Internet Protocol

Internet Protocol / Recently Commented

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

IPv6 and DNSSEC Are Respectively 20 and 19 Years Old. Same Fight and Challenges?

A few weeks ago I came across an old interview of me by ITespresso.fr from 10 years back entitled "IPv6 frees human imagination". At the time, I was talking about the contributions IPv6 was expected to make and the challenges it had to face. After reading the article again, I realized that it has become a little dusty (plus a blurred photo of the interviewee :-)). But what caught my attention the most in the interview was my assertion: "If IPv6 does not prevail in 2006, it's a safe bet that it will happen in 2007". Wow! more»

Thoughts on the Open Internet - Part 1: What Is "Open Internet"

I'm sure we've all heard about "the Open Internet." The expression builds upon a rich pedigree of term "open" in various contexts. For example, "open government" is the governing doctrine which holds that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight, a concept that appears to be able to trace its antecedents back to the age of enlightenment in 17th century Europe. more»

Global IPv6 Deployment Now Passes 10%!

Global IPv6 deployment just passed a major milestone over the past few days when Google's IPv6 adoption statistics showed over 10% of users connecting to Google's sites coming in over IPv6. Considering that only two years ago I wrote here on CircleID about IPv6 passing the 3% adoption mark, this is a great amount of growth to see! If you look on the "per-country" tab of Google's stats you will see that in some countries deployment is much higher. For example, around 25% in the USA, Portugal and Germany, 31% in Switzerland and 44% in Belgium. more»

IPv6 Security Myth #5: Privacy Addresses Fix Everything!

Internet Protocol addresses fill two unique roles. They are both identifiers and locators. They both tell us which interface is which (identity) and tell us how to find that interface (location), through routing. In the last myth, about network scanning, we focused mainly on threats to IPv6 addresses as locators. That is, how to locate IPv6 nodes for exploitation. Today's myth also deals with IPv6 addresses as identifiers. more»

African Peering and Interconnection Forum (AfPIF) Streaming Live This Week From Dakar, Senegal

The 5th African Peering and Interconnection Forum (AfPIF) gets underway today, August 26, 2014, in Dakar, Senegal, with a packed agenda full of sessions focused on the future of peering and interconnection in Africa. There are sessions targeted at Internet Service Providers (ISPs), Internet Exchange Points (IXPs), infrastructure providers, content creators and policy makers and regulators. The event goes through Thursday, August 28, 2014. more»

Researcher Propose Faster, Safer Internet by Abandoning TCP/IP Protocol

Researchers at Aalborg University in Denmark, in association with MIT and Caltech, reckon that the Internet can be made faster, and more secure, by abandoning the whole concept of packets and error correction. Error correction slows down traffic because the chunks of data, in many cases, have to be sent more than once. more»

NANOG 61 - Impressions of Some Presentations

The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more»

Designing Effective Regulation for IPv6 Adoption

So you are the IT regulator for a country and you are convinced that the shortage of IPv4 address space represents a threat to the development of the Internet in your country and you want to do something about it. Being that as regulator you don't really run the countries IP networks, what can you really do? I've heard many regulators in over 30 countries grapple with this problem. The purpose of this article is to think through some ideas to guide action on using (or not) regulation to drive IPv6 adoption. more»

How Do We Get More Network Operator Feedback Into IETF Standards? Please Take This Survey

How do we get more feedback from the operators of networks back into the standards process of the Internet Engineering Task Force (IETF)? How do we help know whether the open standards being developed within the IETF reflect the operational realities of the networks into which those standards will be deployed? If we could get more network operators participating in the IETF standards process, would that result in better standards that are deployed faster? more»

IETF Looking at Technical Changes to Raise the Bar for Monitoring

During a speech last week at the Internet Governance Forum in Bali, Jari Arkko, IETF's chair, re-emphasized it's efforts to ramp up online security in light of recent revelations of mass internet surveillance. "Perhaps the notion that internet is by default insecure needs to change," Arkko said. Significant technical fixes "just might be possible." more»

2% of All Traffic to Google Now Over IPv6! (Doubling in Past Year)

This weekend brought the great news that Google's IPv6 statistics have shown that connections over IPv6 to Google's web sites hit the 2% threshold for the first time. (You can see for yourself.) While 2% sounds tiny, as I wrote in a Deploy360 post today, the important fact here is that this represents a doubling of IPv6 traffic to Google over the past year! more»

TeleGeography's Interactive Submarine Cable Map Is a Fun and Fascinating View Into Infrastructure

Ever want to know where all the submarine cables are that provide part of the physical infrastructure of the Internet? Or which cities in the world have the most connectivity via submarine cables? (or which regions might be single points of failure?) In doing some research I stumbled across this excellent site from the folks at TeleGeography... It is a very well done and captivating (to me, anyway) view into where all the current and planned submarine cables are located. more»

A Question of DNS Protocols

One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more»

The Challenge of DNS Security

When the domain name system (DNS) was first designed, security was an afterthought. Threats simply weren't a consideration at a time when merely carrying out a function - routing Internet users to websites - was the core objective. As the weaknesses of the protocol became evident, engineers began to apply a patchwork of fixes. After several decades, it is now apparent that this reactive approach to DNS security has caused some unintended consequences and challenges. more»