Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Feb 09
IPv6 Time Servers (NTP)
Setting the time on computers and other Internet-connected devices is critical. As we move to IPv6, there needs to be access to Network Time Protocol (NTP) servers available over IPv6. The following time servers are known to work over IPv6.
NTP Host Name | Comments |
|---|---|
| 2.pool.ntp.org | The NTP Pool Project provides a global, decentralized network of time servers. Using the NTP pool is relatively straightforward however only "2.pool.ntp.org" is available over IPv6. |
| ntp.eu.sixxs.net ntp.us.sixxs.net ntp.ap.sixxs.net | The SixXS project makes their time servers available over both IPv4 and IPv6. |
| ntp6a.rollernet.us ntp6b.rollernet.us | Roller Network has publicly made two time servers available over IPv6. |
We would like to make this list as comprehensive as possible. If you know of additional NTP time servers available over IPv6 that we should include here, please leave a comment or send us a message.
Feb 08
TDYR #094 – The Extremely Cool Thing About Youth Curling Bonspiels Is …
TDYR #094 - The Extremely Cool Thing About Youth Curling Bonspiels Is ... by Dan York
Feb 08
Weekend Project: Test Out New DNSSEC Support In Dnsmasq
If you run your own small network and are comfortable working with Linux, Android, *BSD, Solaris or Mac OS X, here’s a great way you could help advance DNSSEC: Simon Kelley is looking for people to test the new DNSSEC functionality he included in his latest development version of dnsmasq.
If you are not familiar with dnsmasq, it is a DNS fowarder and DHCP server that is already included in many versions of Linux, including Debian, Suse, Fedora, Gentoo and others. From the dnsmasq website:
Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.
Dnsmasq is targeted at home networks using NAT and connected to the internet via a modem, cable-modem or ADSL connection but would be a good choice for any smallish network (up to 1000 clients is known to work) where low resource use and ease of configuration are important.
If you have a bit of time and could help Simon out with some testing, he would greatly appreciate it – and if this can mean that we’ll be able to get DNSSEC validation happening out in so many more distributions of Linux that would be a great win for making the Internet more secure!
Please read Simon’s message and you may also want to scan the email thread to see if there are any more updates or issues found.
Kudos to Simon for making this happen – and also to Comcast for providing enough funding that Simon was able to work on this full-time for a bit to get it working.
Feb 07
TDYR #093 – A Great Afternoon Of Skiing, And The Sounds Of Skiing
A quick episode recorded on a ski lift and also while skiing (if you hang on to the end after I "ended" the episode).
Feb 07
Great Video About The Sport Of Curling In Petersham, MA!
Recently WWLP-TV22 recorded a great video segment about curling at the Petersham Curling Club as part of their “Mass Appeal” show. The video gives a great overview of the sport of curling and shows how open the sport is to anyone to participate. (And if you are interested in trying out curling yourself, the Petersham Curling Club has open houses about curling coming up on February 8, 16 and 20!)
And if you think this looks like a great kind of club to have in Keene, please sign up to help us! (And please read our vision of what we are trying to do.)
Feb 07
Great Video About The Sport Of Curling In Petersham, MA!
Recently WWLP-TV22 recorded a great video segment about curling at the Petersham Curling Club as part of their “Mass Appeal” show. The video gives a great overview of the sport of curling and shows how open the sport is to anyone to participate. (And if you are interested in trying out curling yourself, the Petersham Curling Club has open houses about curling coming up on February 8, 16 and 20!)
And if you think this looks like a great kind of club to have in Keene, please sign up to help us! (And please read our vision of what we are trying to do.)
Feb 07
BGP Hijacking In Iceland And Belarus Shows Increased Need for BGP Security
Want to understand better why we need to secure the Border Gateway Protocol (BGP) to make the Internet’s routing infrastructure more secure? Just read this article on Wired’s site, “Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet“, or the corresponding post on the Renesys blog, “The New Threat: Targeted Internet Traffic Misdirection“. The key point is that attackers are abusing BGP to hijack the routing of traffic off to a another network - but without the end-user having any clue that their traffic was diverted. As noted by Jim Cowie on the Renesys blog:
What makes a Man-in-the-Middle routing attack different from a simple route hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient. The attackers keep at least one outbound path clean. After they receive and inspect the victim’s traffic, they release it right back onto the Internet, and the clean path delivers it to its intended destination. If the hijacker is in a plausible geographic location between the victim and its counterparties, they should not even notice the increase in latency that results from the interception. It’s possible to drag specific Internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way. Who needs fiberoptic taps?
He goes on to illustrate with an example where traffic was diverted to an ISP in Belarus:
In February 2013, we observed a sequence of events, lasting from just a few minutes to several hours in duration, in which global traffic was redirected to Belarusian ISP GlobalOneBel. These redirections took place on an almost daily basis throughout February, with the set of victim networks changing daily. Victims whose traffic was diverted varied by day, and included major financial institutions, governments, and network service providers. Affected countries included the US, South Korea, Germany, the Czech Republic, Lithuania, Libya, and Iran.
The article shows several graphical examples of how the network traffic was routed though the Belarusian ISP, such as this one:
The Renesys blog post goes on to show examples from a second series of incidents related to an ISP in Iceland, including one where traffic from one network in Denver, Colorado, went to another network in Denver… by way of Iceland!
As both the Wired article and the Renesys post say, the attackers behind these attacks have not yet been identified, and may well never be. This kind of attack, though, is being seen on an increased basis.
This is why we’ve opened up our new topic area on Securing BGP. We collectively need to all work together to make the Internet’s routing infrastructure more secure and more resilient against these type of attacks. We’ll be working over the months ahead to add more content to this site – and we could use your help finding or writing items on our “Securing BGP Content Roadmap”. If you operate a network router, we would also encourage you to join our Routing Resiliency Survey so that we can help in the effort to collect data about what kind of BGP attacks are being seen.
We need to prevent these type of hijackings from happening – and we need your help to do so!
Feb 06
TDYR #092 – With Sochi Olympics, NBC Once Again Fails Americans Who Cut The Cable TV Cord
Sadly, NBC has once again failed Americans who are "cord-cutters" by restricting the live coverage of the Sochi 2014 Winter Olympics to only people with cable/satellite TV subscriptions. Although their App Store app claims that you can watch live feeds from the Olympics for free, it turns out that you have to sign in or you are limited to only a few minutes of viewing each day. There is no option to purchase an Olympics package or anything like that. Instead, we who have cut the cord will need to find other ways to watch the Olympics... and we will. Perhaps some day NBC will adjust their business model - but that day is not today.
Feb 05
TDYR #091 – Oh, How The English Language Evolves – 3 Words That Amused Me Today
Oh, how the English language evolves... as a writer and lover of language I am always fascinated by how we change our language. Tonight I talk about three words that amused me today: operationalize, granularize and remoted... with a fourth thrown in at the end.
Feb 05
Comcast’s Speedtest Now Breaks Out IPv6 Speed Vs IPv4 Speed
A tip from John Jason Brzowski let us know that Comcast’s Internet speed test at speedtest.comcast.net now performs speed tests over both IPv6 and IPv4 and shows you the results separately. This is a public test that anyone can use, regardless of whether you are a Comcast customer or not. Perhaps obviously, for the IPv6 test to work you need to either have native IPv6 connectivity from your ISP or you need to have an IPv6 tunnel for your network. Without that you’ll just get a regular old IPv4 test.
Naturally I had to try this out and was quite pleased with the results. I am NOT a Comcast customer so the results are for another ISP. I do have native IPv6 connectivity so this was not tunneled traffic. Here was my test yesterday with the closest geographic server (which may or may not relate to network proximity – I didn’t do much checking on that):
Of course I was pleased that IPv6 was faster! I assume this probably had to do with more congestion on the IPv4 network at the precise time I did the test. As you’ll see below, IPv6 was not always faster.
For those familiar with these type of speed tests, the test performed two separate upload and download cycles for IPv4 and IPv6. As you can see from the center of the image a cool feature is that you can get a link to an image that you can then share out to social networks or use in other places. For example, here is the link to my image:
Now, of course I had to try this multiple times during yesterday to see how the results varied – and as is true with pretty much all of these speedtest sites the results DID vary widely. Some of the results included:
I tried other servers in other parts of the US and had similar types of variation.
And then to my amusement I tried the test today shortly before writing this post and found that my speed has degraded significantly. Two results from Boston and one from the New Jersey server:
Just to check I tried a couple of other speed test sites and they provided similar results today. Now the explanation for this drop in my own bandwidth is probably pretty simple.
Snow.
Today we’re experiencing a major snowstorm here in New Hampshire (and all of the northeast USA) and so all the schools are closed and many kids are at home along with parents who need to be home with them. So people are undoubtedly streaming more movies, playing more online games and just consuming much more online bandwidth than they usually do during the day. My Internet connection is through my local cable provider… so it’s shared through my neighborhood, and so there we are. Tomorrow when everyone goes back to school my daytime speed should increase! 🙂
All comments about snow aside, this is very cool for Comcast to break out the speeds by protocol this way. They are of course NOT the only speed test out there that does this. Other IPv6 vs IPv4 speed tests include sites such as http://ipv6-test.com/speedtest/ and http://www.speedtest6.com/
Congrats to the team at Comcast for making this available!
P.S. I’d note that Comcast has to be collecting some fascinating measurements out of this effort because they are gathering test results from not only their own customers but also from all of their competitor’s customers who use this test site. They can then come up with statistics and metrics about the performance of those competitor networks. A rather brilliant move by someone within Comcast! Now… what would be great for the larger Internet community would be if they could also find some way to perhaps expose some aggregated level of information about what they are are seeing in terms of IPv6 performance across the range of ISPs from people using the site… maybe a topic for a presentation by someone at Comcast at a future event? (Hint, hint…)
The post Comcast’s Speedtest Now Breaks Out IPv6 Speed Vs IPv4 Speed appeared first on Internet Society.
