Black Hat: Researcher creates Net neutrality test
The technique will eventually be offered as a free software tool
IDG News Service - A Seattle-based security researcher has devised a way to test for Net neutrality.
Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, today at the Black Hat USA security conference in Las Vegas. The software can tell whether computers are treating some types of TCP/IP traffic better than others -- dropping data that is being used in voice-over-IP (VoIP) calls or treating encrypted data as second-class, for example.
The U.S. Congress is presently debating whether to enact Net neutrality laws that would prevent this from happening. Net neutrality would force Internet service providers such as AT&T Inc. and Comcast Corp. to give all Internet traffic the same quality of service. Advocates of these laws say they are essential to preserving the openness that has made the Internet a success. Broadband providers say that such laws could prevent them from developing a new generation of services.
Kaminsky calls his technique "TCP-based active probing for faults." He says that the software he's developing will be similar to the Traceroute Internet utility that is used to track what path Internet traffic takes as it hops between two machines on different ends of the network.
But unlike Traceroute, Kaminsky's software will be able to make traffic appear as if it is coming from a particular carrier or is being used for a certain type of application, like VoIP. It will also be able to identify where the traffic is being dropped and could ultimately be used to finger service providers that are treating some network traffic as second-class.
At this week's Black Hat conference, Kaminsky will show how to perform a basic version of TCP-based Active Probing using currently available tools. He said in an interview yesterday that he will release his own, more sophisticated software sometime within the next six months as part of a free suite of tools called Paketto Keiretsu Version 3.
The security researcher said he is curious to see what people do with his software. "People are going to start looking [at networks] and who knows what they are going to find," he said.
Already, a handful of carriers have tried blocking certain types of Internet services. In March 2005, the Federal Communications Commission fined Madison River Communications Corp. $15,000 for blocking Vonage Holdings Corp.'s VoIP service. Since then, the FCC has changed its broadband carrier requirements, and it's unclear whether it would again issue a similar fine.
Kaminsky said he believes that Net neutrality will eventually become law and that the type of software he is developing will help keep the carriers honest. "If you're going to enforce by law that networks be neutral, the question becomes, 'How do you test for this?'" he said. "I'm going to make sure that the tools are going to be in place."
Kaminsky plans to post information on TCP-based active probing for faults at www.doxpara.com.
- IT Blogwatch Black Hat net neutrality test (and odd Google Earth uses)
- C.J. Kelly: 'Go West' -- Don't go wireless at Black Hat
- IT Blogwatch: Net neutrality: Senate sedated (and expensive dialog box)
- C.J. Kelly: I'm going to Black Hat!
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you like your iPhone, you can keep your iPhone. Period.
President Obama has revealed that he's not permitted to carry an iPhone. It's too insecure for the job, he says. Instead, he's stuck with a BlackBerry. Well, someone's got to have one still. However, it turns out that the Pentagon has also outlawed non-BlackBerry smartphones. In IT Blogwatch, bloggers joke that 2006 called and they want their smartphones back.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- IT Infrastructure-as-a-Service enables agile responses to constantly changing threats. All Government IT White Papers
- Video: 5 Secrets To Scaling Enterprise Apps Watch this video to learn how to successfully scale enterprise apps>>
- Collaboration 2013: Where Mobility Meets Connectivity Mobility and collaboration are quickly converging and users are demanding more capabilities. It's no longer enough to enable file sharing. This Webcast dives...
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.