SlideShare a Scribd company logo

Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Keynotes]

APNIC
APNIC

Source Address Validation Everywhere, by Paul Vixie. A presentation given at APNIC 38 during the Technical Keynotes session.

Internet
1 of 11
Source Address ValidationEverywhere Paul Vixie, CEO FarsightSecurity 2014-09-15
The Year 2002’s Biggest Problem? •“The most common attack on Internet hosts or infrastructure at the time of this writing is to cause the receipt of too much traffic, consuming all available resources on a victim's host or Internet connection. This is often called a "Denial of Service" (DoS) attack.” –ICANN SSAC SAC004, P. Vixie, October 2002 •(After RFC2267, P. Ferguson, D. Senie, January 1998) © 2014 Farsight Security, Inc.
Spoofed Source Attacks Internet target attacker reflector Srcaddr: (target) Dstaddr: (target) © 2014 Farsight Security, Inc.
Hopeless Trends •No incentive for up-front security engineering •No incentive for network output monitoring •Oft heard complaint: –“I’d be making all of the investment, but my competitors would be gettingall of the benefit.” •This is the “chemical polluter” business model –Externalized costs are downstream © 2014 Farsight Security, Inc.
Hopeful Sign: DNS RRL © 2014 Farsight Security, Inc.
Ode to David Isenberg •Rise of the Stupid Network, 1997: –“Why the Intelligent Network was once a good idea, but isn't anymore. One telephone company nerd's odd perspective on the changing value proposition” •David was right. We needed to innovate at the edge, and the core had to be assumption-free. •So, the core is stupid –like it has to be –But, so is the edge, which it must not be © 2014 Farsight Security, Inc.
So, Edge Device Quality? •Marketing & sales beats quality every time –Anybody can connect anything •QA budget shrinks at scale; only TTM matters –QA for a automobile tech: maybe $100/unit –QA for a Smart Phone: maybe $3/unit –QA for a CPE (cable/dsl/wireless): maybe $1/unit –QA for an embedded IoTdevice: maybe 5₵/unit •Note: 5₵/unit would be enough, iffup front © 2014 Farsight Security, Inc.
TCP Listeners as DDoSAmplifiers •TCP SYN occupies one octet of sequence space –TCP SYN+ACK, likewise –This requiredby TCP –TCP is requiredby the Internet •TCP requires retransmission until ACK –Including the SYN, and the SYN+ACK •So, every TCP listener is a 3x..20x amplifier –Problematic, even when not sent back-to-back © 2014 Farsight Security, Inc.
Technical Remediation •Near-end bandaids –Statefulrate limiting (e.g., DNS RRL) –Maybe TCP should only re-xmitwhen synch’ed? –Something’s got to be done about ICMP –…and about NTP and all other UDP protocols •Far-end solutions are far cheaper overall –Source Address Validation Everywhere (SAVE) –Make it the default; exceptions for multihoming © 2014 Farsight Security, Inc.
Nontechnical Remediation •Disrupt nation-state backed attackers –Some countries have earned Internet isolation •Increase compliance burden for device mfrs –Set a floor on quality and thus the QA budget •Increase compliance burden for ISP’s, telcos –Source Address Validation may have to be law •Consider Dan Geer’s recent proposal –A non-patchable embedded device would expire © 2014 Farsight Security, Inc.
Thank you! Questions?

Recommended

Some thoughts on IoT, HKNOG 4.0
Some thoughts on IoT, HKNOG 4.0Some thoughts on IoT, HKNOG 4.0
Some thoughts on IoT, HKNOG 4.0
APNIC
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of Things
APNIC
 
IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech
Jisc
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
Olle E Johansson
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
APNIC
 
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 TransitionION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
Deploy360 Programme (Internet Society)
 

Recommended

Some thoughts on IoT, HKNOG 4.0
Some thoughts on IoT, HKNOG 4.0Some thoughts on IoT, HKNOG 4.0
Some thoughts on IoT, HKNOG 4.0
APNIC
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of Things
APNIC
 
IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech
Jisc
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
Olle E Johansson
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
Rochester Security Summit
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
 
IPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for MobilesIPv6 - A Real World Deployment for Mobiles
IPv6 - A Real World Deployment for Mobiles
APNIC
 
ION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 TransitionION Malta - Seeweb Thoughts on IPv6 Transition
ION Malta - Seeweb Thoughts on IPv6 Transition
Deploy360 Programme (Internet Society)
 
Slides from Introduction to IPv6
Slides from Introduction to IPv6Slides from Introduction to IPv6
Slides from Introduction to IPv6
Cyren, Inc
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWAN
Chris Herbert
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
APNIC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
RIPE Meetings
 
IPv6 and IoT
IPv6 and IoTIPv6 and IoT
IPv6 and IoT
APNIC
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
APNIC
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
Corero Network Security
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
MyNOG
 
Deploying IPv6 Technology
Deploying IPv6 TechnologyDeploying IPv6 Technology
Deploying IPv6 Technology
iosrjce
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
 
Geir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalGeir Making the leap to ipv6 final
Geir Making the leap to ipv6 final
IPv6no
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
Deron Grzetich, CISSP, CISM, GCIH
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
HarikaReddy115
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access Networks
APNIC
 
Core Values Decision Sept
Core Values Decision SeptCore Values Decision Sept
Core Values Decision Sept
Computer_Forensic
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
Internet Society
 
IPv6 Deployment Status, Asia Pacific
IPv6 Deployment Status, Asia PacificIPv6 Deployment Status, Asia Pacific
IPv6 Deployment Status, Asia Pacific
APNIC
 
APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC Update- PITA Member Meeting, Honolulu, 2015APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC
 

More Related Content

What's hot

Slides from Introduction to IPv6
Slides from Introduction to IPv6Slides from Introduction to IPv6
Slides from Introduction to IPv6
Cyren, Inc
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWAN
Chris Herbert
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
APNIC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
RIPE Meetings
 
IPv6 and IoT
IPv6 and IoTIPv6 and IoT
IPv6 and IoT
APNIC
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
APNIC
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
Corero Network Security
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
MyNOG
 
Deploying IPv6 Technology
Deploying IPv6 TechnologyDeploying IPv6 Technology
Deploying IPv6 Technology
iosrjce
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
 
Geir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalGeir Making the leap to ipv6 final
Geir Making the leap to ipv6 final
IPv6no
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
Deron Grzetich, CISSP, CISM, GCIH
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
HarikaReddy115
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access Networks
APNIC
 
Core Values Decision Sept
Core Values Decision SeptCore Values Decision Sept
Core Values Decision Sept
Computer_Forensic
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
Internet Society
 

What's hot (20)

Slides from Introduction to IPv6
Slides from Introduction to IPv6Slides from Introduction to IPv6
Slides from Introduction to IPv6
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWAN
 
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
Source Address Validation Everywhere, by Paul Vixie [APNIC 38 - Technical Key...
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
 
IPv6 and IoT
IPv6 and IoTIPv6 and IoT
IPv6 and IoT
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
 
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony TeoThe Stakes Have Changed – The Changing Security Landscape by Tony Teo
The Stakes Have Changed – The Changing Security Landscape by Tony Teo
 
Deploying IPv6 Technology
Deploying IPv6 TechnologyDeploying IPv6 Technology
Deploying IPv6 Technology
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
Geir Making the leap to ipv6 final
Geir Making the leap to ipv6 finalGeir Making the leap to ipv6 final
Geir Making the leap to ipv6 final
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
 
Ipv6 tutorial
Ipv6 tutorialIpv6 tutorial
Ipv6 tutorial
 
IPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access NetworksIPv6 Deployment Architecture for Broadband Access Networks
IPv6 Deployment Architecture for Broadband Access Networks
 
Core Values Decision Sept
Core Values Decision SeptCore Values Decision Sept
Core Values Decision Sept
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
IPv6 @ Cloudflare
IPv6 @ CloudflareIPv6 @ Cloudflare
IPv6 @ Cloudflare
 

Viewers also liked

IPv6 Deployment Status, Asia Pacific
IPv6 Deployment Status, Asia PacificIPv6 Deployment Status, Asia Pacific
IPv6 Deployment Status, Asia Pacific
APNIC
 
APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC Update- PITA Member Meeting, Honolulu, 2015APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC
 
Internet number resources - what's new?
Internet number resources - what's new?Internet number resources - what's new?
Internet number resources - what's new?
APNIC
 
How the Internet works...and why
How the Internet works...and whyHow the Internet works...and why
How the Internet works...and why
APNIC
 
Universal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readinessUniversal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readiness
APNIC
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User
APNIC
 
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]
APNIC
 
APNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC Update @ ARM, Mongolia
APNIC Update @ ARM, Mongolia
APNIC
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?
APNIC
 
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Siena Perry
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
APNIC
 
AFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateAFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC Update
Robbie Mitchell
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
APNIC
 
APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35
APNIC
 
RightsCon 2015: IPv6 for n00bs
RightsCon 2015: IPv6 for n00bsRightsCon 2015: IPv6 for n00bs
RightsCon 2015: IPv6 for n00bs
APNIC
 
APNIC Update for ARIN 35
APNIC Update for ARIN 35APNIC Update for ARIN 35
APNIC Update for ARIN 35
APNIC
 
Route Origin Authorization (ROA) using RPKI, PhNOG, Philippines
Route Origin Authorization (ROA) using RPKI, PhNOG, PhilippinesRoute Origin Authorization (ROA) using RPKI, PhNOG, Philippines
Route Origin Authorization (ROA) using RPKI, PhNOG, Philippines
APNIC
 
How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaion
APNIC
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesia
APNIC
 
APNIC Update- AusNOG 2014
APNIC Update- AusNOG 2014APNIC Update- AusNOG 2014
APNIC Update- AusNOG 2014
APNIC
 

Viewers also liked (20)

IPv6 Deployment Status, Asia Pacific
IPv6 Deployment Status, Asia PacificIPv6 Deployment Status, Asia Pacific
IPv6 Deployment Status, Asia Pacific
 
APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC Update- PITA Member Meeting, Honolulu, 2015APNIC Update- PITA Member Meeting, Honolulu, 2015
APNIC Update- PITA Member Meeting, Honolulu, 2015
 
Internet number resources - what's new?
Internet number resources - what's new?Internet number resources - what's new?
Internet number resources - what's new?
 
How the Internet works...and why
How the Internet works...and whyHow the Internet works...and why
How the Internet works...and why
 
Universal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readinessUniversal Acceptance: APNIC system readiness
Universal Acceptance: APNIC system readiness
 
Measuring the End User
Measuring the End User Measuring the End User
Measuring the End User
 
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]
NTT-CERT Activities by Yoshiki Sugiura [APRICOT 2015]
 
APNIC Update @ ARM, Mongolia
APNIC Update @ ARM, MongoliaAPNIC Update @ ARM, Mongolia
APNIC Update @ ARM, Mongolia
 
IANA: Who, What, Why?
IANA: Who, What, Why?IANA: Who, What, Why?
IANA: Who, What, Why?
 
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
 
IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4IPv4 transfer presentation, SGNOG4
IPv4 transfer presentation, SGNOG4
 
AFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC UpdateAFRINIC 24 - APNIC Update
AFRINIC 24 - APNIC Update
 
Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27Community tools to fight against DDoS, SANOG 27
Community tools to fight against DDoS, SANOG 27
 
APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35APNIC Policy Documentation - APNIC 35
APNIC Policy Documentation - APNIC 35
 
RightsCon 2015: IPv6 for n00bs
RightsCon 2015: IPv6 for n00bsRightsCon 2015: IPv6 for n00bs
RightsCon 2015: IPv6 for n00bs
 
APNIC Update for ARIN 35
APNIC Update for ARIN 35APNIC Update for ARIN 35
APNIC Update for ARIN 35
 
Route Origin Authorization (ROA) using RPKI, PhNOG, Philippines
Route Origin Authorization (ROA) using RPKI, PhNOG, PhilippinesRoute Origin Authorization (ROA) using RPKI, PhNOG, Philippines
Route Origin Authorization (ROA) using RPKI, PhNOG, Philippines
 
How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaion
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesia
 
APNIC Update- AusNOG 2014
APNIC Update- AusNOG 2014APNIC Update- AusNOG 2014
APNIC Update- AusNOG 2014
 

Similar to Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Keynotes]

Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
Gerardo Pardo-Castellote
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Imperva Incapsula
 
Applied VoIP Security
Applied VoIP Security Applied VoIP Security
Applied VoIP Security
Asterisk Community
 
Top 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeTop 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison lee
Aruba, a Hewlett Packard Enterprise company
 
DDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShieldDDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShield
Sam Pickles
 
VoIP Monitoring and Troubleshooting
VoIP Monitoring and TroubleshootingVoIP Monitoring and Troubleshooting
VoIP Monitoring and Troubleshooting
ThousandEyes
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
Netpluz Asia Pte Ltd
 
Cyber-Security Product
Cyber-Security ProductCyber-Security Product
Cyber-Security Product
Ali Hamieh
 
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocenceCisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Canada
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Jeroen Wijdogen (Akamai) | TU - Hacks & AttacksJeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Media Perspectives
 
NSA Capstone Presentation
NSA Capstone PresentationNSA Capstone Presentation
NSA Capstone Presentation
Minh Vu
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
Cloudflare
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
Imperva Incapsula
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
Bangladesh Network Operators Group
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
Imperva Incapsula
 
Gathering of State Networks
Gathering of State NetworksGathering of State Networks
Gathering of State Networks
Videoguy
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
 

Similar to Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Keynotes] (20)

Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
 
Applied VoIP Security
Applied VoIP Security Applied VoIP Security
Applied VoIP Security
 
Top 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeTop 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison lee
 
DDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShieldDDoS Mitigation on the Front Line with RedShield
DDoS Mitigation on the Front Line with RedShield
 
VoIP Monitoring and Troubleshooting
VoIP Monitoring and TroubleshootingVoIP Monitoring and Troubleshooting
VoIP Monitoring and Troubleshooting
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
 
Cyber-Security Product
Cyber-Security ProductCyber-Security Product
Cyber-Security Product
 
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocenceCisco Connect Ottawa 2018 dna assurance shortest path to network innocence
Cisco Connect Ottawa 2018 dna assurance shortest path to network innocence
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Jeroen Wijdogen (Akamai) | TU - Hacks & AttacksJeroen Wijdogen (Akamai) | TU - Hacks & Attacks
Jeroen Wijdogen (Akamai) | TU - Hacks & Attacks
 
NSA Capstone Presentation
NSA Capstone PresentationNSA Capstone Presentation
NSA Capstone Presentation
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
How to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart RoutingHow to Reduce Latency with Cloudflare Argo Smart Routing
How to Reduce Latency with Cloudflare Argo Smart Routing
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
 
Gathering of State Networks
Gathering of State NetworksGathering of State Networks
Gathering of State Networks
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 

More from APNIC

Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
APNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
APNIC
 

More from APNIC (20)

Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27APNIC Updates presented by Paul Wilson at CaribNOG 27
APNIC Updates presented by Paul Wilson at CaribNOG 27
 
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 

Recently uploaded

Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 

Recently uploaded (16)

Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 

Source Address Validation Everywhere, by Paul Vixie [APNIC 38 / Technical Keynotes]

  • 1. Source Address ValidationEverywhere Paul Vixie, CEO FarsightSecurity 2014-09-15
  • 2. The Year 2002’s Biggest Problem? •“The most common attack on Internet hosts or infrastructure at the time of this writing is to cause the receipt of too much traffic, consuming all available resources on a victim's host or Internet connection. This is often called a "Denial of Service" (DoS) attack.” –ICANN SSAC SAC004, P. Vixie, October 2002 •(After RFC2267, P. Ferguson, D. Senie, January 1998) © 2014 Farsight Security, Inc.
  • 3. Spoofed Source Attacks Internet target attacker reflector Srcaddr: (target) Dstaddr: (target) © 2014 Farsight Security, Inc.
  • 4. Hopeless Trends •No incentive for up-front security engineering •No incentive for network output monitoring •Oft heard complaint: –“I’d be making all of the investment, but my competitors would be gettingall of the benefit.” •This is the “chemical polluter” business model –Externalized costs are downstream © 2014 Farsight Security, Inc.
  • 5. Hopeful Sign: DNS RRL © 2014 Farsight Security, Inc.
  • 6. Ode to David Isenberg •Rise of the Stupid Network, 1997: –“Why the Intelligent Network was once a good idea, but isn't anymore. One telephone company nerd's odd perspective on the changing value proposition” •David was right. We needed to innovate at the edge, and the core had to be assumption-free. •So, the core is stupid –like it has to be –But, so is the edge, which it must not be © 2014 Farsight Security, Inc.
  • 7. So, Edge Device Quality? •Marketing & sales beats quality every time –Anybody can connect anything •QA budget shrinks at scale; only TTM matters –QA for a automobile tech: maybe $100/unit –QA for a Smart Phone: maybe $3/unit –QA for a CPE (cable/dsl/wireless): maybe $1/unit –QA for an embedded IoTdevice: maybe 5₵/unit •Note: 5₵/unit would be enough, iffup front © 2014 Farsight Security, Inc.
  • 8. TCP Listeners as DDoSAmplifiers •TCP SYN occupies one octet of sequence space –TCP SYN+ACK, likewise –This requiredby TCP –TCP is requiredby the Internet •TCP requires retransmission until ACK –Including the SYN, and the SYN+ACK •So, every TCP listener is a 3x..20x amplifier –Problematic, even when not sent back-to-back © 2014 Farsight Security, Inc.
  • 9. Technical Remediation •Near-end bandaids –Statefulrate limiting (e.g., DNS RRL) –Maybe TCP should only re-xmitwhen synch’ed? –Something’s got to be done about ICMP –…and about NTP and all other UDP protocols •Far-end solutions are far cheaper overall –Source Address Validation Everywhere (SAVE) –Make it the default; exceptions for multihoming © 2014 Farsight Security, Inc.
  • 10. Nontechnical Remediation •Disrupt nation-state backed attackers –Some countries have earned Internet isolation •Increase compliance burden for device mfrs –Set a floor on quality and thus the QA budget •Increase compliance burden for ISP’s, telcos –Source Address Validation may have to be law •Consider Dan Geer’s recent proposal –A non-patchable embedded device would expire © 2014 Farsight Security, Inc.