Today, we are discussing some of our more complex, heuristic techniques to detect malicious use of this vital protocol and how these detect key components of common real-world attacks. These analytics focus on behavior that is common to a variety of attacks, ranging from advanced targeted intrusions to the more mundane worms, botnets and ransomware. Such techniques are designed to complement more concrete signature-based detection, giving the opportunity to identify such behavior prior to the deployment of analyst driven rules. —John Booth @Azure
There appears to be a huge disconnect here between the EU’s professed concern for keeping Europeans safe — as expressed in the one-hour rule — and the EU’s actual refusal to keep Europeans safe in the offline world. The result is that Europeans, manipulated by an untransparent, unaccountable body, will not be kept safe either online or off. And what if the content in question, as has already occurred, may be trying to warn the public about terrorism? —Judith Bergman @ Gatestone
The Domain Name System (DNS) is known to be a valuable source of threat intelligence. With the mainstream introduction of the Response Policy Zone (RPZ) technology in popular resolver software, there is now a growing market of DNS service providers who are offering DNS firewall-style services. —James Richards @APNIC
I have not counted the IETF’s I have attended; I only know the first RFC on which I’m listed as a co-author was published in 2000, so this must be close to 20 years of interacting with the IETF community, and I’m pretty certain I’ve attended at least two meetings a year across that time, and three meetings a year in most of those years. Across that time, there has never been a time when I have not been told, at least once, “the IETF is broken.” And there has not been a single time I cannot remember agreeing with the sentiment.
So, how is the IETF broken? The trend that bothers me the most right now is the gold rush syndrome. A new technology is brought into the IETF, and if it looks like it might somehow be “important,” there is a “land rush” as people stake out new drafts, find use cases, find corner cases, and work to develop drafts and communities around those drafts. This generally results in a sort of ossification process, where there are clear insiders and outsiders, an entirely new vocabulary is developed, and the drafts fly so fast and furious there is Continue reading
On this community roundtable at the Network Collective, we’re talking about building resilient networks with Pete Welcher, Jody Lemoine, and John Herbert. This was a terrific discussion of all those things you might not think about.
In the case of satellite connections, it does not matter too much whether the buffer queue is managed with schemes such as random early drop (RED) and/or explicit congestion notification (ECN). The feedback path for such schemes traverses the link in both directions, and the resulting timeframes are typically too long to give short-term relief to queues that are becoming congested. —Ulrich Speidel @APNIC
ISPs that use satellite links for international IP connectivity often block User Datagram Protocol (UDP) traffic because it is deemed ‘unfriendly’ in the presence of Transmission Control Protocol (TCP) on the link and considered too unimportant a protocol to be mission-critical. —Ulrich Speidel @APNIC
On Tuesday, the Supreme Court heard oral argument in United States v. Microsoft, a case that many observers believe could have significant ramifications for how cloud computing and other technology companies interact with the US government. —Olivier Douliery @Wired
Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post.
Side channel attacks are more common, and more dangerous, than many engineers understand. In this post, I’ll take a look at a 2017 research paper that builds and exploits a side channel attack against several smart home devices to see how such a side channel attack plays out. They begin their test with a series of devices, including a children’s sleep monitor, a pair of security cameras, a pair of smart power plugs, and a voice based home assistant.
The attack itself takes place in two steps. The first is to correlate individual traffic flows with a particular device (where a traffic flow is a 5 tuple. The researchers did this in three different ways. First, they observed the MAC address of each device talking on the network, comparing the first three octets of this address to a list of known manufacturers. Most home device manufacturers use a Continue reading
ICANN has consistently said its intention in complying with the European Union’s General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database “to greatest extent possible.” On February 28, ICANN published its proposed model. —Brian Winterfeldt @CircleID
We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to replace these certificates will result in site breakage in upcoming versions of major browsers, including Chrome. @Google
I’ve been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of “crypto zealots”. He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet’s protocols behind session level encryption as it possibly can. He argues that ETSI’s work on middlebox security protocols is a more responsible approach, and the enthusiastic application of TLS in IETF protocol Continue reading
But if this aspect was already known and widely expected for years, another that we often underestimate is that related to our privacy. Amazon, Ebay, but also Google, Facebook and others, base their business on our personal data. —Fabiana Aloisi @Connecting
On this episode of the history of networking, we talk to Tony Li about the origin and history of the Cisco Silicon Switching Engine.