Blocking a DDoS Upstream

In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more

The Third Stage of the VoIP Rocket Never Fired

Ten years ago was the dawn of Voice over IP (VoIP). The pioneering Israeli company VocalTec had just released its VoIP software for PCs (it was named iPhone, BTW). Industry guru Jeff Pulver (whom I now partner with in FWD) had begun to hold his Voice on the Net (VON) shows. As the founder of VoIP startup ITXC, I was invited to give a keynote at VON in Boston. The evolution of VoIP, I opined with the requisite PowerPoint slides, will be like a three stage rocket. I was right about the first two stages and dead wrong about the third... more

How Many Bots? How Many Botnets?

We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more

Online Safety Bill: UK’s Digital Overhaul

The UK Parliament has given the green light to the controversial Online Safety Bill, putting Ofcom, the communications watchdog, in charge of internet regulation. This step brings the legislation closer to becoming law. more

Two New Chinese Internet Service Constellations and Their Market

China’s plans for low-Earth orbit Internet service constellations began with two projects, Hongyun (156 satellites) and Hongyan (864 satellites). These were eventually sidelined for Guowang, an ambitious, 12,992 satellite constellation that is expected to begin launching satellites this year. But, that is old news. China’s five-year plan designates satellite Internet as a strategic emerging industry and two new constellations have emerged, G60 (12,000 satellites) and Honghu–3 (10,000 satellites). more

PayPal Sells X.com Back to Its Previous Owner, Elon Musk

PayPal's corporate communications director confirmed that the company has sold the domain X.com back to its previous owner, Elon Musk. more

DNSSEC Deployment Among ISPs: The Why, How, and What

It's no secret that Comcast has been leading the charge of DNSSEC deployment among ISPs. For the past couple years, Comcast has been testing and pushing for the widespread adoption of DNSSEC. In the spirit of increasing adoption, I thought I would interview the DNS gurus at Comcast to see what they've learned and what advice they would give other ISPs considering DNSSEC deployment. more

ICANN Call for Submissions of Interest for Leadership

ICANN's Nomination Committee has begun their process to nominate more members to various boards, councils and committees of ICANN. This is the process by which I was elected to the board last year. Contrary to what some people may think, these positions should not be taken to try to gain some privilege or power. These are positions of responsibility and require a lot of work for no tangible return except possibly the opportunity to meet other very interesting people. I think about my role at ICANN like I would think about jury duty. We have all benefited from the proper functioning of the Internet for the last decade. If you've benefited in the past and care about the future of the Internet, it is a great opportunity to give back to the community by applying for one of these positions. more

Comcast Unleashes Trial DNS Redirection in Select States

In a post today on Comcast's blog, Chris Griffiths, DNS Engineering Manger, has informed customers that they have begun to role a DNS redirection service -- a controversial service offered by several other ISPs over the years to redirect mistyped URLs to ad-based pages instead of a typical 404 error page. The service called "Domain Name Helper Service" is being launched as a market trial in Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington according to the company. more

Privacy Commissioner Finds Facebook Violating Canadian Privacy Law

The Office of the Privacy Commissioner of Canada has released its long-awaited finding in the complaint against Facebook on a variety of privacy grounds. The complaint was launched by CIPPIC in May 2008 (note that I am an advisor to CIPPIC but had no involvement in this complaint). The case marks an important step in assessing how Canadian privacy law addresses social media with the Commissioner identifying some significant concerns. Moreover, as the case potentially heads to court, it will be closely watched to see whether the findings can be enforced against a global social media power like Facebook. more

Examples of Where ICANN Can Be More Accountable

During the "GNSO Discussion with the CEO" at the recent ICANN meeting in Durban, I stated that ICANN talks a lot about the importance of supporting the public interest, but in reality the organization's first priority is protecting itself and therefore it avoids accountability and works very hard at transferring risks to others. In response to my comments, ICANN CEO Fadi Chehadé asked me to provide him examples of where ICANN can be more accountable. Copied below is my response letter to Chehadé, which provides seven examples. more

RIPE NCC to Hold Sixth IPv6 Focused Hackathon

The Regional Internet Registry for Europe, the Middle East and parts of Central Asia (RIPE NCC) together with Comcast and Danish Network Operator's Group (DKNOG), are organizing the sixth IPv6 focused hackathon. more

Why DNS Blacklists Don’t Work for IPv6 Networks

All effective spam filters use DNS blacklists or blocklists, known as DNSBLs. They provide an efficient way to publish sets of IP addresses from which the publisher recommends that mail systems not accept mail. A well run DNSBL can be very effective; the Spamhaus lists typically catch upwards of 80% of incoming spam with a very low error rate. DNSBLs take advantage of the existing DNS infrastructure to do fast, efficient lookups. A DNS lookup typically goes through three computers... more

WSIS, Development, and Internet Governance: A Plea for ‘Star Trek’ over ‘Mad Max’

Humanity continues to find itself at a crossroads. Ahead of us lies an uncertain future filled with predictions of imminent doom and ominous prospects along with the wonders of science and technology. Behind us lies a century marked paradoxically by both devastating global conflicts and unparalleled global collaboration. As societies continue to globalize, we are increasingly becoming more connected - to the point where it is difficult, if not impossible, to divorce ourselves from the interconnectivity in contemporary systems of commerce, economics, politics, and culture. more

Huawei’s Very Red World

The map below shows countries working with Huawei 5G in red and pink. As can be seen, Huawei is doing very well in 5G, although it's not as dominant as the colors here suggest. Ericsson is actually close to Huawei in 5G revenue, aided by the ban in the US and Australia. Years ago, Huawei was the price leader in order to break into the European market. more