This weekend the NANOG mailing list was abuzz about an F-root IPv6 route leak, that resulted in the F-root DNS server instance located in Bejing, China, being queried from outside of China. This normally doesn't happen, as this instance is advertised with the BGP attribute NO_EXPORT, which means it should not be visible outside of immediate neighbor Autonomous Systems (ASes). We looked at the DNSMON data about this event, and found that 5 out of 29 IPv6-enabled DNSMON monitors saw the Bejing F-root instance. We also found there was an earlier leak on 29-30 September.
As part of the user interface to the RIPE Atlas network, users can see the first and second hops seen by certain probes. By looking for private addresses in these hops, we can learn something about how NATs are used in the Internet – in particular, that there's quite a lot of them!
The size of the global routing table has been growing at a constant pace for many years. However, over the last few months, it is not growing as fast as it used to.
We developed a mobile app for iPhone and iPad that provides access to RIPEstat. The main purpose of this new front-end is to show information about Internet number resources in a way that is optimised for handheld devices. You can now find the RIPEstat mobile app in the Apple App Store.
The front page story of the September 13 2011 issue of the International Herald Tribune said it all: "Iranian activists feel the chill as hacker taps into e-mails." The news story relates how a hacker has "sneaked into the computer systems of a security firm on the outskirts of Amsterdam" and then "created credentials that could allow someone to spy on Internet connections that appeared to be secure." According to this news report this incident punched a hole in an online security mechanism that is trusted by hundreds of millions of Internet users all over the network.
In order to ensure accurate and up-to-date registration data, the RIPE NCC started to evaluate Registry Data Quality (RDQ) in 2009. The second phase has now been finalised and the results are encouraging.
Last year, we described how we were actively encouraging holders of unused or unannounced IPv4 address space to return it. In this article we report on the responses we have received.
This article summarises yesterday's RIPEstat demo session, including new features, changes and improvements. At the end of the article you can find the date of the next demo. Please also note the call for feedback about specific features we are planning to work on.
The beta version of the first public, open-source reference C implementation of the RPKI/RTR router end is available.
In addition to the regular method of using a username and password to log into the LIR Portal, we also offer users the option to log in with an X.509 identity certificate installed in a web browser. On Tuesday, 6 September, the RIPE NCC will deploy an update to this "Identity Certificate Login" system and at the same time implement some changes to user management.