As Internet Mechanics™ is a major theme of this blog, an introduction is in order. Mechanics refers to the study of the properties and behavior of physical things when subjected to forces and the subsequent effects on the environment. Generally, we use mechanics to understand and explain how things work. But as the Internet is generally thought of in cyber or non-physical terms, cyber threat researchers need a basic understanding of Internet mechanics.
The Internet and the Web operate on foundational technologies and supporting protocols. Without these, the Web doesn’t work. Two of these essential protocols are BGP (Border Gateway Protocol) and DNS (Domain Name System), which together represent the primary Internet namespace systems. Conceptually, these namespace systems serve a role similar to GIS (Geographic Information System). In the physical world, users and machines understand and navigate through space using the latitude-longitude (lat/long) coordinate system. Similarly, in the cyber world, people and machines route and are known by their DNS and IP coordinates.
An indication of the scope of these systems is provided by Hurricane Electric, one of the largest Internet backbone providers who also operates a portal providing an updated set of core Internet measurements. The routing namespace, encompassing 4.29B IPv4 addresses is represented in the first 4 metrics: Autonomous Systems (ASNs) and IP Prefixes (aka net ranges or CIDRs). The last two metrics represent DNS metrics. For a concise background on these systems and issues see these post from Cloudflare and DynDNS.
DNS and BGP have been in place for decades and were not designed with security in mind. Each of these infrastructures is vulnerable to a range of threats and abuses. Incidents can be severe or even catastrophic, and may include malicious attacks (hijacking) or leaks (misconfigurations). Our primary focus is on two types of threats – in DNS, we’re interested in malicious new domain registrations, and in BGP we’re interested in upstream peering risks.
Consider the problem of malicious new domain registrations. Paul Vixie, DNS authority and Farsight CEO, issued a warning in 2010 that “most new domains are malicious”. And yet, nine years later, Palo Alto Networks Area 42 finds that 70% of newly registered domains (NRDs) are malicious, with some ccTLD (country-code Top-level Domains) as high as 90% (TO – Tonga).
Remedies that ameliorate the risks are known, yet progress is slow. We should ask why these weaknesses remain, and what policies or laws are needed to overcome inertia. Vixie points a finger at ICANN, the ultimate governance authority for the Internet. ICANN will also be a subject of interest in Internet Governance section of the blog.
In BGP, we are most interested in looking at how countries exploit BGP to restrict or censor the Internet, and in the latent risks that companies and governments face from their upstream peering relationships.
While DNS and BGP are our primary interests in Internet Mechanics, we are also interested in examining vulnerabilities and threats associated with Certificate Authorities and advertising networks, and the impact on Internet Security and Governance.