February 25, 2014 archive

TDYR #111 – New Report Out About Protecting Against DDoS Attacks On DNS

How can we best protect the Domain Name System (DNS) against distributed denial of service (DDoS) attacks? There's a new report from ICANN's SSAC on this issue: http://www.internetsociety.org/deploy360/blog/2014/02/ssac-issues-new-report-on-ddos-attacks-against-dns/

What Devices And Software Support The Opus Audio Codec? Here Is A List

Opus codec logoWhat devices support the Opus audio codec? What softphones? hardphones? call servers? Obviously given that Opus is the "mandatory to implement" audio codec for WebRTC, it will be in many web browsers... but what other I was asked this question by a colleague recently and when I couldn't easily find a list on the Opus codec web site, I turned to the VUC community inside of Google+ and posted there. The great folks there naturally were a huge help, and quickly came up with this list:

UPDATE: No sooner had I hit "Publish" then I discovered that Wikipedia has a list of devices and software supporting the Opus codec. As that list is much longer than this one below, I'd encourage you to look at that list.

What other devices or software supports the Opus codec? (Or what other lists are out there listing devices supporting the Opus codec?) Please do let me know either by comments here or on social media.

Thanks!

P.S. If you don't understand WHY the Opus codec matters so much, please read my earlier post on this topic.


If you found this post interesting or useful, please consider either:


SSAC Issues New Report On DDoS Attacks Against DNS

SSAC logoWhat can be done to prevent Distributed Denial of Service (DDoS) attacks against the DNS infrastructure? What can individuals or organizations who operate DNS servers do to their own systems to help reduce the threat of DDoS attacks?   ICANN’s Security and Stability Advisory Committee (SSAC) took on this issue recently and released a new report this week: “SAC065: SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure“.  It is available as a free PDF download in English.

While the report is not about DNSSEC, per se, it is about the overall issue of “DNS security” and outlines steps that can be taken to reduce the potential of DNS-based DDoS attacks.  This is critical if we are to get DNSSEC more widely deployed because there are some DNS server operators who have pushed back about DNSSEC citing concerns about the larger size of DNSSEC packets could help amplify DDoS attacks.

The recommendations for the industry include the following (with the report providing more detail on each):

Recommendation 2: All types of network operators should take immediate steps to prevent network address spoofing.

Recommendation 3: Recursive DNS server operators should take immediate steps to secure open recursive DNS servers.

Recommendation 4: Authoritative DNS server operators should investigate deploying authoritative response rate limiting.

Recommendation 5: DNS operators should put in place operational processes to ensure that their DNS software is regularly updated and communicate with their software vendors to keep abreast of latest developments.

Recommendation 6: Manufacturers and/or configurators of customer premise networking equipment, including home networking equipment, should take immediate steps to secure these devices and ensure that they are field upgradable when new software is available to fix security vulnerabilities, and aggressively replacing the installed base of non-upgradeable devices with upgradeable devices.

We agree with those recommendations and definitely encourage people to read the SSAC report and implement as many recommendations as possible.

Working together we can make the Internet more secure!