Andreas Taudte17h ago

In his @ripencc article, Danny Lachos argues that traditional network visibility is no longer enough, because operators need to understand not just where traffic flows, but which applications are actually behind it. By correlating #DNS, #NetFlow, and #BGP data, the approach aims to map traffic to application and #CDN in a scalable way without relying on #DPI:
https://labs.ripe.net/author/danny-lachos/beyond-the-network-view-dns-driven-application-visibility/

#FlowDNS is a reference implementation by Aniss Maghsoudlou:
https://github.com/maganiss/FlowDNS

Unredacted 🗽23h ago

We're now on the Kansas City Internet Exchange

Come exchange packets with us 🔄

https://www.peeringdb.com/net/37608

#BGP #Networking #Internet

PeeringDB

The Interconnection Database

GripNews1d ago
🌗 BGP協定現在安全了嗎?
➤ 透過 RPKI 認證機制,築起網際網路路由的安全防線
https://isbgpsafeyet.com/
邊界閘道協定(BGP)作為網際網路的「郵政系統」,負責為數據選定最佳路徑,然而其先天設計缺乏安全性,導致全球網路經常面臨幹擾風險。Cloudflare 指出,唯有透過名為 RPKI 的認證體系,纔能有效防堵惡意路由注入。近年來,隨著全球各大電信商與網際網路服務供應商(ISP)如 Verizon、Comcast 與 Sparkle 等陸續加入防護行列,採用 RPKI 源位址驗證(Origin Validation)並過濾無效路由,網際網路的安全基石正在逐步強化。
+ 網路底層架構的演進總是異常緩慢,看到這麼多大型營運商終於開始過濾無效路徑,總算讓人對網際網路的可靠性稍微放心了一些。
+ RPKI 固然重要,但這終究是一個去中心化的挑戰,如果還有大型 ISP 不跟進,整個路由體系的脆弱點依然存在。
#網路安全 #路由安全 #BGP #RPKI
Is BGP safe yet? · Cloudflare

On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). Unfortunately, issues with BGP have led to malicious actors being able to hijack and misconfigure devices leading to security problems which have the potential to cause widespread problems. BGP security can be greatly improved by using technologies such as RPKI to sign Internet routes. This page attempts to track the progress of major Internet players (ISPs, transit operators, and content providers) in their progress to adopt RPKI and other technologies.

Job Bautista1d ago
Unfortunately, my internet provider #PLDT does not implement #BGP safely. Check out https://isbgpsafeyet.com/ to see if your #ISP implements BGP in a safe way or if it leaves the #internet vulnerable to malicious route hijacks.
Is BGP safe yet? · Cloudflare

On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). Unfortunately, issues with BGP have led to malicious actors being able to hijack and misconfigure devices leading to security problems which have the potential to cause widespread problems. BGP security can be greatly improved by using technologies such as RPKI to sign Internet routes. This page attempts to track the progress of major Internet players (ISPs, transit operators, and content providers) in their progress to adopt RPKI and other technologies.

N-gated Hacker News1d ago
🚀 Ah, the noble quest to secure the Internet's mailman! 🌍 #BGP is still as safe as letting toddlers handle your bank transactions. But fear not, because #ISPs will definitely implement #RPKI and save the day...right after they solve world peace and cure aging. 😂
https://isbgpsafeyet.com/ #InternetSecurity #CyberSecurity #Humor #HackerNews #ngated
Is BGP safe yet? · Cloudflare

On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). Unfortunately, issues with BGP have led to malicious actors being able to hijack and misconfigure devices leading to security problems which have the potential to cause widespread problems. BGP security can be greatly improved by using technologies such as RPKI to sign Internet routes. This page attempts to track the progress of major Internet players (ISPs, transit operators, and content providers) in their progress to adopt RPKI and other technologies.

Hacker News1d ago

Is BGP Safe Yet? No. Test Your ISP

https://isbgpsafeyet.com/

#HackerNews #BGP #Safety #InternetSecurity #ISPTesting #Cybersecurity #NetworkSafety

Is BGP safe yet? · Cloudflare

On the Internet, network devices exchange routes via a protocol called BGP (Border Gateway Protocol). Unfortunately, issues with BGP have led to malicious actors being able to hijack and misconfigure devices leading to security problems which have the potential to cause widespread problems. BGP security can be greatly improved by using technologies such as RPKI to sign Internet routes. This page attempts to track the progress of major Internet players (ISPs, transit operators, and content providers) in their progress to adopt RPKI and other technologies.

Show threadNLnet Labs1d ago

The decision to move away from mailing lists was not taken lightly.

We made several tries in the past to find capable mailing list hosting providers and either they were not ticking all our boxes or we had to migrate back to our own self-hosting situation.

Since we are a small developer-focused team, any IT-like activities, in particular emergency ones, would take focus away from things that actually need priority: maintaining mission critical #DNS and #BGP software.

#OpenSource

Habr3d ago

Страшно, когда не видно: аудит сетевых устройств

Представьте, что вы не знаете, какие устройства подключены к вашей сети, как они настроены и что там происходит. Страшно? Ещё бы! Многие компании как раз так и живут — не уделяют внимания аудиту сетевого оборудования. А зря. Без такой инвентаризации невозможно ни нормально управлять ИТ-инфраструктурой, ни защититься от угроз. Мы наблюдаем в инфраструктуре клиентов это так часто, что поняли – нужно выдать базу. Мы – это руководитель практики развития MaxPatrol Carbon Константин Маньяков и эксперт центра безопасности (PT ESC) Данил Зарипов, и в этой статье мы будем разбираться в ключевых аспектах аудита сетевых устройств, его роли в построении эффективного управления активами и повышении уровня защищенности ИТ-инфраструктуры.

https://habr.com/ru/companies/pt/articles/1016806/

#maxpatrol_carbon #ptesc #pci_dss #cdp #lldp #mitm #arpspoofing #edr #bgp #nat

Страшно, когда не видно: аудит сетевых устройств

Представьте, что вы не знаете, какие устройства подключены к вашей сети, как они настроены и что там происходит. Страшно? Ещё бы! Многие компании как раз так и живут — не уделяют внимания аудиту...

Хабр
John Kristoff6d ago

Weekend Reads

* DNS parser overflow in Zephyr
https://www.0xkato.xyz/CVE-2026-1678-DNS-Parser-Overflow-in-Zephyr/
* Telegram bots measurement survey
https://arxiv.org/abs/2603.24302
* AS-path prepending for anycast optimization
https://arxiv.org/abs/2603.21082
* Building the largest data center
https://spectrum.ieee.org/5gw-data-center
* OpenBSD init system and boot process
https://overeducated-redneck.net/blurgh/openbsd-init-system.html

#DNS #Telegram #BGP #AI #OpenBSD

CVE-2026-1678: DNS Parser Overflow in Zephyr

A walkthrough of CVE-2026-1678, a critical out-of-bounds write in Zephyr’s DNS name parser caused by a stale bounds check

0xkato
Tomas 🐧6d ago

I've been mentioning my little hobby project Netpulse a few times, so I wrote a blog post about it now.

https://as215855.net/posts/building-netpulse

#homelab #ipv6 #networking #bgp

AS215855 - Network Engineering Blog