Is IP fragmentation still considered vulnerable?
Guest Post: IPID has a 25+ year history of abuse as a network side channel. This post categorizes IPID exploits, and makes a surprising recommendation about mitigating them.
Guest Post: IPID has a 25+ year history of abuse as a network side channel. This post categorizes IPID exploits, and makes a surprising recommendation about mitigating them.
Guest Post: RFC 9518 “Centralization, Decentralization, and Internet Standards” has been published after more than two years of review, discussion, and revision.
Discussing the implications of a change to IETF normative language.
Dealing with dual pitfalls and risks.
Guest post: How to lower the risk of fragmentation-based DNS attacks.
How should we engage with evolution and innovation in the Internet’s name space?
Guest Post: One in seven authoritative DNS servers found to be vulnerable to ICMP-based MTU spoofing attacks.
Guest Post: 0.1% of DNS traffic is fragmented, almost all of which comes from DNSSEC signed domains.
Can hop-by-hop extension headers solve the IPv6 path MTU discovery problem?
Geoff Huston on currently active IETF routing security, IPv6, and transport discussions.