The post Worth Reading: IPv6 Paradigm Change appeared first on 'net work.
In part 1 of this series, I looked at the general problem of securing BGP, and ended by asking three questions. In part 2 and part 3, I considered the third question: what can we actually prove in a packet switched network. For this section, I want to return to the first question:
Should we focus on a centralized solution to this problem, or a distributed one?
There are, as you might expect, actually two different problems within this problem:
The post Worth Reading: In the Trenches with OpenStack appeared first on 'net work.
Distributed Denial of Service (DDoS) attacks are often used to hold companies—particularly wealthy companies, like financial institutions—to ransom. Given the number of botnets in the world which can be purchased by the hour, and the relative ease with which new systems can be infected (especially given the rise of the Internet of Things), it’s important to find new and innovative ways to protect against such attacks. Dirt Jumper is a common DDoS platform based on the original Dirt, widely used to initiate such attacks. Probably the most effective protection against DDoS attacks, particularly if you can’t pin down the botnet and block it on a per-IP-address basis (try that one some time) is to construct a tar pit that will consume the attacker’s resources at a rate faster than your server’s are consumed.
The paper linked here describes one such tar pit, and even goes into detail around a defect in the Dirt Jumper platform, and how the defenders exploited the defect. This is not only instructive in terms of understanding and countering DDoS attacks, it’s also instructive from another angle. If you think software is going to eat the world, remember that even hacking software has defects that Continue reading
The post Worth Reading: Networking Field Day on Skyport Systems appeared first on 'net work.
This is my talk on BGP security from the latest NANOG. Some of the questions I discuss in this talk, and some of the solutions, interact with the series I currently have running on BGP security here.
The post Rethinking Path Validation appeared first on 'net work.
The post Worth Reading: Leave Your Gas Can at Home appeared first on 'net work.
I’ve been in information technology since the early 1990’s, and it’s always been like this: business tells IT what to do, and IT does it. In other words, we make technology mirror business. Which is a fine formula for success, so long as you think business is the engine of innovation. The problem is innovation doesn’t come from one department or place. In fact, innovation most often comes from the intersection of two or more things. Think about it.
When did cars first start being innovative? When they combined the technology that existed in the latest horse drawn carriages with the latest in industrial technology, including internal combustion engines and assembly line production. All three of these came from someplace else—many people don’t know the idea of interchangeable parts came out of the firearms world, rather than the automotive industry. When did innovation come into the Continue reading
The post Worth Watching: The Economics of the Internet appeared first on 'net work.
To recap (or rather, as they used to say in old television shows, “last time on ‘net Work…”), this series is looking at BGP security as an exercise (or case study) in understanding how to approach engineering problems. We started this series by asking three questions, the third of which was:
What is it we can actually prove in a packet switched network?
From there, in part 2 of this series, we looked at this question more deeply, asking three “sub questions” that are designed to help us tease out the answer this third question. Asking the right questions is a subtle, but crucial, part of learning how to deal with engineering problems of all sorts. Those questions can be summed up as:
Let’s quickly look at the first of these two to see why it’s not provable in the context of a packet switched network, using the network diagram below.
When working with BGP at Internet scale, we tend to think of an autonomous system as one “thing”—we Continue reading
The post Worth Reading: Virtualization Slides appeared first on 'net work.
The post IS-IS Deployment in IP Networks appeared first on 'net work.