Archive

Category Archives for "Russ White"

Lessons from Andromeda

A common complaint I hear among network engineers is that the lessons and techniques used by truly huge scale networks simply are not applicable to more “standard scale” networks. The key point, however, is balance—to look for the ideas and concepts that are interesting and at least somewhat novel, and then see how they might be applied to products and systems in all networks. Learning concepts can help you understand design patterns you might encounter almost anywhere. One recent paper, for instance, details Andromeda, a large scale networking system designed and operated by Google, one of the few truly huge networks in the world—

Andromeda is designed around a flexible hierarchy of flow processing paths. Flows are mapped to a programming path dynamically based on feature and performance requirements.

While the paper describes the general compute environment, and the forwarding process on individual nodes, the most interesting part from a network engineering perspective is hoverboard. While this concept behind hoverboard has been implemented in previous systems, it is usually hidden under the covers of a vertically integrated system, and therefore not normally something you see the inner workings of. To understand hoverboard, you have to begin with a little theory Continue reading

Attitude and Gratitude

I don’t often let my studies in philosophy and worldview creep into these pages intentionally. I don’t think it can be helped, of course, because the more I study philosophy, the more I see just how practical it is (contrary to popular belief). On the other hand, sometimes an observation about our world jumps out at me so strongly that I cannot help but to post about it here. If you don’t want to hear this, I give you permission to stop reading now. ?

Today, in the U.S., is what is called “Black Friday.” The name derives from a major stock market crash in the 1850’s, but was eventually applied to the combined shopping and football crowds the day after Thanksgiving by the Philadelphia Police, and now, finally to the general shopping day after Thanksgiving in the U.S.

Thanksgiving is all about giving thanks. About gathering family and friends, and appreciating community, and people, and the shared blessings of homes and meals together. It is interesting that Thanksgiving and Black Friday are juxtaposed in just this way. The family right up against the commercial, the quietness of the home against the loudness of the market. Maybe Continue reading

CAA Records and Site Security

The little green lock—now being deprecated by some browsers—provides some level of comfort for many users when entering personal information on a web site. You probably know the little green lock means the traffic between the host and the site is encrypted, but you might not stop to ask the fundamental question of all cryptography: using what key? The quality of an encrypted connection is no better than the quality and source of the keys used to encrypt the data carried across the connection. If the key is compromised, then entire encrypted session is useless.

So where does the key pair come from to encrypt the session between a host and a server? The session key used for symmetric cryptography on each session is obtained using the public key of the server (thus through asymmetric cryptography). How is the public key of the server obtained by the host? Here is where things get interesting.

The older way of doing things was for a list of domains who were trusted to provide a public key for a particular server was carried in HTTP. The host would open a session with a server, which would then provide a list of domains where Continue reading

Research: Measuring IP Liveness

Of the 4.2 billion IPv4 addresses available in the global space, how many are used—or rather, how many are “alive?” Given the increasing usage of IPv6, it might seem this is an unimportant question. Answering the question, however, resolves to another question that is actually more important: how can you determine whether or not an IP address is in use? This question might seem easy to answer: ping every address in the address space. This, however, turns out to be the wrong answer.

Scanning the Internet for Liveness. SIGCOMM Comput. Commun. Rev. 48, 2 (May 2018), 2-9. DOI: https://doi.org/10.1145/3213232.3213234

This answer is wrong because a substantial number of systems do not respond to ICMP requests. According to this paper, in fact, some 16% of the hosts they discovered that would respond to a TCP SYN, and another 2% that would respond to a UDP packet shaped to connect to a service, do not respond to ICMP requests. There are a number of possible reasons for this situation, including hosts being placed behind devices that block ICMP packets, hosts being configured not to respond to ICMP requests, or a server sitting behind a PAT or CGNAT Continue reading

Weekend Reads 110818

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. @Krebs on Security

PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. A proprietary implementation of simultaneous multithreading, hyperthreading reduces the amount of time needed to carry out parallel computing tasks, in which large numbers of calculations or executions are carried out simultaneously. The performance boost is the result of two logical processor cores sharing the hardware of a single physical processor. The added logical cores make it easier to divide large tasks into smaller ones that can be completed more quickly. —Dan Goodin @ARS Technica

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded Continue reading

Network Troubleshooting Webinar on Safari Books

I just redid my slides for the network troubleshooting seminar I teach on Safari Books from time to time. This new set of slides should make for a better webinar. The outline now covers—

Segment 1: Foundations
Length: 50 minutes

  • MTTR, MTBM, MTBM
  • Resiliency in terms of troubleshooting
  • Positive feedback loops
  • Automated processes and fragility
  • The troubleshooting process
  • Avoiding the narrows
  • Using models to dive deeper
  • Using abstraction to counter the combinatorial explosion
  • When abstractions leak
  • What, how, and why models

10 Minute Break

Segment 2: Process
Length: 50 minutes

  • The theory of half split, as seen from search trees
  • Putting it together: a simple troubleshooting loop and the half-split
  • Using manipulability theory to prove it
  • Observations on observations

10 Minute Break

Segment 3: Examples
Length: 50 minutes

  • The EIGRP case
  • The BGP case
  • IS-IS and BFD

10 minute final Question and Answer Period

You can register here. Note the name of the seminar is changing, so the URL might change, as well.

BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these—

Demchak, Chris, and Yuval Shavitt. 2018. “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking.” Military Cyber Affairs 3 (1). https://doi.org/10.5038/2378-0789.3.1.1050.

—traces the impact of Chinese “state actor” effects on BGP routing in recent years. Whether these are actual attacks, or mistakes from human error for various reasons generally cannot be known, but the potential, at least, for serious damage to companies and institutions relying on the DFZ is hard to overestimate. This paper lays out the basic problem, and the works through a number of BGP hijacks in recent years, showing how they misdirected traffic in ways that could have facilitated attacks, whether by mistake or intentionally. For instance, quoting from the paper—

Weekend Reads 110218

When the Internet outgrew its academic and research roots and gained some prominence and momentum in the broader telecommunications environment it found itself to be in opposition to many of the established practices of the international telecommunications arrangements and even in opposition to the principles that lie behind these arrangements. For many years, governments were being lectured that the Internet was “special”, and to apply the same mechanisms of national telecommunications and trade regulations to the Internet may not wreck the entire Internet, but they would surely isolate the nation that was attempting to apply these unnatural acts. —Geoff Huston @potaroo

Systemd has a remotely exploitable bug in its DHCPv6 client. That means anybody on the local network can send you a packet and take control of your computer. The flaw is a typical buffer-overflow. Several news stories have pointed out that this client was rewritten from scratch, as if that were the moral failing, instead of reusing existing code. That’s not the problem. @Errata Security

The Myers-Briggs test and others like it were huge in the corporate world in the 1980s and ’90s. Individuals took them to see what kind of careers they should pursue; H.R. offices used Continue reading

1 42 43 44 45 46 165