In looking at the general topic of trust and the Internet, one of the more critical parts of the Internet's infrastructure that appears to be a central anchor point of trust is that of the Domain Name Service, or DNS. The mapping of "named" service points to the protocol-level address is a function that every Internet user relies upon, one way or another. The ability to corrupt the operation of the DNS is one of the more effective ways of corrupting the integrity of Internet-based applications and services. If an attacker can in some fashion alter the DNS response then a large set of attack vectors are exposed. ...The more useful question is whether it is possible to strengthen the DNS. The DNS is a query -- response application, and the critical question in terms of strengthening its function is whether it is possible to authenticate the answers provided by the DNS. DNSSEC provides an answer to this question. more
ENUM has a critical role to play in telephony services convergence. Although many carriers are adopting ENUM there are myths swirling around the confuse newcomers. In data networks, the domain name system (DNS) is responsible for converting Uniform Resource Locators (URL's) to IP addresses in order to route data traffic. The ENUM protocol performs a similar essential function of linking E.164 telephone numbers to Universal Resource Identifiers (URIs) -- enabling communication services to use traditional phone numbers to set up calls over IP networks. Unfortunately, there's a good deal of hype and confusion around ENUM, which might lead carriers to delay ENUM implementations. That delay would be a mistake... more
Several people emailed me about the actual things the senator said and why he is off-base. I decided to listen to his speech again, and write down the points I believe are critical. Senator Stevens who everyone is dissing on for his speech on Net Neutrality in my book spoke nothing less than brilliant. I will also tell you, in my opinion, exactly why... He nailed down the subject into the point that matters: Business. It's about profit. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more
The success of a proposal by AT&T and Verizon to end net neutrality does not threaten the Internet. The broadband customers of AT&T and Verizon will just no longer have access to the Internet. The development appropriately creates alarm among AT&T and Verizon's customers, but the combined customer bases of these companies represent less than 2% of the billion or so users of the Internet. The fact that access to the Internet requires net neutrality does not depend on laws passed by the US Congress or enforced by the FCC. Neutrality arises as a technical and business imperative facilitating the interconnection 250,000 independent networks that choose to participate in the Internet. more
I had hoped to take a longer break from the theme of Net Neutrality, but a piece on Om Malik's blog by Daniel Berninger seems to be screaming for a reply. Berninger hails from Tier 1 Research; his credentials show a close association with Jeff Pulver's Free World Dialup, and hence a piece that is sympathetic to the 'Save the Internet' movement. His legalistically styled piece attempts to suggest that, in the absence of conformance to network neutrality principles, telephone companies will lose their common carrier status and therefore should lose their access to low cost rights-of-way. Good try, Dan... more
In What's Driving the Next Telecom Law, David Isenberg writes about the incumbents desire to preserve "Rational Competition"... Rational competition is the idea that corporations, knowing their own costs, and their competition's pricing, will price their products to maximize profits. It is tied up in the language of predatory pricing. Some economists argue that predatory pricing is rare, because it is, in fact, irrational... The flaw in the incumbent's argument is twofold... more
In follow-up to recent announcement on the release of the latest edition of the very popular DNS and BIND book -- often referred to as the bible of DNS -- CircleID has caught up with Cricket Liu, co-author and a world renowned authority on the Domain Name System. In this interview, Cricket Liu talks about emerging issues around DNS such as security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework). "Cricket Liu: We're now seeing more frequent attacks against DNS infrastructure. ...Turns out that name servers are terrific amplifiers -- you can get an amplification factor of nearly 100x. These attacks have raised awareness of the vulnerability of Internet name servers, which is possibly the only positive result..." more
A new article by Ken Camp, published at Realtime VoIP, discusses telephony regulations, describing some existing regulatory issues surrounding telecommunications and how they might impact VoIP services. The following is an introduction to this article: "Bringing new technologies such as VoIP into service presents a wide range of technical challenges. Given the highly regulated environment of telecommunications, VoIP presents a set of regulatory challenges. For the most part, these challenges present hurdles to VoIP service providers who want to deliver commercial services to consumers and businesses and don't directly impact business VoIP deployment. ...Businesses that embrace managed VoIP services might want to review some of these regulatory issues, such as E-911 services, with the managed VoIP service provider." more
A World-Renowned Source for Internet Developments. Serving Since 2002.