Russ

Author Archives: Russ

BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these—

Demchak, Chris, and Yuval Shavitt. 2018. “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking.” Military Cyber Affairs 3 (1). https://doi.org/10.5038/2378-0789.3.1.1050.

—traces the impact of Chinese “state actor” effects on BGP routing in recent years. Whether these are actual attacks, or mistakes from human error for various reasons generally cannot be known, but the potential, at least, for serious damage to companies and institutions relying on the DFZ is hard to overestimate. This paper lays out the basic problem, and the works through a number of BGP hijacks in recent years, showing how they misdirected traffic in ways that could have facilitated attacks, whether by mistake or intentionally. For instance, quoting from the paper—

Weekend Reads 110218

When the Internet outgrew its academic and research roots and gained some prominence and momentum in the broader telecommunications environment it found itself to be in opposition to many of the established practices of the international telecommunications arrangements and even in opposition to the principles that lie behind these arrangements. For many years, governments were being lectured that the Internet was “special”, and to apply the same mechanisms of national telecommunications and trade regulations to the Internet may not wreck the entire Internet, but they would surely isolate the nation that was attempting to apply these unnatural acts. —Geoff Huston @potaroo

Systemd has a remotely exploitable bug in its DHCPv6 client. That means anybody on the local network can send you a packet and take control of your computer. The flaw is a typical buffer-overflow. Several news stories have pointed out that this client was rewritten from scratch, as if that were the moral failing, instead of reusing existing code. That’s not the problem. @Errata Security

The Myers-Briggs test and others like it were huge in the corporate world in the 1980s and ’90s. Individuals took them to see what kind of careers they should pursue; H.R. offices used Continue reading

SDXcentral: Get Smart about Network Architecture

I recently sat with Kireeti Kompella and Gavin Cato to talk about current and future changes in network architecture over at SDXcentral.

Enterprise network architectures are being reshaped using tenets popularized by the major cloud properties. How will the emergence of cloud, edge cloud, and multicloud shape networks? We explore this evolution and look at the ways that real-time streaming telemetry, machine learning, and artificial intelligence affect how networks are designed and operated. In this video, you’ll hear from Gavin Cato, SVP, Development Engineering for Networking at Dell EMC, Kireeti Kompella, CTO & SVP, Engineering at Juniper Networks and Russ White, Infrastructure Architect at LinkedIn.

Site Work

I spent some time this week moving to a new theme, specifically Beaver Builder. It was a bit more work than I expected because of some serious limitations with the way Beaver Builder works—had I known about these limitations, I probably would have worked with another product, but by the time I discovered them, it was either find a way around the limitations, or spend a lot more time and/or money working through them.

In the process, I completely rebuilt the menu, and cleaned up the categories.

The site should be a good bit faster now. I’m not entirely certain the social sharing bits are working, and I will likely find a few things wrong here and there that need to be fixed over the next few weeks. I just discovered, for instance, that I lost all the work on the papers and topical pages I’d done earlier today, so those need to be redone, which will take a good bit of time.

Network Troubleshooting at Safari Books Online

I am giving my network troubleshooting class over at Safari Books Online on the 6th of December for those who are interested. I consider this a foundational session, covering the time components of an outage, a taxonomy of reactions to outages, the half-split method of searching for the root cause, and how models can help you understand the right questions to ask to narrow a problem down quickly. A lot of this course is based on formal methods of troubleshooting I learned in electronic engineering, adapted for the networking world.

This is one of three webinars I give at Safari Books on a periodic basis; I hope to be adding a fourth in the near future.

Ossification and Fragmentation: The Once and Future ‘net

Mostafa Ammar, out of Georgia Tech (not my alma mater, but many of my engineering family are alumni there), recently posted an interesting paper titled The Service-Infrastructure Cycle, Ossification, and the Fragmentation of the Internet. I have argued elsewhere that we are seeing the fragmentation of the global Internet into multiple smaller pieces, primarily based on the centralization of content hosting combined with the rational economic decisions of the large-scale hosting services. The paper in hand takes a slightly different path to reach the same conclusion.

TL;DR
  • Networks are built based on a cycle of infrastructure modifications to support services
  • When new services are added, pressure builds to redesign the network to support these new services
  • Networks can ossify over time so they cannot be easily modified to support new services
  • This causes pressure, and eventually a more radical change, such as the fracturing of the network

 
The author begins by noting networks are designed to provide a set of services. Each design paradigm not only supports the services it was designed for, but also allows for some headroom, which allows users to deploy new, unanticipated services. Over time, as newer services are deployed, the requirements on the network Continue reading

Weekend Reads ‭190DA‬

By now pretty much all of online advertising is adtech, which doesn’t sponsor publishers. Instead it uses publishers to mark and track eyeballs wherever they might go. It does that by planting tracking beacons (mixed like poison blueberries into those cookies sites now require “consent” to) on readers’ browsers or phones, and then shoots the readers’ eyeballs with ads when they show up elsewhere on the Web, preferably on the cheapest possible site, so those eyeballs can be hit as often as possible within the budget the advertiser has paid adtech intermediaries. @Doc Serls Weblog

Consider, then, that most useful work relies on TCP/IP, which itself relies on the Domain Name System (DNS). We should know as much as possible about our use of the DNS, but most IT administrators are much too busy learning their specialized craft to also become experts on every enabling technology. —Paul Vixie @Dark Reading

The technology products that drive today’s businesses are increasingly produced through a highly diversified and complex international supply chain. Whether it is standard networking gear or a more specialized device like a human-machine interface or remote terminal unit, equipment is often developed through an elaborate web of OEMs, chip makers, Continue reading

1 40 41 42 43 44 162