CircleID

Hello World

2012-05-25T08:41:00-08:00

I've been threatening to blog for several years now. I can't recall for how many years I've left the threat open, but hopefully you'll understand given the title of this piece, that I'm prone to senior moments.

For the past two years I've been immersed in Internet Governance, an area I knew precious little about before being tossed into the deep end of the pool. Fortunately my previous employer, Sun Microsystems, encouraged me to participate at various Internet standards organizations so I knew a bit about cat herding, a common link between Internet standards and governance.

My current employer, PayPal (eBay), recognizes the importance of cat herding, and has formed a group that I am fortunate to be part of, that specializes in Internet Standards and Governance. We "volunteer" our time, expertise, and experience at various Internet fora with the goal of enhancing security without sacrificing privacy and to ensure that the Internet remains open, transparent, and generative; attributes that contributed to our success and we believe will afford others the opportunity to succeed as well.

Given that I've avoided delivering on my blogging threat for some time now, why would I choose this particular moment to begin expressing myself publicly? My reasons largely relate to the work I am engaged in and the import and timing of certain events in the coming months. (Hubris is a factor as well no doubt.) One item high on my list is the preparations for the 2012 World Conference on International Telecommunications (WCIT), scheduled for 3-14 December in Dubai.

A this inaugural event, Member States of the International Telecommunications Union (ITU) will consider a review of the International Telecommunications Regulations (ITRs), a treaty-level instrument signed by 178 countries. The ITRs were last revised nearly a quarter century ago, in 1988. Much has changed in the ensuing years with some significant positive change arguably directly attributed to implementation of the 1988 ITRs.

A review of, and possible changes to the ITRs is a reasonable undertaking with the proviso that benefits are retained and hindrances avoided. This is especially true given that the ITU and some Member States, in my view, would like to expand the remit of the ITU to include regulation of the Internet through changes to the ITRs. This regulation has been called "light touch" with the implication that light touch would ensure benefit or at least minimize harm.

What is missing from the argument in favor of Internet regulation, is a definitive list of the chronic problems that persist despite repeated attempts to solve them by different means. Also absent, is recognition or admission that regulation, light touch or otherwise, could have a chilling effect on the compelling social and economic benefits of the Internet. Finally, one of the arguments in favor of regulation, that the Internet is widely available, should give proponents pause. Even a light touch, when applied across the breadth of the Internet could have long-lasting, far-reaching, and possibly unintended consequences, which can be unpleasant. Consequences at scale can be very unpleasant and I hope can be avoided.

Hope is amongst my reasons for breaking my blogging silence. I sincerely hope that we can avoid the law of unintended consequences and I believe the best way to do that is for all interested parties to be aware of the potential for change from what many might consider an obscure conference on telecommunications.

I plan on providing updates on preparations for the WCIT and other Internet Governance topics on a regular basis.

Written by Bill Smith, Sr. Policy Advisor, Technology Evangelist at PayPal

Follow CircleID on Twitter

More under: Internet Governance

The Antivirus Uncertainty Principle

2012-05-24T10:49:00-08:00

The antivirus industry has been trying to deal with false positive detection issues for a long, long time — and it's not going to be fixed anytime soon. To better understand why, the physicist in me draws an analogy with Heisenberg's Uncertainty Principle — where, in its simplest distillation, the better you know where an atom is, the less likely you'll know it's momentum (and vice versa) — aka the "observer effect”. In the malware detection world, the more positive you are that something is malware, the less likely you'll catch other malware. And the reverse of that, the better you are at detecting a spectrum of malware, the less positive you will be that it is malware.

If that particular geek-flash doesn't make sense to you, let me offer you this alternative insight then. The highest fidelity malware detection system is going to be signature based. The more exacting the signature (which optimally would be a unique hash value for a particular file), the greater the precision in detecting a particular malicious file — however, the precision of the signature means that other malicious files that don't meet the exacting rule of the signature will slip by. On the other hand, a set of behaviors that together could label a binary file as malicious is less exacting, but able to detect a broader spectrum of malware. The price for that flexibility and increased capability of detecting bad stuff comes at the cost of an increased probability of false positive detections.

In physics there's a variable — ?, the reduced Planck constant — that acts a bit like the fulcrum of a teeter-totter ("seesaw" for the non-American rest-of-the-world); it's also a fundamental constant of our universe — like the speed of light. In the antivirus world of Uncertainty Principles the fulcrum isn't a universal constant, instead you could probably argue that it's a function of cash. The more money you throw at the uncertainty problem, the more gravity-defying the teeter-totter would appear to become.

That may all sound a little discomforting. Yes, the more capable your antivirus detection technologies are in detecting malware, the more frequently false positives will crop up. But you should also bear in mind that, in general, the overall percentage of false positives tends to go down (if everyone is doing things properly). What does that mean in reality? If you're rarely encountering false positives with your existing antivirus defenses, you're almost certainly missing a whole lot of maliciousness. It would be nice to say that if you're getting a whole lot of false positives you must, by corollary, be detecting (and stopping) a shed-load of malware — but I don't think that's always the case; it may be because you're just doing it wrong. Or, as the French would say — C'est la vie.

Written by Gunter Ollmann, VP of Research at Damballa

Follow CircleID on Twitter

More under: Malware, Security

Google Notifying Half a Million Users Affected By DNSChanger

2012-05-23T11:19:00-08:00

Google has announced that it has started undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. "After successfully alerting a million users last summer to a different type of malware, we've replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices."

Google starts showing DNSChanger warnings via a special message.

Follow CircleID on Twitter

More under: DNS, DNS Security, Malware, Security, Web

Eugene Kaspersky: World Needs International Agreements On Cyber-Weapons

2012-05-23T09:50:00-08:00

Eugene Kaspersky has warned global leaders that the world needs international agreements about cyber-weapons in the same way as it needs agreements about nuclear or biological weaponry. The chairman and chief executive officer of Kaspersky Lab, warned delegates at CeBIT Australia that cyber-warfare and terrorism was the number one internet threat facing the world today. He said the Stuxnet industrial virus had demonstrated that cyber-weapons were capable of damaging physical infrastructure, and were "a thousand times cheaper" to develop than conventional weaponry.

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Malware, Policy & Regulation, Security

A Logical Place to Start the IPv6 Transition

2012-05-22T12:08:00-08:00

The transition to IPv6 is top of mind for most service providers. Even in places where there are still IPv4 addresses to be had surveys we've run suggest v6 is solidly on the priority list. That's not to say everyone has the same strategy. Depending where you are in the world transition options are different — in places such as APAC where exhaustion is at hand one of the many NAT alternatives will likely be deployed since getting a significant allocation of addresses is not going to happen and other alternatives for obtaining addresses will prove expensive. Ditto the European region, who is next on the list to find the IPv4 shelves bare.

Fortunately the doom and gloom predictions about the imminent demise of the Internet if we don't move to IPv6 now have died down. That's not to say there isn't still a sense of urgency, but pragmatism reigns, and technology and operational experience continue to work their magic. Initial dismissiveness of NAT has yielded to a realization that with proper equipment, design, and best practices it can be made to work. In fact it's likely it will be made to work well.

So there's no doubt some cycles must be expended finalizing decisions on transition mechanisms. Fortunately there are some things, the DNS for instance, in the network that doesn't change as much with IPv6. It has been possible to resolve IPv6 queries for many years now on every major DNS platform (transition technologies that leverage the DNS, like DNS64, have also emerged although aren't yet widely deployed — lets save that topic for another post). Because on the surface it does not appear to be a system that will be impacted by the transition, "it just works", it's tempting to take it off the priority list.

In fact a very strong case can be made that the DNS is a logical place to start the IPv6 transition. With budget money available for IPv6 why risk any issues with the DNS, the foundation of the network? Growth in DNS traffic remains very high and that won't change with IPv6. Browser behaviors have been evolving in an effort to strike the right balance between bias toward v6 (sending AAAA queries first) and ensuring a good user experience — with implications for increasing query volumes even further. Attacks on the DNS won't stop during or after the transition, and exploits that use the DNS won't go away either. DDoS attacks have occurred over IPv6 and exploits on IPv6 are already being catalogued — attackers are agnostic about network access.

As is always the case in networking a little due diligence can pay big dividends, a few basic questions come to mind:

How long has it been since your DNS has been resized?
What is the average processor utilization of your servers?
What's the current performance (queries per second) and latency?
What's the trend?
Have floods of queries ever brought down your DNS?
How often is it attacked?
How much DNS traffic is bot related (and perhaps more importantly what are the implications of that traffic on your network — but that's a separate topic!).
How difficult is it for you to gather this kind of DNS data?

Getting the DNS right ensures the network is stable, resilient, and ready to deliver the ultimate end user experience during and after the transition to IPv6. The question to ask is not whether the DNS supports IPv6 — it does, but how well the DNS you have will support IPv6 and the next wave of devices, applications, and security exposures. Given the massive investments that will be made for the IPv6 transition it cannot be overlooked. No one wants to be the person that says "we just assumed that part of the network would be fine because it always worked before."

Learn More: IPv6 – Beyond Business Continuity Join Nominum on May 30 for a webinar. DNS and DHCP are critical elements of IPv6 network design. IPv6 creates a unique opportunity to design a new network architecture that increases efficiency and enables competitive differentiation. Moderated by Craig Sprosts, Nominum's GM of Fixed Broadband Solutions, this webinar will feature Ted Lemon, Nominum's Principal DHCP architect and co-chair of the IETF DHCP working group.

Written by Bruce Van Nice, Director of Product Marketing at Nominum

Follow CircleID on Twitter

More under: DNS, IP Addressing, IPv6

ICANN Reopens TLD Application System

2012-05-21T21:43:00-08:00

After nearly six weeks of shutting down its TLD Application System (TAS) due to software issues, ICANN announced today the reopening of TAS. From the announcement: "The system will remain open until 23:59 GMT/UTC on 30 May 2012. Consistent with our previous practice and to allow the application window to open as soon as possible, two-hour maintenance windows have been scheduled as follows: 22 May at 16:30 GMT/UTC, 25 May at 23:00 UTC, and 29 May at 22:00 UTC. ... During the last few weeks, we have fixed the technical glitch that caused us to take the system offline."

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

Vint Cerf: Internet Freedom Under Threat from Governments Around the World

2012-05-21T11:21:00-08:00

Internet freedom is under threat from governments around the world, including the United States, warned Vint Cerf on Monday. Andrew Feinberg reporting in the Hill: "Cerf, a computer scientist who was instrumental in the Internet's creation, now employed by Google as its 'Internet evangelist,' said officials in the United States, United Kingdom and Europe are using intellectual property and cybersecurity issues 'as an excuse for constraining what we can and can't do on the 'net.' 'Political structures ... are often scared by the possibility that the general public might figure out that they don't want them in power,' he said."

Follow CircleID on Twitter

More under: Censorship, Internet Governance, Policy & Regulation

Facebook Size Estimates

2012-05-21T11:08:00-08:00

At a staggering $100 billion dollar valuation and reported 900 million users, Facebook represents a massive presence in the global economy. From an Internet infrastructure perspective, Facebook also ranks amongst the largest of the "hyper giants" generating a significant share of daily global Internet traffic.

This blog explore Facebook's size in terms of its Internet traffic contribution.

As in previous posts, we use data from an ongoing research collaboration with multiple large North American Internet providers. We analyze anonymized backbone data encompassing a geographically diverse set of several million subscribers. More details on the research methodologies used in our prior work is available here. We believe this is the largest ongoing study of its kind.

On average, our analysis finds Facebook contributes nearly one percent of all Internet traffic (the actual number is 0.75%). This includes traffic both to Facebook's private data centers as well as third-party edge CDN caches (over 85% of Facebook traffic relies on CDNs).

While one percent is an awesomely huge number, the really, really impressive statistic is 45%. More specifically, we estimate 45% of all Internet subscribers send traffic to Facebook servers at least once every day. This includes traffic sent directly to www.facebook.com as well as the indirect connections made by tens of thousands of third-party web sites that include Facebook content or APIs.

Some additional detail and a nice graphic visualization is available on this blog.

Given our estimate of Facebook's traffic volume and IPO price, we can calculate a new Internet centric metric to accompany Facebook's PE ratio (an incredible 95:1). We first use data from Cisco to estimate the overall size of Internet traffic (37 Exabytes per month). At 0.75% and a $104.2B valuation, this means that Facebook uses 824,000 Mbps of bandwidth continuously. When you put their valuation in terms of this bandwidth you get a staggering $124,000 per Mbps.

So, a hearty congratulations to Facebook and my friends who work there.

Written by Craig Labovitz, Co-Founder DeepField Networks

Follow CircleID on Twitter

More under: Broadband, Web

Comcast Xfinity App Argument: Risking Divestiture of Cable or Broadband

2012-05-21T08:43:00-08:00

This sounds extreme, but Comcast continues to push the boundaries in separation of its broadband service with its cable service. It is walking a thin line between being a broadband provider, offering fast Internet access to millions of subscribers, and treating its Xfinity Xbox 360 App as a priority over customers not having its cable service. Saying the Xbox 360 is just another set-top-box for its own customers is just a complex way of undermining Net Neutrality rules as defined by the FCC upon the companies purchase of NBCU.

Is Divestiture a Warranted?

Companies are always pushing the limits of rules and regulations, and Comcast is no exception in this case. If continued disregard of basic neutrality principles, using its broadband service as a vehicle to discriminate against other competitors is not enough evidence to call for divestiture; then what will it take to emphasize the implications for an OTT (Over-The-Top) video market that is being disadvantaged by prioritization from a horizontally controlled service. There must be consideration and debate as to whether Comcast, as a broadband provider and a cable provider, has undue influence in market control, being such a large and dominate provider of both services. (See: He said, she said: Is Comcast prioritizing traffic or not?)

Boundaries Must Be Set

Taking a page from the playbook in the dispute with programmers over the right to allow access to cable programming on multiple devices, represented in changes of market dynamics from set-box-box viewing to multiple device viewing, both inside and outside the home; cable operators insisted those devices were just another STB. Taking this concept a step further, Comcast is using the argument that the Xbox 360 App is just another viewing device for its customers, which under Title VI, does not fall under public Internet consumption, but viewing on a private network.

DOJ-FCC Question

The implications, however, are far reaching and may set a precedent in companies with horizontal services being allowed to manipulate competitive forces to favor themselves. If this is ultimately, the argument, then Comcast should bow out of either its broadband service or cable service to remove the inference. This is a DOJ (Department of Justice)/FCC question which should be looked into further. As companies like Comcast are allowed to grow in dominate market status, their actions can up-end market forces in an undeniable adverse way, if allowed. (See: Comcast's Xfinity app for Xbox 360: a new battleground in net neutrality)

Confidence in Past Court Appeals

Comcast has been successful in past court appeals such as the FCC Bit Torrent Throttling Case in which a DC court ruled the FCC had limited authority in Internet ruling making. Obviously companies like Comcast have the resources to fight such infringements of its actions, tying up regulators in court for months or even years. Again, we are beginning to see signs that a market-dominate Comcast can infringe its authority with somewhat impunity to unbalance competitive forces, if it wishes to do so. (See: Title VI — High Speed Access to the Internet over Cable Devices and other Facilities)

What we are left with is a company feeling confident enough in its actions to spread "fear and loathing" into anyone questioning its motives or agenda. A rule of thumb for all Internet providers wishing to expand or to dominate market forces should be; do our actions foster fair competition or hinder competitive forces? No company is going to embrace competition if left to its own devices. My point is that as companies become very large their influence becomes a market liability in itself. Being competitively fair is a simple rule and one which evidently needs to be re-enforced.

Written by Leonard Grace, Founder & Editor - Broadband Convergent

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation

Donuts and Efficiency: Ways to Recover Time and Money Lost to TAS

2012-05-19T17:18:00-08:00

On April 12, ICANN closed the TLD Application System (TAS) to ensure security of applicant data. For more than a month, the system outage has cost applicants and others millions of dollars. Here's how to make up for lost time and money.

Donuts supported ICANN's decision to close TAS when it realized there was a data security risk. At a critical moment, ICANN made the right choice. The company also agrees with ICANN's offer to fully refund impacted applicants who elect to withdraw their application.

However, now that staff has communicated to affected applicants (including Donuts) and is preparing to re-open the TAS system, efficiency has grown to become a crucial element of the process. The offer to return an extra $5,000 of the application fee surely is appreciated. For many applicants, though, the real cost is continued delay.

Weeks of system interruption means continued investment of time, money, and resources. Delays on the eve of evaluation — when applicants are more fully staffed and have invested in systems, hardware, office space and, in some cases, pre-funded COIs — cost applicants far more than delays in previous years.

Or, perhaps recovery is not as hard as it might seem. ICANN could exercise reasonable discretion and make up for some of the lost time without overtaxing itself and without harming participants in the process (both applicants and non-applicants). In doing so, ICANN would probably improve a measure of its tarnished reputation.

Why this is important to everyone

This isn't important just to applicants:

• The burden on all parts of the community must be kept to a minimum, including time and resources for review and evaluation. The more efficient this process is, the more the community's full menu of work can be kept in balance.

• The higher the costs are on applicants, the higher the costs will become to end-users.

• The longer the delay, the more acute risks become. As we noted in a previous post, file and user names aren't particularly actionable — but to the extent they might have been any unfair benefit is lost when the application window closes. ICANN should move quickly to reopen and close TAS as soon as is practical.

• Crisp execution brings credibility back to the machinery and processes of TLD expansion.

• Tightening the process brings much-needed predictability to all parts of the community, including, most importantly, consumers and Internet users.

The culture of risk vs. confidence

A risk-averse culture prevails over many of ICANN's decisions and methods. This is evident in the painstaking packet-layer review of the TAS glitch. Donuts understands the Board's and staff's desire to be careful and thorough and to report the full set of facts.

However, how much more efficient and well regarded would ICANN be if it confidently relied on its significant accomplishments, rather than on obsessive war-room "what ifs"?

Such a change in culture is a tall order for an organization constantly dealing with outside choruses of "do it my way or else." The TAS glitch notwithstanding, ICANN has every right to be confident in the soundness of its efforts in the new TLD program.

How to manage the clock going forward

With the clock ticking, end-users waiting, investors marking time with thousands of dollars by the day, now is the time for ICANN to make up the time lost to the TAS glitch. Here's how:

1. Make realistic assessments of the time needed for processes and trim the excess

ICANN has mapped out timelines it anticipates it will need to complete various parts of evaluation. However, the full measure of time for many of these tasks probably isn't needed.

Further, ICANN will gain efficiency as it works through tasks. Look at technical review as an example — a large chunk of ICANN's evaluation task. Although there are several thousand applications, there are probably only 10 to 15 technical operators supporting those applications, and technical operators provide essentially the same set of answers for each client.

Verisign announced it's the back-end for about 220 applications. When evaluators look at the application for Verisign's second client, they will assess the same technical data as they did for Verisign's first client. Put another way, there will be only 10 to 15 technical evaluations — not two thousand. Efficiencies such as these should be applied to reducing the time necessary to handle evaluations.

As Kurt Pritz said in the 17 May 2012 Registry-Registrar regional meeting, "as you realize efficiencies, you should accelerate your plan." That is certainly the case here.

Another example is the Administrative Completeness Check, an eight-week phase between TAS closure and the start of Initial Evaluation. This three-step check was written into the guidebook to ensure: a) all mandatory questions are answered, b) required supporting documents are in correct format, and c) evaluation fees have been received.

However, two of those three items are checked at the time TAS closes (an application can't be submitted in TAS unless all mandatory questions are answered and the evaluation fee is received). There remains just one check — that supporting documents are in the correct format. This check is merely to ensure correct formatting and does not look at the quality of answers. Is eight weeks — the current estimated time for Administrative Completeness Check — necessary for checking file formats?

2. Think well ahead, anticipate bottlenecks early

ICANN would do well to take a few hours with a whiteboard to envision where the potential for bottlenecks exist in the pipeline, from TAS closing to delegation and beyond. It's far better to plan ahead for contingencies rather than wait until a problem is upon the community and more likely to cause another interruption.

Examples:

• How will the Board consider string approvals?

• Could ICANN conduct a test scenario for various types of string contention resolution to see what outcomes are likely and how to prepare for them?

• How will ICANN's legal team deal with finalizing and executing the registry agreements?

3. Keep GAC early warning period to 60 days only

As staff said in its advisory on 5 January 2012, "applicants should know as soon as possible if there is a governmental concern with their application. There is a significant investment in preparing to launch a new registry and ICANN should provide answers to applicants in a timely manner. That is why the GAC commitment to a 60-day window is so valuable."

It can't be better written than that. With a known number of applications, the GAC's capability to handle a preliminary review of strings and lodge early warnings within 60 days total is reasonable. Further, as Donuts has said for many years, the likelihood will be that the GAC's blood pressure will drop dramatically when members see the actual strings applied for (no doubt 99% will be a big yawn for the GAC).

4. Don't change batching method

Digital archery is a reasonable method for organizing batches; it's fair, and it will work. Arguments that it's ripe for "gaming" — whatever the definition of gaming — ring hollow. A skill that anyone can perform is a reasonable method. If an applicant were to have expertise in network operations, however, and thus a theoretical advantage in digital archery, perhaps that's not a bad qualification for a prospective registry operator.

What would introduce new delay into the system, and thus shouldn't be considered, are alternative methods to digital archery. This includes categorization of types of applications, having non-contested strings batched first, and other alternative means. We've looked at a number of alternate methods and each of them would have at least as many criticisms as digital archery does.

Further, there have been calls for changing the approach of batching contested strings together (based on the best archer in the contention set). However, there seems to be reasonable logic behind the current approach. Only one party can prevail in a contention set, but while evaluation is in progress all parties in the contention set must continue to pay salaries, office space, travel, COI, and other expenses — a significant collective sum. It's reasonable to let these parties know as soon as possible who must withdraw. Applicants for uncontested strings incur costs as well, but they will eventually have a TLD to operate. Most applicants in contention sets will not.

Finally, there should be no delay between evaluations of batches. The second batch shouldn't be delayed because, for example, one or more applications in the first are subject to extended evaluation. Similarly, if the evaluators specialize by question(s), there's no reason an evaluator who finished batch one answers couldn't start evaluating their piece of the next batch (even if some other evaluators are still on batch one). Parallel versus serial processing is far more efficient.

5. Reduce evaluation timeframes by rewarding evaluator performance

In 1994, the US state of California experienced the "Northridge" earthquake, which destroyed a section of a vital highway. The contractor awarded the repair work was incentivized to complete reconstruction as early as possible. It was in fact completed early; commuters, taxpayers, and the contractor all were winners.

A de minimis part of the application fee could be devoted to incentivizing evaluation service providers (string similarity, DNS stability, technical and operational, financial, registry service, etc.), with aggregate time savings applied toward moving delegation timelines closer.

ICANN: Manage the process more efficiently

The TAS delay hasn't caused lasting damage to ICANN's reputation yet, but further delays might.

ICANN should respect the interests of the new TLD applicants it so actively encouraged to apply. They will be an exciting and vibrant new part of the ICANN community. Don't repay applicants with a few dollars for dropping out. Demonstrate professional excellence by publishing a complete timeline now, and by completing the program on time, or even early.

Richard Tindal is Chief Operating Officer of Donuts Inc., a TLD applicant.

Written by Richard J Tindal

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains

So/Lo/Mo for Business

2012-05-18T09:53:00-08:00

Lest you think the social + local + mobile (So/Lo/Mo) trend is just a fad, last week, Pew Internet released a new report that found that 18 percent of smartphone owners use a geosocial service to check in and share their location with friends. The report also found that 74 percent of smartphone owners get real-time location-based information on their phones — up from 55 percent last May.

Add to these impressive stats the finding from earlier this year that 61 percent of smartphone users search for local business information on-the-go with their mobile devices and you have quite the compelling reason to make sure your local business listings are up to snuff — in both geosocial services and in local search.

Here is a great infographic created by the teams at Localeze, 15miles and comScore featuring some mind-blowing mobile usage stats. You can also download the 5th Annual 15miles/Localeze Local Search Usage Study Conducted by comScore, which was released February 2012, for more information on the importance of So/Lo/Mo for businesses.

2012 Local Search Usage Study – The annual Local Search Usage Study, done in partnership by 15miles and Localeze (conducted by comScore) is a measurement of consumers' search behaviors and how such behaviors affect media-usage trends. (Click to Enlarge)

Written by Erin Bush, Managing Editor at Neustar

Follow CircleID on Twitter

More under: Mobile, Web

Geneva Discussion to Include India's Proposal for Government Control of Internet

2012-05-17T13:37:00-08:00

Shalini Singh reporting in the Hindu: "The raging controversy over possible excessive state regulation of the internet based on the IT Rules 2011 is now likely to be dwarfed by discussions in Geneva later this week over India's proposal to the United Nations General Assembly, for government control of the Internet… In its proposal submitted to the General Assembly in New York on October 26, 2011, India has argued for a radical shift from the present model of multi-stakeholder led decision-making, to a purely government-run multilateral body..."

Follow CircleID on Twitter

More under: ICANN, Internet Governance

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

2012-05-17T10:28:00-08:00

Up to 100,000 customer modems are at risk of losing their internet connection from July 9 when the FBI disables rogue DNS servers seized late last year. The affected customer modems make up about a third of the 350,000 to 400,000 internet users believed to still have the DNSChanger malware on either their modems or Windows computers.

Read full story: SC Magazine

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, DNS, DNS Security, Malware, Security

Case Studies from the UN Broadband Commission

2012-05-17T09:19:00-08:00

The Broadband Commission for Digital Development, in partnership with ITU, has released its first country case studies looking in-depth at the state of broadband development in four economies and examining links between broadband and the UN Millennium Development Goals.

The case studies, which cover the Former Yugoslav Republic of Macedonia, Panama, the Philippines, and Romania, look at the effect of broadband connectivity on economic growth and access to basic services like education and health. They offer regulatory guidance and best practices, showcasing success stories and lessons learned.

Romania and TFYR Macedonia both provide strong examples of how adopting pro-ICT policies, establishing effective regulatory frameworks and developing strategic private and public partnerships can play a key role in boosting broadband access, affordability and demand.

A nation with a strong commitment to connectivity as a driver of national growth, TFYR Macedonia already boasts an impressive broadband penetration rate of 32%. Internet access in schools and Wi-Fi-based public Internet access points have been rolled out throughout the country, including remote areas. Schools now offer one Web-enabled computer for every 1.45 children, while university students and academics can freely access knowledge and research resources via the academic network MARnet.

Meanwhile, near-neighbour Romania ranks among the top countries in the world for broadband speed, and scores well for affordability too. The average cost of a baseline monthly broadband subscription represents less than 5% of average monthly income — well within the global targets established by the Broadband Commission last October. Public access is promoted through initiatives like 'Biblionet', which was launched in 2009 and which provides free library-based access through some 795 public libraries equipped with 3,318 computers.

Case studies on Panama and the Philippines, meanwhile, explore the impact of broadband on the economy and on job creation. Both studies evaluate the development of e-applications in the areas of education, public health, media and government services — all of which can help further stimulate broadband adoption.

In Panama, fixed broadband is having a significant economic impact. Analysis of a structural econometric model for the period 2000-2010 indicates that fixed broadband now contributes an annual 0.44% of GDP, with the indirect effects of fixed broadband use estimated to have contributed almost 9.6% of total national economic growth. Accelerating take-up means that this impact has now almost doubled to reach 0.82% of annual GDP, and contributed 11.3% of all economic growth over the decade.

In the Philippines' case study, analysis over the same 10-year period indicates that mobile broadband adoption has contributed an annual 0.32% to GDP, representing 6.9% of total GDP growth for the economy over the past decade. Given the acceleration of mobile broadband penetration since 2005, this impact has also now almost doubled, reaching 0.61% of GDP, representing 7.3% of total economic growth over the decade.

Download the full set of case studies at:
www.broadbandcommission.org/work/documents/case-studies.aspx

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Broadband, Mobile

Rethinking Protection Technologies: A Change Has Occurred

2012-05-16T14:12:00-08:00

I ordinarily spend a lot of my time talking about the technical aspects of threat detection and examining the tools and strategies that the bad guys are employing to subvert corporate defenses and breach their objectives, so it was refreshing last week to speak with a large bunch of C-level folks from Fortune-250 companies and to get the opportunity to step-back a little.

Talking technical is easy. Distilling technical detail, complex threats and operation nuances down to something that can be consumed by people whose responsibility for dealing with cybercrime lays three levels below them in their organizational hierarchy is somewhat more difficult. Since so many readers here have strong technical backgrounds and often face the task of educating upwards within their own organizations, I figured I'd share 4 slides from my recent presentation that may be helpful in communicating how the world has changed.

The overall context of the hour long presentation was related to the paradigm change from protection back to detection — given the scope and capabilities of modern organized crime. The following slides came from the first quarter of the hour — setting the scene for how protection technologies have failed and what organizations need to do in light of that failure.

In essence, this slide talks about how that adversary has changed from old. Gone are the days of a single hacker looking to break in to an organization and toast all the systems. Sure, some of these guys still exist, but that's not where the threat lies today by any statistical analysis. Instead, what organizations are facing is a complex ecosystem where expertise is plentiful and available for relatively low prices. Most importantly, the adversary is now a professional in every sense of the word and needs to be respected for such. Failure to do so is at your peril.

While the adversary has changed for the worse, so too has the target. Consumerization of IT and BYOD, while buzzwords in every sense of the word, really are fundamentally changing the threat landscape and the ability of organizations to combat sophisticated threats. Speaking with lots of people charged with defending their corporations from within, they really do feel powerless to combat Mac threats, Android malware, etc. or enforce application and desktop policies (for whatever that means in the world of iPads and App stores).

Everything is playing in to the bad guys hands. The devices their targets are using are varied and widespread, they roam and bridge networks, they have hundreds of applications yet few are patched in a timely manner, and the threat of personal information being leached has ensured that encryption of communications is the norm — too bad that those nosey IT security guys can inspect traffic for malicious attacks.

In essence, the onus of securing the enterprise has slipped from the corporate IT folks and landed firmly in to the hands of their enabled workforce — who happen to be poorly suited to the task.

Oh, and then there's the "Cloud". Not the Cloud supplying cheap processing power and high availability mission-critical applications at a fraction of the cost of legacy systems. Rather the Cloud that is the 2nd millennium USB stick — the mechanism for transporting infected files between one device and the next.

IT security departments have invested millions of dollars in their defense in depth strategies. Multiple layers of "protection" (and expense), overlapping redundancies and a continuous stream of alerts have had debilitating effects on thinly-stretched security teams.

Even if those layers of defense had been working, the "solution" for the bad guys was (and is) to "attack in depth". The tools and techniques they now employ are multi-facetted and their complexity is hidden from the attacker. The hard work of innovation and coding was done by some expert far away, and their expertise (along with dozens of others) has been combined into a single campaign.

Last but not least, I talked about the "marginalization of protection". My objective in this part of the discussion was to point out that trying to protect everything has never worked, and will be even less successful going forward. The consumerization of IT and the diversity of devices out there have also forced organizations (including vendors) into an area in which it is simply uneconomical to try and secure.

While effort still needs to be applied to "protecting" the enterprise, my advice is to consolidate those expensive resources around the most valuable things of the organization and only grow outwards from there if you're successful.

In response, organizations need to assume that they are compromised and will continue to be compromised many times over, and often in many interesting ways. The onus shifts to how an organization can rapidly detect a compromise and how seamless the remediation needs to become.

I used to say that the most economical course of action was to simply reimage the computer when you were able to confirm the compromise. Nowadays that may not be quick enough, nor appropriate. Today you should reimage when your threshold of suspiciousness has been reached and, if you can't reimage (e.g. iPads, etc.), then remotely reset the device to factory defaults and wipe any stored content so it can't re-infect itself.

What about those critical devices — such as the CFO's laptop — which can't be reimaged without a lot of disruption? Let's be clear, just because you detected one piece of malware or remote control agent on the device doesn't mean that it's the only one installed. And if you're thinking you can safely remove everything related to the infection, then you're either ill-informed or it wasn't a threat to begin with.

Frankly, if you have critical devices that cannot be reimaged for any reason at the turn of a hat, then you've got bigger problems with your IT operations than mere breaches by professional criminals, and your organization needs to reevaluate its security operations at a fairly fundamental level. If a device is so critical that it cannot be recovered, it most certainly shouldn't be a roaming laptop, accessible via the Internet, and is operated by personnel with higher than average probabilities of being targeted.

Written by Gunter Ollmann, VP of Research at Damballa

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Malware, Security

2011 UDRP Filings Up at WIPO, Down at NAF - And Still Infinitesimal

2012-05-16T10:47:00-08:00

The World Intellectual Property Organization (WIPO) recently issued a detailed press release regarding Uniform Dispute Resolution Policy (UDRP) cases for which it provided arbitration services in 2011 and, once again, the number of WIPO filings was up. According to WIPO: "In 2011, trademark holders filed a record 2,764 cybersquatting cases covering 4,781 domain names with the WIPO Arbitration and Mediation Center (WIPO Center) under procedures based on the Uniform Domain Name Dispute Resolution Policy (UDRP), an increase of 2.5% and 9.4% over the previous highest levels in 2010 and 2009, respectively."

Yet that's an incomplete picture. At the other major UDRP arbitration provider, the National Arbitration Forum (NAF), 2011 case filings were down 4% in 2011, declining from 2,177 cases in 2010 to 2,082 in 2011. The vast majority of these cases (96.2%) involved gTLDs like .com and .net; cases were concluded an average of 35 days after filing, but some were resolved in as few as 20 days — and 17%, a full one-sixth of filed complaints, were resolved directly by the parties with no need for panel arbitration. (That noteworthy record again raises the question of why a supplemental Uniform Rapid Suspension (URS) process is even needed for new gTLDs, but that's a separate subject.)

So, overall, the WIPO 2.5% increase was balanced out by the NAF 4% decrease and total UDRP filings at the two principal ICANN-accredited arbitration providers were essentially flat in 2011.

The Internet Commerce Association's (ICA's) Code of Conduct condemns intentional cybersquatting, so we are happy to see filings stabilize and would be delighted to see them decline further in the future. But we do think these filing figures need to be calmly placed in the broader context of total domain registrations. And, according to VeriSign's December 2011 Domain Name Industry Brief, domain registrations increased by 8.9 percent in the preceding year.

So, we think it's quite significant that total 2011 UDRP case filings did not increase notwithstanding a near-9% increase in total domain registrations. This marks yet another year in which UDRP filings declined as a percentage of all domain registrations.

While the NAF press release does not include the total number of domains involved in the cases filed with them we can guesstimate that, when we also include the additional second tier UDRP arbitration providers, approximately 9,000 domains were at issue in all 2011 cybersquatting cases filed with all UDRP providers.

That's 9,000 out of a total of about 220 million registered domain names. In other words, for each million domain registrations there are about 41 domains alleged to be cybersquatting in UDRP cases.

We expect that trademark interests will counter that the number of UDRP filings represents just "the tip of the iceberg" of abusive domain registrations, and will also point out that some but not all ccTLDs are subject to UDRP. And we'll concede those points — while also noting that .com and .net registrations totaled 112 million, just over half of all domains, and that these are the gTLDs that attract the most Internet traffic and are therefore most likely to be abused by intentional cybersquatters. So, while UDRP filings are not an exact proxy for the full extent of cybersquatting, they are the best measure we have of instances in which the resulting harm or domain value were judged sufficient by a trademark owner to invest the relatively modest sums of a $1300 filing fee plus associated attorney fees.

We are also well aware of studies — like this from Sophos — indicating that major brand names are subject to significant typosquatting. Despite finding that malware was virtually nonexistent on such websites, that study nonetheless observed that "typosquats are by no means harmless". Yet, other than the 2.7% of typosquatted domains that "fell into the loose category of cybercrime", a significant portion of the remainder of typosquatted websites appear to fall outside the scope of the "bad faith registration and use" standard required for a successful UDRP filing. So it's not just that rights holders have concluded that a particular typosquatted domain isn't worth the monetary cost of filing and pursuing a UDRP — they may have also concluded that they would not prevail. That is, those domains may fall more into the category of annoying nuisance rather than bad faith infringement, and are not generally associated with criminal activities such as phishing or with bad acts such as malware distribution.

Notwithstanding this contextual decline of 2011 UDRP filings, we are quite sympathetic to the costs imposed on brand owners of maintaining portfolios of defensively registered domain names that could be easily cybersquatted if released back for public sale. Reducing this cost is a subject that could certainly be addressed by an open and inclusive UDRP reform process within ICANN — if trademark interests will ever stop working to defer the initiation of such a process.

We'd also point out that if even one-one-hundredth of one percent of all domains registered today were cybersquatting in a manner sufficient to justify a UDRP filing that would currently total about 22,000 domains, and the actual number of UDRP filings last year involved less than half as many domains. In other words, based just on UDRP filings, more than 99.995 percent of all domains are not cybersquatting. That's right, 2011 UDRP filings involved less than one-two-hundredth of one percent of all registered domains. Even if the filed cases understate the incidence of UDRP-violating cybersquatting by a factor of one hundred, the problem would rise to just under one-half of one percent of all domains, with the remaining 99.5 percent being non-infringing.

We note all this not to excuse cybersquatting but to indicate that the problem appears to be small, manageable, and diminishing as a percentage of registered domains year after year based on UDRP filings — and that the UDRP provides a relatively fast and inexpensive alternative to litigation in court. So any trademark interest advocacy for 'rights protections' that are more numerous and stringent than what's already available is not strongly supported by the available evidence.

We'd also note that many ICA member providers of "parking" or other domain monetization services, as well as of secondary domain marketplaces, have established either formal or informal means by which trademark owners can bring alleged infringement claims to their attention and block clearly infringing domains. These services are available at no cost to trademark owners, and should often be their first recourse in advance of filing a UDRP claim.

As for the WIPO press release declaration that, "With the domain name coordinating body, ICANN, allowing for a massive increase in the number of new domains, brand owners' resources will likely be stretched further.", that seems entirely speculative for now — especially since brand owner resources were not stretched further in 2011 with total UDRP filings being flat, and actually declining in the context of an expanding DNS environment. WIPO's statement also ignores the fact that the Trademark Clearinghouse will let trademark owners secure, block, and issue warnings in regard to new gTLD domains in an unprecedented manner to reduce cybersquatting.

So let's wait and see what applications are actually filed for new gTLDs, and then wait to see what registrants they attract and what visitor traffic they generate, and then make a judgment on the impact of new gTLDs on trademark owners that is informed by facts rather than speculation. (We note in passing that NAF's statement makes no similar gloomy predictions regarding cybersquatting at new gTLDs.)

One final thing to remember is that arbitration providers like WIPO can affect the number of UDRP filings by allowing its panelists to alter long-established practices and thereby change UDRP policy in a one-sided manner. For example, recently a WIPO panel ruled that ceat.com must be transferred to CEAT Ltd., an Indian tire company, even though there was scant evidence that the domain had been registered, much less used, in bad faith (See: CEAT Limited, CEAT Mahal, v. Vertical Axis Inc. / Whois Privacy Services Pty Ltd). Another WIPO panel recently ruled in FACI Industries v. BuyDomains.com, Inventory Management that faci.com be transferred to the non-famous metal casting firm of FACI Industries of Bolingbrook, Illinois even though there was ample evidence that the registrant exercised due diligence to avoid infringing the complainant's trademark rights (See: FACI Industries v. BuyDomains.com, Inventory Management). As the dissenting panelist in CEAT stated, "To hold that such a valuable word cannot be used as a domain name simply because "the domain name is a trademark and has no descriptive meaning" is not supported by the Policy and is a very severe restriction on the right to register a domain name that is not contemplated by ICANN in its policies or practices… That is simply a rewriting of the Policy that is entirely unsupported. Clearly, registering a word that both parties say is an acronym and using it for purposes unconnected with the Complainant or its activities does not violate the Complainant's trademark rights or the Policy.”

These rulings open the door to any short domain name that can constitute an acronym for one or multiple organizations being subject to "first to file" UDRP actions encouraged by trademark attorneys. We are already seeing an uptick of new UDRPs related to acronym domains, and if this becomes a flood in the remainder of 2012 — encouraged by the ceat.com and faci.com rulings, which deviate from years of UDRP practice related to acronym domains — does that mean that cybersquatting is up, or that cybersquatting has been unilaterally redefined down by WIPO panelists and that as a result the trademark bar sees a new UDRP opportunity to bring to clients' attention?

These disturbing and controversial acronym domain rulings again illustrate why WIPO and other UDRP providers should reconsider allowing panelists deemed "neutrals' to also serve as advocates for complainants or registrants, given the clear potential for conflicts of interest, and the certain appearance of potential conflicts. It also illustrates that prior decisions should have a more binding precedential effect that they are accorded under the current WIPO Overview. The UDRP process should remain an available remedy for squelching a declining pool of infringing domains, but not permitted to be a mercurial full employment program for creative trademark attorneys.

ICA will continue to press for meaningful UDRP reform, including changes to assure that arbitration "neutrals" do not have inherent conflicts. But for now we are happy to note that total UDRP filings continue to decline as a percentage of all domains and remain a tiny fraction of the overall DNS infrastructure. That's something worth remembering the next time you see allegations that cybersquatting is out of control.

Mr. Corwin serves as Counsel to the Internet Commerce Association

Written by Philip S Corwin, Founding Principal, Virtualaw LLC; Counsel, Internet Commerce Association

Follow CircleID on Twitter

More under: Cybersquatting, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation, Top-Level Domains

Business Case for IPv6 - Part 2

2012-05-16T08:00:00-08:00

In my previous blog on the topic, I stated that the business case supporting the IPv4 roll-out in the late 90s was the Internet. Although IP depletion will slowly become a reality, the chances are that due to mitigating technologies such as NAT and DNS64, it may take quite a while before organizations in the developed economies will get serious about IPv6.

So where should we look to find a business case for IPv6?

Over the last year or two, the shift towards cloud computing paradigm has started to make some pretty impressive waves. Although still at a relatively early stage, we are seeing both service providers and enterprises coming out with brand new strategies for public and private clouds. Based on the recent developments, we estimate that by 2015, the way in which applications and network services are consumed will be very different from what it is today. The discontinuity here will be just as big as the Internet was some 15 years ago.

As far as the IPv6 business case is concerned, not many people have realized how critical IP addresses and DNS is for the cloud orchestration process. To commission or decommission a virtual machine, one needs to reserve or to free an IP address, preferably within a window of 300 milliseconds. Further, in order for that newly commissioned virtual machine to be easily accessed, a DNS entry is also needed. With Infrastructure 1.0 utilizing IPv4 spaces managed with Excel spreadsheets, the cloud doesn't scale.

To address this issue, anyone serious about cloud computing will have to come to accept that Infrastructure 2.0 is required in order for the cloud computing paradigm to work as intended. If someone is to make a considerable investment in cloud environment, protecting the investment for at least the next 10 years becomes essential. And the way I see it, this is where IPv6 comes in.

In this light, IPv6 can be viewed as a similar enabler to the cloud as IPv4 was for the Internet. From the business perspective, IPv6 enables the cloud to scale into the foreseeable future. Furthermore, by making IPv6 a standard feature in clouds, organizations investing in them can make sure that their basic architecture will stand the test of time, thereby optimizing the cloud ROI.

Written by Juha Holkkola, Managing Director of Nixu Software

Follow CircleID on Twitter

More under: Cloud Computing, Internet Protocol, IP Addressing, IPv6

Cel-e-brate v6, Come On!

2012-05-15T12:04:00-08:00

With IPv6 World Launch coming up it's worth pausing to consider the collective efforts of the Internet industry in enabling and deploying an essential evolutionary technology at what will become truly massive scale. It's easy to be a detractor and believe there has been little progress — but the Internet hasn't melted down and there is no evidence it is about to. Perhaps the issue is that progress occurred in a different way than was predicted or preferred by the experts. The reality is providers everywhere have developed coping mechanisms for IPv4 exhaustion. Innovation, operational sweat, and perhaps some tough negotiating make it happen. But isn't that the essence of the Internet?

Thought leaders across the industry are focusing on transition topics that matter: from economic lifecycles, security, and business continuity to the promising future of the Internet of Things. This is what drives most of us, and those on the front lines in the IPv6 evolution have every right to rise up and celebrate. It's not only a great technological milestone, but a testament to their collective abilities to work together for the greater good of the connected planet.

Today's Internet is the foundation for everything we do and the IPv6 Internet will be too but unfortunately some things never change. While the majority have been busy working on IPv6 for the greater good, evidence makes clear we're likely to come face to face with a growing number of technologists (aka criminals) with malicious intentions. IPv6 hinders them in some ways, but helps them in others. If you have any doubts, a quick search will show a growing number of software tools intended to break or exploit IPv6. Everything we build offers potential for those who are malicious to use their skills for disruption. Security is a continuum and experience suggests it might be worth some cycles to make sure your IPv6 project does not end up on your CEO's shortlist of things that keep them up at night.

Preparing for the transition requires looking beyond just software support and interoperability testing to identifying strategic partners and understanding the long-term cost of ownership. If IPv6 is important to your future you owe it to your business, investors and customers to make sure you have the best technology but are also on the right path with the best, forward looking partners. It's refreshing to see that on the Internet, as has always been the case, a global initiative can transcend the boundaries of political, social, and economic agendas. Maybe we can all even learn a lesson or two from IPv6 on how to tackle some of the critical long-term social and economic challenges facing the world today.

Want to learn more about the transition to IPv6, join us at our webinar on May 30. Click here.

Written by Craig Sprosts, General Manager of Fixed Broadband Solutions at Nominum

Follow CircleID on Twitter

More under: IP Addressing, IPv6, Security

Hosters: Is Your Platform Being Used to Launch DDoS Attacks?

2012-05-15T11:12:00-08:00

As anyone who's been in the DDoS attack trenches knows, large multi-gigabit attacks have become more prevalent over the last few years. For many organizations, it's become economically unfeasible to provision enough bandwidth to combat this threat.

How are attackers themselves sourcing so much bandwidth? It's actually easier than you might think. While botnets comprised of malware-infected computers can be used to launch attacks, you don't actually need thousands of devices. In some cases, attackers are infiltrating hosting company resources (shared hosting, virtual private servers, dedicated hosting, etc.), availing themselves of bandwidth by using hacked, stolen and fraudulent accounts.

Let's say that an attacker manages to get his/her hands on 5 hosting accounts with 5 different hosting companies. It's not unusual for these hosting companies to have 1 Gbps+ of connectivity to the Internet. A lot of hosters don't look at their outbound traffic all that closely or have difficulty policing what their customers do. All an attacker needs to do is install a script on each account and he/she has easy access to gigabits of connectivity.

For hosters, finding the trouble spot can be like looking for a needle in a haystack (especially if thousands of accounts share resources). While the offender might be found eventually and the account shut down, the damage has already been done.

What can hosters do to help prevent this or detect this better?

Restrict outbound traffic from your customers by using ACLs (Access Control Lists). For example, there are few reasons your customers will ever need to make port 80 UDP connections to other hosts on the Internet. Put policies in place to block all outbound traffic except to specific, acceptable, understood destinations or ports. If customers have legitimate reasons to make an outbound connection from your infrastructure, they should be able to notify you and justify it (this will affect a only tiny percentage of your base) so you can make the appropriate arrangements. Some hosters do not even accommodate these requests.

Throttle outbound traffic from your customers. Even for legitimate outbound connections, most likely they don't need to take up 500 Mbps of outbound bandwidth. Simply set a lower limit.

Put alarms in place when outbound traffic utilization spikes. If, for example, all of a sudden the amount of data leaving your network increases by 40%, there's probably an issue somewhere and your tech folks should be investigating.

Restricting and monitoring your outbound traffic will probably save you money on bandwidth costs and decrease the amount of abuse reports. Best of all, attackers will realize they're not getting what they want out of your platform. The less you have to worry about, the better, right?

Written by Miguel Ramos, Sr. Product Manager, Neustar Enterprise Services

Follow CircleID on Twitter

More under: Access Providers, Cyberattack, Security

Measuring IPv6 at the Network and the Customer Level

2012-05-15T10:52:00-08:00

George Michaelson, APNIC's Senior Research and Development Scientist recently visited the RIPE NCC to collaborate on various research projects with his RIR colleagues. IPv6 measurements were one of the topics we looked at.

Recent IPv6 statistics from the RIPE NCC show an accelerated uptake of IPv6 in Norway, both in terms of the number of allocated prefixes, and visible announcements in the routing system. This is based on a comparison over time of the amount of IPv6 addresses allocated to each economy, and the amount of visible prefixes per Autonomous System (AS) in the routing tables each day. The graph below shows 50% of ASes in Norway now announce one or more IPv6 prefix.

Some have interpreted this to mean that over 50% of the end users in Norway have now access to IPv6. However, a measurement of end user IPv6 capability by APNIC doesn't necessarily support that, rather, it suggests that end user access to IPv6 remains low in Norway, as in other economies. The graph below shows the percentage of IPv6 preference at the end user level.

Keep in mind that this only includes data until mid-May, hence the drop at the end. For the most up-to-date graph, please visit the APNIC Labs IPv6 Measurements pages.

Are these measurements in conflict?

No, not really. One is a measure of capacity and capability in routing and forwarding, and the other is a measure of end user access. There are many reasons why some routing-active entities don't show up in an end user measurement: the AS may be servicing content delivery and not offering access services, or may be providing transit and data management services for others and have no direct end user traffic.

Perhaps the AS is servicing segments of the user base who only gain access to the global Internet occasionally, or to restricted URLs, or not even the web but only VOIP (which we can't measure in the APNIC technique.)

The difference is not a conflict. It exposes differences in what we see on the Internet and the different conclusions drawn from each.

APNIC's measurement focuses on end user access, and in large part, suggests that there is a continuing problem with end user access to IPv6, even when the AS in question may have associated IPv6 allocations visible in global routing.

In the background article on RIPE Labs you can find much more information, including the methodology and an analysis of the specific situation in Norway and in Japan.

Written by Mirjam Kuehne

Follow CircleID on Twitter

More under: IP Addressing, IPv6