Worth Reading: Radicalizing data collection

Like many Silicon Valley start-ups, Larry Gadea’s company collects heaps of sensitive data from his customers. Recently, he decided to do something with that data trove that was long considered unthinkable: He is getting rid of it. The reason? Gadea fears that one day the FBI might do to him what it did to Apple in their recent legal battle: demand that he give the agency access to his encrypted data. Rather than make what he considers a Faustian bargain, he’s building a system that he hopes will avoid the situation entirely. Washington Post

The post Worth Reading: Radicalizing data collection appeared first on 'net work.

The License Agreement

The post The License Agreement appeared first on 'net work.

Worth Reading: Journey to the CCDE

On May the 17th I passed the CCDE practical in Madrid and became Swedens 2nd CCDE, CCDE #20160011. This post describes my journey to passing the CCDE practical in my 1st attempt and the materials that I used to do so. Lost in Transit

The post Worth Reading: Journey to the CCDE appeared first on 'net work.

Worth Reading: The age of the GPU

Having made the improbable jump from the game console to the supercomputer, GPUs are now invading the datacenter. This movement is led by Google, Facebook, Amazon, Microsoft, Tesla, Baidu and others who have quietly but rapidly shifted their hardware philosophy over the past twelve months. Each of these companies have significantly upgraded their investment in GPU hardware and in doing so have put legacy CPU infrastructure on notice. The Next Platform

The post Worth Reading: The age of the GPU appeared first on 'net work.

Reading List: 060916

A few of the papers, RFCs, and drafts I’m reading this week, along with a short description of each.

A Survey of Worldwide Censorship Techniques
draft-hall-censorship-tech-03

Censorship is a large problem on the Internet—but it’s often difficult to find any good description of the various ways censors can both find and block “offending” content. This draft is a short, readable overview of the various techniques actually seen in the wild, along with pointers to research about the techniques themselves, and instances where they’ve been used in the real world.

IPv6 Extension Headers and Packet Drops
draft-gont-v6ops-ipv6-ehs-in-real-world

One of the interesting features of IPv6 is its support for extension headers, which are variable length bits of information—metadata about the packet, for instance—that can be attached to a packet and processed by either the receiving host or forwarding devices along the way. Extension headers are useful, in that they allow IPv6 to be easily extended on the fly, rather than forcing the protocol designer to create a set of metadata “in stone.” Extension headers, however, are also controversial; how should an ASIC designer decide which ones to support in hardware, and how should extension headers that cannot be handled in hardware Continue reading

Worth Reading: Big data and big trouble

Deluged with an unprecedented amount of information available for analysis, companies in just about every industry are discovering increasingly sophisticated ways to make market observations, predictions and evaluations. Big Data can help companies make decisions ranging from which candidates to hire to which consumers should receive a special promotional offer. As a powerful tool for social good, Big Data can bring new opportunities for advancement to underserved populations, increase productivity and make markets more efficient. MarketWatch

The post Worth Reading: Big data and big trouble appeared first on 'net work.

Worth Reading: How to fight latency

Given that minimizing latency, and by association, determining a path across the global Internet with minimal packet loss is still critical, how can we accomplish this? Using the $20 billion real-time ad serving market as an example, we’ll first look at the different components, and then introduce an approach to mitigate latency. New Stack

The post Worth Reading: How to fight latency appeared first on 'net work.

Worth Reading: Windows WPAD attack

Windows’ WPAD feature has for many years provided attackers and penetration testers a simple way to perform MITM attacks on web traffic. There is, for example, a great blog post by Tod Beardsley called “MS09-008: Web Proxy Auto-Discovery (WPAD), Illustrated” that highlights the problems with WPAD. Now finally, roughly 10 years after WPAD was introduced, the penetration testing framework Metasploit includes support for WPAD via a new auxiliary module located at “auxiliary/server/wpad”. This module, which is written by Efrain Torres, can be used to perform for man-in-the-middle (MITM) attacks by exploiting the features of WPAD. Netresec

The post Worth Reading: Windows WPAD attack appeared first on 'net work.

Worth Reading: IPv6 Link Local Addresses

In November 2014, after quite some controversy in the IETF OPSEC working group (for those interested look at the archives), the Informational RFC 7404 “Using Only Link-Local Addressing inside an IPv6 Network” was published. It is authored by Michael Behringer and Eric Vyncke and discusses the advantages and disadvantages of an approach using “only link-local addresses on infrastructure links between routers”. APNIC

The post Worth Reading: IPv6 Link Local Addresses appeared first on 'net work.

Building a “Network” Network

Over my years as a network engineer, I’ve notice that the engineering job tends to be somewhat isolated (or isolating). Part of the reason is probably that there tend to be one or two network engineers at a single company, munged in with a lot of other IT folks who share some common ground (but not entirely), so there’s little chance to interact with others who are working on the same sorts of problem sets on a day to day basis. This tends to produce network engineers who are more attached to their vendor than they are to their “day job.” In fact, this tends to make the entire network engineering world, to the average network engineer, appear to be “not much more” than the vendors who show up on our doorsteps, the vendor specific trade shows we can attend, and what we read online. This is—how can I say this gently—??

This is an unhealthy situation for your career as a network engineer—and as a person.

What you need to do is build a network of other network engineers—a network network—so you can broaden your scope, keep your ear to the ground for changes, prepare for changes, have Continue reading

Worth Reading: Encryption is a red herring

Spooky rhetorical flourishes have become commonplace in the debate about encrypted communications. We are told that the FBI is “going dark;” that “warrant-proof” communications are proliferating; and that terrorists and criminals are operating en masse and with impunity. But are evildoers really foiling law enforcement’s ability to investigate their crimes? Real Clear Policy

The post Worth Reading: Encryption is a red herring appeared first on 'net work.

Worth Reading: Privacy is disappearing

So the main question raised by all this surveillance tech is how much we’re willing to risk loss of liberty for the sake of greater security. A saying often attributed to Benjamin Franklin has it: “Those who prefer security to liberty deserve neither.” Assuming that’s true, we need to come together as a polity to decide when to say “Enough!” to all the spying. Intellectual Takeout

The post Worth Reading: Privacy is disappearing appeared first on 'net work.

When prepend fails, what next? (2)

This week’s post was written by Johnny Britt over at FreedomPay. I’ve edited in some small places to add more information, etc., but I think Johnny needs to start blogging…

Once you have determined that AS-Path prepending can no longer help us what are our next steps? Routing is based on the longest matched prefix, this is true when BGP routes are being compared as well regardless of the AS-PATH. So one option you have is to split your address space into longer advertised prefixes and advertise a slice to each of our upstream providers. In Fig. 1, AS65000 splits its /44 IPv6 into 2 prefixes and advertises them out to AS65001 and AS65004 respectively. This forces half of AS65000 subnet traffic to flow inbound from one specific provider and we can combine both this technique and AS-Path prepending to give us more load sharing capabilities.

Using longer prefixes to direct traffic to a more preferred inbound link can take us a long way in creating the desired inbound traffic pattern. Sometimes there are scenarios where you may need to direct traffic at a more granular level.

But what if you don’t have the ability to create longer prefixes Continue reading

Worth Reading: Troubleshooting Cisco Remote Access

The Cisco Mobile and Remote Access (MRA) feature is a “client edge” solution that allows external software and hardware clients to register to enterprise Cisco Unified Communication (UC) solutions without requiring a VPN. Like most things, there are a lot of moving parts working together to create a relatively seamless user experience. And, like most things, the first time you deploy MRA there are a few “gotchas” that can eat up a significant amount of troubleshooting time. Netcraftsmen

The post Worth Reading: Troubleshooting Cisco Remote Access appeared first on 'net work.

Worth Reading: Random number breakthrough

The generation of random numbers has been an interesting problem for mathematicians for thousands of years. Old methods of random number generation include rolling dice, flipping coins and shuffling playing cards, but using these techniques for producing large numbers of sufficiently random numbers is extremely time-consuming. The New Stack

The post Worth Reading: Random number breakthrough appeared first on 'net work.

Hilton Head

The post Hilton Head appeared first on 'net work.

Worth Reading: Open Flow Tables and Vendor Hype

An OpenFlow-based switch can do only whatever the underlying hardware can do and whatever the NOS vendor implemented in the OpenFlow agent. If Pica8 claims that their software works better with TTPs they’re just saying that their previous software sucked. IP Space

The post Worth Reading: Open Flow Tables and Vendor Hype appeared first on 'net work.

Worth Reading: Useful Utilities

Troubleshooting and managing a network is much easier when you have the proper tools. Anybody who has been in the IT world for a time likely has a stash of small, portable, and often free programs they use to help in this area. Here is a list of my most-used utilities. Packet Pushers

The post Worth Reading: Useful Utilities appeared first on 'net work.

Worth Reading: IP addresses are not telephone numbers

A blanket association between telephone numbers and IP numbers and domain names is simply not useful. Here’s the problem — IP numbers and domain names are not telephone numbers. By using this analogy as the starting point for their rationale to consider IP numbers as CPNI, the FCC is beginning from a fundamentally flawed starting point. Circle ID

The post Worth Reading: IP addresses are not telephone numbers appeared first on 'net work.

Worth Reading: Venezuela and ‘net Neutrality

A recent study conducted by the Institute for Press and Society (IPYS) in Venezuela has confirmed that at least 43 different websites are being blocked in the country, shedding new light on the filtering practices of the Venezuelan government. The research focused on documenting incidents surrounding web access and net neutrality, zeroing in on the treatment of national networks during the 2015 elections. Somewhat Reasonable

The post Worth Reading: Venezuela and ‘net Neutrality appeared first on 'net work.