Darkly Colored Felines of Fury

Lynx in Summer
  <HOME>   <BIO>   <CV>   <LIFELINES>

Posts

Axion Internetgetting a taste for startups

Author
Patrick Audley
Location
49.276975-123.132298Old Axion Offices951 Pacific St.VancouverBCCA-BCCanadahttp://blackcat.ca/work/axionSmall Earth Icon
Updated
2005-10-07
Date
Axion Internetgetting a taste for startups1996-04-051997-06-0149.276975-123.132298Old Axion Offices951 Pacific St.VancouverBCCA-BCCanadahttp://blackcat.ca/work/axionSmall Earth Icon

Axion was my first real job and I love it. I was a chance to grow into a management position and run some slick hardware at a scale that was unavailable to me before. I really enjoyed working with Tom Lavin and the rest of the crew and honestly couldn’t have asked for a better introduction to startups.

Here I learned so many of my formative career lessons (including my not-so-fun introduction to VC takeovers *lol*). This was a very fun time in my life and I’ll always cherish these days for their youthful excitement and the deep feeling that I can accomplish anything that I carry with me today.

axioncareerciscoisppaudleystartupstelco
Posted on:October 7th, 2005underlifelines, work.

Cisco Bugs and Network FunNAT Puts Hair on your Chest

Author
Patrick Audley
Location
56.457478-2.987452University of DundeeDundeeScotlandGB-SCUKhttp://www.dundee.ac.ukSmall Earth Icon
Updated
2003-03-21
Date
Cisco Bugs and Network FunNAT Puts Hair on your Chest2003-03-2156.457478-2.987452University of DundeeDundeeScotlandGB-SCUKhttp://www.dundee.ac.ukSmall Earth Icon

I discovered my very own Cisco IOS bug.. Hooray.. After weeks of have network address translation problems on our new Cat6509, Chris and I found a new bug in Cisco’s operating system… Ick. Needless to say this meant much pain until we worked around it by setting up a BSD box to handle the NAT Wink.

In addition to the bug, we also discovered a flaw in how Cisco implements NAT. Essential NAT (or overloaded many-to-one translation) works by hiding several machines behind a router. All conversations go through the router who remembers who on the inside is talking to who on the outside. From the outside (in this instance, the rest of the Internet) it appears as if all the conversations are with the router and from the inside (our local network) it looks normal.

It’s a good trick and normally provides a reasonable level of security because the outside world can’t connect directly to the machines behind NAT. In theory. In the IOS implementation it seems that the last machine to make a connection out gets all traffic to the router’s overloaded address that doesn’t match an active translation. Basically it boils down to a random chance that an attacker can hit any machine behind the NAT. Sure it’s harder to exploit than a non-NAT network; but then Cisco really should be dropping those packets like any sane implementation of NAT.

We found this bug when we firewalled the NAT to protect against this flaw in IOS, we also turned on IP inspection (our in non-Cisco terms: stateful firewalling). This is what caused the fatal bug in IOS and left us with a router that rebooted every half hour. Ick. Apparently the rest of the Cisco users haven’t noticed that NAT is brain dead in IOS and haven’t tried to firewall it. Cisco is working on a fix but it will be a while; hence the BSD box.

bioinformaticsbugscareercisconetworkinguod
Posted on:March 21st, 2003underlifelines, work.

Search

Tags

academiaadventurebenchmarkingbioinformaticsbirthdaybmayC++calgarycanadacareercatscigarsciscocodecoffeecognetocubacutedanielledresdendundeeedmontonelizabethericafamilygenealogygeologistgrandfathergrandmothergroup-telecomkathyklondike-dayslanalife-in-the-uklovemomoliverpartypatrick-audleypaudleysciencescotlandshivastartupstweetsuodvacationvancouverwildlifework