Telecomms: May 2007 Archives
3C a UK start up has launched an authoritative DNS server that is capable of handling 1 million DNS queries per second per CPU. The product comes in a 1U case and contains two completely separate servers, which provides up to four gigabit Ethernet ports to handle DNS traffic.
The high rate of performance is capable due to the companies proprietary network stack. This network stack is being marketed as a High Performance Network Stack or HPNS. 3C developed the stack so as to add performance to applications such as VoIP, media streaming and DNS. These receive and transmit large numbers of small packets, which is the worst case for most operating systems, and which require context switches from user-mode to kernel and back again for each packet sent or received. According to 3C, HPNS cuts this overhead to a minimum, allowing much higher performance than conventional network stacks.
I am used to reading tabloid headlines about security and the internet. IPv6 has now become the latest victim to this particular type of sensationalist journalism. The Register reports on a potential flaw in IPv6 which if we are to believe could mean the end of the world.
IPv6 supports an extension header concept called the Type 0 Routing Header (RH0), which allows computers to tell IPv6 routers to send data by a specific route. My 3rd year datacomms students would tell you that this is known as strict source routing it is also supported in IPv4 in the TOS field of the header.
So what's the fuss about? Well during a presentation at the CanSecWest conference on 18 April, researchers Philippe Biondi and Arnaud Ebalard pointed out that RH0 support allows attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80.
"In rough terms, it makes everything we thought was bad, a thousand times worse," Paul Vixie, president of the Internet Systems Consortium, said in an email interview with SecurityFocus. "It can be exploited by any greedy Estonian teenager with a $300 Linux machine."
Now this is bad piece of PR on several fronts, a basic networking property is being hyped and Estonia is being bashed.
Could a greedy capitalistic American Kid attempt this?
Is Paul Vixie stating that only the Estonians have the ability to use IPv6?
Well I have news for you Paul, you better add Irish graduates to your list of potential list of IPv6 network hackers as they know how it functions.
