Russ

Author Archives: Russ

Hedge 146: Leslie Daigle and Unwanted Traffic in the DFZ

How much of the traffic on the Internet is wasted—traffic no-one really wanted, and yet is being carried and paid for by providers and end users? In a world increasingly concerned about the waste of precious resources, this is an important topic to consider. Leslie Daigle joins Russ White and Tom Ammon on this episode of the Hedge to discuss the kinds of traffic she’s seeing hit their large-scale honey-trap, and the implications for the Internet.

download

Weekend Reads 090222


However, a recent study from cybersecurity training platform Hoxhunt revealed that the skill of distinguishing between legitimate and phishing emails varies based on job functions.


How will the market change in the future? Estimates of cloud market share are highly variable, with one of the biggest challenges being that different providers report different products and services in the “cloud” revenue category.


All companies should be using two-factor authentication at least to secure their systems, but relying on text messages alone is foolish, cybersecurity experts say.


The goal for co-packaged optics using DWDM is to have lower power consumption than an electrical cable but with a similar cost, have a reach comparable to an active electrical cable, and offer signal density that is on par with a printed circuit board.


“A lack of 5G industrial devices has stalled manufacturers’ interest in 5G private wireless,” said ABI Research. “In turn, the lack of enthusiasm has discouraged hardware suppliers from creating the necessary devices.”


There are tens of millions of lines of code in thousands of software programs, on a typical server in the datacenter. All of which collectively present a huge attack surface for various kinds of malware.


Huawei CEO Ren Continue reading

Hedge 145: Roundtable on Professional Liability

The software world is known for overdue projects, costs overrun, lots of defects, and lots of failure all the way around. Many other engineering fields have stricter requirements to take on projects and liability insurance driving correct practice and care. The networking world, and the larger IT world, however, has neither of these things. Does this make IT folks less likely to “do the right thing,” or is the self-regulation we have today enough? Join Tom Ammon, Eyvonne Sharp, and Russ White as they discuss the possibilities of professional liability in information technology.

download

Weekend Reads 082522


I dabble with DNS for work, and I’m frequently checking if CNAMEs are properly configured. CNAMEs are Canonical NAMEs, kind of like nicknames, that indicate that one domain name is a nickname for another domain name.


Overall, A and MX queries are successfully resolved most frequently, while AAAA and PTR manifest lower success rates. Specifically, the failure rate of AAAA queries is surprisingly over 64.2% — two out of three AAAA queries failed.


Growth in hyperscaler data centers and processor-intensive enterprise workloads, such as high-performance computing (HPC) and AI, is set to drive broadscale adoption of SmartNICs.


Email is, without doubt, the communication tool of choice for almost everyone, and it is critical for those of us running a business. Therefore, is it any wonder that against this backdrop of increasing email use, we see that fraudsters and cybercriminals use email as their primary delivery mechanism for phishing and malware?


Broadcom will deploy its 25.6Tbit/sec Humbolt co-packaged optical (CPO) switches in China-based cloud provider Tencent’s datacenters in a bid to accelerate adoption of the emerging network tech.


Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware Continue reading

Hedge 144: IPv6 Lessons Learned

We don’t often do a post-mortem on the development and deployment of new protocols … but here at the Hedge we’re going to brave these deep waters to discuss some of the lessons we can learn from the development and deployment of IPv6, especially as they apply to design and deployment cycles in the “average network” (if there is such at thing). Join us as James Harr, Tom Ammon, and Russ White consider the lessons we can learn from IPv6’s checkered history.

download

Weekend Reads 081922


The US Federal Trade Commission on Thursday announced an effort to formulate privacy rules to deter unwelcome online monitoring and shoddy data security.


Cloud computing has security issues. The problem is underscored by the complexity of cloud and the lack of visibility into what’s happening with workloads inside software containers that host the components of modern applications.


Cisco’s enterprise-class firewalls have at least a dozen vulnerabilities — four of which have been assigned CVE identifiers — that could allow attackers to infiltrate networks protected by the devices, a security researcher from vulnerability management firm Rapid7 plans to say in a presentation at the Black Hat USA conference on Aug. 11.


Amazon Web Services (AWS) and Splunk are leading an industry effort of 18 systems and security vendors to standardize how different monitoring systems share security alerts. The goal is to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze security data faster.


About a year ago, some of our internal telemetry systems were occasionally experiencing a significant backlog in their delivery to the central collection endpoint. This would typically last for hours and then recover.


What do the Colonial Pipeline ransomware attack, Florida water hack, Continue reading

Hedge 143: Being Prepared to be Laid Off with Giovanni Messina

Forty years ago there was an implied loyalty between companies and employees—but that world is long gone. As much as companies would like their employees to be loyal, layoff culture has crept into every corner of the modern world, especially as we move into an economic downturn. Giovanni Messina joins Russ White and Tom Ammon to talk about being prepared to be laid off, including such topics as being financially prepared, building skills for the long term, and finding community.

download

Route Servers and Loops

From the question pile: Route servers (as opposed to route reflectors) don’t change anything about a BGP route when re-advertising it to a peer, whether iBGP or eBGP. Why don’t route servers cause routing loops (or other problems) in a BGP network?

Route servers are often used by Internet Exchange Points (IXPs) to distribute routes between connected BGP speakers. BGP route servers

  • Don’t change anything about a received BGP route when advertising the route to its peers (other BGP speakers)
  • Don’t install routes received through BGP into the local routing table

Shouldn’t using route servers in a network—pontentially, at least—cause routing loops or other BGP routing issues? Maybe a practical example will help.

Assume b, e, and s are all route servers in their respective networks. Starting at the far left, a receives some route, 101::/64, and sends it on to b,, which then sends the unmodified route to c. When c receives traffic destined to 101::/64, what will happen? Regardless of whether these routers are running iBGP or eBGP, b will not change the next hop, so when c receives the route, a is still the next hop. If there’s no underlying routing protocol, c won’t know how Continue reading

BGP Peering (2)

I recorded the beginnings of a BGP training series over at Packet Pushers a short while back; they’ve released these onto youtube (so you can find the entire series there). I’m highlighting one of these every couple of weeks ’til I’ve gone through the entire set of recordings. In this recording, I’m talking through some more interesting aspects of BGP peering, including challenges with IPv6 link local nexthops, promiscuous peering, and capabilities.

Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video

Weekend Reads 081222


The distributed, peer-to-peer (P2P) InterPlanetary File System (IPFS) has become a hotbed of phishing-site storage: Thousands of emails containing phishing URLs utilizing IPFS are showing up in corporate inboxes.


Walmart’s advice to companies trying to control the hefty cost of running workloads on the three largest cloud providers comes down to one word: choice.


With nearly half of all breaches involving external attackers enabled by stolen or fake credentials, security firms are pushing a high-fidelity detection mechanism for such intrusions: canary tokens.


These WISPs might have the 100/20 Mbps capability for some customers close to a tower, but it’s impossible to be able to deliver those speeds to everybody across an entire county.


The World Wide Web Consortium (W3C) has announced that Decentralized Identifiers (DIDs) v1.0 is now an official Web standard.


Intel CEO Pat Gelsinger’s carefully assembled house of cards is collapsing around him. And it’s not really that surprising when you look at the hand he’s been dealt.


The Flash Memory Summit 2022 was held as an in-person event again this week for the first time since 2019, at the Santa Clara Convention Center San Francisco, showcasing the latest developments in memory and storage.


Conflicting business Continue reading

Hedge 142: George Michaelson and the Pace of IPv6 Deployment

IPv6 is still being deployed, years after the first world IPv6 day, even more years after its first acceptance as an Internet standard by the IETF. What is taking so long? George Michaelson (APNIC) joins Tom Ammon and Russ White on this episode of the Hedge to discuss the current pace of IPv6 deployment, where there are wins, and why things might be moving more slowly in other areas.

download

RFC9199: Lessons in Large-scale Service Deployment

While RFC9199 (are we really in the 9000’s?) is targeted at large-scale DNS deployments–specifically root zone operators–so it might seem the average operator won’t find a lot of value here.

This is, however, far from the truth. Every lesson we’ve learned in deploying large-scale DNS root servers applies to any other large-scale user-facing service. Internally deployed DNS recursive servers are an obvious instance, but the lessons here might well apply to a scheduling, banking, or any other multi-user application accessed from a lot of places by a lot of different users. There are some unique points in DNS, such as the relatively slower pace of database synchronization across nodes, but the network-side lessons can still be useful for a lot of applications.

What are those lessons?

First, using anycast dramatically improves performance for these kinds of services. For those who aren’t familiar with the concept, anycase turns an IP address into a service identifier. Any host with a copy (or instance) or a given service advertises the same address, causing the routing table to choose the (topologically) closest instance of the service. If you’re using anycast, traffic destined to your service will automatically be forwarded to the closest server Continue reading

Weekend Reads 080422


Hackers are now ​​moving faster than ever when it comes to scanning vulnerability announcements from software vendors.


However, open source has an urgent security problem. Open source is more ubiquitous and susceptible to persistent threats than ever before.


You’ve done everything to secure your network, and you still face threats. That’s what most enterprises say about their network security, and they’re half right.


The largest datacenter market in the US is running into trouble: There isn’t enough power transmission capacity in the region to handle all the bit barn projects.


While Prometheus has been the current standard for monitoring your systems, OpenTelemetry is quickly gaining ground, especially in the cloud-native landscape, which was traditionally Prometheus’ stronghold.


A phishing campaign is underway that uses mirror images of target organizations’ landing pages to trick victims into entering login credentials.


It’s been about a decade since the hype for bug-bounty programs first started going supernova, but the jury is still out on the effectiveness of them.


There is an interesting new trend in fiber construction. Some relatively large cities are getting fiber networks using microtrenching.


Despite the area, cost, and power challenges designers face when integrating FPGAs into devices, they provide significant security Continue reading

Hedge 141: Improving WAN Router Performance

Wide area networks in large-scale cores tend to be performance choke-points—partially because of differentials between the traffic they’re receiving from data center fabrics, campuses, and other sources, and the availability of outbound bandwidth, and partially because these routers tend to be a focal point for policy implementation. Rachee Singh joins Tom Ammon, Jeff Tantsura, and Russ White to discuss “Shoofly, a tool for provisioning wide-area backbones that bypasses routers by keeping traffic in the optical domain for as long as possible.”

download

Learning to Ride

Have you ever taught a kid to ride a bike? Kids always begin the process by shifting their focus from the handlebars to the pedals, trying to feel out how to keep the right amount of pressure on each pedal, control the handlebars, and keep moving … so they can stay balanced. During this initial learning phase, the kid will keep their eyes down, looking at the pedals, the handlebars, and . . . the ground.

After some time of riding, though, managing the pedals and handlebars are embedded in “muscle memory,” allowing them to get their head up and focus on where they’re going rather than on the mechanical process of riding. After a lot of experience, bike riders can start doing wheelies, or jumps, or off-road riding that goes far beyond basic balance.
Network engineer—any kind of engineering, really—is the same way.

At first, you need to focus on what you are doing. How is this configured? What specific output am I looking for in this show command? What field do I need to use in this data structure to automate that? Where do I look to find out about these fields, defects, etc.?

The problem is—it is easy to get Continue reading

Controversial Reads 073022


This legislation dutifully provides trial lawyers with endless opportunities to sue Big Tech companies for something indefinable: childhood addiction to websites and phone apps. It puts the state government in charge of defining such addiction.


Recently Google employee Blake Lemoine caused a media storm over the LaMDA chatbot he was working on, that he claims is sentient (it feels things like a human being).


The problem with blockchain is that it’s not an improvement to any system—and often makes things worse.


We stand at a crossroads between a fragmented geopolitical world and a digital one that is more inclusive and sustainable. A common agenda with agreed priorities on public policy issues for the use of technology and connectivity will help take us in the right direction.


Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space.


Of course, this bubble started to deflate when the Federal Reserve started talking about raising interest rates by half a percent. Terra Coin, a “stablecoin,” meaning a crypto that purports to maintain a value tied to an actual currency, collapsed in May.


At this point, they Continue reading

Weekend Reads 072922


Chris Siebenmann has written a short blog piece that reflects on the trend to see Certificate Transparency (CT) as the answer to ‘the problem’; the problem being how to tell if a validly signed and current certificate has somehow had to be repudiated.


For US$2,500, threat actors can employ Matanbuchus, a malware-as-a-service (MaaS) package found delivering Cobalt Strike beacons through phishing and spam messages.


As global and societal events such as supply chain shortages occur, there’s a corresponding increase in fraud related to fake domain registrations (websites) that capitalize on the event—creating unsafe situations for consumers.


Aside from recovery costs and business interruptions — the latter of which can cost as much as USD 22,000 per minute — the most damaging effect of such attacks can be reputational, specifically the loss of customers.


This week, it came to light that gaming platform Roblox was breached via a phishing/social-engineering attack that led to the theft of internal documents and the leaking of them online in an extortion attempt.


Researchers have discovered malware that has been secretly infecting systems featuring Asus and Gigabyte motherboards for at least six years.


The most important point is to understand that there are two very different Continue reading

Hedge 140: Aftab S and RIR Policies

Regional Internet Registries (RIRs) assign and manage numbered Internet resources like IPv4 address space, IPv6 address, and AS numbers. If you ever try to get address space or an AS number, though, it might seem like the policies the RIRs use to determine what kin and scale of resources you can get are a bit arbitrary (or even, perhaps, odd). Aftab Siddiqui joins Russ White and Tom Ammon to explain how and why these policies are set the way they are.

download

1 12 13 14 15 16 162