Re: how many bits of entropy do we need for load balancing?

[Saku Ytti]

Hey,

On Tue, 15 Dec 2020 at 02:28,  wrote:

> There are 3 kind of hashing algorithm

I'm sure there are a lot more. Like 'cryptographic' purposes are
ambiguous. Proving that content hasn't been changed requires hash to
be fast and HW friendly, using hash to protect password requires hash
to be slow and HW unfriendly (i.e. SHAs are, by design, not good PW
hash, but confusingly we use them as such, since we think hashes as a
metric of 'good' and 'bad'.).
If you control the domain you can probably choose a non-compromise
solution, which is good specifically for that application but may not
be good for many others.

> The first one is used to check the sanity of input, against bit-swapping
> error for instance
> See CRC for instance
> Those algorithm are deadly fast, but also dumb as hell

Yeah CRC is quite good for the application it has, verify that the
1500B ethernet frame has not been changed, I believe it detects all
single and double bit flips

CRC is a canonical choice for router/switches to hash traffic, even
though CRC has really poor diffusion quality, which is the main metric
you're interested in hash for this application, I suspect CRC is a
canonical choice not because it's a good choice but because it's
already there. I know JNPR Trio for example runs two CRC functions
which makes the diffusion much much better, but no where near as good
as choosing a good algo for domain to begin with.

Of course no matter how great hash algo you have, we also have a
problem of elephant flows, which you cannot fix by improving the hash,
as you cannot reasonably expect to feed that info to the algo. And if
you do solve this problem, of course you solve it by biasing the
hash_result => egress_int table, and if you have the mechanism to bias
the mapping to ensure  fairness of traffic spread then the quality of
the algo becomes less important.


-- 
  ++ytti

Re: how many bits of entropy do we need for load balancing?

[nanog]

o/

Small of out topic

On 12/14/20 7:16 PM, Lawrence Wobker wrote:
A “perfect” balancing algorithm would be crypto grade hash generation 
with a large output, and a true modulo operation to select which member 
we use.

There are 3 kind of hashing algorithm

The first one is used to check the sanity of input, against bit-swapping 
error for instance

See CRC for instance
Those algorithm are deadly fast, but also dumb as hell


The second one is used for cryptographic purposes
While the output distribution is supposed to be quite good, its most 
important aspect lies here: it is hard to craft an input matching a 
specific hash

See sha256 for instance


The last one combines both speed and output distribution
See xxhash for instance


Unless you have a specific security thing in mind, you shall never use a 
crypto-grade hash algorithm

Re: "Hacking" these days - purpose?

[Miles Fidelman]

Saku Ytti wrote:

On Mon, 14 Dec 2020 at 19:12, Miles Fidelman  wrote:


As to chess... I've begun to think that the game to master is now Go...
capturing territory, not pieces, and instantaneous global state changes.

Now implies change, when, in your mind, this changed from Chess to Go?

Not sure it's marked by a discrete moment in time.  More that the 
Chinese have been playing Go, while the West mostly still plays chess - 
and that seems like a problem.


I remember learning, decades ago, that there's a form of Chinese poetry, 
written with ideographs, that has to make sense both horizontally & 
vertically.   Essentially painting with ideographs.  A mind that can 
handle that, and a culture that nurtures that kind of thinking - that 
scares the shit out of me. (And definitely makes me want to do some more 
acid, to keep up.)


Miles

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and no one knows why.  ... unknown

Re: how many bits of entropy do we need for load balancing?

[Saku Ytti]

On Mon, 14 Dec 2020 at 16:58, Pascal Thubert (pthubert) via NANOG
 wrote:

> The IPv6 flow label is 20 bits but hardware implementations do their 
> balancing only on a subset of that, e.g. 12 or 16 bits.

Why? I don't think it's fundamentally true. Even if we imagine your
instruction set reading only 12 or 16, you can always read too much
and shift. And I certainly don't think it's a meaningful contributor
in HW design to read 20 bits or any other random bit size of entropy.


Your question itself is interesting and I don't have a good answer. I
guess the question should be 'to cover all practical networks', which
means, we need to allow for potentially hundreds of interfaces, maybe
millions of flows and potentially we need to allow highly biased
hash_result => interface mapping, to deal with elephant flows.
I think it's an answerable question, but not necessarily easy to answer.

There is also the question what SHOULD be used as a flow key, and
should the sender be able to affect that decision?
https://ytti.github.io/flow-label/draft-ytti-v6ops-flow-label.html
-- 
  ++ytti

Re: "Hacking" these days - purpose?

[Mark Tinka]

On 12/14/20 19:44, Laszlo Hanyecz wrote:



This stuff is definitely the most visible type of scamming but this is 
not any different from swindling people at a flea market. It isn't so 
much hacking as just using internet to communicate with people and 
then tricking them.  I think this is a different skill set than 
gaining access to personal data though.


Gaining access to someone else's computer's files has historically not 
been a big deal, so I'm guessing it didn't become a huge problem 
because there was little to gain from doing it.  It might be 
inconvenient for people, it might be used as part of a larger con 
against a victim, but it still requires a lot more steps to profit 
from it.  We all know that we can't stop that from happening, but even 
going back to the early 90s we've had malware protection vendors 
making money off this fear, and the problem has now reached a point 
where the placebo security won't cut it and we'll have to start 
figuring this problem out.


The impact of these kinds of breaches has always been minor, but in 
the past 10 years we've placed more and more things into primary 
storage on a computer, including cryptographic secrets which only 
function if they're kept secret.  Losing a wallet full of credit cards 
isn't as bad as losing a wallet full of cash. There wasn't any way to 
put money into computer files before, but now there is. Even if only a 
few people carry money, if it's easy to steal millions of wallets and 
costs nothing, it's worth doing it for the hope of eventually hitting 
a money holder.


There is value in hacking services in the cloud to gain user information.

Right now, hacking credit rating clearing houses is big business, as an 
example, because almost every piece of single information of any 
economically-active member of society is on there. And there has been 
some success in obtaining that information, the effects of which we are 
not yet able to really quantify.


Mark.

Re: how many bits of entropy do we need for load balancing?

[Lawrence Wobker]

So I’d argue that the pedantic answer is “you need only as many bits of entropy 
as your largest fan out” — meaning that 10 bits would allow 1024-way ECMP.  But 
I don’t think that’s what you were actually after...

Most of the challenges I’ve seen are not around how many bits you end up with, 
but rather how you get to those bits.  There are lots of different ways to 
compute the hash values, but if you want to be “fast” you’re unlikely to also 
get “good” and “cheap” generally to select a path, we run a hash function 
against some set of packet fields, then map that hash to one of the member 
links.  A “perfect” balancing algorithm would be crypto grade hash generation 
with a large output, and a true modulo operation to select which member we use. 
 The reality is that both crypto hash functions and modulo operations are more 
expensive than lots of other ways to compute it, so vendors (disclaimer, I work 
for Cisco) have lots and lots of combinations for how it’s actually done.

And then you still have the flow issue: since the vast majority of 
implementation are hashing flows regardless of their actual bandwidth, if you 
hash even a few ‘elephants’ onto the same link, you’re not going to get good 
distribution no matter how good your hashing/selection mechanism is.  With 
respect to your comment about standardization, I doubt you’ll ever be able to 
get a broad consensus on the combination of “how many bits we need given the 
others constraints for a spec” and “how much we want to assume about the 
goodness of the hash generator” and “how much I’m willing to just throw bits at 
the problem” ...

—lj

—lj

From: Lawrence Wobker 
Sent: Monday, December 14, 2020 12:33:07 PM
To: Pascal Thubert (pthubert) ; NANOG 
Subject: Re: how many bits of entropy do we need for load balancing?

So I’d argue that the pedantic answer is “you need only as many bits of entropy 
as your largest fan out” — meaning that 10 bits would allow 1024-way ECMP.

Most of the challenges I’ve seen are not around how many bits you end up with, 
but rather how you get to that state.  There are lots of different ways to 
compute the hash values, but if you want to be “fast” you’re unlikely to also 
get “good” and “cheap” generally to select a path, we run a hash function 
against some set of packet fields, then map that hash to one of the member 
links.  A “perfect” balancing algorithm would be crypto grade hash generation 
with a large output, and a true modulo operation to select which member we use. 
 The reality is that both crypto hash functions and modulo operations are more 
expensive than lots of other ways to compute it, so vendors (disclaimer, I work 
for Cisco) have lots and lots of combinations for how it’s actually done.

And then you still have the flow issue: since the vast majority of 
implementation are hashing flows regardless of their actual bandwidth, if you 
hash even a few ‘elephants’ onto the same link, you’re not going to get good 
distribution no matter how good your hashing/selection mechanism is.

—lj

From: NANOG  on behalf of Pascal 
Thubert (pthubert) via NANOG 
Sent: Monday, December 14, 2020 9:44:05 AM
To: NANOG 
Subject: how many bits of entropy do we need for load balancing?


Dear all:



How many bits of entropy do we need for (ECMP) load balancing in the core?

This question has kept coming up regularly in many discussions and drafts at 
the IETF.



The IPv6 flow label is 20 bits but hardware implementations do their balancing 
only on a subset of that, e.g. 12 or 16 bits.



There are drafts for MPLS, BIER etc.. that provide their own entropy bit fields 
of various sizes.

I traced to a 6MAN discussion at IETF 78 a claim that 10 or 11 bits were enough.



Did someone do the actual exercise? It would be neat to align the IETF specs in 
the making to whatever truth may be established in the core.



Keep safe,



Pascal

Re: "Hacking" these days - purpose?

[Sabri Berisha]

- On Dec 12, 2020, at 2:26 PM, Peter E. Fry p...@tailbone.net wrote:

Hi,

> Simple question: What's the purpose of obtaining illicit access to
> random devices on the Internet these days

Don't underestimate the curiosity if pimply faced youth these days.
Wargames is still relevant.

Thanks,

Sabri

Re: "Hacking" these days - purpose?

[Laszlo Hanyecz]

On 2020-12-14 16:48, Mark Tinka wrote:



On 12/14/20 18:38, David Bass wrote:

It becomes more clear when you think about the options out there, and 
get a little creative.  Now a days it’s definitely chess that’s being 
played.


You're right, it really doesn't take much. Preying on humanity can 
yield great results.


One that has started springing up in my neck of the woods - to 
simplify car-jacking) - is to obtain a list of customers that 
subscribe to a vehicle tracking service. The thugs will then call a 
customer, claiming their tracking device is faulty and needs to be 
checked physically. The thugs will come to your home or office, tell 
you that in order to finalize the fix, they need to test drive your 
car. And boom, that's your car gone!


The hacking, now, IMHO, is to obtain user information to profile who 
is exploitable, and how. After that, low-tech rules.


Mark.



This stuff is definitely the most visible type of scamming but this is 
not any different from swindling people at a flea market.  It isn't so 
much hacking as just using internet to communicate with people and then 
tricking them.  I think this is a different skill set than gaining 
access to personal data though.


Gaining access to someone else's computer's files has historically not 
been a big deal, so I'm guessing it didn't become a huge problem because 
there was little to gain from doing it.  It might be inconvenient for 
people, it might be used as part of a larger con against a victim, but 
it still requires a lot more steps to profit from it.  We all know that 
we can't stop that from happening, but even going back to the early 90s 
we've had malware protection vendors making money off this fear, and the 
problem has now reached a point where the placebo security won't cut it 
and we'll have to start figuring this problem out.


The impact of these kinds of breaches has always been minor, but in the 
past 10 years we've placed more and more things into primary storage on 
a computer, including cryptographic secrets which only function if 
they're kept secret.  Losing a wallet full of credit cards isn't as bad 
as losing a wallet full of cash.  There wasn't any way to put money into 
computer files before, but now there is. Even if only a few people carry 
money, if it's easy to steal millions of wallets and costs nothing, it's 
worth doing it for the hope of eventually hitting a money holder.


-Laszlo

Re: Spectrum / TimeWarner contact

[Jared Geiger]

Maybe the route dampening expired, we've got connectivity again.

On Mon, Dec 14, 2020 at 9:26 AM Jared Geiger  wrote:

> I think Spectrum / Timewarner AS 7843 is dampening one of my routes
> 199.19.120.0/22. Can someone contact me to help diagnose the issue? We're
> not a customer traffic leaving Timewarner doesn't make it off the network
> and I'm unable to trace into the timewarner network.
>
> To TW
>  mtr --report 209.18.47.61
>
> HOST: opensips-dsw01.rtc.vocaltra Loss%   Snt   Last   Avg  Best  Wrst
> StDev
>
>   1. rtr.rtc.vocaltransit.net  0.0%100.2   0.2   0.2   0.3
> 0.0
>
>   2. 216.193.212.890.0%100.6   2.4   0.6   8.3
> 2.8
>
>   3. ae12.cr1-was1.ip4.gtt.net 0.0%101.0   1.2   0.9   1.7
> 0.3
>
>   4. ???  100.0100.0   0.0   0.0   0.0
> 0.0
>
>
> From TW
>
>  mtr --report 199.19.120.1
>
> Start: Mon Dec 14 17:24:57 2020
>
> HOST: rtr-sunvalley   Loss%   Snt   Last   Avg  Best  Wrst
> StDev
>
>   1.|-- 142.254.236.5  0.0%10   10.0   8.8   7.7  10.0
> 0.5
>
>   2.|-- agg56.vnnzca2402h.socal.r  0.0%10   13.2  10.4   9.6  13.2
> 1.0
>
>   3.|-- 72.129.14.86   0.0%10   15.9  14.1  10.3  17.7
> 2.2
>
>   4.|-- ???   100.0100.0   0.0   0.0   0.0
>

Spectrum / TimeWarner contact

[Jared Geiger]

I think Spectrum / Timewarner AS 7843 is dampening one of my routes
199.19.120.0/22. Can someone contact me to help diagnose the issue? We're
not a customer traffic leaving Timewarner doesn't make it off the network
and I'm unable to trace into the timewarner network.

To TW
 mtr --report 209.18.47.61

HOST: opensips-dsw01.rtc.vocaltra Loss%   Snt   Last   Avg  Best  Wrst StDev

  1. rtr.rtc.vocaltransit.net  0.0%100.2   0.2   0.2   0.3   0.0

  2. 216.193.212.890.0%100.6   2.4   0.6   8.3   2.8

  3. ae12.cr1-was1.ip4.gtt.net 0.0%101.0   1.2   0.9   1.7   0.3

  4. ???  100.0100.0   0.0   0.0   0.0   0.0


>From TW

 mtr --report 199.19.120.1

Start: Mon Dec 14 17:24:57 2020

HOST: rtr-sunvalley   Loss%   Snt   Last   Avg  Best  Wrst StDev

  1.|-- 142.254.236.5  0.0%10   10.0   8.8   7.7  10.0   0.5

  2.|-- agg56.vnnzca2402h.socal.r  0.0%10   13.2  10.4   9.6  13.2   1.0

  3.|-- 72.129.14.86   0.0%10   15.9  14.1  10.3  17.7   2.2

  4.|-- ???   100.0100.0   0.0   0.0   0.0

Re: "Hacking" these days - purpose?

[Saku Ytti]

On Mon, 14 Dec 2020 at 19:12, Miles Fidelman  wrote:

> As to chess... I've begun to think that the game to master is now Go...
> capturing territory, not pieces, and instantaneous global state changes.

Now implies change, when, in your mind, this changed from Chess to Go?

-- 
  ++ytti

Re: "Hacking" these days - purpose?

[Mark Tinka]

On 12/14/20 19:08, Miles Fidelman wrote:

As to chess... I've begun to think that the game to master is now 
Go... capturing territory, not pieces, and instantaneous global state 
changes.


#TheQueensGambit :-).

Mark.

Re: "Hacking" these days - purpose?

[Miles Fidelman]

David Bass wrote:
It becomes more clear when you think about the options out there, and 
get a little creative.  Now a days it’s definitely chess that’s being 
played.
And here I thought the purpose of hacking is (still) having fun - you 
know... hacking.


As to chess... I've begun to think that the game to master is now Go... 
capturing territory, not pieces, and instantaneous global state changes.


Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and no one knows why.  ... unknown

Re: "Hacking" these days - purpose?

[Mark Tinka]

On 12/14/20 18:38, David Bass wrote:

It becomes more clear when you think about the options out there, and 
get a little creative.  Now a days it’s definitely chess that’s being 
played.


You're right, it really doesn't take much. Preying on humanity can yield 
great results.


One that has started springing up in my neck of the woods - to simplify 
car-jacking) - is to obtain a list of customers that subscribe to a 
vehicle tracking service. The thugs will then call a customer, claiming 
their tracking device is faulty and needs to be checked physically. The 
thugs will come to your home or office, tell you that in order to 
finalize the fix, they need to test drive your car. And boom, that's 
your car gone!


The hacking, now, IMHO, is to obtain user information to profile who is 
exploitable, and how. After that, low-tech rules.


Mark.

Re: "Hacking" these days - purpose?

[David Bass]

It becomes more clear when you think about the options out there, and get a
little creative.  Now a days it’s definitely chess that’s being played.

This Solarwinds thing is going to be extremely interesting.

On Mon, Dec 14, 2020 at 11:35 AM Mark Tinka  wrote:

>
>
> On 12/14/20 18:23, Ryland Kremeier wrote:
>
> I would have to disagree. Considering the amount of people who have
> bitcoin, and even less the amount of people who farm it, or have farmed it
> before it became so difficult. It seems much more likely that the
> wide-spread infiltrations of every-day systems is for information and DDoS
> over bitcoins.
>
> I seriously doubt it’s that hard to sell information to companies, as they
> most likely don’t care how you got that information.
>
>
>
> If information wasn’t key, whether it be for selling to another party, or
> scraping that data for easy to social engineer targets; then I also don’t
> think that fraudulent calls would be so prevalent these days. Where the
> main target is older people who will fall for their basic tricks and end up
> losing potentially thousands per person.
>
>
> Tend to agree.
>
> Despite all the advice and mindless videos out there to help people
> protect their data and/or not fall for basic scams, a lot of people still
> do.
>
> Humans' capacity to want to believe in and trust others is a strong avenue
> that the scammers exploit to get paid. More so the older folk, yes, but
> even the young, tech-savvy; particularly those who have been too busy
> flipping between apps to realize that the Internet can be a dangerous
> place.
>
> You'd be surprised how innovative and simple these scams are, and actually
> becoming less and less sophisticated, which makes them even more dangerous.
>
>
> Mark.
>

Re: "Hacking" these days - purpose?

[Mark Tinka]

On 12/14/20 18:23, Ryland Kremeier wrote:

I would have to disagree. Considering the amount of people who have 
bitcoin, and even less the amount of people who farm it, or have 
farmed it before it became so difficult. It seems much more likely 
that the wide-spread infiltrations of every-day systems is for 
information and DDoS over bitcoins.


I seriously doubt it’s that hard to sell information to companies, as 
they most likely don’t care how you got that information.


If information wasn’t key, whether it be for selling to another party, 
or scraping that data for easy to social engineer targets; then I also 
don’t think that fraudulent calls would be so prevalent these days. 
Where the main target is older people who will fall for their basic 
tricks and end up losing potentially thousands per person.




Tend to agree.

Despite all the advice and mindless videos out there to help people 
protect their data and/or not fall for basic scams, a lot of people 
still do.


Humans' capacity to want to believe in and trust others is a strong 
avenue that the scammers exploit to get paid. More so the older folk, 
yes, but even the young, tech-savvy; particularly those who have been 
too busy flipping between apps to realize that the Internet can be a 
dangerous place.


You'd be surprised how innovative and simple these scams are, and 
actually becoming less and less sophisticated, which makes them even 
more dangerous.


Mark.

RE: "Hacking" these days - purpose?

[Ryland Kremeier]

I would have to disagree. Considering the amount of people who have bitcoin, 
and even less the amount of people who farm it, or have farmed it before it 
became so difficult. It seems much more likely that the wide-spread 
infiltrations of every-day systems is for information and DDoS over bitcoins.

I seriously doubt it’s that hard to sell information to companies, as they most 
likely don’t care how you got that information.

If information wasn’t key, whether it be for selling to another party, or 
scraping that data for easy to social engineer targets; then I also don’t think 
that fraudulent calls would be so prevalent these days. Where the main target 
is older people who will fall for their basic tricks and end up losing 
potentially thousands per person.

-- Ryland

From: Laszlo Hanyecz
Sent: Monday, December 14, 2020 10:17 AM
To: nanog@nanog.org
Subject: Re: "Hacking" these days - purpose?

Bitcoin.

There wasn't much purpose to 'hacking' for a long time.  Even when
talking about DDoS stuff, it's still just temporary vandalism, it's only
an inconvenience, and it can be undone pretty quickly.  The whole idea
of providing security has been turned into a wink-wink scam where people
pretend to do busy work for money but everyone knows you'll still get
breached and it doesn't really matter, so long as you can blame it on
someone else and it's in the fine print.  Look at what a business DDoS
has become, both on the provider and the protection side.

Stealing data is also a thing but even that is not inherently valuable
unless you can blackmail the victim or sell it to a buyer. That kind of
business requires more skills than just computer hacking to pull off,
and carries a lot of risk in dealing with other humans who already know
you're a data thief.

This all changed with bitcoin, because now simply gaining access and
finding the data is the pay dirt and it can be claimed anonymously
without dealing with any other humans.

-Laszlo


On 2020-12-12 22:26, Peter E. Fry wrote:
>
> Simple question: What's the purpose of obtaining illicit access to
> random devices on the Internet these days, considering that a large
> majority of attacks are now launched from cheap, readily available and
> poorly managed/overseen "cloud" services?  Finding anything worthwhile
> to steal on random machines on the Internet seems unlikely, as does
> obtaining access superior (in e.g. location, bandwidth, anonymity,
> etc.) to the service from which the attack was launched.
>
>
> I was thinking about this the other day as I was poking at my
> firewall, and hopped onto the archives (here and elsewhere) to see if
> I could find any discussion.  I found a few mentions (e.g. "Microsoft
> is hacking my Asterisk???"), but I didn't catch any mention of
> purpose.  Am I missing something obvious (either a purpose or a
> discussion of such)?  Have I lost my mind entirely? (Can't hurt to
> check, as I'd likely be the last to know.)
>
>
> Peter E. Fry
>
>

Re: "Hacking" these days - purpose?

[Laszlo Hanyecz]

Bitcoin.

There wasn't much purpose to 'hacking' for a long time.  Even when 
talking about DDoS stuff, it's still just temporary vandalism, it's only 
an inconvenience, and it can be undone pretty quickly.  The whole idea 
of providing security has been turned into a wink-wink scam where people 
pretend to do busy work for money but everyone knows you'll still get 
breached and it doesn't really matter, so long as you can blame it on 
someone else and it's in the fine print.  Look at what a business DDoS 
has become, both on the provider and the protection side.


Stealing data is also a thing but even that is not inherently valuable 
unless you can blackmail the victim or sell it to a buyer. That kind of 
business requires more skills than just computer hacking to pull off, 
and carries a lot of risk in dealing with other humans who already know 
you're a data thief.


This all changed with bitcoin, because now simply gaining access and 
finding the data is the pay dirt and it can be claimed anonymously 
without dealing with any other humans.


-Laszlo


On 2020-12-12 22:26, Peter E. Fry wrote:


Simple question: What's the purpose of obtaining illicit access to 
random devices on the Internet these days, considering that a large 
majority of attacks are now launched from cheap, readily available and 
poorly managed/overseen "cloud" services?  Finding anything worthwhile 
to steal on random machines on the Internet seems unlikely, as does 
obtaining access superior (in e.g. location, bandwidth, anonymity, 
etc.) to the service from which the attack was launched.



I was thinking about this the other day as I was poking at my 
firewall, and hopped onto the archives (here and elsewhere) to see if 
I could find any discussion.  I found a few mentions (e.g. "Microsoft 
is hacking my Asterisk???"), but I didn't catch any mention of 
purpose.  Am I missing something obvious (either a purpose or a 
discussion of such)?  Have I lost my mind entirely? (Can't hurt to 
check, as I'd likely be the last to know.)



Peter E. Fry

Re: "Hacking" these days - purpose?

[Rich Kulawiec]

On Mon, Dec 14, 2020 at 09:58:01AM -0500, Tom Beecher wrote:
> Questionable cloud / VPS / hosting companies are great for spammers and
> botnet C, but not so great for DDoS "ion cannons". You still need a large
> volume of geographically diverse endpoints for those to be effective.

To piggyback on this: when launching a DDoS, diversity along multiple
axes is helpful: geography, topology, connectivity, operating system, etc.
Each additional form of diversity slightly raises the bar for defenders.

Also, every compromised device may be a source of useful/saleable data,
or the gateway to more of the same or to more valuable targets or to the
compromise of people.  The IoT is particularly fertile ground for this
because to a very good first approximation, "IoT security" is an oxymoron.

--rsk

Re: "Hacking" these days - purpose?

[James R Cutler]

The probable "purpose of obtaining illicit access to random devices on the 
Internet these days” is to create botnets to attack more lucrative targets or 
to employ them as gateway devices to provide access to local networks which may 
contain targets of interest.

James R. Cutler
james.cut...@consultant.com
GPG keys: hkps://hkps.pool.sks-keyservers.net



> On Dec 12, 2020, at 5:26 PM, Peter E. Fry  wrote:
> 
> 
> Simple question: What's the purpose of obtaining illicit access to random 
> devices on the Internet these days, considering that a large majority of 
> attacks are now launched from cheap, readily available and poorly 
> managed/overseen "cloud" services?  Finding anything worthwhile to steal on 
> random machines on the Internet seems unlikely, as does obtaining access 
> superior (in e.g. location, bandwidth, anonymity, etc.) to the service from 
> which the attack was launched.
> 
> 
> I was thinking about this the other day as I was poking at my firewall, and 
> hopped onto the archives (here and elsewhere) to see if I could find any 
> discussion.  I found a few mentions (e.g. "Microsoft is hacking my 
> Asterisk???"), but I didn't catch any mention of purpose.  Am I missing 
> something obvious (either a purpose or a discussion of such)?  Have I lost my 
> mind entirely?  (Can't hurt to check, as I'd likely be the last to know.)
> 
> 
> Peter E. Fry
> 
> 

RE: "Hacking" these days - purpose?

[Ryland Kremeier]

I think you’re coming at it the wrong way. It’s not going to be one, or a 
couple of dudes behind a screen like in the movies. It’s ran autonomously for 
as long as possible. Gathering information on easily accessible devices and the 
like. Any information gathered is information that can be sold, or used 
otherwise depending on what they’re grabbing.

-- Ryland

From: Peter E.Fry
Sent: Monday, December 14, 2020 8:55 AM
To: nanog@nanog.org
Subject: "Hacking" these days - purpose?


Simple question: What's the purpose of obtaining illicit access to
random devices on the Internet these days, considering that a large
majority of attacks are now launched from cheap, readily available and
poorly managed/overseen "cloud" services?  Finding anything worthwhile
to steal on random machines on the Internet seems unlikely, as does
obtaining access superior (in e.g. location, bandwidth, anonymity,
etc.) to the service from which the attack was launched.


I was thinking about this the other day as I was poking at my
firewall, and hopped onto the archives (here and elsewhere) to see if
I could find any discussion.  I found a few mentions (e.g. "Microsoft
is hacking my Asterisk???"), but I didn't catch any mention of
purpose.  Am I missing something obvious (either a purpose or a
discussion of such)?  Have I lost my mind entirely?  (Can't hurt to
check, as I'd likely be the last to know.)


Peter E. Fry

Re: "Hacking" these days - purpose?

[Tom Beecher]

Questionable cloud / VPS / hosting companies are great for spammers and
botnet C, but not so great for DDoS "ion cannons". You still need a large
volume of geographically diverse endpoints for those to be effective.

On Mon, Dec 14, 2020 at 9:52 AM Peter E. Fry  wrote:

>
> Simple question: What's the purpose of obtaining illicit access to
> random devices on the Internet these days, considering that a large
> majority of attacks are now launched from cheap, readily available and
> poorly managed/overseen "cloud" services?  Finding anything worthwhile
> to steal on random machines on the Internet seems unlikely, as does
> obtaining access superior (in e.g. location, bandwidth, anonymity,
> etc.) to the service from which the attack was launched.
>
>
> I was thinking about this the other day as I was poking at my
> firewall, and hopped onto the archives (here and elsewhere) to see if
> I could find any discussion.  I found a few mentions (e.g. "Microsoft
> is hacking my Asterisk???"), but I didn't catch any mention of
> purpose.  Am I missing something obvious (either a purpose or a
> discussion of such)?  Have I lost my mind entirely?  (Can't hurt to
> check, as I'd likely be the last to know.)
>
>
> Peter E. Fry
>
>
>

how many bits of entropy do we need for load balancing?

[Pascal Thubert (pthubert) via NANOG]

Dear all:

How many bits of entropy do we need for (ECMP) load balancing in the core?
This question has kept coming up regularly in many discussions and drafts at 
the IETF.

The IPv6 flow label is 20 bits but hardware implementations do their balancing 
only on a subset of that, e.g. 12 or 16 bits.

There are drafts for MPLS, BIER etc.. that provide their own entropy bit fields 
of various sizes.
I traced to a 6MAN discussion at IETF 78 a claim that 10 or 11 bits were enough.

Did someone do the actual exercise? It would be neat to align the IETF specs in 
the making to whatever truth may be established in the core.

Keep safe,

Pascal

"Hacking" these days - purpose?

[Peter E . Fry]

Simple question: What's the purpose of obtaining illicit access to 
random devices on the Internet these days, considering that a large 
majority of attacks are now launched from cheap, readily available and 
poorly managed/overseen "cloud" services?  Finding anything worthwhile 
to steal on random machines on the Internet seems unlikely, as does 
obtaining access superior (in e.g. location, bandwidth, anonymity, 
etc.) to the service from which the attack was launched.



I was thinking about this the other day as I was poking at my 
firewall, and hopped onto the archives (here and elsewhere) to see if 
I could find any discussion.  I found a few mentions (e.g. "Microsoft 
is hacking my Asterisk???"), but I didn't catch any mention of 
purpose.  Am I missing something obvious (either a purpose or a 
discussion of such)?  Have I lost my mind entirely?  (Can't hurt to 
check, as I'd likely be the last to know.)



Peter E. Fry