Cloudflare 1.1.1.1 incident on June 27, 2024
Introduction
On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak.
Cloudflare was an early adopter of Resource Public Key Infrastructure (RPKI) for route origin validation (ROV). With RPKI, IP prefix owners can store and share ownership information securely, and other operators can validate BGP announcements by comparing received BGP routes with what is stored in the form of Route Origin Authorizations (ROAs). When Route Origin Validation is enforced by networks properly and prefixes are signed via ROA, the impact of a BGP hijack is greatly limited. Despite increased adoption of RPKI over the past several years and 1.1.1.0/24 being a signed resource, during the incident 1.1.1.1/32 was originated by ELETRONET S.A. (AS267613) and accepted by multiple networks, including at least one Tier 1 provider who accepted 1.1.1.1/32 as a blackhole route. This caused immediate unreachability for the DNS resolver address from over 300 networks in 70 countries was impacted, although the impact on the overall percentage of users was quite Continue reading
MUST READ: ChatGPT Is Bullshit
Bogdan Golab sent me a link to an (open access) article in Ethics and Information Technology arguing why ChatGPT is bullshit. Straight from the introduction:
Because these programs cannot themselves be concerned with truth, and because they are designed to produce text that looks truth-apt without any actual concern for truth, it seems appropriate to call their outputs bullshit.
Have fun!
D2C246: Can Service Level Objectives (SLOs) Help Keep Users Happy?
Service Level Objectives (SLOs) are a set of reliability measurements for customer or user expectations of services; in other words, are people having a good experience with your application or service? Today’s Day Two Cloud explores SLOs, the relevant metrics, and how to measure them. We also talk about how SLOs are a cross-discipline objective... Read more »First round of French election: party attacks and a modest traffic dip
This post is also available in Français.
France is currently electing a new government through early legislative elections that began on Sunday, June 30, 2024, with a second round scheduled for July 7. In this blog, we show how Cloudflare blocked DDoS attacks targeting three different French political parties.
2024 has been dubbed “the year of elections,” with elections taking place in over 60 countries, as we have mentioned before (1, 2, 3). If you regularly follow the Cloudflare blog, you’re aware that we consistently cover election-related trends, including in South Africa, India, Iceland, Mexico, the European Union and the 2024 US presidential debate. We also continuously update our election report on Cloudflare Radar.
Recently in France, as in the early stages of the war in Ukraine and during EU elections in the Netherlands, political events have precipitated cyberattacks. In France, several DDoS (Distributed Denial of Service attack) attacks targeted political parties involved in the elections over the past few days, with two parties hit just before the first round and another on election day itself.
The first political party, shown in yellow in the previous chart, experienced a DDoS attack on Continue reading
Declare your AIndependence: block AI bots, scrapers and crawlers with a single click
To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier.
The popularity of generative AI has made the demand for content used to train models or run inference on skyrocket, and, although some AI companies clearly identify their web scraping bots, not all AI companies are being transparent. Google reportedly paid $60 million a year to license Reddit’s user generated content, Scarlett Johansson alleged OpenAI used her voice for their new personal assistant without her consent, and most recently, Perplexity has been accused of impersonating legitimate visitors in order to scrape content from websites. The value of original content in bulk has never been higher.
Last year, Cloudflare announced the ability for customers to easily block AI bots that behave well. These bots follow robots.txt, and don’t use unlicensed content to train their models or run inference for RAG applications using website data. Even though these AI bots follow the rules, Cloudflare customers overwhelmingly opt to block them.
We hear clearly that customers don’t want AI bots visiting their websites, and especially those that do Continue reading
MUST READ: ChatGPT Is Bullshit
Bogdan Golab sent me a link to an (open access) article in Ethics and Information Technology arguing why ChatGPT is bullshit. Straight from the introduction:
Because these programs cannot themselves be concerned with truth, and because they are designed to produce text that looks truth-apt without any actual concern for truth, it seems appropriate to call their outputs bullshit.
Have fun!
Master New Platforms and Technologies with netlab
One of my readers sent me this remark (probably while trying to work on the EBGP Sessions over the IPv6 LLA Interfaces lab):
I did attempt some of your labs, like IPv6 link-local-only BGP with FRR hosts, but FRR seemed not to play ball, or I was just doing it wrong.
As he was already using netlab, I could send him a cheat code:
Master New Platforms and Technologies with netlab
One of my readers sent me this remark (probably while trying to work on the EBGP Sessions over the IPv6 LLA Interfaces lab):
I did attempt some of your labs, like IPv6 link-local-only BGP with FRR hosts, but FRR seemed not to play ball, or I was just doing it wrong.
As he was already using netlab, I could send him a cheat code:
PP021: Critical Vulnerabilities, AI-Assisted Scams, Compromised VPNs, and More Security News
It’s an all-news episode for this week’s Packet Protector podcast. We cover critical vulnerabilities in the MOVEit file transfer software and in thousands of ASUS routers, and a remote code execution vulnerability in a Windows wireless driver that you really should patch. We discuss a Wall Street Journal article about how AI tools are helping... Read more »HS077: Should IT Lead or Follow?
The evolving role of IT in business is the topic of lively discussion between co-hosts Johna Johnson and John Burke. Johna argues that IT should align with business goals, acting as an executive assistant, while John believes IT should take a proactive leadership role, driving innovation and framing business problems. They explore the challenges IT... Read more »
Running Arista cEOS in GitHub Codespaces
Yesterday, I explained how you can run netlab examples in GitHub codespaces and mentioned that they work best with vendors who understand the value of frictionless downloads. But what if you’d like to use a device from one of the good guys who provide the container images but require a registration?
It turns out the solution is trivial:
Running Arista cEOS in GitHub Codespaces
Yesterday, I explained how you can run netlab examples in GitHub codespaces and mentioned that they work best with vendors who understand the value of frictionless downloads. But what if you’d like to use a device from one of the good guys who provide the container images but require a registration?
It turns out the solution is trivial:
Tech Bytes: Why SD-WAN is the Secret to SASE Success (Sponsored)
The rise of SASE has eclipsed SD-WAN as organizations develop strategies and analyze products for secure access. But SD-WAN is an essential component of SASE; in fact, sponsor Palo Alto Networks says SD-WAN is the most important component. On today’s Tech Bytes podcast we talk with Palo Alto Networks about why SD-WAN underpins a SASE... Read more »NB485: A Final FU for Greg
Greg Ferro bids farewell to Network Break, and Drew Conry-Murray and Johna Till Johnson bid farewell to Greg. Of course, the podcast must go on, so we also cover some tech news. First, Nokia acquires optics maker Infinera, Broadcom brings new features to VMware Cloud Foundation (VCF), and campus switch sales drop. A Microsoft subsidiary... Read more »The Keynote Answers You Expect
Good morning! How are you?
I’d like to talk about keynotes, again. You know, one of my favorite subjects. I’ve been watching them intently for the past few years just hoping that we’re going to see something different. As a technical analyst and practitioner I love to see and hear the details behind the technology that drive the way our IT companies develop. Yet every year I feel more and more disappointed by the way that keynotes take everything and push it into the stratosphere to get an 80,000 foot view of the technology. It’s almost like the keynotes aren’t written for practitioners. Why? The answer lies in the statement at the top of this post.
Perfunctory Performances
When most people ask someone how their day is going they’re not actually looking for a real response. They most certainly aren’t asking for details on how exactly the person’s day is going. They’re usually looking for one of two things:
- It’s going great.
- It could be better.
Any more than that drags someone down into a conversation that they don’t want to have. Asking someone about their day is a polite way of acknowledging them and making a bit of small Continue reading
Testing Luma AI Dream Machine
In this article, we explore the capabilities and limitations of the Luma AI Dream Machine. […]
The post Testing Luma AI Dream Machine first appeared on Brezular's Blog.