Resetting .JNLP associations to “Java Web Start.app” in OSX

Most people just use the Mac and never really have to think about how the underlying applications and services operate. You point, click, and things just happen. The Mac so rarely needs "fixing" that its users never have to learn how. So when something "core" breaks in OS X it's a pain to repair. Apple recently released Java SE 6.0 for OS X. This release offers the usual gambit of bug fixes, performance improvements, and tons of other items that most users will want. Unfortunately on some systems when you install SE 6.0 the "Open With..." associations between Java Web Start… READ MORE

A note on double counting SPAN port traffic on the Cat6k

One of the new features in StealthWatch v5.10 allows the FlowSensor to track TCP retransmissions rates for a given flow. While doing internal testing here at Lancope we noticed the retransmission rates for a specific vlan was very high - 25%+ for almost all flows. The Flow Table screenshot below shows the problem in action... At first I thought it was an issue with the retransmission detection algorithm, but on further inspection realized the issue was a misconfiguration in a Cisco SPAN session's directionality. If we log into the FlowSensor that was seeing the retranmissions and run a tcpdump we… READ MORE

Turn your Linksys into a NetFlow exporter! (thanks to DD-WRT)

This is something everyone using NetFlow should try out. From the DD-WRT website... "DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used." One of the optional packages you can choose to install is "softflowd"... So in a nutshell you can use your linksys (or any of about 20 other router makes) to export NetFlow v5 to your NetFlow collector wherever… READ MORE

Lancope + Damballa = WIN against botnets

Hi folks, just finished a Webinar with Damballa's Andrew Kalat. Worth listening to if you have an hour to spare. "How to Find and Stop Botnet Breaches - Fast" /resource-center/recorded-webinars/ [first listing under "Webinars"] If you don't have time to spare here's the PDF version of the preso... Download Damballa Lancope Integration Webinar Slides In a nutshell, Damballa (botnet detection guru's) has integrated their FailSafe technology with our SOAP-based API to push "identified CnC" hosts into a special StealthWatch zone which can be locked and reported upon. This slide from the Webinar sums it up nicely... READ MORE

A warning re: World of Warcraft account phishing and battle-verify.net

<A little off the topic of NetFlow tech but interesting no matter the audience.> Yesterday afternoon I get an email from "noreply@blizzard.com" that reads... Now this sort of thing I do for a living. And I've been playing World of Warcraft for 2+ years so I know that this is not the kind of email that you would normally receive from Blizzard. They don't threaten to suspend or ban you, they just do it and you get the resulting email letting you know that it was done. When I first started playing and didn't know Blizzard Entertainment's policies and used a third… READ MORE