Russ

Author Archives: Russ

Weekend Reads 121418

Australia’s House of Representatives has finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. —Swati Khandelwal @thehackernews.com

Equifax could have prevented a breach of its systems and the resulting leak of sensitive information on nearly 148 million people by focusing more heavily on security, creating a clear hierarchy of responsibilities, and reducing complexity in its infrastructure, a congressional committee concluded in a report released on Dec. 10. —Robert Lemos @darkreading.com

Small and home office routers are becoming major targets for criminals seeking to steal banking and other online account credentials belonging to Internet users. The latest indication of the trend is “Novidade,” a dangerous new exploit kit that multiple attack groups appear to be using to target routers belonging to millions of users in Brazil and, to a lesser extent, other parts of the world. —Jai Vijayan @darkreading.com

Internet Exchange Points (IXPs) originally aimed to keep local traffic local and reduce dependence on third parties. However, ever-increasing traffic volumes create pressure for more dense and diverse peering, Continue reading

Optimal Route Reflection: Next Hop Self

Recently, I posted a video short take I did on BGP optimal route reflection. A reader wrote in the comments to that post:

…why can’t Router set next hop self to updates to router E and avoid this suboptimal path?

To answer this question, it is best to return to the scene of the suboptimality—

To describe the problem again: A and C are sending the same route to B, which is a route reflector. B selects the best path from its perspective, which is through B, and sends this route to each of its clients. In this case, E will learn the path with a next hop of A, even though the path through C is closer from E’s perspective. In the video, I discuss several ways to solve this problem; one option I do not talk about is allowing B to set the next hop to itself. Would this work?

Before answering the question, however, it is important to make one observation: I have drawn this network with B as a router in the forwarding path. In many networks, the route reflector is a virtual machine, or a *nix host, and is not capable of forwarding the traffic Continue reading

Weekend Reads 120618

Paris Traceroute allows you to deterministically measure particular paths by setting particular flow IDs — effectively setting combinations in packet headers to be treated consistently by routers on a path. Using this trick to run many traceroutes with different flow IDs to a target may reveal an entire topology, but without extra logic, it may involve tens of thousands of traceroute packets to do so. Many of those packets will be sent over hops that never change, making those packets redundant while also consuming bandwidth and time. —Kevin Vermeulen @APNIC

So, when people talk about serverless, what does it mean? Well, it doesn’t mean servers are GONE. Of course not: That “client-server model” is still the backbone of how things are getting done. Serverless refers to a developer’s ability to code, deploy, and create applications without having to know how to do the rest of it, like rack the servers, patch the operating system, and create container images. —Jen Wike Huger @opensource.com

The average size of Distributed Denial of Service (DDoS) attacks — where attackers seek to take down a website, application, or infrastructure by flooding it with requests — increased by 24% in 2018. In addition, the attack Continue reading

Research: BGP Routers and Parrots

The BGP specification suggests implementations should have three tables: the adj-rib-in, the loc-rib, and the adj-rib-out. The first of these three tables should contain the routes (NLRIs and attributes) transmitted by each of the speaker’s peers. The second table should contain the calculated best paths; these are the routes that will be (or are) installed in the local routing table and used to build a forwarding table. The third table contains the routes which have been sent to each peering speaker. Why three tables? Routing protocols standards are (sometimes—not always) written to provide the maximum clarity to how the protocol works to someone who is writing an implementation. Not every table or process described in the specification is implemented, or implemented the way it is described.

What happens when you implement things in a different way than the specification describes? In the case of BGP and the three RIBs, you can get duplicated BGP updates. What do parrots and BGP have in common describes two situations where the lack of a adj-rib-out can cause duplicate BGP updates to be sent.

David Hauweele, Bruno Quoitin, Cristel Pelsser, and Randy Bush. 2016. “What Do Parrots and BGP Rotuers Have in Common?” Continue reading

Weekend Reads 113018

You might not know the name, but you probably haven’t missed their work — highly targeted credit card skimming attacks, hitting Ticketmaster and British Airways, as well as consumer electronics giant Newegg and likely many more sites that have been silently hacked to scrape consumer credit card data at the checkout. —Zack Whittaker @Tech Crunch

Given this level of concentration, the notion of a “free and open” internet now seems almost quaint. Most information transmitted online today is sieved through a few large search engines, social media networks, and streaming video services. These firms may collectively be referred to as “edge companies”: they provide online content or services over a network, but they do not own the network themselves. —Travis Kavulla @American Affairs

Google is increasingly divided over supporting the news industry, either through direct funding, or with a set of initiatives directly aimed at improving publishers’ bottom line. —Frederic Filloux @Monday Note

To hear the moans on Wall Street, you’d think the end of the world is no longer coming—it has arrived. Successive waves of selling have pushed share prices down this year. To about where they were at the beginning of the year. Hardly a catastrophe for investors. Continue reading

Lessons from Andromeda

A common complaint I hear among network engineers is that the lessons and techniques used by truly huge scale networks simply are not applicable to more “standard scale” networks. The key point, however, is balance—to look for the ideas and concepts that are interesting and at least somewhat novel, and then see how they might be applied to products and systems in all networks. Learning concepts can help you understand design patterns you might encounter almost anywhere. One recent paper, for instance, details Andromeda, a large scale networking system designed and operated by Google, one of the few truly huge networks in the world—

Andromeda is designed around a flexible hierarchy of flow processing paths. Flows are mapped to a programming path dynamically based on feature and performance requirements.

While the paper describes the general compute environment, and the forwarding process on individual nodes, the most interesting part from a network engineering perspective is hoverboard. While this concept behind hoverboard has been implemented in previous systems, it is usually hidden under the covers of a vertically integrated system, and therefore not normally something you see the inner workings of. To understand hoverboard, you have to begin with a little theory Continue reading

Attitude and Gratitude

I don’t often let my studies in philosophy and worldview creep into these pages intentionally. I don’t think it can be helped, of course, because the more I study philosophy, the more I see just how practical it is (contrary to popular belief). On the other hand, sometimes an observation about our world jumps out at me so strongly that I cannot help but to post about it here. If you don’t want to hear this, I give you permission to stop reading now. ?

Today, in the U.S., is what is called “Black Friday.” The name derives from a major stock market crash in the 1850’s, but was eventually applied to the combined shopping and football crowds the day after Thanksgiving by the Philadelphia Police, and now, finally to the general shopping day after Thanksgiving in the U.S.

Thanksgiving is all about giving thanks. About gathering family and friends, and appreciating community, and people, and the shared blessings of homes and meals together. It is interesting that Thanksgiving and Black Friday are juxtaposed in just this way. The family right up against the commercial, the quietness of the home against the loudness of the market. Maybe Continue reading

CAA Records and Site Security

The little green lock—now being deprecated by some browsers—provides some level of comfort for many users when entering personal information on a web site. You probably know the little green lock means the traffic between the host and the site is encrypted, but you might not stop to ask the fundamental question of all cryptography: using what key? The quality of an encrypted connection is no better than the quality and source of the keys used to encrypt the data carried across the connection. If the key is compromised, then entire encrypted session is useless.

So where does the key pair come from to encrypt the session between a host and a server? The session key used for symmetric cryptography on each session is obtained using the public key of the server (thus through asymmetric cryptography). How is the public key of the server obtained by the host? Here is where things get interesting.

The older way of doing things was for a list of domains who were trusted to provide a public key for a particular server was carried in HTTP. The host would open a session with a server, which would then provide a list of domains where Continue reading

1 39 40 41 42 43 162