NTP for Evil

There was a story that was distributed around the newswire services at the start of February this year, reporting that we had just encountered the “biggest DDOS attack ever”. This dubious distinction was as a result of the observation that this time around the attack volume got to 400Gbps of…


MITM and Routing Security

If the motivation behind the effort behind securing BGP was to allow any BGP speaker to distinguish between routing updates that contained “genuine” routing information and routing updates that contained contrived or false information, then these two reports point out that we’ve fallen short of that target. What’s gone wrong?…


IP Addresses and Traceback

This is an informal description the evolution of a particular area of network forensic activity, namely that of traceback. This activity typically involves using data recorded at one end of a network transaction, and using various logs and registration records to identify the other party to the transaction. Here we’ll…


The Big Bad Internet

I often think there are only two types of stories about the Internet. One is a continuing story of prodigious technology that continues to shrink in physical size and at the same time continue to dazzle and amaze us. We’ve managed to get the cost and form factor of computers…


Here’s looking at you …

Much has been said in recent weeks about various forms of cyber spying. The United States has accused the Chinese of cyber espionage and stealing industrial secrets. A former contractor to the United States’ NSA, Edward Snowden, has accused various US intelligence agencies of systematic examination of activity on various…


Measuring DNSSEC Performance

There are a number of reasons that both domain name administrators and vendors of client DNS software cite for not incorporating DNSSEC signing into their offerrings. The added complexity of the name administration process when signatures are added to the mix, the challenges of maintaining current root trust keys, and…


What we are up to with RPKI

APNIC has recently deployed some changes to its RPKI service, and is in the process of continuing developments that will be released across 2013. This article discusses the changes, and what’s on the horizon early next year. Splitting the TAL A highly visible change to the APNIC RPKI system recently…


Some Further Thoughts on Securing Routing

It seems that the discussion about route leaks and securing BGP continues. Here, I’d like to quickly explore the issues related to the distinction between routing protocols, routing policies, routing and packet forwarding, and look at why securing the routing protocol does not necessarily ensure that you have secured packet…


Leaking Routes

Its happened again. We’ve just had yet another major routing leak, this time bringing down the Internet for most of an entire country. Maybe twenty years ago no one would’ve noticed, let alone comment, but now of course its headline material in the media. What happened? And how could this…


Hacking Away at the Internet’s Security

The front page story of the September 13 2011 issue of the International Herald Tribune said it all: “Iranian activists feel the chill as hacker taps into e-mails.” The news story relates how a hacker has “sneaked into the computer systems of a security firm on the outskirts of Amsterdam”…