While playing around with AWS CloudWatch Log Insights to analyze VPC flow logs, I thought of a couple of fun ways to identify (probably) malicious traffic.
Finding Vulnerability Scanners These are the guys that hammer your box looking for anything from silly SQL injection attacks (so 2005) to CSRF vulnerabilities. The tell: look for hosts that reuse the same source port.
The Query filter (srcPort > 1024 and srcAddr != "
I recently got an email from a viewer of my Practical Networking course who asked how the TCP/IP networking terms I used mapped to the Open Systems Interconnect (OSI) model.
First, a bit of background. The OSI model is a generic networking model that is supposed to describe conceptually how networks carry data. Within the last four decades or so, 99.9% of all computer networking curricula for beginners has started by rehashing the OSI model.
Puzzled by networking on AWS? Check out my AWS networking deep dive series!
AWS Networking Deep Dive: Route 53 DNS Configure Route 53 for any domain name, and configure health checks and routing policies.
AWS Networking Deep Dive: Virtual Private Cloud (VPC) Create secure and scalable VPCs. Implement multi-VPC topologies, build peering connections, network address translation, and more.
AWS Networking Deep Dive: Elastic Load Balancing (ELB) Securely configure load balancing for any public or private application.
You probably know the popular Google DNS server IP addresses by heart: 8.8.8.8 and 8.8.4.4. Before those were around you might have even used Level3’s 4.2.2.1 and 4.2.2.2. Of course, everyone else uses these too, which means these popular servers are under a pretty heavy load.
Fortunately, there are faster public DNS servers out there. Much faster.
101 DNS Servers I’ve compiled a list of 101 public DNS servers (PDF), sorted in order of fastest to slowest (for me).
youtube Z7IwF1oSA5M
Learn to subnet in your head in just seconds! This clip is from my Pluralsight course Basic Networking for CCNP Routing and Switching 300-101 ROUTE.