Preventing Malicious Request Loops
The web is an collaborative ecosystem. Web standards exist to ensure that participants of the network behave in a predictable way. If network participants deviate from the established standards then there can be unintended consequences. This blog post is about one of these unintended consequences.
A group of researchers recently published a paper "Forwarding Loop Attacks in the Content Delivery Networks" describing what can happen when web services interact in a non-compliant way. They describe an attack where a malicious user can force multiple service providers to send each other an unending stream of requests in a loop. This request loop can result in resource exhaustion and denial of service at the service provider. This paper also demonstrated that the attack is practical, and can be performed using a large list of service providers.
CloudFlare's service has been modified to be standards-compliant with respect to HTTP proxying. However, fixing the vulnerability that enables this attack requires all proxy services to conform to the same standards. If even one service provider is non-compliant, the attack can still be carried out against compliant services. In this post, we will describe the attack and explain how a proxy services can go from being Continue reading
Storage Trends To Watch In 2016
Storage will have a banner year, as the post-flash era ushers in software-defined storage and innovations like NVM and SMR.
Setting IT Priorities For 2016
NetCraftsmen experts offer recommendations for your IT to-do list for this year.
Verizon Joins ONOS With an Eye Toward 5G
Verizon is especially interested in M-CORD.
IPv6 Address Allocation Is Operating System-Specific
The breadth of address allocation options available in IPv6 world confuses many engineers thoroughly fluent in IPv4, but it also gives operating system developers way too many options… and it turns out that different operating systems behave way differently when faced with the same environment.
2016-01-21: In the meantime, Luka got further details on Windows behavior, and Enno Rey provided a few additional links.
Read more ...OpenStack Finds a Place in Operators’ NFV Deployments
OpenStack summarizes its NFV work.
Open Networking: The Eject Button
Those of us that weren’t born in the iPod era used to have physical music and movie media like cassette tapes, vinyl, CDs, minidisc, VHS and almost Beta Max. The idea was that you could take this media and play it on any compatible player and in some cases record too. Ok, I know the concept is almost the same with digital media, but there is something nostalgic about physical things.
Focussing on the mighty cassette tape, the medium that young teenagers used to woo their targets with heart felt mix tapes, it was possible to buy cassettes of different record time lengths and different materials for quality. Cassette decks were integrated in to boom boxes, Sony Walkmans, all in one HiFi units and of course, the more quality HiFi separate devices along with supposed studio quality devices. To give it some more background, these devices would have support electronics like headphone amplifiers, graphic equalisers, high speed dubbing (for fast transfer between decks), microphone amplifier circuits and even motorised loading and eject mechanisms. See the vague similarity between this and networking? No, I thought not. The cassette much like interchangeable networking components is removable. It’s transportable and although the tape Continue reading