Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The end of the year is approaching which seems to be a harbinger of Internet disasters. Four years ago (on 24 Dec. 2004), TTNet significantly disrupted Internet traffic by leaking over 100,000 networks that were globally routed for about an hour. Two years ago (on 26 Dec. 2006), large earthquakes hit the Luzon Strait, south of Taiwan, severing several underwater cables and wreaking havoc on communications in the region. Last year there was a small delay. On 30 Jan. 2008, more underwater cables were severed in the Mediterranean, severely disrupting communications in the Middle East, Africa, and the Indian subcontinent. Calamity returned to its customary end-of-year schedule this year, when early today (19 Dec. 2008) several communications cables were severed, affecting traffic in the Middle East and Indian subcontinent. more
The internet bus continues to accelerate straight into the IPv4 address depletion wall with spirited discussions continuing on how to divvy up the remnants of the address space. Obviously all five Regional Internet Registries (RIR's) want to make sure they get their fair share from IANA but what is a fair share remains the subject of interpretation. In the mean time, scenarios of a speculative land rush and auctions of ever smaller address blocks abound with unattractive consequences such as an explosion of the size of the routing table and a stunted growth of the global internet economy... In the meantime, the airline industry completed a rather significant migration of their own... more
It happened in San Jose, it happened in Taiwan and soon it will happen in Philadelphia! A nightmare? A conspiracy? No, no, it was just the IPv6 hour. One hour of pure IPv6 LAN for NANOG attendees with a NAT-PT as valve to the crowded teeming world of the IPv4 internet... At 12 noon, Tuesday February 19th it happened! While Mac, Vista, Linux and Unix can breathe AAAA, Windows XP however cannot do DNS over IPv6 transport. What to do to avoid all these Windows XP users... more
The debates are raging over whether or not we should migrate to IPv6. The strongest argument is the enormous address space that will allow for everyone and everything to have a unique public address, many addresses actually. It is often said that the shortage of public IPv4 addresses has limited our capabilities because it led to the pervasive use of private addressing, Network Address Translation (NAT) and Port Address Translation (PAT). Though these technologies remain critical, they are often regarded as stop-gap measures, and they sometimes create problems. In some circles, NAT has acquired a very bad name. But is that a fair perspective of the technology? Let's review the positives and negatives. more
There have been quite a number of recent articles about various IPv6 issues. Thus the question: how far along is the actual IPv6 deployment? This is a quick-and-dirty survey that focuses mainly on the content provider side. What domains were surveyed? Alexa offers country depended TopSites listings. Domains listed are frequently visited by users from that country, not necessarily hosted there... more
May 6th 2007: ARIN board of trustees passes a resolution advising the Internet community that migration to a new version of the internet protocol, IPv6, will be necessary to allow continued growth of the internet. June 29th 2007, Puerto Rico: ICANN Board resolution states that: The Board further resolves to work with the Regional Internet Registries and other stakeholders to promote education and outreach, with the goal of supporting the future growth of the Internet by encouraging the timely deployment of IPv6. Oct 26th 2007 at the RIPE 55 meeting in Amsterdam... Nov 15th 2007: IGF meeting, Rio de Janeiro... This is but a small sample of the fast growing visibility IPv6 acquired this year, 2007. more
I'm writing this column in November, and that means that it is time for the traveling circus known as the Internet Governance Forum (IGF) to come down to earth, unpack its tents and sell tickets for its annual song and dance routine. The script for this year's show has been changed, and after being excluded from the main arena last year at the Athens gig, the headline act of "Critical Internet Resources" is taking a starring role this year in Rio. Some folk are even saying that it is the single most contentious issue to be scheduled at this year's IGF show. So what are "Critical Internet Resources" anyway? If folks are going to spend all this time, energy and carbon emissions traveling to Rio to talk on this topic, then wouldn't it be helpful to understand what it means in the first place? There are probably a number of ways to answer this question, so in this heavily opinionated column I'd like to look at the range of possible answers to this question. more
There are many network operator group meetings being held these days. Even in the backwater of the South Pacific where I live there is now AUSNOG, and NZNOG is just next door in New Zealand. We now have MENOG in the Middle East and AFNOG in Africa. The original NOG was the North American Network Operators Group (NANOG), and they have the T-Shirts to prove it! NANOG meets three times a year, and I attended NANOG 41 in October 2007. NANOG meetings cover a broad variety of topics, from operational tools, measurement, and peering practices through to a commentary on the state of the Internet industry. Here are my impressions of the meeting. more
Vonage's latest woes are written up by Om Malik in Vonage: How Low Can You Go. More interesting than Om's reportage (Sprint wins case, Vonage ordered to pay damages, stock drops to $1.30) is the commentary afterward, in which one reader takes Om to task for the "gleeful" way in which he reports the demise of the VoIP companies... Boosters made the argument that VoIP was fundamentally cheaper than the TDM systems that phone companies deploy, and so therefore they enjoyed a price advantage in the market place. Anyone in the business of supplying telecom equipment, however, will tell you that the argument is flawed... more
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network? more
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault! more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details. more
A World-Renowned Source for Internet Developments. Serving Since 2002.