Potaroo blog

Author Archives: Potaroo blog

MITM and Routing Security

If the motivation behind the effort behind securing BGP was to allow any BGP speaker to distinguish between routing updates that contained “genuine” routing information and routing updates that contained contrived or false information, then these two reports point out that we’ve fallen short of that target. What’s gone wrong? Why are certain forms of routing Man-In-The-Middle attacks all but undetectable for the RPKI-enabled BGPSEC framework?

IPv6 at the OECD – A Public Policy Perspective on IPv6

The Organisation for Economic Co-operation and Development, the OECD, is a widely referenced and respected source of objective economic data and comparative studies of national economies and economic performance. The organization has a very impressive track record of high quality research and a justified reputation of excellence in its publications, even with its evident preference for advocating economic reform through open markets and their associated competitive rigors. OECD activities in the past have proved to be instrumental in facilitating change in governmental approaches to common issues that have broad economic and social dimensions. So how does IPv6 fit into this picture of OECD activities?

Who Uses Google’s DNS?

Much has been said about how Google uses the services they provide, including their mail service, their office productivity tools, file storage and similar services, as a means of gathering an accurate profile of each individual user of their services. The company has made a very successful business out of measuring users, and selling those metrics to advertisers. But can we measure Google as they undertake this activity? How many users avail themselves of their services? Perhaps that's a little ambitious at this stage, so maybe a slightly smaller scale may be better, so let's just look at one Google service. Can we measure how many folk use Google's Public DNS Service?

IP Addresses and Traceback

This is an informal description the evolution of a particular area of network forensic activity, namely that of traceback. This activity typically involves using data recorded at one end of a network transaction, and using various logs and registration records to identify the other party to the transaction. Here we’ll look at the impact that IPv4 address exhaustion and IPv6 transition has had on this activity, and also note, as we explore this space, the changing role of IP addresses within the IP protocol architecture.


It was never obvious at the outset of this grand Internet experiment that the one aspect of the network’s infrastructure that would truly prove to be the most fascinating, intriguing, painful, lucrative and just plain confusing, would be the Internet’s Domain Name System. After all, it all seemed so simple to start with.

The Big Bad Internet

I often think there are only two types of stories about the Internet. One is a continuing story of prodigious technology that continues to shrink in physical size and at the same time continue to dazzle and amaze us. We've managed to get the cost and form factor of computers down to that of an ordinary wrist watch, or even into a pair of glasses, and embed rich functionality into almost everything. The other is a darker evolving story of the associated vulnerabilities of this technology, where we've seen "hacking" turn into organised crime and from there into a scale of sophistication that is sometimes termed "cyber warfare". And in this same darker theme one could add the current set of stories about various forms of state sponsored surveillance and espionage on the net. In this article I'd like to wander into this darker side of the Internet and briefly look at some of the current issues in this area of cybercrime, based on some conferences and workshops I've attended recently.

Valuing IP Addresses

In the emerging IP address broker world it seems that one of the most widely cited address transactions was that of a US bankruptcy proceedings in 2011, where Microsoft successfully tendered $7.5M to purchase a block of 666,624 addresses from the liquidators of Nortel, which is equivalent to a price of $11.25 per address. Was that a "fair" price for IP addresses then, and is it a "fair" price now?

Not All IP Addresses are the Same

One IP address is much the same as another - right? There's hardly a difference between and is there? They are just encoded integer values, and aside from numerological considerations, one address value is as good or bad as any other - right? So IP addresses are much the same as each other, and an after-market in IP addresses should be like many other markets in undistinguished commodity goods. Right? Wrong!

A Question of DNS Protocols

One of the most prominent denial of service attacks in recent months was one that occurred in March 2013, launched against Spamhaus and Cloudflare. With a peak volume of attack traffic of some 120Gbps, it was a very significant attack. How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time on the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack?
1 8 9 10