Networks

Networks / Most Viewed

RFC 1918 Address Space: Why It Was Needed then and How It Will Change in IPv6!

Recently, my firm has seen a lot of interest come from Enterprises seeking IPAM/DNS tools. We predicted that IPv6 adoption and the need for automation software/tools would follow the Internet ecosystem's supply chain starting with Service Providers consisting of ISPs, I/PaaS, ASPs, then content providers (mostly a service really), then Enterprises, followed by SMBs & Consumers. While good for business, it has also forced us to revisit and think thru many TCP/IP protocol standards... more

Bad Journalism, IPv6, and the BBC

Here's a good way to frighten yourself: Learn about something, and then read what the press writes about it. It's astonishing how often flatly untrue things get reported as facts. I first observed this back in 1997 when I was a Democratic lawyer in the U.S. House of Representatives working on the (rather ridiculous) campaign finance investigation. (The investigating committee's conspiracy-minded chairman was famous for shotgunning pumpkins in his backyard in order to figure out exactly how Hillary snuffed Vince Foster)...More recently, I've seen the same discouraging phenomenon in reporting on technology and, in particular, the Internet. more

Defending Networks Against DNS Rebinding Attacks

DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more

Network Solutions Under Large Scale DDoS Attack, Millions of Websites Potentially Unreachable

Network Solutions is having problems with "all" its name servers, according to their tech support and a recent post on North American Network Operators' Group (NANOG) mailing list indicates that it has been under very large-scale UDP/53 DDoS attack for the last 48 hour period. As a result, domain names hosted with Network Solutions' Worldnic have been affected. Network Solutions is one of the leading domain registrars and DNS hosting providers in the world, managing more than 7.6 million domain names. more

Shedding Light on How Much Energy the Internet and ICTs Consume

Ever since I published an essay exploring the relationship between climate change and the Internet, I have endeavored to bring this subject to the fore as often as possible (and in relevant fora and discussions) since the responsibility of creating a more sustainable world falls on all communities and stakeholder groups. It is particularly pressing now -- at a time when international interest in curbing climate change is strengthening, while it is juxtaposed with the receding commitments of the United States government... more

A Question of DNS Protocols

One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more

Anyone Who Still Thinks IPv6 Won’t Happen Clearly Isn’t Watching the Measurements

Anyone who still is using the "I'll-just-wait-on-IPv6-because-it-will-never-happen" approach is clearly NOT watching the measurements. First, there was the news last week that Google's IPv6 measurement had crossed over 3% less than five months after crossing the 2% mark. Then today comes word from the World IPv6 Launch measurements program that the February 2014 measurements are up... more

Internet Governance Outlook 2014: Good News, Bad News, No News?

What does the crystal ball say for the Internet in 2014? Here are three scenarios for what could happen with the global Internet Governance Eco-System in the coming 12 months... In the worst case scenario the Internet gets more and more fragmented and re-nationalized. A growing number of governments start to define a "national Internet segment" and develop policies to surveil, censor and control access to and use of the Internet. National firewalls will separate the "domestic Internet" from the global Internet and an exit and entrance regime into networks is introduced where users need passwords, handed out by governmental authorities on an annual basis, to go from one domain to another... more

IP Address Exhaustion In 12 Easy Questions

It seems that there is an increasing level of interest in the topic of IPv4 address exhaustion, so I thought I'll share a set of answers to the most common questions I've been asked on this topic in recent times. ... If there is a common factor in many of these challenges, it is scaling the network to meet an ever expanding agenda of more users, more devices, more traffic, more services and more policies. more

DNS Firewalls In Action - RPZ vs. Spam

In general, a network firewall is just a traffic filter... Filtering rules can be anything from "allow my web server to hear and answer web requests but not other kinds of requests" to "let my users Ping the outside world but do not let outsiders Ping anything on my network." The Internet industry has used firewalls since the mid-1980's and there are now many kinds, from packet layer firewalls to web firewalls to e-mail firewalls. Recently the DNS industry has explored the firewall idea and the results have been quite compelling. In this article I'm going to demonstrate a DNS firewall built using RPZ (Response Policy Zones) and show its potential impact on e-mail "spam". more

Who Uses Google’s Public DNS?

Much has been said about how Google uses the services they provide, including their mail service, their office productivity tools, file storage and similar services, as a means of gathering an accurate profile of each individual user of their services. The company has made a very successful business out of measuring users, and selling those metrics to advertisers. But can we measure Google as they undertake this activity? How many users avail themselves of their services? Perhaps that's a little ambitious at this stage, so maybe a slightly smaller scale may be better. Let's just look at one Google service. more

IPv6: Don’t Forget About Your Switches!

When preparing a network for IPv6, I often hear network administrators say that their switches are agnostic and that there is no need to worry about them. Not so fast. Yes, LAN switches function mainly at layer 2 by forwarding Ethernet frames regardless of whether the packet inside is IPv4 or IPv6 (or even something else!) However, there are some functions on a switch that operate at layer 3 or higher. more

IPv6 Subnetting - The Paradigm Shift

Almost every conversation I have with folks just learning about IPv6 goes about the same way; once I'm finally able to convince them that IPv6 is not going away and is needed in their network, the questions start. One of the most practical and essential early questions that needs to be asked (but often isn't) is "how do I lay out my IPv6 subnets?" The reason this is such an important question is that it's very easy to get IPv6 subnetting wrong by doing it like you do in IPv4. more

MegaBust’s MegaQuestions Cloud the Net’s Future

Mid-January 2012 marked a major inflection point for digital copyright policy in the United States... Yet no one involved with Congressional interaction on either side of the issue believes it has been sidetracked for long, and "Hollywood" and "Silicon Valley" are both plotting their next moves in this high-stakes game to further define the responsibilities and potential liabilities... The resolution of this dispute will determine the ability of Internet services to move to "the cloud"... more

Twenty Myths and Truths About IPv6 and the US IPv6 Transition

After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn't include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows. more

Industry Updates

RIPE 85 News Update

Meet the Speakers of the Cyber Threat Mitigation Webinar (by IPXO)

Dormant IPv4 Addresses Can Help Mitigate Expected Network Outages

To Accelerate 5G Adoption, European Telcos Need More IP Addresses

3 Key Recommendations to Trust the Cloud More by Trusting It Less

DNS Record Contents: Are Organizations Giving Away More Than They Should?

As Global Internet Demands Skyrocket, Expert Share Advice on How to Optimize IT Infrastructure to Meet Modern-Day Challenges

IP Monetization: IP Leasing Makes the Case for Recurring Long-Term Revenue

Leasing IPv4 Addresses in the Dawn of the New Internet Era

How to Monitor IP Netblocks for Possible Targeted Attacks

Not All VPN Users Are Worth Trusting, a Lesson for Cloud Service Providers

Everything You Need to Know About IPv4 vs. IPv6

The Louisiana State Ransomware Attack: Enhancing Cyberdefense with Reverse IP Address Lookup

The Disney+ Account Hijacking: Preventing Unauthorized Network Access with Threat Intelligence Tools

InterMed Breach: How Threat Intelligence Sources Help Maintain Domain Integrity