If the motivation behind the effort behind securing BGP was to
allow any BGP speaker to distinguish between routing updates
that contained “genuine” routing information and routing updates
that contained contrived or false information, then these two
reports point out that we’ve fallen short of that target. What’s
gone wrong? Why are certain forms of routing Man-In-The-Middle
attacks all but undetectable for the RPKI-enabled BGPSEC
The Organisation for Economic Co-operation and Development, the OECD,
is a widely referenced and respected source of objective economic data
and comparative studies of national economies and economic performance.
The organization has a very impressive track record of high quality
research and a justified reputation of excellence in its publications,
even with its evident preference for advocating economic reform through
open markets and their associated competitive rigors. OECD activities
in the past have proved to be instrumental in facilitating change in
governmental approaches to common issues that have broad economic and
social dimensions. So how does IPv6 fit into this picture of OECD
Much has been said about how Google uses the services they
provide, including their mail service, their office productivity
tools, file storage and similar services, as a means of gathering
an accurate profile of each individual user of their services.
The company has made a very successful business out of measuring
users, and selling those metrics to advertisers. But can we
measure Google as they undertake this activity? How many users
avail themselves of their services? Perhaps that's a little
ambitious at this stage, so maybe a slightly smaller scale may be
better, so let's just look at one Google service. Can we measure
how many folk use Google's Public DNS Service?
This is an informal description the evolution of a particular
area of network forensic activity, namely that of traceback. This
activity typically involves using data recorded at one end of a
network transaction, and using various logs and registration
records to identify the other party to the transaction. Here
we’ll look at the impact that IPv4 address exhaustion and IPv6
transition has had on this activity, and also note, as we explore
this space, the changing role of IP addresses within the IP
It was never obvious at the outset of this grand Internet
experiment that the one aspect of the network’s infrastructure
that would truly prove to be the most fascinating, intriguing,
painful, lucrative and just plain confusing, would be the
Internet’s Domain Name System. After all, it all seemed so simple
to start with.
I often think there are only two types of stories about the
Internet. One is a continuing story of prodigious technology that
continues to shrink in physical size and at the same time continue
to dazzle and amaze us. We've managed to get the cost and form
factor of computers down to that of an ordinary wrist watch, or
even into a pair of glasses, and embed rich functionality into
almost everything. The other is a darker evolving story of the
associated vulnerabilities of this technology, where we've seen
"hacking" turn into organised crime and from there into a scale of
sophistication that is sometimes termed "cyber warfare". And in
this same darker theme one could add the current set of stories
about various forms of state sponsored surveillance and espionage
on the net. In this article I'd like to wander into this darker
side of the Internet and briefly look at some of the current issues
in this area of cybercrime, based on some conferences and workshops
I've attended recently.
In the emerging IP address broker world it seems that one of the
most widely cited address transactions was that of a US
bankruptcy proceedings in 2011, where Microsoft successfully
tendered $7.5M to purchase a block of 666,624 addresses from the
liquidators of Nortel, which is equivalent to a price of $11.25
per address. Was that a "fair" price for IP addresses then, and
is it a "fair" price now?
One IP address is much the same as another - right? There's
hardly a difference between 192.0.2.45 and 192.0.2.46 is there?
They are just encoded integer values, and aside from
numerological considerations, one address value is as good or bad
as any other - right? So IP addresses are much the same as each
other, and an after-market in IP addresses should be like many
other markets in undistinguished commodity goods. Right? Wrong!
One of the most prominent denial of service attacks in recent
months was one that occurred in March 2013, launched against
Spamhaus and Cloudflare. With a peak volume of
attack traffic of some 120Gbps, it was a very significant attack.
How did the attackers generate such massive volumes of attack
traffic? The answer lies in the Domain Name System (DNS). The
attackers asked about domain names, and the DNS system answered.
Something we all do all of the time on the Internet. So how can a
conventional activity of translating a domain name into an IP
address be turned into a massive attack?