The Dangers of Flying Pigs (RFC1925, rule 3)
There are many times in networking history, and in the day-to-day operation of a network, when an engineer has been asked to do what seems to be impossible. Maybe installing a circuit faster than a speeding bullet or flying over tall buildings to make it to a remote site faster than any known form of conveyance short of a transporter beam (which, contrary to what you might see in the movies, has not yet been invented).
One particular impossible assignment in the early days of network engineering was the common request to replicate the creation of the works of Shakespeare making use of the infinite number of monkeys (obviously) connected to the Internet. The creation of appropriate groups of monkeys, the herding of these groups, and the management of their output were once considered a nearly impossible task, similar to finding a token dropped on the floor or lost in the ether.
This problem proved so intractable that the IETF finally created an entire suite of management tools for managing the infinite monkeys used for these experiments, which is described in RFC2795. This RFC describes the Infinite Monkey Protocol Suite (IMPS), which runs on top of the Internet Protocol, the Continue reading
How IXPs Can Help Achieve Digital Transformation across the Middle East
In September the Internet Society, in cooperation with Middle East Network Operators Group, held an online workshop on Internet Exchange Points (IXPs). This was part of a workshop series launched by the Internet Society to foster open dialogue and coordinate with governments and other stakeholders to achieve digital transformation across Arab countries. Last year, workshops included the participation of several governments, including Saudi Arabia, Kuwait, Oman, Bahrain, and Jordan.
These discussions provided a framework for two policy documents: Middle East & North Africa Internet Infrastructure Report and Internet Infrastructure Security Guidelines for the Arab States. The reports show that supporting and developing the few existing regional IXPs, plus creating new ones, is an essential requirement for developing the Internet in the region.
The September workshop was divided into two parts: In the first part, a number of experts from Africa, Europe, and Asia shared their experiences in establishing and operating IXPs. The second part was an open discussion with participants.
The workshop aimed to explain the role of each stakeholder in establishing and operating IXPs – in addition to reviewing the best practices applied around the world, drawing on experiences from Italy to Pakistan.
IXPs create a direct path Continue reading
Tech Bytes: First Bank’s Automation With Gluware. The Real Story.
In this Tech Byte, we talk with Gluware customer, First Bank. First Bank is a family-owned, privately held bank operating in the Midwest and California, with roughly 100 locations in 5 different states. Our guests are Julie Wehling, Solutions Architect at Gluware; and Mike Pazarena, Network Engineer at First Bank. Mike talks about starting his […]
The post Tech Bytes: First Bank’s Automation With Gluware. The Real Story. appeared first on Packet Pushers.
Trick or Threat: Ryuk ransomware targets the health care industry
Introduction
A recent report [1] from the Cybersecurity and Infrastructure and Security Agency (CISA) has alerted the public about possible forthcoming ransomware attacks that target the health industry.
This report has raised concerns [2] especially because of the current pandemic, which has strained the resources of hospitals and care centers. As a consequence, a ransomware attack, in addition to crippling a healthcare provider’s infrastructure, might actually put at risk the lives of patients.
The advisory describes in detail the tactics, techniques, and procedures (TTPs) followed by the malicious actors who, at the moment, seem to be associated with Russian crime groups.
The attack uses a number of malware components, such as TrickBot, BazarLoader, Ryuk, and Cobalt Strike, in order to compromise networks, create bridgeheads, and then move laterally so that, eventually, a ransomware attack can be successfully carried out.
In the rest of this report, we present the characteristics of the various components of the attacks. We look at both the actual malware components (i.e., the code that performs the malicious actions), as well as the network evidence associated with their actions. Even though a number of these components (as well as similar ones) have been covered previously Continue reading
Looking Ahead: Five Opportunities on The Horizon According to Tech Leaders
Dozens of top leaders and thinkers from the tech industry and beyond recently joined us for a series of fireside chats commemorating Cloudflare’s 10th birthday. Over the course of 24 hours of conversation, these leaders shared their thoughts on everything from entrepreneurship to mental health — and how the Internet will continue to play a vital role.
Here are some of the highlights.
On the global opportunity for entrepreneurs
Anu Hariharan
Partner, Y Combinator’s Continuity Fund
Fast forwarding ten years from now, I think entrepreneurship is global, and you're already seeing signs of that. 27% of YC startups are headquartered outside the US. And I'm willing to bet that in a decade, at least 50% of YC startups will be headquartered outside the US. And so I think the sheer nature of the Internet democratizing information, more companies being global, like Facebook, Google, Uber — talent is everywhere. I think you will see multi-billion dollar companies coming out of other regions.
People have this perception that everything is a zero sum game, or that we are already at peak Internet penetration. Absolutely not. The global market cap is ~$85 trillion. Less than 10% is e-commerce. Internet enabled businesses is $8 Continue reading
MUST READ: How to troubleshoot routing protocols session flaps
Did you ever experience an out-of-the-blue BGP session flap after you were running that peering for months? As Dmytro Shypovalov explains in his latest blog post, it’s always MTU (just kidding, of course it’s always DNS, but MTU blackholes nonetheless result in some crazy behavior).
Overcoming the Challenges to True End-to-End Automation
Organizations must anticipate that the future of automation will be driven by integrations, which require a reprioritization of initiatives that promote flexibility.My collection of vintage PC cards
Recently, I have been gathering some old hardware at my parents’ house, notably PC extension cards, as they don’t take much room and can be converted to a nice display item. Unfortunately, I was not very concerned about keeping stuff around. Compared to all the hardware I have acquired over the years, only a few pieces remain.
Tseng Labs ET4000AX (1989)
This SVGA graphics card was installed into a PC powered by a 386SX CPU running at 16 MHz. This was a good card at the time as it was pretty fast. It didn’t feature 2D acceleration, unlike the later ET4000/W32. This version only features 512 KB of RAM. It can display 1024×768 images with 16 colors or 800×600 with 256 colors. It was also compatible with CGA, EGA, VGA, MDA, and Hercules modes. No contemporary games were using the SVGA modes but the higher resolutions were useful with Windows 3.
This card was manufactured directly by Tseng Labs.
AdLib clone (1992)
My first sound card was an AdLib. My parents bought it in Canada during the summer holidays in 1992. It uses a Yamaha OPL2 chip to produce sound via FM synthesis. Continue reading
Network Break 308: AMD Gobbles Xilinx, Marvell Chops Inphi. Its SmartNIC DPU Week
This week Network Break is about silicon companies Marvel and AMD bulking up to fight competition. Cisco ships a SmartNIC, Catchpoint releases new features and Space Networking.
The post Network Break 308: AMD Gobbles Xilinx, Marvell Chops Inphi. Its SmartNIC DPU Week appeared first on Packet Pushers.
Strong Reactions and Complexity
In the realm of network design—especially in the realm of security—we often react so strongly against a perceived threat, or so quickly to solve a perceived problem, that we fail to look for the tradeoffs. If you haven’t found the tradeoffs, you haven’t looked hard enough—or, as Dr. Little says, you have to ask what is gained and what is lost, rather than just what is gained. This failure to look at both sides often results in untold amounts of technical debt and complexity being dumped into network designs (and application implementations), causing outages and failures long after these decisions are made.
A 2018 paper on DDoS attacks, A First Joint Look at DoS Attacks and BGP Blackholing in the Wild provides a good example of causing more damage to an attack than the attack itself. Most networks are configured to allow the operator to quickly configure a remote triggered black hole (RTBH) using BGP. Most often, a community is attached to a BGP route that points the next-hop to a local discard route on each eBGP speaker. If used on the route advertising the destination of the attack—the service under attack—the result is the DDoS attack traffic no longer Continue reading
Nominations Now Open for 2021 Internet Society Board of Trustees Elections
The Internet Society Nominations Committee is now inviting nominations for candidates to serve on the Board of Trustees, effective at the start of the Annual General Meeting which is currently scheduled to be held 31 July-1 August 2021.
In 2020-2021, Organization Members and the IETF will each select two Trustees, and Chapters will select one Trustee. Following an orientation program, all new Trustees chosen by the IETF and Chapters will begin three-year terms commencing with the board’s Annual General Meeting. With respect to the two Organizational Members to be chosen, the candidate with the highest weighted vote count will be seated for a three-year term, while the candidate with the second highest weighted vote count will serve the final year of a three-year term initially served by a Trustee who resigned from the board in mid-term.
The Board of Trustees provides strategic direction, inspiration, and oversight to advance the Internet Society’s mission of preserving the open, globally-connected, trustworthy and secure Internet for everyone. Trustees also currently serve as members of the Internet Society Foundation’s board.
I encourage you and all of your community members to identify appropriate candidates for these positions. Further information regarding the positions, as Continue reading
New Ansible for Networking Engineers Content
When restructuring our online courses we decided to make the video content that was previously part of Ansible online course available with Standard ipSpace.net Subscription.
If you haven’t enrolled into our automation online course (which always included the extra bits) you’ll find the following additional content in our Ansible for Networking Engineers webinar: