In Taking Back The DNS I described new technology in ISC BIND as of Version 9.8.0 that allows a recursive server operator to import DNS filtering rules in what ISC hopes will become the standard interchange format for DNS policy information. Later I had to decry the possible use of this technology for mandated content blocking such as might soon be the law of the land in my country. I'm a guest at MAAWG this week in San Francisco and one of the most useful hallway discussions I've been in so far was about the Spamhaus DROP list. more
Anyone who has been watching the technology industry for more than a couple of years quickly learns to recognize FUD: Fear, Uncertainty and Doubt. FUD is (apparently) widely believed to be an effective marketing technique, especially when it comes to security, privacy, or scarcity. But the FUD often falls flat. Scarcity, in particular, is rare on the internet -- even rarer than privacy or security. There's constant FUD about scarcity of bandwidth, but the pipes get upgraded. Attempts to impose artificial scarcity through paywalls or other devices inevitably fail in the face of free alternatives. Even the scarcity of IPv4 addresses, which have indeed run out at the top, hasn't affected end users at the bottom yet -- and probably won't, for a long time. more
This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more
Yesterday CommunityDNS noticed a sudden, heavy spike in traffic through its Anycast node in Hong Kong. While comfortably processing queries at 863,000 queries per second for close to 2 hours the occurrence was undeniable. While we can't say the increase in traffic was specifically due to DDoS, its sudden increase is suspicious and reminds us that DDoS is still a popular tool used by the malicious community. more
It might seem a little strange, but in the current economics of the market in registration of DNS names it appears that the set of names that are not "visible," or at least not associated with any dedicated network service point, represents a far larger set, and has a far higher total value to the DNS name registration industry, than the set of network-visible service endpoint domain names. In other words, there appears to be a larger and more valuable market for names that do not exist than for names that do. more
Mobile WiMAX, with the release of 2×2 MIMO chips in 2008, gives WiMAX a lead of two or so years on its major competitor -- the 3GPP's LTE. However, 3G cellphones using 3GPP UMTS technologies, extended to higher speeds with HSPA, is widely used in handsets in many countries. In North America, 3GPP2 CDMA2000 and EV-DO are widely used, but these are likely to be replaced over time by LTE and to some extent WiMAX. more
The beginning of the year saw IPv6 added to the DNS root, closing a major hole for IPv6-only communication. In mid-year, the US federal government's IPv6 mandate came into effect, requiring all federal IP backbones to support IPv6. While the mandate didn't have anywhere near the effect that many had hoped for, it did spur many vendors to add IPv6 support to their products. The amount of observed IPv6 traffic increased considerably, but we still lack good data for how much IPv6 is being used. So, where were we at the end of 2008? more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
The saga of the IPv6 transition continues to surprise us all. RFC 2460, the first complete effort at a specification of the IPv6 protocol, was published in December 1998, more than twenty years ago. The entire point of IPv6 was to specify a successor protocol to IPv4 due to the prospect of running out of IPv4 addresses. Yet we ran out of IPv4 addresses more than a decade ago. more
One of the basic tools in network design is the so-called "stacked" protocol model. This model was developed in the late 1970s as part of a broader effort to develop general standards and methods of networking. In 1983, the efforts of the CCITT and ISO were merged to form The Basic Reference Model for Open Systems Interconnection, usually referred to as the Open Systems Interconnection Reference Model or the "OSI model." more
It's now been a decade since the world officially ran out of blocks of IP addresses. In early 2011 the Internet Assigned Numbers Authority (IANA) announced that it had allocated the last block of IPv4 addresses and warned ISPs to start using the new IPv6 addresses. But here we are a decade later and not one of my clients has converted to IPv6. more
The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more
I've been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of "crypto zealots." He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet's protocols behind session level encryption as it possibly can. ... Has the IETF got it wrong? Is there a core of crypto zealots in the IETF that are pushing an extreme agenda about encryption? more
Back in the early 2000s, several notable Internet researchers were predicting the death of the Internet. Based on the narrative, the Internet infrastructure had not been designed for the scale that was being projected at the time, supposedly leading to fatal security and scalability issues. Yet somehow the Internet industry has always found a way to dodge the bullet at the very last minute. more
In the December of last, Cuba singed a deal with Google to enable faster access to content served via its popular platforms such Gmail and YouTube. more
A World-Renowned Source for Internet Developments. Serving Since 2002.