The Week in Internet News: IoT Botnets Come for Video Conferencing Systems

Botnets attack: A handful of botnets using compromised Internet of Things devises are now targeting enterprise video conferencing systems, reports CSO Online. Three recently identified botnets are based on the Mirai botnet, which had its source code leaked back in 2016. The original Mirai is no longer active, but its source code has served as the base for at least 13 other botnets.

Pulling the plug: Internet shutdown are common, but ineffective, argues a journalist and researcher on The Conversation. Shutdowns “seem to animate dissent and encourage precisely the kind of responses considered subversive by many governments,” writes George Ogola. “Internet shutdowns don’t stop demonstrations. Nor do they hinder the production and circulation of rumours: they encourage them instead.”

The war on porn: Meanwhile, the government of Bangladesh has shutdown about 20,000 websites, including some popular social media sites, in the name of banishing pornography, the Guardian reports. Authorities believe some social media sites are contributing to the problem, apparently. 

Digital colonies? The BBN Times has a provocative opinion piece suggesting that the Internet, and Internet Governance, is aiding in a process of “digital colonization.” The U.S. is sending its language, culture, and tech products Continue reading

BrandPost: Silver Peak Powers an SD-WAN Telemedicine Backpack

The software-defined wide-area networking (SD-WAN) revolution knows no boundaries. Now the technology has found its way into a telemedicine backpack that can deliver real-time communications between doctors and first responders on scene in the field.Telemedicine pioneer swyMed, based in Lexington, Mass., offers a high-performance telemedicine backpack called the DOT — Doctors on Tap — which enables reliable, real-time video communications powered by the Silver Peak Unity EdgeConnect™ SD-WAN edge platform that can improve the performance of existing wireless network communications and connect even at long distances from wireless towers.To read this article in full, please click here

BrandPost: Silver Peak Powers an SD-WAN Telemedicine Backpack

The software-defined wide-area networking (SD-WAN) revolution knows no boundaries. Now the technology has found its way into a telemedicine backpack that can deliver real-time communications between doctors and first responders on scene in the field.Telemedicine pioneer swyMed, based in Lexington, Mass., offers a high-performance telemedicine backpack called the DOT — Doctors on Tap — which enables reliable, real-time video communications powered by the Silver Peak Unity EdgeConnect™ SD-WAN edge platform that can improve the performance of existing wireless network communications and connect even at long distances from wireless towers.To read this article in full, please click here

Cloudflare Transparency Update: Joining Cloudflare’s Flock of (Warrant) Canaries

Cloudflare Transparency Update: Joining Cloudflare’s Flock of (Warrant) Canaries
Cloudflare Transparency Update: Joining Cloudflare’s Flock of (Warrant) Canaries

Today, Cloudflare is releasing its transparency report for the second half of 2018. We have been publishing biannual Transparency Reports since 2013.

We believe an essential part of earning the trust of our customers is being transparent about our features and services, what we do – and do not do – with our users’ data, and generally how we conduct ourselves in our engagement with third parties such as law enforcement authorities.  We also think that an important part of being fully transparent is being rigorously consistent and anticipating future circumstances, so our users not only know how we have behaved in the past, but are able to anticipate with reasonable certainty how we will act in the future, even in difficult cases.

As part of that effort, we have set forth certain ‘warrant canaries’ – statements of things we have never done as a company. As described in greater detail below, the report published today adds three new ‘warrant canaries’, which is the first time we’ve added to that list since 2013. The transparency report is also distinguished because it adds new reporting on requests for user information from foreign law enforcement, and requests for user information that we Continue reading

To Code Or Not To Code: Expression & Symbiosis

There is still an ongoing debate over the need for network engineers to pick up some software skills. Everything network engineers touch in more recent times has some programmatic means of control and these interfaces can be used to scale out engineer workflows or for abstract systems to drive. The bottom up view is to write scripts or use tools like Terraform or Ansible to use them. In engineer driven workflows, I see regular usage of Salt Stack as an abstraction layer over the top of a target group of devices to do very human tasks with! The latter use case is interesting because it follows a very basic system rule of high gain from abstraction. In this instance, the programmatic interfaces are used to amplify human capabilities. If that’s the bottom up view, the top down view is to embrace the world of RPA (Robotic Process Automation). We’ve been calling this "big button" automation for years now and we can view this as human driven tasks, mechanised to run on a platform or framework. It’s a case of "Back to the Future" and it comes straight out the 1970s.

When a network engineer goes on a Python course to Continue reading

Last Week on ipSpace.net (2019W8)

We started the Spring 2019 Building Network Automation Solutions course on Tuesday with building virtual labs presentation by one-and-only Matt Oswalt of the NRE Labs fame, and finished the AWS Networking Deep Dive saga on Thursday with an overview of AWS load balancing mechanisms, from elastic load balancing (CLB/NLB/ALB) to DNS-based load balancing, CloudFront and Global Accelerator… and figured out how Amazon reinvented VRFs and hub-and-spoke VPNs with Transit gateways.

The AWS Networking Deep Dive webinar is part of standard ipSpace.net subscription You can access Matt’s presentation and all other materials of the Building Network Automation Solutions online course with Expert Subscription (assuming you choose this course as part of your subscription).

Understanding hidden memories of recurrent neural networks

Understanding hidden memories of recurrent neural networks Ming et al., VAST’17

Last week we looked at CORALS, winner of round 9 of the Yelp dataset challenge. Today’s paper choice was a winner in round 10.

We’re used to visualisations of CNNs, which give interpretations of what is being learned in the hidden layers. But the inner workings of Recurrent Neural Networks (RNNs) have remained something of a mystery. RNNvis is a tool for visualising and exploring RNN models. Just as we have IDEs for regular application development, you can imagine a class of IMDEs (Interactive Model Development Environments) emerging that combine data and pipeline versioning and management, training, and interactive model exploration and visualisation tools.

Despite their impressive performances, RNNs are. still “black boxes” that are difficult for humans to understand… the lack of understanding of how RNN models work internally with their memories has limited researchers’ ability to introduce further improvements. A recent study also emphasized the importance of interpretability of machine learning models in building user’s trust: if users do not trust the model, they will not use it.

The focus of RNNvis is RNNs used for NLP tasks. Where we’re headed is an interactive visualisation Continue reading

RIRs enhance support for routing security

BGP hijacking and route leaks represent significant problems in the global Internet routing systems, along with source address spoofing. BGP hijacks are where allocated or unallocated address space is announced by entities who are not holders and are not authorized to use it.

The announcement of allocated address space often creates big news, such as when 53 route prefixes of Amazon were hijacked, but the announcement of unallocated address space (whether IPv4, IPv6 or AS numbers) which are also known as ‘bogons’ often does not generate much publicity as it does not cause immediate disruptions to service or business. With depletion of the IPv4 address space though, the announcement of bogons are on the rise with miscreants scraping the unallocated address space from all RIRs and abusing it.

Resource Public Key Infrastructure (RPKI) was therefore developed to try to solve these problems, and APNIC (the Routing Internet Registry for the Asia-Pacific region) recently announced it will honour the creation of AS0 ROA objects. They join ARIN, AfriNIC and the RIPE NCC in supporting AS0 ROA objects, with only LACNIC yet to implement this.

APNIC members can create AS0 ROAs for the prefixes they manage using the MyAPNIC platform.

So, Continue reading

Cloudflare’s RPKI Toolkit

Cloudflare’s RPKI Toolkit

A few months ago, we made a first then a second announcement about Cloudflare’s involvement in Resource Public Key Infrastructure (RPKI), and our desire to make BGP Internet routing more secure. Our mission is to build a safer Internet. We want to make it easier for network operators to deploy RPKI.

Today’s article is going to cover our experience and the tools we are using. As a brief reminder, RPKI is a framework that allows networks to deploy route filtering using cryptography-validated information. Picture TLS certificates for IP addresses and Autonomous System Numbers (ASNs)

What it means for you:

We validate our IP routes. This means, as a 1.1.1.1 DNS resolver user, you are less likely to be victim of cache poisoning. We signed our IP routes. This means a user browsing the websites on Cloudflare’s network are unlikely to experience route hijacks.

All our Points of Presence which have a router compatible with The Resource Public Key Infrastructure (RPKI) to Router Protocol (RTR protocol) are connected to our custom software called GoRTR and are now filtering invalid routes. The deployment amounts to around 70% of our network.

We received many questions regarding the amount of invalid Continue reading

NDSS 2019 Highlights the Best in Security Research

Tomorrow, the 26th consecutive Network and Distributed System Security Symposium (NDSS) is set to kick off in San Diego, CA. NDSS is a premier academic research conference addressing a wide range of topics associated with improving network and system security. A key focus of the Internet Society has long been improving trust in the global open Internet and all of its connected devices and systems. In today’s world, we need new and innovative ideas and research on the security and privacy of our connected devices and the Internet that connects them together.

NDSS 2019 (24-27 February) will be the biggest NDSS symposium yet, featuring 89 peer-reviewed papers, 35 posters, 4 workshops, and a keynote. Record registration numbers are a key indicator that NDSS 2019 is featuring vital and timely topics. Below are some of the highlights expected in the coming week.

Workshops

This year’s program officially starts with four workshops on Sunday, 24 February. NDSS workshops are organized around a single topic and provide an opportunity for greater dialogue amongst researchers and practitioners in the area. Each of this year’s workshops have dynamic agendas.

The Workshop on Binary Analysis Research (BAR) is returning for its second year at NDSS after a Continue reading

My Cloudflaraversery: Things I’ve Learned Along the Way

My Cloudflaraversery: Things I’ve Learned Along the Way
Cloudflare Retreat 2018 in Napa, CA
My Cloudflaraversery: Things I’ve Learned Along the Way

A year ago, I joined the marketing team at Cloudflare.

I was first attracted to Cloudflare by its audacious mission: to help build a better Internet. As someone who’s spent most of my professional life working on programs — in marketing, policy, communications, and advocacy — that build trust and confidence in the Internet, Cloudflare’s mission resonated with me.

But it wasn’t just the mission — it was the product too. Over its eight years, the company has developed a growing platform of products and solutions that help millions of online properties — from nonprofits and hobbyists to small businesses and large enterprises — protect and accelerate anything connected to the Internet. For me, joining the Cloudflare team was an opportunity to help advance a mission and a product that is doing good in the world.

It’s been an exciting year and I want to take the opportunity to reflect on a few things I’ve learned along the way.

First, trust is everything

During my first few months at Cloudflare, I spoke with dozens and dozens of customers. I wanted to understand Cloudflare from their perspective. What challenges do they face? What progress are Continue reading

Python Pieces – Working with etcd

Ah ha! Surprise – I’ve decided that in addition to the blog posts on MPLS and ExaBGP that I might as well start up a third series. Well – that’s not entirely true – but instead of trying to mix all sorts of details about Python into the blog posts, I thought I might split out some of the larger pieces. So Im starting a new series called “Python Pieces” where I’m going to pick one module, concept, or whatever else I decided warrants a post and talk about how to use it. Then – if/when I use that in one of my other posts – you’ve got a handy reference and starting point. I hope this makes the other posts less “all over the place” but we’ll see.

So – in my first edition of Python Pieces we’re going to talk about working with etcd from Python. For those of you that don’t know what etcd is – it’s a pretty popular key value store that’s used with lots of the more recent projects (Kubernetes comes to mind). What’s likely more important about etcd though is that it’s capable of being a distributed key value store which makes it Continue reading