Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
IPv4 Markets |
Sponsored by |
|
The ITU-T has proposed a new system of country-based IP address allocations which aims to satisfy a natural demand for self-determination by countries; however, the proposal also stands to realign the Internet's frontiers onto national boundaries, with consequences which are explored here. ...we do indeed see the Internet as a single entity, and we even speak of the Internet's architecture as if there was one designer who laid out a plan and supervised its construction. But despite all appearances, the Internet landscape is indeed made up of many separate networks... This article will explore these issues, particularly in light of recent proposals to introduce new mechanisms for IP address management, a prospect which could, over time, substantially alter both the geography of the Internet, and its essential characteristics as a single cohesive network. more
A paper by Tony Hain was recently published in the Internet Protocol Journal which sparked a debate on Slashdot. Particularly, Tony's paper suggested that IANA will run out of IP addresses in 5 years or less. However, there is another paper written by Geoff Hutson which projects that we have enough IPv4 address until 2022. The differences got most people confused. So who is right? more
The Time Square Ball bringing in 2008 had more than 9,500 LED bulbs displaying 16 million colours while consuming power equivalent to about ten toasters. This compares to 600 incandescent and halogen bulbs adorning last year's Ball. Easy to forget that most mobile devices used by Time Square revelers were behind IPv4 NAT's and that always on applications such as Instant Messaging, Push e-mail, VoIP or location based services tend to be electricity guzzlers. It so happens that applications that we want always to be reachable have to keep sending periodic keepalive messages to keep the NAT state active... more
For those not familiar with RBL, the term means Real-time Blackhole List, it is mainly used for SPAM fighting. I have recently started playing around with Google as an RBL engine, the idea is that if the search term I use hits too many hits it is likely to be SPAM. The danger of course is that the term could be simply popular -- but the trick here is that I'm using something very special as the search term -- the IP address of the poster. more
We know that the Internet is running out of IPv4 addresses and that some in our community check twice a day Mat Ford's doomsday clock or spend an hour once a week reading the tea leaves based on Geoff Huston's exhaustive data compiled at Potaroo. Like with global warming, there is still a school of thought out there arguing that this running out of IP addresses is just fear mongering and that we are not really running out of IPv4 addresses as a NATted world is more than adequate to run the Internet for the foreseeable future. We know that the Internet is running out of AS... more
After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more
I'm writing this column in November, and that means that it is time for the traveling circus known as the Internet Governance Forum (IGF) to come down to earth, unpack its tents and sell tickets for its annual song and dance routine. The script for this year's show has been changed, and after being excluded from the main arena last year at the Athens gig, the headline act of "Critical Internet Resources" is taking a starring role this year in Rio. Some folk are even saying that it is the single most contentious issue to be scheduled at this year's IGF show. So what are "Critical Internet Resources" anyway? If folks are going to spend all this time, energy and carbon emissions traveling to Rio to talk on this topic, then wouldn't it be helpful to understand what it means in the first place? There are probably a number of ways to answer this question, so in this heavily opinionated column I'd like to look at the range of possible answers to this question. more
I did a 2 hour interview on October 23rd with John Curran, Board Chair of ARIN the North American Regional Internet Routing Registry for the last decade. I now understand what is at stake with IPv6. Outside of a key core group of network engineers I think darn few people do understand. And not all of them agree on how the scenario plays out though virtually all say the situation is very serious. John believes that it is huge. It is as big as Y2K except no one knows a precise date by which everything has to be done... more
There is currently a discussion going on between Milton Mueller and Patrik Fältström over the deployment of DNSSEC on the root servers. I think the discussion exemplifies the difficult relation between those who develop standards and those who use them. On the one hand, Milton points out that the way the signing of the root zone will be done will have a great influence on the subjective trust people and nation states will have towards the system. On the other hand, Patrik states that "DNSSEC is just digital signatures on records in this database". Both are right, of course, but they do not speak the same language... more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network? more
My friend Kurtis writes in his blog some points he has been thinking of while discussing "when we run out of IPv4 addresses". In reality, as he points out so well, we will not run out. It will be harder to get addresses. It is also the case that unfortunately people that push for IPv6 claim IPv6 will solve all different kinds of problem. Possibly also the starvation problems in the world... more
IPv6 deployment is in a chicken and egg situation. On the one hand, there is no willingness from ISPs and commodity DNS router manufacturers to include IPv6 support in their infrastructure or equipment because "there is no demand". On the other hand, there is no demand because the average Joe Blow could not care less if he accesses a web site under IPv4 or IPv6. It should just work. The equipment and infrastructure should adapt transparently... What we users can do is to stop waiting for the industry to get its act together and work around its limitations... more
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault! more
ZDNet UK has an article on IPv6 and what may slow down its deployment. Jay Daley, from Nominet points out to the fact that the current IPv6 allocation policy used by RIPE NCC is geared towards ISPs. This is a complaint I have heard time and time again. Under the current policy, you have to show to RIPE NCC that you are going to allocate 200 address blocks to your customers before you are allocated a /32 block. Obviously, a large corporate network cannot afford to renumber every time it switches ISPs... more
A World-Renowned Source for Internet Developments. Serving Since 2002.
