Hello, welcome to the Tuesday, October 11th, 2016 edition of the Sansonet Storms and Storms and Stormcast.

My name is Johannes Ulrich and if I'm recording from Jacksonville, Florida.

Did he found an interesting tool to calculate entropys of files?

That is of course an important skill to have if you're looking at ransomware in order to identify not yet encrypted files.

He in the past has actually written about a tool that he wrote himself, but this tool rehash does come with a well-respected open source reverse engineering framework and adds Radari 2.

Now, its main function is to calculate hashes for looking up Malware and such,

but it can also, instead of hashes, calculate the entropy of a certain file and actually do some simple bar graphing with that as well to identify

files with odd entropy.

And then we got a study looking into spoofed traffic on the internet and how many networks

are still able to do so.

The study comes from Cloudflare.

Cloudflare, of course, is often asked to filter denial

of service attacks, and many denial of service attacks do rely on spoof traffic, for example,

for amplification, but also to reduce the possibility to find the actual attacker.

Turns out, about 30% of networks connected internet still do allow spoofing.

Not really clear why, but that number appears to be fairly steady.

So I guess at this point, people who haven't adjusted their networks yet just don't care enough.

It can be a little bit tricky to do so.

You really have to do it very close to the edge. If you want to do this, a lot of ISPs do it, for example, inside the modems.

They're giving to consumers. That's of course of the best way to do it, but then you also have to manage all these modems.

The article goes in a little bit more detail in how these spoofed attacks are working and how to also

trace back spoof traffic, even though the article points out that this is quite difficult and can hardly

...