Archive

Category Archives for "Networking"

The Week in Internet News: China Wants Fairer Internet, More Control

China wants fairness: Chinese President Xi Jinping called for international cooperation to make the Internet more “fair and equitable,” while also asserting the Chinese government’s authority to shape it, Reuters reports. Xi has pushed for his country’s “cyber sovereignty” while promoting “core socialist values” online. Chinese officials also promoted the idea that each country should choose its own Internet “governance model,” The Star says.

Drones for broadband: A U.K. company has begun using drones to build fiber broadband networks in remote areas, reports Computer Weekly. Openreach is using drones to lay fiber in remote areas of the Scottish Highlands, where river gorges have previously presented a challenge.

Encrypted chat busted: Dutch police have found a way to infiltrate IronChat, an encrypted chat service running on proprietary hardware, Gizmodo says. The police were able to read 258,000 messages on the service, which costs about US$1,700 for a six-month subscription. News reports suggest the encryption wasn’t as strong as the vendor may have claimed.

Saving the Web: World Wide Web creator Tim Berners-Lee has been pushing a new Contract for the Web, in hopes of defining the responsibilities that governments, companies and citizens each have on the Web. Shortlist.com examines Continue reading

The rise of multivector DDoS attacks

The rise of multivector DDoS attacks

It's been a while since we last wrote about Layer 3/4 DDoS attacks on this blog. This is a good news - we've been quietly handling the daily onslaught of DDoS attacks. Since our last write-up, a handful of interesting L3/4 attacks have happened. Let's review them.

Gigantic SYN

In April, John tweeted about a gigantic 942Gbps SYN flood:

The rise of multivector DDoS attacks

It was a notable event for a couple of reasons.

First, it was really large. Previously, we've seen only amplification / reflection attacks at terabit scale. In those cases, the attacker doesn't actually have too much capacity. They need to bounce the traffic off other servers to generate a substantial load. This is different from typical "direct" style attacks, like SYN floods. In the SYN flood mentioned by John, all 942Gbps were coming directly from attacker-controlled machines.

The rise of multivector DDoS attacks

Secondly, this attack was truly distributed. Normal SYN floods come from a small number of geographical locations. This one, was all over the globe, hitting all Cloudflare data centers:

The rise of multivector DDoS attacks

Thirdly, the attack seem to be partially spoofed. While our analysis was not conclusive, we saw random, spoofed source IP addresses in the largest internet exchanges. The above Hilbert curve shows the source IP Continue reading

Making the right hyperconvergence choice: HCI hardware or software?

Once a niche technology, primarily attractive to organizations with specific needs, such as streamlining operations at branch offices, hyperconverged infrastructure (HCI) is rapidly finding a wide customer base.HCI is an IT framework that combines storage, computing and networking into a single system; hyperconverged platforms include a hypervisor for virtualized computing, software-defined storage, and virtualized networking.Enterprises planning an HCI adoption can select from two main approaches: hardware or software. HCI hardware typically comes in the form of an integrated appliance, a hardware/software package created and delivered by a single vendor. Appliance vendors include Dell EMC, Nutanix and HPE/SimpliVity. A software-only offering allows customers to deploy HCI on a bring-your-own-technology basis. HCI software vendors include Maxta and VMware (vSAN).To read this article in full, please click here

Making the right hyperconvergence choice: HCI hardware or software?

Once a niche technology, primarily attractive to organizations with specific needs, such as streamlining operations at branch offices, hyperconverged infrastructure (HCI) is rapidly finding a wide customer base.HCI is an IT framework that combines storage, computing and networking into a single system; hyperconverged platforms include a hypervisor for virtualized computing, software-defined storage, and virtualized networking.Enterprises planning an HCI adoption can select from two main approaches: hardware or software. HCI hardware typically comes in the form of an integrated appliance, a hardware/software package created and delivered by a single vendor. Appliance vendors include Dell EMC, Nutanix and HPE/SimpliVity. A software-only offering allows customers to deploy HCI on a bring-your-own-technology basis. HCI software vendors include Maxta and VMware (vSAN).To read this article in full, please click here

1 Thing You Can Do To Make Your Internet Safer And Faster

1 Thing You Can Do To Make Your Internet Safer And Faster
1 Thing You Can Do To Make Your Internet Safer And Faster

On April 1st, 2018, we announced 1.1.1.1, the fastest public DNS resolver in the world ???. Today, we are launching the 1.1.1.1 mobile app to make it incredibly easy to use 1.1.1.1 on your phone.

TL;DR

Any time you are on a public internet connection people can see what sites you visit. Even worse, your Internet Service Provider is very possibly selling all of your browsing history to the highest bidder. We have a tool called 1.1.1.1 which makes it easy to get a faster, more private, Internet experience, but it’s historically been too complex for many people to use, particularly on mobile devices. Today, we’re launching an app you (and everyone you know) can use to use 1.1.1.1 every time your mobile phone connects to the Internet. It’s a free, it’s easy, download it now.

1 Thing You Can Do To Make Your Internet Safer And Faster

Fastest Public Resolver

1 Thing You Can Do To Make Your Internet Safer And Faster
DNSPerf data

We launched 1.1.1.1 on April 1st. Frankly, we’ve been blown away by how many people actually made the switch. Changing your network settings is not easy, but if our traffic amount is any indication, many of you made the effort. Continue reading

Global Cybersecurity and the Internet Conundrum

Today marks the 100th anniversary of the armistice that ended the first World War. The 1918 ceasefire re-introduced a fragile peace that had collapsed when the world failed to defend common rules and international cooperation. International security and stability are as important now as they were a century ago.

That’s why French President Emmanuel Macron and leaders from around the world are about to gather in Paris for the first Paris Peace Forum. The forum will attempt to pave a way forward for a world that is shifting and changing faster than most of us can keep up with. That change and shift, and the speed of it is enabled by the Internet.

That is why the Internet Society is participating in the Forum.

I will be in Paris to speak on a panel about creating peace in cyberspace. Cybersecurity concerns across the world are real and justified and need to be addressed. We believe that the collaborative approach that helped to drive the growth of the Internet and allows it to thrive is essential for establishing cybersecurity.

The essence of a collaborative approach is that it allows stakeholders to create a shared vision for security.

The Shared Vision

At the Continue reading

BGP best path selection

The complexity and the efficiency of BGP reside in the concept of route “attributes” and the way the protocol juggles them to determine the best path. This is a quick guide (refresh of an old article), still very actual for those dealing with BGP design. I hope the following Cisco BGP best path selection diagram will be of […]

BrandPost: Simplify Cloud Networking with Microsoft Azure

As enterprises continue to rapidly migrate applications and infrastructure to the cloud, SD-WAN technologies are quickly gaining traction. Industry analyst firm IDC estimates that 80 percent of business is transacted from branch and remote offices, which is driving enterprises to deploy SD-WAN solutions to provide secure and direct branch connectivity to the cloud while lowering overall WAN costs.The Silver Peak® Unity EdgeConnect™ SD-WAN solution has been engineered from the ground up for the cloud. Microsoft’s recent announcement of the Azure Virtual WAN service comes in response to customer demand to optimize branch connectivity to their IaaS, PaaS, and SaaS cloud services. By integrating with the Azure Virtual WAN service, Silver Peak enables enterprises to easily connect branch sites and users to Azure services and Microsoft’s global IP backbone.To read this article in full, please click here

Weekend Reads 110818

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. @Krebs on Security

PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. A proprietary implementation of simultaneous multithreading, hyperthreading reduces the amount of time needed to carry out parallel computing tasks, in which large numbers of calculations or executions are carried out simultaneously. The performance boost is the result of two logical processor cores sharing the hardware of a single physical processor. The added logical cores make it easier to divide large tasks into smaller ones that can be completed more quickly. —Dan Goodin @ARS Technica

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded Continue reading

1 1,215 1,216 1,217 1,218 1,219 3,477