Internet Protocol

Internet Protocol / Recently Commented

A Question of DNS Protocols

One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more»

The Challenge of DNS Security

When the domain name system (DNS) was first designed, security was an afterthought. Threats simply weren't a consideration at a time when merely carrying out a function - routing Internet users to websites - was the core objective. As the weaknesses of the protocol became evident, engineers began to apply a patchwork of fixes. After several decades, it is now apparent that this reactive approach to DNS security has caused some unintended consequences and challenges. more»

Removing Need at RIPE

I recently attended RIPE 66 where Tore Anderson presented his suggested policy change 2013-03, "No Need -- Post-Depletion Reality Adjustment and Cleanup." In his presentation, Tore suggested that this policy proposal was primarily aimed at removing the requirement to complete the form(s) used to document need. There was a significant amount of discussion around bureaucracy, convenience, and "liking" (or not) the process of demonstrating need. Laziness has never been a compelling argument for me and this is no exception. more»

Moving Beyond Telephone Numbers - The Need for a Secure, Ubiquitous Application-Layer Identifier

Do "smart" parking meters really need phone numbers? Does every "smart meter" installed by electric utilities need a telephone number? Does every new car with a built-in navigation system need a phone number? Does every Amazon Kindle (and similar e-readers) really need its own phone number? In the absence of an alternative identifier, the answer seems to be a resounding "yes" to all of the above. more»

30 Years Ago Today, the Switch to TCP/IP Launched Today's Internet

It was 30 years ago today, on January 1, 1983, that the ARPANET had a "flag day" when all connected systems switched from using the Network Control Protocol (NCP) to the protocols known as TCP/IP. This, then, gave rise to the network we now know as the Internet. more»

IPv6 Subnetting - The Paradigm Shift

Almost every conversation I have with folks just learning about IPv6 goes about the same way; once I'm finally able to convince them that IPv6 is not going away and is needed in their network, the questions start. One of the most practical and essential early questions that needs to be asked (but often isn't) is "how do I lay out my IPv6 subnets?" The reason this is such an important question is that it's very easy to get IPv6 subnetting wrong by doing it like you do in IPv4. more»

Is IPv6 a Boon to Criminals and Foe to the FBI?

Declan McCullagh recently opined that the "FBI [and the] DEA warn [that] IPv6 could shield criminals from police." His post was picked-up relatively widely in the past few days, with the headlines adding more hyperbole along the way. So just how real is this threat? Let's take a look. more»

Accountability, Transparency, and… Consistency?

ICANN Compliance now has two conflicting answers on record concerning the enforceability of RAA 378 on WHOIS inaccuracy. This is a topic of extreme importance and one we are trying to get to the bottom of. ...inconsistency needs to be resolved as it directly impacts the current RAA negotiations and certainly before new gTLDs are deployed. more»

The Business Parallels Between IPv6 and DNSSEC

For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC. In both cases there is a misalignment of interests between content providers and service‚Ä®providers. Content providers aren't highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6. Service providers aren't anxious to deploy IPv6‚Ä® because there isn't a lot of content on v6, and virtually none exclusively on v6 - so they don't expand the universe of interesting stuff on the web by deploying IPv6. Basically the same things could be said about DNSSEC. more»

Business Case for IPv6 - Part 1

When discussing IPv6, it is easy to forget that we are ultimately talking about an enhanced version of an existing network protocol. Sure, it brings about a number of technical advantages. But when viewed in isolation - without a business case - there really are not that many drivers that would place IPv6 on the agenda of the top decision makers looking after budgets. For IPv6 to gain serious momentum, this has to be changed. more»

Intune Collapses the OSI Model

While a great deal of attention has recently been paid to the enormous amount of change that is taking place at the edge of the network with smartphones, tablets, apps, Web2.0 etc, massive changes are also underway on the network side. The current network has been designed over a period of thirty years and it is due for a serious overhaul to keep abreast of changes in the industry in general. more»

Wither WHOIS!: A New Look At An Old System

No, that title is not a typo. The WHOIS service and the underlying protocol are a relic of another Internet age and need to be replaced. At the recent ICANN 43 conference in Costa Rica, WHOIS was on just about every meeting agenda because of two reasons. First, the Security and Stability Advisory Committee put out SAC 051 which called for a replacement WHOIS protocol and at ICANN 43, there was a panel discussion on such a replacement. The second reason was the draft report from the WHOIS Policy Review Team. more»

Providing Persistent Domain Names Under .ARPA

Some domains are too big to fail. Quite apart from the obvious ones like and, upon whose availability our everyday lives depends, there are many others upon which the infrastructure of the Internet (and much of the modern world itself) depends. These are domains like and, which host the technical specifications which describe the World Wide Web and the Internet themselves. more»

FCC to Hold Two December Workshops on PSTN Transition to New Technologies

The US Federal Communications Commission (FCC) recently issued a public notice that it will be holding two workshops on the transition of the public switched telephone network (PSTN) to "new technologies" such as voice-over-IP (VoIP). The workshops will be held on December 6 and 14, 2011, at the FCC's office in Washington, DC. The public notice states the goal as... more»

IPv4 Historical Imbalances and the Threat to IPv6

It is an open secret that the current state of IPv4 allocation contains many accidental historical imbalances and in particular developing countries who wish to use IPv4 are disadvantaged by the lack of addresses available through ordinary allocation and are forced into purchasing addresses on the open market. As most of the addresses for sale are held by organisations based in the developed world, this amounts to a transfer of wealth from the developing world to the developed world, on terms set by the developed world. more»