With my post earlier this month about the possibility of SIP botnets [also featured here on CircleID], I've had a number of people asking about more information and wondering about the possible impacts. And while I will write more on botnets in general, as far as the potential impact of "botnets" in general, one need only look over at the current situation in Estonia... Now, perhaps Russia is behind the attack... perhaps not. There are obviously much larger political issues going on between the two states.
A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security...
After much initial fanfare a couple of years ago ENUM has matured to a state where it is currently yet another under-achiever in the technology deployment stakes. ENUM initially presented itself as a very provocative response to the legacy telco position of monopolising public voice services through their exclusive control over the Public Switched Telephone Network (PSTN) and the associated controlling position over the telephone number space... The perception was that ENUM was going to dismantle these levers of control and open up the voice market to a new wave of competitive carriers. If the address plan was the key to the PSTN, then ENUM was intended unlock this network and position the new wave of Voice Over IP (VOIP) carriers to take over any residual treasures of the traditional voice market. Events have not played out according to these expectations...
I have long been intrigued by the question of how do we turn the internet into a lifeline grade infrastructure... My hope that this will occur soon or even within decades is diminishing. Most of us observe, almost daily, how even well established infrastructures tend to crumble when stressed, even slightly... I was at the O'Reilly Etel conference last week. The content was impressive and the people there were frequently the primary actors in the creation and deployment of VOIP. However, not once during the three days did I hear a serious discussion by a speaker or in the hallways about how this evolving system would be managed, monitored, diagnosed, or repaired.
What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences...
In looking at the general topic of trust and the Internet, one of the more critical parts of the Internet's infrastructure that appears to be a central anchor point of trust is that of the Domain Name Service, or DNS. The mapping of "named" service points to the protocol-level address is a function that every Internet user relies upon, one way or another. The ability to corrupt the operation of the DNS is one of the more effective ways of corrupting the integrity of Internet-based applications and services. If an attacker can in some fashion alter the DNS response then a large set of attack vectors are exposed. ...The more useful question is whether it is possible to strengthen the DNS. The DNS is a query -- response application, and the critical question in terms of strengthening its function is whether it is possible to authenticate the answers provided by the DNS. DNSSEC provides an answer to this question.
ENUM has a critical role to play in telephony services convergence. Although many carriers are adopting ENUM there are myths swirling around the confuse newcomers. In data networks, the domain name system (DNS) is responsible for converting Uniform Resource Locators (URL's) to IP addresses in order to route data traffic. The ENUM protocol performs a similar essential function of linking E.164 telephone numbers to Universal Resource Identifiers (URIs) -- enabling communication services to use traditional phone numbers to set up calls over IP networks. Unfortunately, there's a good deal of hype and confusion around ENUM, which might lead carriers to delay ENUM implementations. That delay would be a mistake...
In follow-up to recent announcement on the release of the latest edition of the very popular DNS and BIND book -- often referred to as the bible of DNS -- CircleID has caught up with Cricket Liu, co-author and a world renowned authority on the Domain Name System. In this interview, Cricket Liu talks about emerging issues around DNS such as security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework). "Cricket Liu: We're now seeing more frequent attacks against DNS infrastructure. ...Turns out that name servers are terrific amplifiers -- you can get an amplification factor of nearly 100x. These attacks have raised awareness of the vulnerability of Internet name servers, which is possibly the only positive result..."
A new article by Ken Camp, published at Realtime VoIP, discusses telephony regulations, describing some existing regulatory issues surrounding telecommunications and how they might impact VoIP services. The following is an introduction to this article: "Bringing new technologies such as VoIP into service presents a wide range of technical challenges. Given the highly regulated environment of telecommunications, VoIP presents a set of regulatory challenges. For the most part, these challenges present hurdles to VoIP service providers who want to deliver commercial services to consumers and businesses and don't directly impact business VoIP deployment. ...Businesses that embrace managed VoIP services might want to review some of these regulatory issues, such as E-911 services, with the managed VoIP service provider."
I like the drift of the Pulver/Evslin proposal on emergency communications, and wish there was as vigorous a debate going on over here. I just hope we in the UK aren't jerked out of complacency by some major disaster -- although widespread use of pre-paid cellular means the problem of sunken landlines isn't as acute. Yet I can't help but wonder why the poor public has to wait for a disaster before they're given partial control over how their number maps to different destinations and services. Why can't I get a voicemail service from someone other than my connectivity provider? Why is ENUM hostage to the telcos, whose interest lies in ensuring that new services can only come from them?