Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more
Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network? more
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault! more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more
A recent paper called "Worm Propagation Strategies in an IPv6 Internet", written by Steven M. Bellovin, Angelos Keromytis, and Bill Cheswick, examines whether or not the deployment of IPv6 will in fact provide a substantial level of barrier against worms. Shared below are the introductory paragraphs from this paper. "In recent years, the internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing..." more
The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details. more
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. ...However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of. more
Last month Wired News, the online service that grew out of Wired Magazine, decided that it was going stop using an upper-case 'I' when it talked about the internet. At the same time Web became web and Net became net. According to Tony Long, the man responsible for their style guide, the change was made because 'there is no earthly reason to capitalize any of these words'. In fact, he claims, 'there never was.' ...Forgive me for saying, but those who choose 'internet' over 'Internet' are as wrong as those who would visit london, meet the queen or go for a boat trip down the river thames. more
The majority of spam -- as much as 80 per cent of all unsolicited marketing messages sent -- now emanates from residential ISP networks and home user PCs. This is due to the proliferation of spam trojans, bits of surreptitious malware code embedded in residential subscriber PCs by worms and spyware programs. Worm attacks are growing in frequency because they provide a fast means of infecting a vast number of computers with spam trojans in a very short period of time. It's no surprise that many service providers report an upsurge in spam traffic immediately following a worm attack. more
Stratton Sclavos of VeriSign distills the essence of the SiteFinder controversy in his CNet interview...There is a subtle but essential misunderstanding here. Innovation can and should happen in Internet infrastructure, but there are a handful of core elements that must remain open and radically simple if the Internet is to remain, well, the Internet. These include TCP/IP, SMTP, HTTP, BIND, BGP, and the DNS (especially the .com registry). Any change in these protocols should be very carefully vetted through a consensus-based process. more
An article based on the most recent study for the European Commission on the Policy Implications of Convergence in the Field of Naming, Numbering and Addressing written by Joe McNamee and Tiina Satuli of Political Intelligence.
"With relation to the Internet and also IP addresses, the "scarcity" is more complicated: there are not only intellectual property issues with regards to domain names, but there is also an issue of managing the integrity of the system. For any naming or numbering system to work, it is essential that the names and addresses used cannot be confused with any other -- in other words, no one system can have two end-points with the same fully qualified number or name..." more
Jan Žorž reflects on SEE RIPE's role in uniting a fragmented region, where trust built through informal exchange now underpins internet resilience and helps align engineers with policymakers as regulatory pressures intensify. more
Subsea cables underpin global data flows, yet resilience, control and deep sea access now define digital sovereignty as governance fragments, hyperscalers consolidate ownership, and states prioritize survivability over efficiency in an increasingly contested geopolitical seabed. more
As AI agents scale, IP reputation emerges as a hidden constraint, shaping access to external systems and degrading performance. Managing network identity, not just models, is becoming essential for reliable data collection. more
Community networks, locally built and governed, are emerging across Africa as cost-effective tools to extend connectivity, bolster digital sovereignty, and improve cyber resilience, despite regulatory, financial, and technical constraints that hinder broader adoption. more
A World-Renowned Source for Internet Developments. Serving Since 2002.