YouTube Black Hole – What’s the real point?

This week, we saw an indication of what could be massive disruptions on the Internet. Way back in 2002, I pointed out our continued vulnerability to prefix injection attacks – from intentional and unintentional insertions (see NANOG BGP Security Update). This weekend, we had the Pakistan Telecom Authority (PTA) order their ISPs to block access Read More

Submarine Cable Cuts – What is the Real Story?

We’ve seen a flurry of outages on some of the major submarine cable systems: Some points everyone is missing. First, as I pointed out on a NANOG post, cable outages happen all the time. Nothing new. that is why we have a large fleet of ships to repair cables. At the time of these Read More

Are We Ready for IP-NGN?

IBM’s 2007 Survey of SP’s “The State of Security in Carrier Service Delivery” is out and making the rounds of the security trade journals. While surveys like these are obvious marketing tools (i.e. buy IBM’s security consulting services and products), the results are useful data points. “… 87 percent of the curvey participants indicated that Read More

Turning the Corner?

Are we about to turn the corner in our battle with cybercrime? Is our threat vector about to make a dramatic change of direction? Is the really light at the end of the tunnel? A year ago, the available data would have me believe that the problem will never get better. The month all has Read More

Victimized Customers – Botnet’s Triple Edge of Crime

Security pundits and professionals love to extol the badness of how botnets can be used to perpetrate crime. They unhesitatingly point out how operators allow these botnets to exist unintended, taking up resources, bandwidth, server time, and contagion. For the computers infected with the bots, no sympathy. They are core to the evil of the Read More

Getting Started with SP Security

People ask me how do I get started with safe guarding my Service Provider (SP) network. The place I point, is a tutorial we’ve created with NSP-SEC. This tutorial goes through simple things that helps a engineer in a SP gets their feet wet. Check out the latest version presented at NANOG here: ISP Security Read More

Principles of Trans-Oceanic Systems

Interconnecting with Services Providers (SPs) across the ocean is expensive and risky. The cost of the links are often the largest entry in the OPEX budget. All of it in hard currency which leaves the company (vs paying another department inside the SP). The risk to these links is often over looked. Oceanic telecommunications systems Read More