IPv4 Endgame

December 6, 2010

I checked out the IPv4 Report website today (Monday, Dec. 06, 2010), and here’s what I saw:

  • Projected IANA Unallocated Address Pool Exhaustion: 03-Mar-2011
  • Projected RIR Unallocated Address Pool Exhaustion: 02-Dec-2011

That means IANA will run out of unallocated IPv4 addresses to hand out to RIRs in less than three months. In just under a year, the RIRs themselves will be out of unallocated IPv4 addresses. In other words, if you need a new IPv4 address a year from now, you are out of luck. In fact, you may not be able to get one a whole lot sonner than that.

The well-known IPv4 Exhaustion Counter developed by Takashi Arano of Intec NetCore (http://inetcore.com/project/ipv4ec/) shows this:

IPv4 Exhaustion Counter by Takashi Arano (Intec NetCore), as of December 06, 2010 (17:17 hours)

The Second Internet, based on IPv6, isn’t only knocking on our doors. It will come crashing through next year whether we like it or not.

The good news, of course,  is that there really is no reason not to like IPv6.

IPv6 restores the end-to-end nature of the Internet, which has been compromised by the wideapread use of NAT (Network Address Translation). It also provides a nearly inexhaustible number of globally unique and routable IP addresses. In addition, it has built-in IPSEC, new features such as multicast, support for QoS (Quality of Service), and a flat addressing model which is great for P2P applications, VoIP, IPTV, and other neat things.

IPv6: coming to your neighborhood — very soon!

1 Comment | IPv6, Security, Standards | Permalink
Posted by Maddog

Obstacles to the Truth

June 4, 2010

One of the 60 "ghost" PCOS machines found in Antipolo

As evidence of electoral fraud mounts, more and more obstacles are being out in the way of a real, impartial, and comprehensive investigation. While the joint Senate and House committee conducts a canvass, the Joint Congressional oversight Committee seems to be sitting on its hands when it comes to looking into several clear anomalies.

Why is this the case? Who will benefit from the delay?

While we ponder these questions, let’s take a look at a statement on this issue from the Ang Kapatiran Party released last May 30.

30 May 2010

Senator Francis G. Escudero
Senate of the Philippines
Manila

Dear Senator Escudero,

There is an ongoing national canvassing and, in parallel, a hearing on numerous complaints concerning the conduct of the Automated Election System by the House Committee on Suffrage and Electoral Reforms chaired by House Rep. Teodoro Locsin, the Senate counterpart of which is chaired by your good self.

We write this letter to bring to your urgent attention the following:

  1. The filing in the Supreme Court of a TRO against the Comelec in its plan to destroy the 76,000 Compact Flash Cards that were found to be defective and said to have been recalled and replaced. This was filed by Senator Jamby Madrigal, JC de los Reyes, and Nicanor Perlas – reference G.R. No. 192063, filed 17 May 2010, and to-date has no ruling yet from the Supreme Court.
  2. The filing in the Supreme Court of a TRO for the unfinished/ongoing Random Manual Audit (RMA) being conducted primarily by the Comelec and the PPCRV and of MANDAMUS for the implementing parties to be directed to redo the RMA following strictly the rules of immediate and non-stop completion of audit of each selected precinct/PCOS machine as per Comelec Resolution Nos. 8837 and 8898 – reference G.R. No. 192143, filed 24 May 2010, and to-date has no ruling yet from the Supreme Court.
  3. The matter of the 60 PCOS machines that were found in Antipolo and are the subject of protest by Congressman Angelito Gatlabayan, who claims that the machines were used in the illegal transmission of results on a large scale basis, thus affecting not only the votes for the contested mayoralty position that Congressman Gatlabayan ran for, but also the votes for the national positions of President, Vice-President, and Senators. The 60 PCOS machines were delivered to and received by Senate President Juan Ponce Enrile and are therefore officially under custody by the Senate.

Read the rest of this entry »

2 Comments | Legal, Security | Tagged: , , , , | Permalink
Posted by Maddog

Is Your ISP Diverting Your DNS Queries?

December 4, 2009

Licensed under the GNU Lesser General Public License

The recent launch of Google’s Public DNS Service has elicited a number of blog posts focusing on privacy issues. I found two such posts on CircleID, by Michele Neylon entitled “Google Launch of DNS Service and OpenDNS Reply” , and Lauren Weinstein’s “Google’s New Public DNS Service – and Data Retention Issues“.

In the course of reading through these articles, I took note of the issue of DNS redirection (where ISPs can redirect requests to non-existent domains to advertising), as well as the more critical practice of DNS Diversions, which Weinstein explains this way:

Using a different DNS service is usually as “easy” as changing the IP addresses in your OS DNS settings, but note that if your ISP is actually diverting the TCP/IP ports that DNS uses to communicate, it will be impossible for you to switch DNS servers through normal mechanisms.

Fortunately, Weinstein also provides information for testing if your ISP is actually diverting your DNS queries. It can be found at “Testing Your Internet Connection for ISP DNS Diversions“.

Basically, all you need to do is run a few commands and compare output to data that Weinstein has provided. If you get the same IP addresses the official test zone, then your DNS queries are probably not being diverted. The data you should be seeing is changed periodically to prevent the test from being compromised.

For Unix/Linux users, use the following command to test for diverted TCP packets:

   dig @dns-test.nnsquad.org control.hq. axfr

To test for diverted UDP packets, use this command:

   dig @dns-test.nnsquad.org control.hq.

The test zone data is at: http://www.nnsquad.org/dns-test-zone-output.txt. Compare the IP addresses in your output with what you find here.

Weinstein’s test has been online since March 2008. I only just discovered it. Hey, you learn something new everyday!

Leave a Comment » | Security | Tagged: , | Permalink
Posted by Maddog

Real-world security

March 31, 2008

hacktop.jpgMany people who know or care about computer security probably won’t be surprised to hear claims that Linux or BSD is generally more secure than Windows. That conventional wisdom seems to have been confirmed yet again by the results of a hacking challenge last March 28, Friday, at the CanSecWest 2008 conference. This was reported in the InfoWorld article, “With Vista breached, Linux remains unbeaten in hacking contest“:

Earlier this week, contest sponsors had put three laptops up for grabs to anyone who could hack into one of the systems and run their own software. A $20,000 cash prize sweetened the deal, but the payout was halved each day as contest rules were relaxed and it became easier to penetrate the computers.

On day two, Independent Security Evaluators’ Charlie Miller took the Mac after hitting it with a still-undisclosed exploit that targeted the Safari Web browser. After about two minutes work, Thursday, Miller took home $10,000, courtesy of 3Com’s TippingPoint division, in addition to his new laptop.

It took two days of work, but Shane Macaulay, finally cracked the Vista box on Friday, with a little help from his friends.

Macaulay, who was a co-winner of last year’s hacking contest, needed a few hacking tricks courtesy of VMware researcher Alexander Sotirov to make his bug work. That’s because Macaulay hadn’t been expecting to attack the Service Pack 1 version of Vista, which comes with additional security measures. He also got a little help from co-worker Derek Callaway.

Read the rest of this entry »

1 Comment | FOSS, Security | Permalink
Posted by Maddog

Follow

Get every new post delivered to your Inbox.