Based in Paris (France)
Articles
Likes on articles
I work at AFNIC (the registry of .fr domain names), in the R&D department, on, among other things, DNS, security, statistics.
• 8 min read
There have been several calls for Russian Internet networks to be shut down in one way or another and announcements that Russia is going to make such cuts. In this article, Stéphane Bortzmeyer explores the issue from a technical point of view.
• 22 min read
There are several ways to create RIPE Atlas measurements, thanks to its API. Here, we present Blaeu, a set of tools to create one-off measurements, mostly to debug temporary issues.
• 2 min read
On 17 October 2016, a website hosted by the French Ministry of the Interior went offline when a large number of customers of the Internet service provider, Orange, were redirected to the site. The problem occurred after Google, Wikipedia and cloud provider OVH were mistakenly placed on a terrorism …
• 15 min read
This article explains how I use RIPE Atlas probes, the official API and custom scripts to debug network issues.
• 23 min read
More and more governments, authorities and courts are requesting censorship of Internet content. It is often done via a lying DNS resolver. Can we use RIPE Atlas probes to see it, and how?
• 7 min read
If you monitor your external Internet connectivity, you may wonder which machine is the best to ping. Hesitate no more - you can use RIPE Atlas anchors as landmarks.
• 7 min read
The techniques used by the L-root DNS server are documented in RFC 7108 "A Summary of Various Mechanisms Deployed at L-Root for the Identification of Anycast Nodes". These techniques can be used by the RIPE Atlas probes to find the instance of L-root they are talking to.
• 6 min read
Each RIPE Atlas probe has at least one DNS resolver, indicated by a DHCP reply on the local network of the probe. Irrespective of the IP address of the resolver, this server may have IPv4 and IPv6 connectivity or only IPv4 connectivity. What is the percentage among RIPE Atlas probes?
• 8 min read
This article is intended to make RIPE Atlas users aware of ethical issues that could arise when using RIPE Atlas. We do not intend to propose any new formal processes or procedures to address the relevant ethical issues, but we do want to encourage members of the RIPE Atlas community to consider th…
Showing 1 article(s)
Sunday was also the second day of the IETF hackathon, which started on Saturday. Two days of hacking, fourteen teams, something like fifty or sixty people locked in a room, with a lot of coffee and good meals appearing from time to time, thanks to the sponsors. During the hackathon, people were able to develop recent IETF techniques, sometimes published in RFC, sometimes still at the draft stage, where actual implementation experience helps a lot to sort out the good ideas from the bad. For instance, the WebRTC people were working on end-to-end encryption of the media (a touchy subject, for sure, after the recent anti-encryption stances of the british authorities), DNS people developed various stuff about DNS-over-TLS, TLS people were of course busy implementing the future TLS 1.3 (even in a Haskell library), CAPPORT people programmed their solution to make evil captive portals more network-(and user)-friendly, LoRaWAN people started to write a Wireshark dissector for this IoT protocol, etc. That was my first hackathon and I appreciated the freedom (you can hack on what you want but is is of course more fun if you do it with other people), and the efficiency (no distractions, just coding and discussions between developpers). Doing a bug report to a library developer by shouting over the table is certainly faster than filing it in Gitlab :-)
Great (and a good answer to the people who would like the packets to stay inside human borders) but small typo: the IETF working group on DNS privacy is DPRIVE, not DPRIV.
“This is a very important issue that researchers should keep in mind when running RIPE Atlas measurements. They may want to select their probe origins carefully, keeping in mind that some DNS or HTTP requests would cause trouble for the probe host. While RIPE Atlas already has relevant measures to prevent eventual misuse, but some normal requests may trigger alerts in some networks that is undesired for probe hosts. On the other hand I believe people hosting probes should also be aware of such potential issues, when deploying in networks with strict policies (or have IDS monitoring their traffic) or in regions with restrictive regulations.”
@Babak HTTP requests cannot create a problem today, since they are directed only to the Anchors. Indeed, one of the reasons of this limitation is precisely the risk for the probe owner. DNS requests can be more dangerous. Today, they are less often monitored than HTTP requests in most cases, so they are often "under the radar", but this may change in the future (NSA's MoreCowBell and so on). Warning probe owners of the potential risks is certainly a good thing. We must be aware that it will mean, in the future, less probes in what are precisely the most interesting countries :-(
One can note that such an incident with censorship already happened in Denmark http://www.computerworld.dk/art/214431/koks-hos-dansk-politi-spaerrer-for-8-000-websites Unfortunately, on the Internet, the experience is useless :-(
Showing 54 comment(s)