Network Connectivity

We’re seeing packet loss on the LINX Extreme network this morning.
We’ve also got alerts coming in for our London location too, this is routed entirely separately to our Bolton/Manchester locations, so it looks like it is affecting the entire LINX LAN.

We’ve shunted most traffic over to the LINX Juniper network so this should die down now. We’ve not had any official word from LINX yet, however we will continue to monitor and migrate traffic paths where possible.

Netnorth Support

Additional real estate to the Server Farm

A visual sample of the latest hardware to be added to Netnorth’s organic Server Farm…

Community hardware inspection

  • Dell R620 chassis
  • Dual 8 core Xeon E5 CPUs (32 cores)
  • 512 GB RAM
  • Write optimised SSDs
  • Dual hot swap 1100W PSUs

These servers will be deployed across Netnorth’s various UK Datacentres, and will bolster the existing server farm as our cutomer base continues to develop.

 

Advisory – ‘DROWN’ (Cross-protocol attack on TLS using SSLv2) vulnerability

‘DROWN’ – Decrypting RSA with Obsolete and Weakened eNcryption

Various products may be affected by this vulnerability, given the common vulnerability and exposures designation of CVE-2016-0800.

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites. Traffic between clients and non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server.

Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they’ve not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.  Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.

For more information see:

Or search for
‘ CVE-2016-0800 ‘

If you have any further questions, please email support@netnorth.co.uk

Regards
Netnorth Support

Advisory – ‘Skeleton’ glibc Vulnerability

‘Skeleton’ Buffer Overflow Vulnerability

Various products may be affected by this vulnerability, given the common vulnerability and exposures designation of CVE-2015_7547.

Multiple vulnerabilities in the ‘libresolv’ library of the ‘GNU C Library’ (aka ‘glibc’), could allow a remote attacker to remotely execute code. This typically affects systems based on Linux derived platforms, or platforms operating a ‘Linux compatability’ mode, which in turn resolve DNS queries using ‘glibc’.

We are bringing this vulnerability to the attention of our customers in light of recent press releases. Note that Netnorth resolvers limit the UDP packet length to mitigate this issue, but customers who may have deployed affected software / hardware AND who choose to resolve DNS themselves or externally, will need to ensure that relevant patches are applied to avoid exposure.

For more information see:

Or search for
‘ CVE-2015_7547 ‘

If you have any further questions, please email support@netnorth.co.uk

Regards
Netnorth Support

Advisory – Cisco ASA Vulnerability

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Various Cisco ASA products may be affected by this vulnerability, given the common vulnerability and exposures designation of CVE-2016-1287.

A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. We will embark on a series of recommended upgrade paths to the software on relevant managed Cisco products that we host. This will involve minimal downtime during the necessary reboot of the ASA devices concerned.

For more information see:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Or search for
‘ CVE-2016-1287 ‘

If you have any further questions, please email support@netnorth.co.uk

Regards
Netnorth Support

AVS Platform update

Further to the recent intense persistent Spamming campaigns giving rise to varying VBA Macro content being delivered through our AVS services, we have chosen to include the .doc and .docx file extensions to the list of suspect attachments.

Specifically, senders who do not implement either DKIM or SPF, who attach either .doc or .docx documents to messages will accrue a poor message reputation score, and are likely to be classified as SPAM and treated accordingly for by the receiving domain.

If you have specific senders who are affected, that need to be able to send you these affected attachments, then you should consider Whitelisting either the sender’s specific address or their general domain from within your AVS portal login. To make these changes you should approach whomever administers the AVS Customer Portal within your organisation.

Best regards
Netnorth Support