ICT for Myanmar in English

Anyone of you having difficulty in troubleshooting MPLS as a beginner? I did some research and take notes for myself and now it is for you to do reference as well. MPLS troubleshooting can be divided into two main steps: 1) Verify routing information flow 2) Verify proper data flow - Routing information flow troubleshooting requires verification of end-to-end routing information propagation between CE routers. - Verification of the routing information flow should be done systematically, starting at the routing ingress CE and moving to the egress CE. - Verification of the data flow should be done systematically, starting at the data flow ingress CE and moving to the egress CE. There are three things to perform basic MPLS troubleshooting. They are, 1) Preliminary steps in MPLS VPN Troubleshooting: - Is CEF enabled? - Are labels for IGP routes generated and propagated? - Are large labeled packets propagated across the MPLS backbone (maximum transmission unit issues)? 2) Verify the routi...

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Ryzerlo which encrypts the victim's files and leaves an email address to be contacted to unlock victim's files. Infection cycle: The Trojan comes across as Pokemon Go game with the icon Once the victim installs the executable, the trojan adds the some changes to the registry. The Trojan adds two autostart objects to enable startup after reboot: %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[numbers].exe (copy of original) It tries to connect to the C&C server and then t he trojan encrypts all the victims documents with extensions * .txt, * .rtf, * .doc, * .pdf, * .mht, * .docx, * .xls, * .xlsx, * .ppt, * .pptx, * .odt, * .jpg, *. png, * .csv, * .sql, * .mdb, * .sln, * .php, * .asp, * .aspx, * .html, * .xml, * .psd, * .htm, * .gif, * .png with .locked extension.  The trojan creates the following two files on the victim's desktop. One includ...

A set of 4 critical Android  vulnerabilities were recently published by  CheckPoint . Successful exploitation of any of these exploits can give the attacker root privileges on the affected device. It is possible for an attacker to construct a malicious app that triggers these exploits with no need for special privileges making these vulnerabilities extremely dangerous.  The vulnerabilities were found in the software drivers that accompany Qualcomm chipsets. Thereby any Android device using Qualcomm chipset is vulnerable, this counts to nearly 900 million smartphones and tablets. The report by CheckPoint goes into the finer details about the vulnerabilities but below is a high level description of the same: CVE-2016-2059 : The vulnerability is present in a kernel module introduced by Qualcomm called ipc_router that provides inter-process communication where it is possible to convert a regular socket (CLIENT_PORT) into a monitoring socket (CONTROL_PORT). CVE-201...

On January 12th 2016, Microsoft announced it will stop supporting older versions of Internet Explorer. It means from now on, Internet Explorer 10 and prior will not get security updates. However many people are still using older versions of Internet Explorer, and it has become a potential threat. In July 2016, Dell SonicWALL observed that: - 0.7% of firewalls reported use of Internet Explorer 5.x. - 60.6% of firewalls reported use of Internet Explorer 6.x. - 71.1% of firewalls reported use of Internet Explorer 7.x. - 22.4% of firewalls reported use of Internet Explorer 8.x. - 24.3% of firewalls reported use of Internet Explorer 9.x. - 31.5% of firewalls reported use of Internet Explorer 10.x. Unpatched Internet Explorer is insecure and can damage the system. So, we, ICT For Myanmar would like to urges all our customers to review their environment and stop using Internet Explorer 10 and prior. Source : Dell SonicWall Security Center Have a good time. ...

A remote, unauthenticated vulnerability exists in PHP. The vulnerability allows an attacker to execute arbitrary code on the web server. CVE-2016-4343 is assigned to this vulnerability. PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language. PHP code may be embedded into HTML code, or it can be used in combination with various web template systems, web content management systems and web frameworks. A remote code execution vulnerability exists in PHP due to lack of proper sanitation when parsing TAR files. It fails to properly validate the values inside the headers found in the file. This allows a remote attacker to create malicious TAR files to cause the vulnerable server to execute code. The following versions of PHP are vulnerable: PHP prior to 5.5.36 PHP prior to 5.6.22 PHP prior to 7.0.7 If your device haven't patch to prevent this vulnerable, this is time to patch now. Source : Dell SonicWa...

Netscape Communications invented Secure Sockets Layer (SSL) protocol in 1994. It has been de facto standard for cryptographic protocol since then. Over the years the protocol has evolved (SSLv2.0 -> SSLv3.0 -> TLSv1.0 -> TLSv1.1 -> TLSv1.2) to increase security. Today, SSLv2.0 no longer provides a sufficiently high level of security. SSLv2.0 deficiencies include the following: Message authentication uses MD5. Most security-aware users have already moved away from any use of MD5. Handshake messages are not protected. This permits a man-in-the-middle to trick the client into picking a weaker cipher suite than it would normally choose. Message integrity and message encryption use the same key, which is a problem if the client and server negotiate a weak encryption algorithm. Sessions can be easily terminated. A man-in-the-middle can easily insert a TCP FIN to close the session, and the peer is unable to determine whether or not it was a legitimate end of the session. ...

ntpd is an implementation of Network Time Protocol which sets and maintains the system time of day synchronized with Internet standard time servers or any local references. Many major servers and devices come with inbuilt ntpd. NTP works with different variants like client/server, symmetric, and broadcast. Symmetric mode is used for time synchronization between the servers with authentication. It operates with two modes active and passive. Active mode packets are used when connection is already set. If connection is not set, passive mode packets are used to set up short passive connection for authentication. If packet which fails to authenticate is received, it responds with crypto-NAK packet. While processing incoming packets findpeer() function is called to see if packet is from existing peer. It returns pointer to peer structure or NULL depending upon whether peer is found or not. To check whether packet is crypto-NAK, valid_NAK() function is called. One of the parameters f...