Human Infrastructure 359: Bringing Down North Korea's Internet

Author

Drew Conry-Murray
June 20, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

Cisco Live is a vendor conference, but it’s also become something of an event—a kind of nerd-a-palooza for network and IT professionals to gather, socialize, and connect in the real world. As a first-timer, Mike Bolitho shares seven things he learned from the most recent Cisco Live US. These lessons cover everything from the practical (wear comfortable shoes!) to the strategic (don’t be afraid to bail on technical sessions that aren’t meeting your needs) to the social (embrace the awkwardness of talking to the stranger next to you at lunch!).

For me, the human side of Cisco Live and other IT events is always the highlight. I didn’t attend CLUS this year because of PTO. I wouldn’t trade a vacation for a tech show, but I did experience a twinge of missing the opportunity to gather with some excellent folks in this industry. If you’re thinking about attending a tech event, Cisco or otherwise, Mike’s post is a good start to get prepared. - Drew

u/dotslashpunk fields a massive onslaught of questions. A fun (and sometimes educational) read assuming you aren’t overly sensitive to cursing, of which there is a very great deal. - Ethan

A vulnerability found in many consumer-grade Wi-Fi routers where sequence numbers are not properly tracked paired with discoverable NAT source port numbers allows an attacker to take over a TCP session. The details of the research are outlined in this piece. Thankfully, the researchers have received positive responses from many of the code maintainers and patches are appearing. - Ethan

Funk walks through being DDoS’ed repeatedly over a two week period. The attack would come in, they’d figure out how to fight it, and the attack would stop. Temporarily. The attackers would come back with a new tactic, and they’d combat it once again. Round and round they went. The attacks eventually ended after their defense was sufficiently sophisticated to make attacking not worth the headache. The piece ends with a list of recommendations worth considering before you’re facing your own DDoS misery. - Ethan

Learning the 7-layer OSI model is de rigeur for folks in networking. However, this post from Tony Finch joins a growing chorus of voices noting that, despite its ubiquity, the OSI model may not be what we need any more. One argument is that OSI makes it seem as if it’s the only model, when others are in fact available. Another is that technologies such as tunneling disrupt the neat layers in the OSI stack. OSI also doesn’t account for sub-layers within Ethernet or all the complexities of Wi-Fi. 

So what does Tony advocate? He writes “Anyway, if I could magically fix the terminology, I would prefer network engineers to talk about specific protocols (such as Ethernet or MPLS) instead of bogusly labelling them as layers (2, 2.5). If they happen to be working with a more diverse environment than usual (hello DOCSIS) then it would be better to talk about sub-IP protocol stacks.” And if you’re looking for other models to work with, Russ White is writing a series about different models for the Packet Pushers blog. This one is a good one to start with. - Drew

TECH NEWS 📣

Although the exact nature of the outage isn’t described (partial vs. full), my assumption is that these links are completely down, severely impacting the almost 62Tbps of Internet capacity supplying the nation. The country is feeling the impact, as the remaining cables don’t have enough capacity to meet demand. - Ethan

A former Meta employee has filed a lawsuit against the company alleging that Meta “knowingly overlooks sexist treatment of female employees. That includes an apparent practice of hiring and promoting less qualified men to roles over more qualified female applicants,” writes Ars Technica. Meta will get its day in court, but these allegations aren’t all that surprising; misogyny is a well-known problem in the tech industry. - Drew

VMware has released patches for multiple flaws, including a remote code execution bug, in vCenter. Two of the three CVEs associated with these flaws are ranked “critical.” As Bleeping Computer advises, time to get patching. - Drew

FOR THE LULZ 🤣

Greg Ferro is experimenting with some new e-mail sign-offs. He’d love to hear readers’ suggestions. Hit us up at packetpushers.net/fu.

RESEARCH & RESOURCES 📒

Infrahub is a datastore/source of truth for infrastructure automation. It’s currently available as a free open beta from the startup OpsMill. A source of truth is an essential part of an infrastructure automation scheme. NetBox is the dominant offering for a source of truth, particularly for network automation, but OpsMill says it differentiates with a flexible data schema, the use of a graph database to help map connections among objects, and built-in Git-like features such as branching and merging. For more details about Infrahub, I wrote a blog based on a briefing with OpsMill co-founder Damien Garros. Or you can just download the software and try it for yourself. - Drew

Low-Level Academy - Network Programming TCP/IP Fundamentals
https://lowlvl.org/

This resource teaches you fundamentals of TCP/IP programming in Rust. There are eight lessons listed, although I could only get at the first three. The other five either aren’t available yet, or require special access. The site didn’t explain, but I am hopeful the other lessons come online eventually. The lessons I sampled were well done. - Ethan

The author harvests enough information from public repositories to map out the allocations of netblocks across the plant, and does so in this lengthy piece summarizing a lot of interesting data. He uses whois and RDAP data to do generate his finding…mostly RDAP, as whois returns unstructured data. RDAP had its own problems, though. Made me LOL…“RDAP: same GIGO as whois, but at least it’s JSON.” 😂

If you’re not too interested in finding out who really owns the netblocks on the Internet, you might at least skip to the summary section at the bottom of this piece. Some useful observations. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

IT vendors are looking for ways to take their products or services and make them AI-adjacent to capitalize on the interest in generative AI and LLMs. For instance, Dell and Cisco will be happy to sell you servers, switches, and storage if you want to build out the infrastructure to train AI models. Now Aryaka is positioning its WAN backbone and SASE offerings as a high-speed pathway to ship data into AI workloads. The company says “Large language models (LLMs), for example, require massive data transfers, potentially straining network capacity and hindering business delivery. Traditional networks are limited in handling this, leading to unreliable and risky data movement.” Aryaka also says its backbone can be used to support Retrieval Augmented Generation (RAG), in which external data sources can be accessed and incorporated into an existing, pre-trained LLM to provide enhanced context or new information. Aryaka says its new offering, called AI> Perform, can provide optimized, predictable network performance to support large data transfers across multiple regions around the globe. - Drew

Cato Networks, a SASE provider, has announced a new Managed SASE offering aimed at VARs and MSPs. Cato says it will provide partners with “vendor-level powers” in regard to licensing, account management, and so on. Cato cites a Gartner statistic predicting that 45% of enterprises will use managed SASE services. That number seems very high to me. Regardless, Cato is ready to welcome resellers and service providers that want to offer SASE to their own customers. - Drew

LAST LAUGH 😆