Denial of Service and the xISP Part 1

Most service providers have been the victim of a Denial of Service (DoS) attack at one point or another. Sometimes you may not realize you are under an attack. A few months ago, I posted a simple screenshot at of what an active DDoS looks like.

Types of Attacks
In order to know what to look for you have to understand the four basic types of attacks. I will outline this and talk about how modern attacks are affecting Internet Service Providers (ISPs). In my next article, we will talk about identifying these types of attacks and some mitigation techniques you can employ.

Throw everything at you attack aka Buffer overflow
This type of attack is throwing enormous amounts of traffic at you to fill up your switch and router buffers, causing the device to exceed its capabilities. Your devices become crushed by an overwhelming volume of data throw at them. This attack isn’t always sheer bandwidth. Sometimes it is tens of thousands of remote connections.

Attacking vulnerable protocols
Attackers go after exposed services like ICMP to do amplification attacks. Fragmented packets, which keep the router tied up are also a common method of attacking a host.

Application attacks
These are the ones most consumers hear about. Vulnerabilities in operating systems, applications, and packages are exploited and used in attacks.

The fourth kind is not lumped in with Application attacks, but I wanted to separate it for a few reasons. The first reason is that someone compromising a system is not always sophisticated. If a bad actor guessed the password on your router and erased the configuration, they have performed a Denial of Service against you. If you don’t keep your software up-to-date and someone exploits a backdoor and “hacks” your system, they have performed of DoS attack.

Modern Attacks against networks
Modern DoS attacks are always evolving. As network administrators find ways to mitigate these attacks, the bad actors find ways to tweak them and get around mitigation techniques employed by providers. Most of the exploits above involve sheer volumes of traffic or connections being directed at a host to take it offline. This attack is especially detrimental for service providers because it takes your customers offline if the attack is significant enough.

One of the most common techniques these days is the Distributed Denial of Service attack (DDoS). These are usually botnets involving thousands of compromised machines or devices acting against a host(s). These can be anywhere in the world. They could even be users inside your network with compromised machines or other devices. Distributed attacks are hard to mitigate because they can be legitimate traffic pointed at a web-server as an example. The traffic is not malicious from a technical perspective. You have thousands and thousands of machines sending legitimate requests to a web-server or other host on your network. This traffic looks legitimate but is overwhelming for your hardware and Internet pipe.

Image courtesy of

So what does a DDoS look like and what are your options when it comes to Denial of Service Attacks? In my next article in this series, I will talk about some best practices you can do so you are not as vulnerable to these types of attacks.

Mounting old file system CDs on MacOS Catalina

Recently I had an issue with mounting older CD-Roms of backup files and such on MacOSX Catalina. Apparently, Apple dropped support for HFS volumes. In order to fix this it is pretty easy.

You will need HomeBrew. Being a network geek I already have this installed. If you need to install this here is a link..

With HomeBrew installed run the following command from terminal

brew install hfsutils

After a minute or so it will complete. Insert your cd/dvd and open up disk utility.You will see your cd/dvd greyed out because it is not mounted.

Click on the info in the upper right. You are looking for the device node. In my case it is disk2s1s2.

Once you have this info go back to terminal and run the following command

sudo hmount /dev/disk2s1s2

If you have the proper path you will get something similar to this

Volume name is “Photos/Sounds/Etc” (locked)
Volume was created on Thu Sep 16 15:34:21 1999
Volume was last modified on Fri Feb 16 10:58:16 2001
Volume has 0 bytes free

To do a listing of the volume:

sudo hls

From this point I simply create a directory on my desktop and copy each directory to it. I have found the best way is to copy each directory independently. I do this with the following command

sudo hcopy -r ":Directory_to_be_Copied:*.*" /Volumes/MacintoshHD/Users/YOU/Desktop/CD/

The trailing slash is important.

9 Life Hacks for all of us

A little bit of deviation from techie stuff. For those of you looking to make life better here are some “hacks” I totally agree with. What are you life hacks? What are soem things you do which are related to your tech field?

Life-hacking is ridiculously fun when you see what it can do for you.

I was never much of an ‘experimenter’ — more of a go with the flow kind of guy. This strategy didn’t work for me. I fell in love with money and alcohol and that led to a larger than life mental illness. The mind can ruin you if you let it. But the mind can do even more good for you.

All of that has changed. I’m now a life-hacker and get off on experiments. These tiny little experiments have helped me have an unconventional career, write thousands of blog posts on the internet, meet some extraordinary people, and earn enough passive income to be comfortable.

People often call me unstoppable. They see my work ethic as crazy. It’s not really. What looks crazy is nothing more than the positive effects of these life hacks that other people taught me. Here are the best life hacks you can steal.

Preseem and Switches in switch centric design

Anyone who follows me knows I am a big fan of switch centric designs. This usually involves a router on a stick paired with a high port count switch. Recently I had a client that installed a Preseem appliance in their network.

Equipment used in this setup
-Dell R710 with a 4 Port SFP+ card running Preseem
-Cisco 3064-X 48 Port switch
-Maxxwave Vengeance router with dual QSF+ card and 4 Port SFP+ card

A visio diagram of how this looks

We have two transport links coming into the switch on the left. These are dumped into VLANs 506 and 507. We then come out of the switch into the Preseem box via 2 SFP+ ports, one for each VLAN. In this case, we just used DAC cables In the future, we can turn these into trunk ports to pass more VLANS through.

The data then leaves the Preseem box over dual SFP fibers directly into the router’s SFP+ ports. If the Preseem appliance fails we have a secondary OSPF/IBGP path from the router’s 40 GIG QSFP down to the switch. This is a bypass in case the Preseem appliance hardware fails.

If you start flowing more than 10 Gigs through a single link you can upgrade to more SFP+ ports into your appliance and a 40 Gig QSFP+ card. You then link the appliance to the spare QSFP port on your router.

WIFI calling port forwarding

Recently I came across a need to do some port forwarding for wifi calling. I have assembled a resource guide to help you if you need to do such things. IPSEC should be allowed per RFC 5996 for all wifi calling

UDP ports 500 and 4500 open to and

IPv4 Address Block: and
UDP Ports 500 and 4500
5061 for SIP/TLS
TCP port 443 and 993
Also whitelist the CRL server for DIGITS OTT and WFC 1.0:

UDP Ports 500 and 4500
TCP Port 143

Whitelist the following:


UDP Ports 500 and 4500

Any of the above is subject to change.

Some WordPress tips

If you are wanting to force non SSL to SSL. Add the following to your site’s .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Set proper file permissions Script from

# This script configures WordPress file permissions based on recommendations
# from
# execute it with the following command:
# bash /var/www/<site_folder>
OWNER=apache # <-- wordpress owner
GROUP=www # <-- wordpress group
ROOT=$1 # <-- wordpress root directory
# reset to safe defaults
find ${ROOT} -exec chown ${OWNER}:${GROUP} {} \;
find ${ROOT} -type d -exec chmod 755 {} \;
find ${ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${GROUP} ${ROOT}/wp-config.php
chmod 660 ${ROOT}/wp-config.php
# allow wordpress to manage wp-content
find ${ROOT}/wp-content -exec chgrp ${GROUP} {} \;
find ${ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${ROOT}/wp-content -type f -exec chmod 664 {} \;

Justin’s I.T. maintenance tip #7

When you are scheduling late maintenance schedule it anytime after 12:01AM so there is no confusion on the day. It’s easier to clarify 12:01AM on Friday the 10th than midnight on Friday. Folks tend to get confused when you say midnight. Is that midnight Friday into Saturday or Midnight Thursday into Friday?

If you want to do midnight do 12:01AM.