Vulnerable OMA-DM Implementations and Over the Air Hacks

Earlier today, I was listening to Risky Business show #341. In this show Matt Solnik discussed vulnerabilities that he attempted to share at BlackHat. I say attempted, because it sounds like they may have had some issues with audio/video during critical times of the presentation. Nonetheless, it seems like there are many vulnerable implementations of the open mobile administration device management (OMA-DM). I took a minute to dig up some of the videos published by Accuvant that makes this stuff real.

Over the Air Code Execution and Jailbreak

NIA-Based Lock Screen Bypass

Continue reading

Posted in Blogroll, Security, Technology | Leave a comment

Using Ping Sweep to Find MTU Ceiling

Earlier this week I had breakfast with a very interesting group. One of those present had an extensive history with Cisco systems. We talked about his tenure and several of the projects that he had been involved in. For some reason, one that caught my attention was the sweep option that we find in the extended Ping utility. Although it is hard to believe, there was a point in time that this gem didn’t exist.

I’ve written a few articles about the challenges of path MTU discovery and the issues that arise when it misbehaves. Today’s article looks specifically at using a ping sweep and how it can be used to quickly identifying the path MTU ceiling. The topology used for testing is simple and shown below. Notice that the two top routers are connected by a link with a lowered MTU (1492).

Ping Sweep MTU Discovery

Let’s step through the process that an administrator might go through when a networked application isn’t working correctly. He or she would likely determine the endpoints and confirm reachability. For this example, I am testing a connection between and The ping command is the tool of choice for confirming reachability. Continue reading

Posted in Network, Technology | Tagged , , | 1 Comment

Classic IOS as a DNS Server

There is an occasional need for a DNS server in the absence of a dedicated host. This may occur in the following situations–

  • Using PAT, Public DNS may return a non-RFC1918 address for internal server
  • Lab/Demo Environment
  • Other Name Resolution challenges in SOHO, SMB or Branch Office

When these corner-case challenges present, an IOS router may be beneficial by providing basic DNS functions. Assuming the router already has Internet connectivity, the configuration is straightforward–

//enable the dns server functionality
IOS-DNS(config)#ip dns server 

//if public requests should be resolved, configure one or more name
//servers as resolvers and confirm domain-lookups are enabled
IOS-DNS(config)#ip name-server
IOS-DNS(config)#ip domain-lookup

Continue reading

Posted in Network, Technology | Tagged , | Leave a comment

IP Subnetting Part 5: Subnetting Across the Octet Boundary

Throughout this series, we have examined several fundamental building blocks of subnetting. In IP Subnetting Part 4, we looked at what was required to subnet a Class C network. This article takes the fundamentals one step further and looks at subnetting a Class A address. We will also add the complexity of crossing octet the octet boundary for both the subnet and the host portions of the address.

A Class A IP address has the following characteristics–

  • I’s first octet begins with binary 0…….
  • The first Octet will be in the range of 1 to 63 (0 is invalid)
  • The first Octet (leftmost) represent the Network
  • The last three Octets (rightmost) represents a Host on a network

You will also recall that a single network can be subnetting into multiple, smaller networks.

Using a consistent syntax, we could represent a Class A network as follows.
Continue reading

Posted in CCNA, Certification, General, Network, Technology | Tagged , , , , | Leave a comment

Using NVI to Allow Internal Hosts to Connect to Public Addresses of Hosted Servers

IP NAT is a very common configuration. One of the challenges that sometimes surfaces is the need for internal hosts to connect to the public address of a locally hosted server. Anyone who has tried to configure something like the following has likely faced this issue.

IP NAT ExampleIn this example, the top of the diagram represents the outside (Internet, ISP, or External Server), the left represents the DMZ area, and the bottom represents the inside. The goal is to enable dynamic port address translation for internal hosts and static port address translation for the host or hosts found in the DMZ area.

This configuration is fairly straightforward and typically covered in the CCNA curriculum. This includes identifying each interface as inside or outside and configuring the appropriate nat statements.

R1 Configuration

Continue reading

Posted in CCNA, Certification, General, Network, Security, Technology | Tagged , , , | Leave a comment

Getting the Sourcefire Firepower VM working Inline

The Sourcefire NGIPS/NGFW solution is a way to quickly get some interesting information about traffic on a network. One of the things I like about the solution is that actionable information is almost immediately available after deployment.

Sourcefire Screenshot

There are five deployment modes for a Sourcefire Firepower appliance:

  • Routed
  • Switched
  • Hybrid
  • Inline
  • Passive

Passive and inline modes are the two deployment options for the Virtual versions of the Firepower appliances. Inline mode provides significant advantages over simple passive monitoring. Inline mode allows the appliance to block offending traffic or communications that violates the configured policy. Following the installation guide is straightforward and should allow a security engineer to quickly get this solution up and running.

Continue reading

Posted in Network, Security, Technology | Tagged , | Leave a comment

IP Subnetting Part 4: Subnetting a Class C Network

At this point in the PacketU subnetting series, we have worked through the following–

This article takes the concept of subnetting to the next step. Today we are going to look at the concepts required to subnet a Class C network. As we reflect on the Classful IP rules, we recall that a Class C network has the following characteristics–

  • First octet begins with binary 110…..
  • The first Octet will be in the range of 192 to 223
  • The first three (three leftmost) octets represent a Network
  • The last (rightmost) octet represents a Host on a network

We also know that this single IP network can be further subdivided into multiple, but smaller, networks. This process is known as subnetting.

Continuing with the syntax used in previous articles, we might represent a Class C Network as follows– Continue reading

Posted in CCNA, Certification, General, Network, Technology | Tagged , , , , | Leave a comment

Useful Links — Cisco Quicklinks

I just wanted to take a quick moment to share a site Dan DeBusschere has created. This site is a list of very useful config snippets, information and links. Most of the content is focused on Datacenter and UCS. If you support this type of environment, check it out.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart.  This may or may not reflect the position of past, present or future employers. 

Posted in Blogroll, Technology | Tagged | 1 Comment

Joining the Cisco Team

HeadShots-10pToday was a bittersweet day for me. It was my final day working with a great group of people at a prominent community bank. I have nothing but good things to say about the people, the organization, and the interesting projects I’ve been involved in. I’ll miss everyone a lot and plan to stay in touch.

Tomorrow I begin a new role as a Systems Engineer at Cisco Systems. I will be working with the SLED (public sector) sales team in Kentucky and West Virginia. In this role I hope to broaden my knowledge of networking components and spend time helping customers better position their technology infrastructures.

What this means for me–

I will be aggressively learning the Cisco Product lines, including areas that I previously had less exposure to. I will take advantage of the resources I have and marry my vision of the changing network industry to the components Cisco positions into higher education environments. My intentions include better understanding the roadmap and technical details as they pertain to the integration path from traditional networking to software defined approaches.

But what about…

Continue reading

Posted in Career, Technology | Tagged | 3 Comments

Podcast Spotlight — Software Gone Wild

Bright orange RSS icon

Today’s podcast spotlight goes to Software Gone Wild. This is a newer podcast hosted by our friend Ivan Pepelnjak. The topics are focused on the growing pains the networking industry is experiencing and various forms of automation that are attempting to solve them. This includes various aspects of SDN, NFV and how others are using technology to deliver bigger/better/faster solutions.

Recent episodes include Network Automation @ Spotify and The F-Script with my good friend John Herbert.


Disclaimer: I have no affiliation with the Software Gone Wild podcast or any organization linked to,  represented in or derived from content found in this article. This article represents my own opinions and may not be that of my employer.


Posted in Blogroll, Network, Technology | Tagged , , | Leave a comment

Recognizing IP MTU Issues

At some point, Network engineers will likely face some type of issue with MTU or maximum transmittable unit. Their first experience with this may be an eye opening and time consuming effort. After resolving the issue, those with a thirst for knowledge will take the necessary time to understand the issue.

MTU problems are most often seen when Path MTU Discovery, or PMTUD, fails to function. This is the process by which one end host determines the largest possible packet size to another station on the network. Symptoms of this type of issue include two devices having proven reachability, but applications fail to work in a way that indicates a network issue. Some applications may even crash or hang the system.

Symptoms of PMTUD Failure

  • Hosts may be able to ping one another
  • Service/Port may prove accessible using telnet
  • Severe and persistent application issues
  • Partial page loads
  • Either host appearing to hang

Continue reading

Posted in Network, Technology | Tagged | 2 Comments

Explanation: TunnelX temporarily disabled due to recursive routing

I wanted to take a few minutes to share a scenario that some seem to struggle with. This scenario is a routing issue that sometimes occurs when an interior routing protocol allows routes to leak back through a tunnel. To demonstrate this, I’ve built a lab with three routers. R1 and R3 are participating in EIGRP and have a GRE tunnel configured directly between them.




Router Configurations

Continue reading

Posted in Certification, General, Network, Technology | Tagged , | 2 Comments