I often think there are only two types of stories about the
Internet. One is a continuing story of prodigious technology that
continues to shrink in physical size and at the same time continue
to dazzle and amaze us. We've managed to get the cost and form
factor of computers down to that of an ordinary wrist watch, or
even into a pair of glasses, and embed rich functionality into
almost everything. The other is a darker evolving story of the
associated vulnerabilities of this technology, where we've seen
"hacking" turn into organised crime and from there into a scale of
sophistication that is sometimes termed "cyber warfare". And in
this same darker theme one could add the current set of stories
about various forms of state sponsored surveillance and espionage
on the net. In this article I'd like to wander into this darker
side of the Internet and briefly look at some of the current issues
in this area of cybercrime, based on some conferences and workshops
I've attended recently.
In the emerging IP address broker world it seems that one of the
most widely cited address transactions was that of a US
bankruptcy proceedings in 2011, where Microsoft successfully
tendered $7.5M to purchase a block of 666,624 addresses from the
liquidators of Nortel, which is equivalent to a price of $11.25
per address. Was that a "fair" price for IP addresses then, and
is it a "fair" price now?
One IP address is much the same as another - right? There's
hardly a difference between 192.0.2.45 and 192.0.2.46 is there?
They are just encoded integer values, and aside from
numerological considerations, one address value is as good or bad
as any other - right? So IP addresses are much the same as each
other, and an after-market in IP addresses should be like many
other markets in undistinguished commodity goods. Right? Wrong!
One of the most prominent denial of service attacks in recent
months was one that occurred in March 2013, launched against
Spamhaus and Cloudflare. With a peak volume of
attack traffic of some 120Gbps, it was a very significant attack.
How did the attackers generate such massive volumes of attack
traffic? The answer lies in the Domain Name System (DNS). The
attackers asked about domain names, and the DNS system answered.
Something we all do all of the time on the Internet. So how can a
conventional activity of translating a domain name into an IP
address be turned into a massive attack?
Potaroo blog