YouTube Black Hole – What’s the real point?

This week, we saw an indication of what could be massive disruptions on the Internet. Way back in 2002, I pointed out our continued vulnerability to prefix injection attacks – from intentional and unintentional insertions (see NANOG BGP Security Update). This weekend, we had the Pakistan Telecom Authority (PTA) order their ISPs to block access Read More

Submarine Cable Cuts – What is the Real Story?

We’ve seen a flurry of outages on some of the major submarine cable systems: http://www.getit.org/Mediawiki/index.php?title=Submarine_Cable_Systems_in_the_News Some points everyone is missing. First, as I pointed out on a NANOG post, cable outages happen all the time. Nothing new. that is why we have a large fleet of ships to repair cables. At the time of these Read More

Are We Ready for IP-NGN?

IBM’s 2007 Survey of SP’s “The State of Security in Carrier Service Delivery” is out and making the rounds of the security trade journals. While surveys like these are obvious marketing tools (i.e. buy IBM’s security consulting services and products), the results are useful data points. “… 87 percent of the curvey participants indicated that Read More

Turning the Corner?

Are we about to turn the corner in our battle with cybercrime? Is our threat vector about to make a dramatic change of direction? Is the really light at the end of the tunnel? A year ago, the available data would have me believe that the problem will never get better. The month all has Read More

Security’s Dilemma – Damed if you do, Damed if you don’t

The Security Trap of all in the profession ….. If you do your security job well … you management ask “What are you doing and why am I spending all the money on security?” If you do not do your security job well …. management ask ” Why didn’t you do something to keep this Read More

Victimized Customers – Botnet’s Triple Edge of Crime

Security pundits and professionals love to extol the badness of how botnets can be used to perpetrate crime. They unhesitatingly point out how operators allow these botnets to exist unintended, taking up resources, bandwidth, server time, and contagion. For the computers infected with the bots, no sympathy. They are core to the evil of the Read More

Getting Started with SP Security

People ask me how do I get started with safe guarding my Service Provider (SP) network. The place I point, is a tutorial we’ve created with NSP-SEC. This tutorial goes through simple things that helps a engineer in a SP gets their feet wet. Check out the latest version presented at NANOG here: ISP Security Read More

Principles of Trans-Oceanic Systems

Interconnecting with Services Providers (SPs) across the ocean is expensive and risky. The cost of the links are often the largest entry in the OPEX budget. All of it in hard currency which leaves the company (vs paying another department inside the SP). The risk to these links is often over looked. Oceanic telecommunications systems Read More