Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
In general, a network firewall is just a traffic filter... Filtering rules can be anything from "allow my web server to hear and answer web requests but not other kinds of requests" to "let my users Ping the outside world but do not let outsiders Ping anything on my network." The Internet industry has used firewalls since the mid-1980's and there are now many kinds, from packet layer firewalls to web firewalls to e-mail firewalls. Recently the DNS industry has explored the firewall idea and the results have been quite compelling. In this article I'm going to demonstrate a DNS firewall built using RPZ (Response Policy Zones) and show its potential impact on e-mail "spam". more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
Back in the days of dial-up modems and transfer speeds measured in hundreds of bits per second, unwanted email messages were actually felt as a significant dent in our personal pocketbooks. As increases in transfer speeds outpaced increases in spam traffic, the hundreds of unwanted emails we received per week became more of a nuisance than a serious financial threat. Today sophisticated spam filters offered by all major email providers keep us from seeing hundreds of unwanted emails on a daily basis, and relatively infrequently allow unwanted messages to reach our coveted Inboxes. So, to some degree, the spam problem has been mitigated. But this "mitigation" requires multiple layers of protection and enormous amounts of continually-applied effort. more
Joi Ito has an important post [also featured on CircleID] on how the internet is in danger of becoming balkanized into separate "internets". He's not the only person who's concerned. Greg Walton worries about Regime Change on the Internet. My friend Tim Wu, a law professor specializing in international trade and intellectual property, has written an article for Slate: The Filtered Future: China's bid to divide the Internet... more
There seems to be a heated debate on this site about NAT (network-address translation). What came as a surprise to me is that a lot of the arguments seem to reside in ideological point of views which obscure the real issues at hand -- IP addressing, IP security -- and have little to do with NAT's actual merits or drawbacks. more
The European Union's Network and Information Security Directive (NIS1), introduced in 2016, aimed to strengthen cybersecurity among Member States. However, market fragmentation and growing digital threats led to the enactment of the NIS2 Directive. more
Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more
It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.
MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
more
Yesterday the ICANN board discussed and approved ICANN staff to enter into negotiations with ICM Registry, Inc. for the .XXX Top Level Domain (TLD). I'm sure there will be a longer more complete presentation from ICANN later about this, but as an individual board member I thought I'd post a quick note before people got carried away with speculation based on a lack of information. more
So-called domain tasting is one of the more unpleasant developments in the domain business in the past year. Domain speculators are registering millions of domains without paying for them, in a business model not unlike running a condiment business by visiting every fast food restaurant in town and scooping up all of the ketchup packets. Since 2003, the contract between ICANN and each unsponsored TLD registry (.biz, .com, .info, .net, .org, and .pro) has added an Add Grace Period (AGP) of five days during which a registrant can delete a newly registered domain and get a full refund. Although this provision was clearly intended to allow registrars to correct the occasional typo and spelling error in registrations, speculators realized that this allows them to try out any domain for five days for free... more
Jonathan B. Postel, one of the Founding Fathers of the Internet passed away on October 16, 1998. Jon had a great deal of influence over how the Internet works and how it was designed. The following is a letter written by Vinton G. Cerf on October 17, 1998 in honor of Jon's death. The letter was called "I Remember IANA".
"If Jon were here, I am sure he would urge us not to mourn his passing but to celebrate his life and his contributions. He would remind us that there is still much work to be done and that we now have the responsibility and the opportunity to do our part. I doubt that anyone could possibly duplicate his record, but it stands as a measure of one man's astonishing contribution to a community he knew and loved." more
"The Root Server is a Scarce Resource" is the focus of part one of a three-part series based on a study prepared by Karl M. Manheim, Professor of Law at Loyola Law School and Lawrence B. Solum, Professor of Law at University of San Diego. Special thanks and credit to Hastings Communications and Entertainment Law Journal, Vol. 25, p. 317, 2004. ...We begin our analysis of domain name policy with a brief excursion into economics. Economics cannot answer all of the questions raised by domain name policy. First, domain name policy must answer to the discipline of network engineering. A useful domain name system must work, and the functionality, scalability, reliability, and stability of the system are determined by the soundness of its engineering. Second, domain name policy must answer to public policy. The Internet is a global network of networks, and Internet policy is answerable to a variety of constituencies, including national governments, the operators of the ccTLDs, Internet Service Providers, information providers, end users of the Internet, and many others. more
On February 4, 2004, United States Congress held a hearing on a new proposed bill called the Fraudulent Online Identity Sanctions Act (FOISA). This bill will increase prison sentences by up to seven years in criminal cases if a domain owner provides "material and misleading false contact information to a domain name registrar, domain name registry, or other domain name registration authority." What follows is a collection of commentaries made in response to this proposed bill. more
Now that ICANN has approved a potentially vast expansion in the number of generic Top-Level Domains, there's considerable interest in and confusion about how these names can be used. For example if someone registers "dot BRAND", can they advertise http://brand/ and have it work? more
Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013. more
A World-Renowned Source for Internet Developments. Serving Since 2002.