Russ

Author Archives: Russ

Worth Reading: The state of DNS security

Did you know that 89% of top-level domains are now signed with DNSSEC? Or that over 88% of .GOV domains and over 50% of .CZ domains are signed? Were you aware that over 103,000 domains use DANE and DNSSEC to provide a higher level of security for email? Or that 80% of clients request DNSSEC signature records in DNS queries? All these facts and much more are available in our new State of DNSSEC Deployment 2016 report. —The Internet Society

The post Worth Reading: The state of DNS security appeared first on 'net work.

BGP Flowspec Indirection

While Flowspec has been around for a while (RFC5575 was published in 1999), deployment across AS boundaries has been somewhat slow. The primary concerns in deploying flowspec are the ability to shoot oneself in the foot, particularly as poening Flowspec to customers can also open an entirely new, and not well understood, attack surface, and the simple cost of filtering packets. In theory, ASICs can filter packets based on a variety of parameters cheaply. Theory doesn’t always easily translate to practice, however.

Regardless, recent work in Flowspec is quite interesting; particularly the ability to redirect flows, rather than simply filtering them. Of course, the original RFCs did allow for the redirection of flows into a VRF on the local router, but this leaves a good bit to be desired. To make such a system work, you must actually have a VRF into which to redirect traffic; for one-off situations, such as directing attack traffic to a honey pot, building the VRF and populating it can be more work than capturing the traffic is worth. A newer draft, draft-ietf-idr-flowspec-path-redirect, aims to resolve this.

Before getting to the draft specifics, however, it is useful to review the basic concept of Continue reading

One Weird Trick to really be Smarter

For some reason, I seem to be a bit of a question magnet. Not that I mind, of course, because… Well, you’ll discover why in just a moment. I was reminded of this, this week, when someone asked me—”how do you know so much about so many different things?” Before I answered them, Steve Hood published his first post on his journey to the CCNA. Buried in this post is something very important in relation to the question in hand—

Further, over the last six months I have worked, for the first time, in environments in which I am not the sole networking professional. Simply being able to say “hey, what do you think of doing ____?” has been awesome. Before joining a networking team I could only see my own perspective and the things I thought to google. Now I have the advantage of a reply from someone with more or different experience.

This completely exposes one of my primary pathways to knowing a lot of stuff about a lot of stuff. If you don’t see it yet, here it is in plain language, one weird trick that will really make you smarter.

Make certain you are Continue reading