Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
IPv4 Markets |
Sponsored by |
|
I'm writing this column in November, and that means that it is time for the traveling circus known as the Internet Governance Forum (IGF) to come down to earth, unpack its tents and sell tickets for its annual song and dance routine. The script for this year's show has been changed, and after being excluded from the main arena last year at the Athens gig, the headline act of "Critical Internet Resources" is taking a starring role this year in Rio. Some folk are even saying that it is the single most contentious issue to be scheduled at this year's IGF show. So what are "Critical Internet Resources" anyway? If folks are going to spend all this time, energy and carbon emissions traveling to Rio to talk on this topic, then wouldn't it be helpful to understand what it means in the first place? There are probably a number of ways to answer this question, so in this heavily opinionated column I'd like to look at the range of possible answers to this question. more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network? more
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault! more
ZDNet UK has an article on IPv6 and what may slow down its deployment. Jay Daley, from Nominet points out to the fact that the current IPv6 allocation policy used by RIPE NCC is geared towards ISPs. This is a complaint I have heard time and time again. Under the current policy, you have to show to RIPE NCC that you are going to allocate 200 address blocks to your customers before you are allocated a /32 block. Obviously, a large corporate network cannot afford to renumber every time it switches ISPs... more
The IPv6 Portal reports on a paper titled "The Choice: IPV4 Exhaustion or Transition to IPv6", written by Jordi Palet, warning that organizations must start planning for IPv6 now or "be aware that some already have, and you are beginning to be at a disadvantage." From the report: "This is going to affect the business of existing Internet Service Providers (ISPs) and to a greater extent, at a certain point in time, the creation of new ISPs. As a consequence if may have a deeper impact in developing regions (Africa, Asia and Latin America/Caribbean) where the penetration of the Internet is not yet so widespread." more
There is a current ongoing Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated. This incident is currently being handled by several operational groups. This past February, I sent an email to the Reg-Ops (Registrar Operations) mailing list. The email, which is quoted below, states how DNS abuse (not the DNS infrastructure) is the biggest unmitigated current vulnerability in day-to-day Internet security operations, not to mention abuse. more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
Wired Magazine recently published an article called "The Shadow Internet", where it says: "Anathema is a so-called topsite, one of 30 or so underground, highly secretive servers where nearly all of the unlicensed music, movies, and videogames available on the Internet originate. Outside of a pirate elite and the Feds who track them, few know that topsites exist. Even fewer can log in." But what are the difficulties in tracking and identifying these so-called topsites? Joel Snyder, a senior network consultant responds. more
The country's first criminal trial about spam ended in Leesburg, Virginia earlier this month with a conviction of Jeremy Jaynes, better known under his nom de spam of Gavin Stubberfield. I was an expert witness for the prosecution, the Commonwealth of Virginia. The case was brought under Virginia's state anti-spam law, not the weaker Federal CAN-SPAM act... more
IPv6 took a significant step forward this week with ICANN's decision to officially add the next generation protocol to its root server systems. The shift to IPv6 is perhaps the largest and most significant change to the structure of the Internet in decades - ICANN's move a signal that the revolution has officially begun. more
Recently, the news that China is adopting IPv9 is making rounds on the Internet. While some of them write off as an April Fool's joke (in July?) like RFC 1606, other wonders if there are more than meets its eyes. But most of them wonders what is this IPv9 and how does it actually works. And some of the English translated article are so badly done that it is impossible to get any useful technical information except that 'It is developed and supported by Chinese government!' more
As the Internet has grown and matured, it has become obvious to everyone involved that the DNS Whois system, as it currently exists, is not a sustainable way to share contact information for resolving network problems. ICANN, in an attempt to save DNS Whois, has plunged head long into the process of developing new policies aimed at fixing it. While I respect all of the hard work that has gone into this process, the results thus far have only made it clearer that this system faces intractable problems. more
This is a hotly debated topic. Some Search Engine Optimizers (SEOs) claim that sites with a static IP address rank higher while other SEOs claim that shared hosting is just fine... that it would be stupid for search engines to penalize shared hosting since we are running out of IP addresses and so many sites are currently using name based hosting. ...I decided to run it through our statistical analysis engine to get the facts. Here is the methodology I used to answer this question. more
I've been following the recent news on the World Summit on the Information Society, and it's getting really bizarre. The Wired article is one example of out of the out-of-this-world coverage on the World Summit; I heard a similar spin yesterday on a radio show that often shares material with the BBC. What king or dictator or bureaucrat has signed the document giving power over the Internet to one organization or another? Did I miss the ceremony? One laughable aspect of news reportage is that the founders and leaders of ICANN always avowed, with the utmost unction, that they were not trying to make policy decisions and were simply tinkering with technical functions on the Internet. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
