IPAM

Researchers from the University of California and Tsinghua University in China have published discovery of a new form of DNS cache poisoning attack. This form of attack leverages "side channels" through use of the Internet Control Message Protocol (ICMP) to improve the likelihood of attack success by identifying the subset of source UDP ports actually used by a recursive server when issuing queries. Confining this pool of randomized ports helps reduce the universe of port numbers the attacker can try when attempting to emulate a proper query response.  Source port and DNS transaction identifier randomization has been the recommended mitigation approaches against cache poisoning attacks, even for more nefarious Kaminsky-discovered attacks. However, this use of side channels reduces the robustness of source port randomization mitigation. Of course, DNS security extensions (DNSSEC) remains the only definitive means to mitigate cache poisoning attacks, including this new variant.

Several articles have attempted to address the topic of IPv6 Internet penetration over the years, including some of mine, based on metrics compiled and published by google in terms of the percentage of IPv6 connection attempts to their websites with respect to total attempts. Certainly this is but one metric of IPv6 end user devices and a convenient one at that. Over time I've fitted trend lines to these data points in an attempt to gauge the present and predict future penetration growth. Let's take a look at how those trends and forecasts have changed with increasing data points over time. We'll examine these cases with the application of a third order polynomial trend line in each scenario for consistency. The following chart illustrates three such trends and predictions at roughly two year intervals. A dotted vertical line for each prediction indicates the point in time when the projection of the corresponding matching color was made. For our first prediction in June, 20

It's hard enough dealing with the possibility that during weekends members of your network user community use their devices to browse the Internet off-network then return to office to reconnect to your enterprise network with devices unwittingly infected with malware. With many localities operating under extended stay-at-home mandates in place to support flattening the COVID-19 infection curve, the threat of malware infestation is exacerbated, not only by the lengthy duration but as users adapt and become comfortable with work-at-home routines, they may become overly casual and less vigilant to threats. The AV-Test Institute , an independent IT security research institute, has identified over one billion malware programs in existence. And when it comes to malware, ransomware, and other undesirable software programs potentially impacting the security of your network and your users, there’s good news and there’s bad news. The good news is that most of these programs are identifiabl

With increasing numbers of white collar workers hunkering down within their homes across the globe over the past couple of weeks, full time working from home is becoming the norm - at least while Corona virus social distancing measures are in place. I was curious how this shift in worker locale might impact IPv6 usage around the world. One popular benchmark is Google's IPv6 statistics, which measures the percentage of IPv6 browser connections to its websites. Images from  https://www.google.com/intl/en/ipv6/statistics.html Over the 12+ years of data points within the graph, the data has exhibited a periodicity with a relative spike on weekend days and nominally lower percentage values during workdays. This leads one to surmise that remote users, when at home, more often connect via IPv6 than when in the office. This theory is supported by the sustained higher percentages of IPv6 utilization during the Christmas holidays in late December and now during the general Corona vir