisoning Attack:

Dynamic ARP Inspection (DAI)

  • IP MAC Spoofing in Switches:

IPSG with IP or IPSG with IP+MAC setting!

Sunday, 3 April 2011


Comparison of RADIUS and TACACS+

Hi guys quick comparison between TACACS and RADIUS is as under

Developer Originally developed by Livingston (now industry standard) Cisco proprietary
Transport Protocol UDP port 1645/1646 and as per RFC 2138; 1812/1813

TCP port 49
AAA Support Combines the authentication and authorization packet and separates the accounting packets

Uses the AAA architecture and separates the three services of AAA
Challenge Response Unidirectional—Single challenge response Bidirectional—Multiple challenge responses

Protocol Support No NetBEUI Full support
Security Encrypts only the password in the packet Encrypts entire packet