EfficientIP is a dynamic, fast growing international company whose success comes from the constant evolution and high standards of its solutions.
The clocks have changed, the sun has been shining in London today, but it’s still icy cold outside. This soup is a real taste of spring. It’s all about the herbs, but uses cauliflower as a base. Here’s the method for four generous servings.
3 tablespoons olive or rapeseed oil
2 medium onions
3 sticks of celery
DNS Reflection/Amplification Attack: Proved!
Last year there was a “threat” by the “anonymous” group to black out Internet using a DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: “End of the world/Internet”.
In this article I was questioning if this was even possible and what was needed as general interest and curiosity.
Well, looking at the “stophaus” attack last week, we are getting some answers.
I would say it is a real threat now and is a valid attack vector. Seems there are only a couple of ingredients needed:
Open recursive DNS servers
Many of these are already available, and numbers increase. This not only includes dedicated DNS Server systems, but also any equipment attached to the internet capable of handling DNS requests it seems (like cable-modems, routers, etc). So the risk this will be utilized again, will be greater every day now.
A party that is capable/willing to set it off
Seems that there are more and more parties on the Internet that open to “attack” certain entities on the Internet to defend their believes. In above case, stressing even the Internet and influence the usage of everyone on it.
Infrastructure
Lets call it the “Internet”, “Logistics” and “Bandwidth”. Looking at the numbers, it is apparent that you need little (in context) and it is possible to do so if you want. Technology, services or other wise it is not really challenging. And it can be done not from a shady area/country either.
I suspect we will see more of this happening now the “proof-of-concept” is done. It still worries me when the real guns are pulled out and focus would shift from particular entities to the root infrastructure of the Internet.
I had a couple of talks with my expertise peers on this how to mitigate this, it is very difficult as it is sheer load coming from every corner of the Internet. We really did not come up with a single solution. Mitigation would probably mean “breaking” some parts of the Internet as collateral damage, which in size would probably be disruptive enough as well.
Main concern in this, again, is the “open resolvers” out there that we cannot control without education and regulation on how DNS is deployed (you know, the thing we are allergic/apathetic about on/about Internet).
The more thoughts I give this, the more I think the solution is not only technical but most part an organisational/educational/regulation one… Before that is in place, we probably will experience some outages…
London’s great gourmet junk food revival rolls on, with fried chicken, burgers and hot dogs all getting sexy makeovers and hefty price increases. So I’m here to officially start the next chapter of this trend: gourmet baked beans.
Step one is your beans – Hodmedod’s are bringing back…
Split of DDI News
Again… I reording my media/blogging stuff. I splitted off the DDI News feed from my personal log. It can be found here: http://ddinews.chrisbuijs.com.
Cheers,
-Chris.
Moved my BLOG
Hi All,
In order to restart my efforts in the blogging-sphere, I moved my blog to Tumblr and try to consolidate/split stuff to make it more accessable and maintainable :-).
It sits here: http://blog.chrisbuijs.com
Good luck to me!
Cheers,
-Chris.
DDI News: China’s new internet backbone explained: verified sources, IPv6 at the core
While most of the world is still coming to grips with malware and weaning itself off of IPv4 , we’re just learning that China has been thinking further ahead. A newly publicized US Navy report reveals that China’s new internet backbone revolves around an IPv6 -based architecture that leans on Source Address Validation Architecture, or SAVA. The technique creates a catalog of known good matches …
Original Article: China’s new internet backbone explained: verified sources, IPv6 at the core
Date: March 11, 2013 at 06:38PM
DDI News: Broadcom debuts IPv6 network processor
Designated the NLA12000, the new series of processors are sampling now with production volumes slated for the first half of 2013.
Original Article: Broadcom debuts IPv6 network processor
Date: March 11, 2013 at 04:35AM
