Hello, welcome to the Friday, July 15, 2020 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich, and this is the last podcast that I'll be recording this year from Sands Fire here in Washington, D.C.

With me here in Washington, D.C. is Robbannon Bring, and Rob actually wrote today's

diary about an interesting network problem that he had at a client and how he identified the

root cause. This was not an attack. It was sort of a self-inflicted denial of service attack.

The initial indication that something went wrong was that essentially clients didn't get replies to their DHCP discover messages.

Turned out that it was really just too much traffic going through a particular switch,

maxing out the switch because of a badly configured old legacy switch

that was connected to the network and then causing broadcast storms,

overloading the network and preventing these DHSP messages from actually being received and responded to properly.

Fixing these kind of issues, of course, always require a good mix of experience and a solid procedure in debugging networks.

And hopefully you can cleanse some of these procedures from Rob's diary.

Then we got yet another method in order to de-anonomize web browsers presented in a paper

by researchers from the New Jersey Institute of Technology.

Like some of these methods, it may be more theoretical than practical,

but certainly in some targeted cases could be applied.

The trickier is as so often to try to trick the victim into caching image or any other content and then measuring how fast that content

is being retrieved. This would work, for example, if the operator of a particular forum is trying

to de-anonymize a particular user and has a suspicion as to, for example, what that particular

user's Gmail address is.

The attacker, which is the forum owner in this case,

would send an image to that Gmail address,

and the user will likely load that image in their browser

...