International Cooperation Needed to Create an “Increasingly Beneficial Internet”
New norms of behavior are needed for Internet users, and it’s time for governments, companies, other organizations, and individuals to work together to define those standards, Internet advocates say.
Even as the Internet gives more and more people new ways to express themselves and improve their standard of living, it also creates problems that demand international and multistakeholder cooperation, speakers at the Global Internet and Jurisdiction Conference 2018 in Ottawa, Canada, said Monday.
The Internet has driven forward the ideas of globalization and equal opportunity for everyone, but technological advances have also created complexity that many people weren’t prepared for, said Kathy Brown, president and CEO of Internet Society.
“We now face enormous challenges as the pace of change has accelerated faster than did our human institutions, societal and existing global agreements,” she said during the first day of the conference.
Many governments have looked toward heavy regulation and censorship as a way to deal with this complex environment, Brown added.
Governments in some countries “are doubling down on what they know how to do — shut it down, shut it off, censor users, regulate creators,” she added. “The global Internet community, itself, is in danger of splintering into predictable commercial, Continue reading
Memcrashed – Major amplification attacks from UDP port 11211
CC BY-SA 2.0 image by David Trawin
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211.
In the past, we have talked a lot about amplification attacks happening on the internet. Our most recent two blog posts on this subject were:
- SSDP amplifications crossing 100Gbps. Funnily enough, since then we were a target of an 196Gbps SSDP attack.
- General statistics about various amplification attacks we see.
The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable UDP server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources - most typically the network itself.
Amplification attacks are effective, because often the response packets are much larger than the request packets. A carefully prepared technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) "amplifying" the attacker's bandwidth.
Memcrashed
Obscure amplification attacks happen all the time. We often see "chargen" or "call Continue reading
Enea Buys Openwave Mobility for $90M, Boosts NFV Play
Openwave claims seven of the top 20 mobile operators deploy its NFV platform.
McAfee CEO: Make Cybersecurity the New Quality Standard
The company is working with service providers to embed security in their products.
Containers Vs. PaaS: A Tough Choice
What abstraction layer should IT infrastructure teams provide developers? Containers or Platform-as-a-Service solutions like Cloud Foundry? The question is a difficult one to answer, as Keith Townsend, principal at The CTO Advisor and Interop ITX infrastructure chair, explains in this video.
Telia Sees ‘Fast-Fail’ Model as a Financial Risk
The need to support legacy systems adds costs.
Upcoming ipSpace.net Events
In March 2018, we’ll continue the crazy content producing pace you’ve seen in January and February:- We’ll have the first part of NSX, ACI or EVPN webinar on March 1st. This session will cover the basics (don’t expect too many details), a follow-up session on April 24th with Mitja Robas will go into design considerations;
- The EVPN Technical Deep Dive series with Dinesh Dutt starts on March 6th;
- Elisa and Paolo will run the final part of Network Visibility with Flow Data on March 8th;
- Last webinar in March: another installment in the leaf-and-spine saga – Multi-Pod and Multi-Site Fabrics with Lukas Krattiger on March 29th;
Read more ...
CI/CD For Networking Part 4
Jenkins installation.CI/CD For Networking Part 4
Jenkins is and open source project that helps to build, test and deploy code. Jenkins is a very mature project in the CI/CD space and has the ability to perform many automation tasks with the help of plugins. For this part of series Jenkins will be installed on a Centos 7 minimal hosts ...Unit Testing Junos with JSNAPy
I’ve been passionate about the idea of proactively testing network infrastructure for some time. I revived and added to these ideas in my last post. In that post’s video, I lay out three types of network testing in my presentation:
- Config-Centric - Verify my network is configured correctly
- State-Centric - Verify the network has the operational state I expect
- Application-Centric - Verify my applications can use the network in the way I expect
In the same way a software developer might write tests in Python or Go that describe and effect desired behavior, the network engineer now has a growing set of tools they can use to make assertions about what “should be” and constantly be made aware of deviations. One of those tools popped up on my radar this week - jsnapy.
JSNAPy
JSNAPy describes itself as the python version of the Junos snapshot administrator. While this isn’t untrue, I think it’s a huge undersell. In my view, the assertions you can make on the data retrieved via these snapshots is where JSNAPy really shines. So in order to conceptually understand JSNAPy, I’d recommend you think of it as as a generic assertion engine for Junos, and the snapshots Continue reading