NZNOG 2010 – Day 1 – Session 2

Emergence Video Internet EcoSystem – Bill Norton

  • Tier 1 ISPs , Teir 2 ISPs and Content Providers
  • Recent changes: Big Content companies peering 70%-80% of traffic, agressively pushing out and peering with cable companies. CDNs also disrupting. Big middle
  • Video big growth
  • Perhaps 80% of Internet traffic is video – > Video Internet
  • How hollywood delivers video and how internet delivers video are parallel and clashing
  • Hollywood System: creation/production (IP + money + work= movie )
  • Hollywood Distribution: Staged, theaters, pay-per-view, dvd, premium tv, commercial cable, broadcast TV
  • Hollywood model vs Internet Model clash
  • Lots of room for innovation (eg settop boxes, tive, boxeee, hulu) over commodity internet vs over cable infrastructure.
  • Hollywood system is 100% push
  • Hollywood system adjusting to take account of Internet model
  • Worldwide releases all at once
  • Download buy and rent available
  • Combo packs movie + dvd + soundtrack all in one package
  • Mini revolution achienved Vidoe Internet – Cheap cameras + editing software , Free upload and idstrobution (youtube) , dropping CDN/transit prices , broadband to the eyeballs , Home wifi , setop boxes
  • SkypeTV – killer App – what happens on mothers day?
  • What would purpose built video Internet look like?
  • Portable TV, tablet
  • Video Internet , innovation at lower end of content ( conference, cheap shows ) since cost of movies and primetime shows expensive to make.

Next 3 years – Philip Smith

  • Internet has been grwoing since the start
  • “The Long and Windy ROAD”
  • Work on next generation of IP since mid-1990s
  • Current Situation: Perception IPv6 hasn’t taken hold. Private sector worried about ROI to migrate
  • Stauts: Service providers get prefix automaticly. Much discussion about transition about operators, Deployment experience presentations, Many providers made backbones IPv6 compatable.
  • OS and Apps getting better
  • Content needs to be on IPv4 and IPv6 (not yet)
  • Ongoing debates – IPv6 Multhoming – Rigid IpV6 address allocation model “one size fits all” barrier
  • Ongoing – Not every device is IPv6 cabable (who cares about local lan devices) – We have enough IPv4 – Migration vs Co-existence (both will exist for years, dual-stck OS makes it trivial)
  • What not NAT?  Many serious issues
  • Is IPv4 running out? Yes!
  • IPv4 run-out policiys by RIRs (last /8) – soft landing- keep range for 6/4 NAT
  • Issues today – minimum content on Ipv6 , giving Ipv6 to customers might confuse them
  • Strategies available – Do Nothing  – Extend Ipv4 , push custs to NAT, Buy IPv4 – Deploy Ipv6 , dual stack, Ipv6 and NAT, various others
  • Proposals for prolong IPv4, various NAT options – NAT444/SP NAT – Dual Stack lite – NAT64 and IVI
  • Many require lage NAT box to translate all traffic v4/v6
  • IPv4 address markey – could happen – will addresses need to be registered with RIR to prove buyer has right to advertise them?
  • Spare /24s being grabbed and sold could cause routing table growth
  • Deaggregation various across the globe
  • Large provides marketing dept pointing to high ranking on CIDR report as proof they are “big”. Morons
  • Reports people towards top of list tend to feel flacky when you use them
  • BGP instabilitu report ( >5 updates per minute) – People towards top tend to be rough service.
  • Running low on AS numbers, transition to 32 bit – They are in the wild
  • Reasonable software support for 32-bits ASNs

Do your Fruit hang low – Adam Boileau

  • Adam is a penertration tester, Kiwicon organiser
  • Security guys are Jerks
  • Maybe you need better security guys
  • Secuity is fundimantally asymmetric – defenders do lots more work than attackers – Hackers only have to find one hole
  • completity == insecurity
  • 0day can happen happen to anyone
  • Full disclosure is dead
  • Vulnerabilies are worth money
  • Surity is not a product
  • Security is a property of the system as a whole
  • Why do you care? – Sin’t a network problem any more – Network is getting dumber (passive encryption) – clients arn’t exposed any more
  • Virtual everything – consulation changes everything – VLANs, VRFs, MPLS, Virtul servers, virtual hosting , Virtual firewalls, Virtual network segrigation
  • Lawful Intercept – Harder to hack 1000 people or 1 telcom LI system? – Vodafone Athens , T-mobile – Google vs China
  • The Target is you (again) – You are the management plane- you use crappy IE6 boxes on the corp domain
  • Your Desktop – AD, patch management, AV, outloook, TFTP server, IDS, twitter, facebook, outsourced desktop mangement
  • Security Metrics . Nobody knows how bad it is and who got hacked , media reporting is useless
  • Scanned 6.8 million IPs and put in mongoDB
  • data-mined – lots of A records, self-signed certs , specific apps
  • Presentened stats of various probably vulnerable boxes
  • http://lowhangingkiwifruit.com
  • Tried contacting owners , no luck
  • Crimes Act very vague, no case law, etc
  • what to do? Release? Release the toolchain? Release to some people? Just delete it?
  • Companies: Insomnia or Lateral Security
Share