Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself. Back in around 1992 the IETF gazed into the crystal ball and tried to understand how the internet was going to evolve and what demands that would place on the addressing system as part of the "IP Next Generation" study. more
DNS firewall market size is expected to grow from USD 90.5 million in 2018 to USD 169.7 million by 2023, at a Compound Annual Growth Rate (CAGR) of 13.4% according to a market research conducted by MarketsandMarkets. more
The Measurement Factory and Infoblox have announced results of a survey of more than 1.3 million Internet-connected, authoritative domain name system (DNS) servers around the globe. The results of the survey indicate that as many as 84 percent of Internet name servers could be vulnerable to pharming attacks, and that many exhibit other security and deployment-related vulnerabilities. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details. more
Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more
Time for another annual roundup from the world of IP addresses. What happened in 2012 and what is likely to happen in 2013? This is an update to the reports prepared at the same time in previous years, so lets see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself. more
I opined about a year ago that DNS blacklists wouldn't work for mail that runs over IPv6 rather than IPv4. The reason is that IPv6 has such a huge range of addresses that spammers can easily send every message from a unique IP address, which means that recipient systems will fire off a unique set of DNSBL queries for every message... Now I'm much less sure this will be a problem... more
This never-ending story is used by opportunistic telcos and their lobbyists to confuse the issue in order to gain regulatory or political advantage. The debate is now raging again in the USA. In an attempt to talk down their monopolistic position in the market the three telcos - and this time in particular, Comcast - are claiming that real competition does in fact exist in the American broadband market, citing competition from the mobile 4G LTE services as an example. more
Exponential growth of networks combined with the complexity introduced by IT initiatives e.g. VoIP, Cloud computing, server virtualization, desktop virtualization, IPv6 and service automation has required network teams to look for tools to automate IP address management (IPAM). Automated IPAM tools allow administrators to allocate subnets, allocate/track/reclaim IP addresses and provide visibility into the networks. Here are some examples of what a typical IPAM tool can do... more
You can't open a newspaper today, listen to the radio, or watch TV without hearing about the enormous explosion in the use of telecommunications technology - be it fixed or mobile broadband, the internet, social media, smartphones, tablets, wearables, IoT, cloud computing, the list is endless... Yet, at the same time, many telcos and ISPs are struggling to maintain their profitability. This defies economic logic. more
July 15, 2010 (yesterday) marked the end of the beginning for DNSSEC, as the DNS root was cryptographically signed. For nearly two decades, security researchers, academics and Internet leaders have worked to develop and deploy Domain Name System Security Extensions (DNSSEC). DNSSEC was developed to improve the overall security of the DNS, a need which was dramatized by the discovery of the Kaminsky bug a few years ago. more
Do you know of someone who has made the Internet better in some way who deserves more recognition? Maybe someone who has helped extend Internet access to a large region? Or wrote widely-used programs that make the Internet more secure? Or served in some capacity behind the scenes in Internet services? Or maybe someone who has been actively working for open standards and open processes for the Internet? more
Let's take a second to look back some 50 years to the world of 1972 and the technology and telecommunications environment at that time. The world of 1972 was one populated by a relatively small collection of massive (and eye-wateringly expensive) mainframe computers that were tended by a set of computer operators working around the clock and directed by specialized programmers, trained in the obscure symbol set used by the job control systems on these computers. more
I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more
More than 30 million people lost their data connectivity on December 6, 2018, in the United Kingdom as O2's network suffered from a nationwide service outage. Based on several reports, the incident was caused by a human error at Ericsson, the telecoms supplier responsible for operating certain parts of the O2 network. To compensate for the downtime and tarnished reputation, the O2 management is now reportedly seeking damages of up to a hundred million pounds from Ericsson. more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more