Worth Reading: The forgotten half

In 2008, network researcher Dan Kaminsky announced a DNS vulnerability that would let any determined attacker, for the cost of about 10 minutes of packet bombing, insert data into the DNS such that any victim could be made to see whatever an attacker wanted them to see. —Paul Vixie and Joe St. Sauver @farsight

Worth Reading: White papers don’t impress me much

Typically, most companies release white papers that claim to detail their architecture (or math, as one claimed). In reality, and with rare exception (Datrium actually comes to mind here), they’re little more than five to seven pages of marketing-style technical claims with no citations or justification. —Rachel Traylor @The Math Citadel

Short Take: Complexity Wormhole

Worth Reading: GEO versus MEO

Until the advent of medium earth orbit (MEO) provider O3b (short for ‘Other 3 billion [users]’), geostationary (GEO) satellites were the only option for such ISPs. That meant huge dish antennas and, most of all, bandwidth prices of many hundreds of dollars per megabit per second per month (Mbps/month). —Ulrich Speidel @APNIC

Worth Reading: Magical thinking on Internet security

Most of us expect Internet security spending to increase from $70B to $140B by the end of this decade. But even at $70B, our spending is in the same order of magnitude as our losses. —Paul Vixie @Far Sight Security

Reaction: The importance of diversity of sources

If you are like the rest of the world in the way you consume news, you are probably reading this because you followed a link in social media. If this is true, I have a request: set up an RSS reader, and start following technical and social content through feeds rather than exclusively through social networks. Why?

On Wednesday, Digg announced that it will be shutting down Digg Reader on March 26. The RSS reader, for me and likely many others, was a godsend after the 2013 shuttering of Google Reader. The rest of Digg is safe, rest assured, and the site gave no reason for discontinuing Digg Reader, but it’s likely as simple as “that’s not how people consume the internet anymore.”

Don’t get me wrong—I believe social media networks are important. Social media networks are a great place to keep up with people and products, with larger movements discovered by neural networks and put on your RADAR through a news feed.

But social media networks should not be the only place you learn about network engineering—or anything else of importance in your life. It is a bit like when I used to have a collection of Continue reading

Worth Reading: IPv6 and containers

None of the ‘big three’ cloud providers (AWS, Azure, and GCP) have an IPv6 feature set that is capable of reasonably supporting containers. Their support ranges from non-existent (yep, it’s 2018 and there are still public cloud providers with zero IPv6 support!) to ‘it’s just like IPv4, but with colons!’. —Matt Palmer @APNIC

Weekend Reads 032318

Today, we are discussing some of our more complex, heuristic techniques to detect malicious use of this vital protocol and how these detect key components of common real-world attacks. These analytics focus on behavior that is common to a variety of attacks, ranging from advanced targeted intrusions to the more mundane worms, botnets and ransomware. Such techniques are designed to complement more concrete signature-based detection, giving the opportunity to identify such behavior prior to the deployment of analyst driven rules. —John Booth @Azure

List of Third Parties (other than PayPal Customers) with Whom Personal Information May be Shared

There appears to be a huge disconnect here between the EU’s professed concern for keeping Europeans safe — as expressed in the one-hour rule — and the EU’s actual refusal to keep Europeans safe in the offline world. The result is that Europeans, manipulated by an untransparent, unaccountable body, will not be kept safe either online or off. And what if the content in question, as has already occurred, may be trying to warn the public about terrorism? —Judith Bergman @ Gatestone

Ransomware has long been a headache for PC and smartphone users, but in the future, it could be robots that Continue reading

Sleeping Lion

Worth Reading: The evolution of DDoS attacks

When the dust had settled, and services had been restored, one thing seemed certain: a new era of DDoS attacks was upon us. —Patrick Vernon @CircleID

Worth Reading: Blocking Malware with DNS

The Domain Name System (DNS) is known to be a valuable source of threat intelligence. With the mainstream introduction of the Response Policy Zone (RPZ) technology in popular resolver software, there is now a growing market of DNS service providers who are offering DNS firewall-style services. —James Richards @APNIC

What’s wrong with the IETF. And what’s right

I have not counted the IETF’s I have attended; I only know the first RFC on which I’m listed as a co-author was published in 2000, so this must be close to 20 years of interacting with the IETF community, and I’m pretty certain I’ve attended at least two meetings a year across that time, and three meetings a year in most of those years. Across that time, there has never been a time when I have not been told, at least once, “the IETF is broken.” And there has not been a single time I cannot remember agreeing with the sentiment.

So, how is the IETF broken? The trend that bothers me the most right now is the gold rush syndrome. A new technology is brought into the IETF, and if it looks like it might somehow be “important,” there is a “land rush” as people stake out new drafts, find use cases, find corner cases, and work to develop drafts and communities around those drafts. This generally results in a sort of ossification process, where there are clear insiders and outsiders, an entirely new vocabulary is developed, and the drafts fly so fast and furious there is Continue reading

Worth Reading: Agile is values and principles

Many things get called Agile — especially by people who are selling something. But the Agile Manifesto makes it clear that it isn’t a methodology. …. Agile is a set of values and principles. —Mark Shead @Free Code Camp

Network Collective: Building Resilient Networks

On this community roundtable at the Network Collective, we’re talking about building resilient networks with Pete Welcher, Jody Lemoine, and John Herbert. This was a terrific discussion of all those things you might not think about.

Worth Reading: Bufferbloat and Satellite Comm

In the case of satellite connections, it does not matter too much whether the buffer queue is managed with schemes such as random early drop (RED) and/or explicit congestion notification (ECN). The feedback path for such schemes traverses the link in both directions, and the resulting timeframes are typically too long to give short-term relief to queues that are becoming congested. —Ulrich Speidel @APNIC

Worth Reading: Why we need more crypto

Last week, researchers at Citizen Lab discovered that Sandvine’s PacketLogic devices were being used to hijack users’ unencrypted internet connections, making yet another case for encrypting the web with HTTPS. —Sydny Li @EFF

Short Take: The Agile State of Mind

Worth Reading: Should I allow UDP over my satellite link?

ISPs that use satellite links for international IP connectivity often block User Datagram Protocol (UDP) traffic because it is deemed ‘unfriendly’ in the presence of Transmission Control Protocol (TCP) on the link and considered too unimportant a protocol to be mission-critical. —Ulrich Speidel @APNIC

Worth Reading: US versus Microsoft

On Tuesday, the Supreme Court heard oral argument in United States v. Microsoft, a case that many observers believe could have significant ramifications for how cloud computing and other technology companies interact with the US government. —Olivier Douliery @Wired

Side Channel Attacks in the Wild: The Smart Home

Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post.

Side channel attacks are more common, and more dangerous, than many engineers understand. In this post, I’ll take a look at a 2017 research paper that builds and exploits a side channel attack against several smart home devices to see how such a side channel attack plays out. They begin their test with a series of devices, including a children’s sleep monitor, a pair of security cameras, a pair of smart power plugs, and a voice based home assistant.

The attack itself takes place in two steps. The first is to correlate individual traffic flows with a particular device (where a traffic flow is a 5 tuple. The researchers did this in three different ways. First, they observed the MAC address of each device talking on the network, comparing the first three octets of this address to a list of known manufacturers. Most home device manufacturers use a Continue reading