Monday, 21 July 2008

Here be dragons

If you haven't seen this yet have a look. Yes the brilliant webcomic xkcd sometime ago did a Map of the internet, I used to have this posted on my wall at work so the newer employees could come have a look when they were visiting to ask a question, it really shows how immense it all is.
But then while looking at one of my bookmarks on network security using darknets for a post on an internet forum I found this: a map of malisciousness. Awesome. It really is interesting to see the concentrations of either compromised machines or general evil-doers in the world. The thing that gets me and got me when I first looked at it was why is the 10.0.0.0 range have so many hits, its a private range, then I looked closer. Why are a few of the "bogan" address ranges getting hits. The only thing I can think is IP spoofing, and if so who would spoof a 10 address. Why not spoof 1.3.3.7 (fun) or something else, everyone knows 10 is internal... anyway post your thoughts.
Oh yeah we haven't quite won the DNS thing yet either. The multi-vendor patch was just that a patch, there are still inherent flaws in the system. Like the new one disclosed with DNS that passes through NAT (see most DNS servers as NAT means some decent IP sharing) it is annoying but it is a fight we have to keep on. See here for the article. It is basically NAT routers being lazy and not letting the port be the random one that the DNS server wants it to be. This randomness doesn't make DNS invulnerable to the poisoning attack I mentioned earlier, it just makes it much, much harder. So to have some routers (people like netgear don't release patches after it is 5+ years old) destory the hard work must be really annoying.

No comments: