As of January 2021, the Pentagon transferred 175 Million IPv4 addresses to a new and unknown Florida based company named Global Resource Systems, LLC. This came as a bit of a shock to the internet community for the following four reasons….
APNIC has a bog article on detecting “bgp lies”.
Do you ever wonder whether you can really trust other networks, such as your provider(s) and peers? More precisely, wouldn’t you like to be able to tell if the traffic you send always flows through the paths received in the Border Gateway Protocol (BGP)? Could it be that, for some prefixes, the forwarding path might differ?
Our friend David over at Penny Tone has an article out on call Quality.
Testing a fiber cross-connect at a data center. #packetsdownrange
From Christian Koch from Foundations
I am excited to reveal that my quarterly interconnection update has
transformed into the Interconnection Quarterly, a hand-tailored,
independent briefing on the interconnection industry. Right now, my plans
are to publish the Interconnection Quarterly shortly after the last public
companies report earnings, as I’ve done with the previous updates. This
may change in the future, but for now, this is the plan.
In this inaugural issue, you’ll find the latest financial and business metrics
for select data center operators and interconnection platforms, as well as
insights into key developments and newsworthy events that occurred
within the fourth quarter of 2020.
We’re at an important juncture for interconnection, and while it still may
be seen by some as just a basic service that a data center or colocation
provider must offer, the truth is, that interconnection is much more
From cross-connects to cloud networks, the constant here is in the
connection. How that connection is established and what you can do
with it is what’s changing as we adapt to a world powered by software in
So recently I was spinning up some new authoritative names servers. I have stuck with bind for authoritative for years because the format of the files and queries is THE standard for DNS zones. IMHO, there are some better resolvers out there but I stick with bind for authoritative.
Anyway, on to my issue. The purpose of one of these servers was for reverse DNS. I added the in-addr files and added a few zone files. Things hummed along for a few days and the server went through an update and the authoritative stuff stopped working. After some digging here is what I found.
Bind 9.4 introduces a new option called
allow query has specifically to do with the ability to query the namesever for records it is authoritative for. If that option is not there it will deny queries. Once I added the following code things started working correctly.
A few later I come back to a different machine to troubleshoot an issue with a customer PTR record and found the log files were filling up with cache-denied messages. this was fixed by adding the two lines of code below.
In this case, some of the IP space still had servers pointing to it, most likely due to the domain holder going offline or out of business.
So it used to be I received a /56 IPv6 prefix and then my router picked a /64 for my lan. Then it turned into a /60. Now I get a /64 and my router has to turn that into a /72. Come on Comcast, don’t break IPV6 norms.
Most service providers have been the victim of a Denial of Service (DoS) attack at one point or another. Sometimes you may not realize you are under an attack. A few months ago, I posted a simple screenshot at https://blog.j2sw.com/networking/anatomy-of-a-ddos/ of what an active DDoS looks like.
Types of Attacks
In order to know what to look for you have to understand the four basic types of attacks. I will outline this and talk about how modern attacks are affecting Internet Service Providers (ISPs). In my next article, we will talk about identifying these types of attacks and some mitigation techniques you can employ.
Throw everything at you attack aka Buffer overflow
This type of attack is throwing enormous amounts of traffic at you to fill up your switch and router buffers, causing the device to exceed its capabilities. Your devices become crushed by an overwhelming volume of data throw at them. This attack isn’t always sheer bandwidth. Sometimes it is tens of thousands of remote connections.
Attacking vulnerable protocols
Attackers go after exposed services like ICMP to do amplification attacks. Fragmented packets, which keep the router tied up are also a common method of attacking a host.
These are the ones most consumers hear about. Vulnerabilities in operating systems, applications, and packages are exploited and used in attacks.
The fourth kind is not lumped in with Application attacks, but I wanted to separate it for a few reasons. The first reason is that someone compromising a system is not always sophisticated. If a bad actor guessed the password on your router and erased the configuration, they have performed a Denial of Service against you. If you don’t keep your software up-to-date and someone exploits a backdoor and “hacks” your system, they have performed of DoS attack.
Modern Attacks against networks
Modern DoS attacks are always evolving. As network administrators find ways to mitigate these attacks, the bad actors find ways to tweak them and get around mitigation techniques employed by providers. Most of the exploits above involve sheer volumes of traffic or connections being directed at a host to take it offline. This attack is especially detrimental for service providers because it takes your customers offline if the attack is significant enough.
One of the most common techniques these days is the Distributed Denial of Service attack (DDoS). These are usually botnets involving thousands of compromised machines or devices acting against a host(s). These can be anywhere in the world. They could even be users inside your network with compromised machines or other devices. Distributed attacks are hard to mitigate because they can be legitimate traffic pointed at a web-server as an example. The traffic is not malicious from a technical perspective. You have thousands and thousands of machines sending legitimate requests to a web-server or other host on your network. This traffic looks legitimate but is overwhelming for your hardware and Internet pipe.
So what does a DDoS look like and what are your options when it comes to Denial of Service Attacks? In my next article in this series, I will talk about some best practices you can do so you are not as vulnerable to these types of attacks.