Monday, September 17, 2012

Google Fiber Install

I stopped by one of the first fiberhoods in Kansas scheduled for construction to check on the install progress so far. I plan to stop by again every few days and snap a couple more pictures. 

Two different sizes of conduit being used.

Yards with utilities marked and flagged so conduit can be run.













Google had to go with underground conduit in this neighborhood since their are no utility poles to string fiber from. Most houses had a single piece of thinner conduit coming up, every few house there was two thinner conduits and one larger one.










A large underground fiber vault. Labeled "Communications."

 A better view of another large fiber vault.











A small fiber vault.



Two sections that need to be spliced and conduit to feed a neighborhood.


 A better view of the conduit that will feed a neighborhood.

 A fiber hut, part of the Google Fiber core network.



















Updated photo of the same fiber hut. Google Fiber has added Cummins Diesel Generators to their fiber huts. It looks like it's at least a 35kW generator with a 140 gallon fuel tank underneath it. (At least some of the generators have natural gas as their fuel source.)







A closer photo of the generator.



















Generator is now connected. Service should now stay up even if utility power fails for up to several days.

Sunday, July 1, 2012

Palo Alto Firewalls Creating a Custom App-ID

This post is for 3.1.X but the process should be the same for 4.X.

Take a packet capture of the traffic you want an App-ID signature for. This example is a flash video over HTTP.

Note: The Follow TCP Stream feature in Wireshark is handy to see the HTTP headers easily.
(Screenshot shows a different set of headers than the example below is based on)




Look in the capture for fields in the headers that should be static no matter what browser or operating system the client is using and pick those to make a signature with.


Go to the Objects Tab > Applications then click on New...
Create a name, set the properties and characteristics.









Go to the Advanced Tab and set the Defaults and Engine at least.













Go to the Signatures Tab and click New...
Set a name for the Signature.









Create an And and an Or for each item you want to match on (each item to match on must be at least 7 bytes long or roughly 7 characters)
In this example I'll use http-req-params and http-req-host-header. These will match the GET and Host lines in the header send from the client to the server, looking for these values.

Remember to escape periods with a forward slash.



I don't remember where I found this, but it's very helpful:
Field/context definition for custom App and Threat Signatures

Edit: Here's a much nicer guide Palo Alto made for 5.X
https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka14u000000DSs9AAG&field=Attachment_1__Body__s