Slashdot Mirror

hypnosec writes "The Department of Work and Pensions in the UK has a /8 block of IPv4 addresses that is unused. An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region. John Graham-Cumming, the person who first discovered the unused block, discovered that these 16.9 million IP addresses were unused after checking in the ASN database."

New submitter 8-Track writes "The RIPE NCC, the Regional Internet Registry for Europe, the Middle East and parts of Central Asia, distributed the last blocks of IPv4 address space from the available pool. This means they are now distributing IPv4 address space to Local Internet Registries (LIRs) from the last /8. An ISP may receive one /22 allocation (1,024 IPv4 addresses), even if they can justify a larger allocation. This /22 allocation will only be made to LIRs if they have already received an IPv6 allocation from an upstream LIR or the RIPE NCC. Time to move to IPv6!"

New submitter 8-Track writes "The RIPE NCC, the Regional Internet Registry for Europe, the Middle East and parts of Central Asia, distributed the last blocks of IPv4 address space from the available pool. This means they are now distributing IPv4 address space to Local Internet Registries (LIRs) from the last /8. An ISP may receive one /22 allocation (1,024 IPv4 addresses), even if they can justify a larger allocation. This /22 allocation will only be made to LIRs if they have already received an IPv6 allocation from an upstream LIR or the RIPE NCC. Time to move to IPv6!"

An anonymous reader writes "The H-Root server, operated by the US Army Research Lab, spent 18 hours out of the last 48 being a void. Both the RIPE's DNSMON and the h.root-servers.org site show this. How, in this day and age of network engineering, can we even entertain one of the thirteen root servers being unavailable for so long? I mean, the US army doesn't even seem to make the effort to deploy more sites. Look at the other root operators who don't have the backing of the US government money machine. Many of them seem to be able to deploy redundant instances. Even the much-maligned ICANN seems to have managed deploying 11 sites. All these root operators that have only one site need a good swift kick, or maybe they should pass the responsibility to others who are more committed to ensuring the Internet's stability."

KentuckyFC writes "Many countries censor internet traffic using techniques such as blocking IP addresses, filtering traffic with certain URLs in the data packets and prefix hijacking. Others allow wiretapping of international traffic with few if any legal safeguards. There are growing fears that these practices could trigger a major international incident should international traffic routed through these countries fall victim, whether deliberately or by accident (witness the prefix hijacking of YouTube in Pakistan last year). So how to avoid these places? A group of computer scientists investigating this problem say it turns out to be surprisingly difficult to determine which countries traffic might pass through. But their initial assessment indicates that the countries with the most pervasive censorship policies — China, Iran, Pakistan, Saudi Arabia — pose a minimal threat because so little international traffic passes their way. The researchers instead point the finger at western countries that have active censorship policies and carry large amounts of international traffic. They highlight the roles of the two biggest carriers: Great Britain, which actively censors internet traffic, and the US, which allows warrantless wiretapping of international traffic (abstract)."

liquidat and others wrote in with the news that the DNS Root Servers were attacked overnight. It looks like the F, I, and M servers felt the attack and recovered, whereas G (US Department of Defense) and L (ICANN) did less well. Some new botnet flexing its muscle perhaps? AP coverage is here.

An anonymous reader wrote in to say that " The RIPE meeting got off to a good start yesterday (for those of you outside Europe, RIPE is the European counterpart to ARIN). Emin Sirer from Cornell presented his study of DNS vulnerabilities. The results are staggering: the average name depends on four dozen nameservers, 30% of domains are vulnerable to domain hijacks by simple script kiddies, 85% of domains are vulnerable to hijacks by attackers that can DoS two hosts. The lesson: DNS must be managed by professionals, and the pros have to pay attention to the DNS delegation graph when they set up name servers."

penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network Coordination Centre (RIPE NCC) has reported on CircleID that: 'For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.' In the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says: 'We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see.'"

penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network Coordination Centre (RIPE NCC) has reported on CircleID that: 'For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.' In the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says: 'We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see.'"

Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs! In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."

Zocalo writes "While looking up some WHOIS information at RIPE just now I noticed a couple of articles about the IPv4 address space allocation status. IPv4 Address Space: October 2003 is a short summary by RIPE themselves, and IPv4 - How long have we got? is from July 2003, but has lots more detail and pretty graphs! In short, the "Death of the Internet" due to lack of IP space is a myth, which doesn't bode well for getting IPv6 rolled out any time soon."

A Sorry End writes "It appears that one of the 13 root-servers, the core of DNS name resolution, have moved away from BIND to NSD since wednesday, Feb 19th, 2003, which is a Good Thing. Since the 26th of october 1990, all root-servers have been running BIND. According to this message, this change was designed to increase the diversity of software in the root name server system, the lack of which is widely considered to be a potential vulnerability. The nsd software has been designed from scratch specifically as an authoritative name server. It has no design commonalities with bind, the currently prevalent DNS implementation. In addition to that nsd provides a significant increase in the performance reserve of k.root-servers.net. NSD was developed at NLnet Labs in coorperation with RIPE."

A Sorry End writes "It appears that one of the 13 root-servers, the core of DNS name resolution, have moved away from BIND to NSD since wednesday, Feb 19th, 2003, which is a Good Thing. Since the 26th of october 1990, all root-servers have been running BIND. According to this message, this change was designed to increase the diversity of software in the root name server system, the lack of which is widely considered to be a potential vulnerability. The nsd software has been designed from scratch specifically as an authoritative name server. It has no design commonalities with bind, the currently prevalent DNS implementation. In addition to that nsd provides a significant increase in the performance reserve of k.root-servers.net. NSD was developed at NLnet Labs in coorperation with RIPE."

ICANN is meeting in Bucharest next week, which means they're floating all their usual smoky-room schemes just prior to the meeting. leto writes "The three RIR's, ARIN, APNIC and RIPE-NCC have just released a joint statement that basically tells ICANN that their Evolution and Reform plan is unacceptable, and tells ICANN to go play elsewhere, and leave the address space in the hands of the well working bodies." An interesting mailing list debate has been going on between ICANN's critics and ICANN's extremely well-paid and extremely sleazy attorney: critic, attorney (sleazy!), critic again, another critic, attorney again, critic's response, still other critics. And finally, note that the .org TLD is up for bids - the New York Times has a story, Newsforge has another.

An anonymous reader sends in: "RIPE NCC (the European IP address registry) responds to the ICANN proposals for reducing their own accountability even further whilst spending millions of everyone else's money." ICANN will be meeting next week in Ghana - ought to be a feisty meeting.