Updates

Internet protocol (IP) numbers

2018

The Internet Society has released the ‘State of IPv6 Deployment 2018’ report, which looks at the progress made in the deployment of Internet Protocol version 6 (IPv6) across countries, networks, and service providers around the world. Over 25% of all Internet-connected networks advertise IPv6 connectivity, and the top 10 countries using the new protocol include Belgium, Greece, Germany, the USA, Uruguay, India, Switzerland, Japan, Malaysia, and Brazil. Cited Google statistics reveal that 49 countries deliver more than 5% of their traffic over IPv6, and that there are 24 countries whose IPv6 traffic exceeds 15%. Among Alexa's top 1000 global websites, 28% are accessible via IPv6 (an increase from 23% in 2017). Among the existing 1543 top-level domains, 98.4% have an IPv6 name server addressed and can be accessed using either IPv4 or IPv6. The report notes that more work is needed to drive IPv6 deployment in many countries and that numerous networks have IPv6 on their backbone, but not provided to their end-users. It also argues that 'increasingly, IPv4 is an unnecessary cost and a speculative asset'.

The US Department of Commerce and the Department of Homeland Security have released a draft report on 'Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats'. The report comes in response to President Trump's Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (from May 2017). It looks at challenges and opportunities in reducing the botnet threats that 'capitalise on the sheer number of Internet of Things devices', with goals related to a more secure technology marketplace, innovations in network infrastructure and applications, coalitions among security and technical communities on national and international level, and awareness and education. It outlines several recommendations, such as: establish broadly accepted baseline security profiles for IoT devices in home and industrial applications, and promote international adoption through bilateral arrangements and the use of international standards including IPv6 implementation; more efforts from the industry to develop innovative solutions for preventing and mitigating distributed threats; collaboration between government and industry to ensure existing best practices, frameworks, and guidelines relevant to IoT are more widely adopted; and promoting the international adoption of best practices and relevant tools through bilateral and multilateral international engagement efforts. The report is open for public comment until mid February 2018.

2017

A study conducted by a team of researchers at the University of Carolina San Diego, Saarland University, and University of Twente has revealed that one third of all IPv4 address space estimated to be in use have been affected by at least one denial-of-service (DoS) attack over the past two years. The researchers based their study on data from four global Internet measurement sources: backscatter traffic to a large network telescope; logs from amplification honeypots; a Domain Name System (DNS) measurement platform covering 60% of the current namespace; and a DNS-based data set focusing on DDoS Protection Services (DPS) adoption. Other main findings of the report: often targets are simultaneously hit by different types of attack; web servers were the most prominent DoS attack target; and an average of 3% of domain names registered in .com, .net, and .org were involved in DoS attacks daily; the most commonly targeted countries were the USA, China, Russia, France, and Germany.

The five Regional Internet Registries (RIRs) have each been allocated the equivalent of a /20 of IPv4 address space from the Internet Assigned Numbers Authority (IANA). These allocations have been made from IANA’s recovered IPv4 pool, in line with a global policy adopted in May 2012. The recovered IPv4 pool which contains fragments left over in the IANA inventory after the last /8s of the IPv4 space are delegated to the RIRs, and IPv4 addresses returned to IANA by any means.

Following news that the US Department of Justice (DoJ) had requested a hosting company (DreamHost) to provide the IP addresses of visitors to a website used to organise anti-Trump inauguration protests, the DoJ has modified and narrowed down its initial request for information from the company. In a reply to the court, the DoJ explains that, at the time of the initial request, it was not aware of several details regarding the website and extent of visitor data maintained by DreamHost, and that it ‘has no interest in records related to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and opposition brief’. In the light of this new information, the DoJ modified its request to state, among others, that: ‘DreamHost should not disclose records that constitute HTTP request and error logs’. In reaction, the hosting company said that, now, ‘visitors’ IP addresses are largely safe’, but that it goes ahead with its filling against the request, as ‘there are still a few issues we consider to be problematic’.

DreamHost, a Los Angeles-based hosting company, has announced that it had been requested by the US Department of Justice (DoJ) to provide information about one of the company’s customers’ websites. The website in case was used to organise participants of political protests against the current US administration, and DreamHost has been asked to provide all information available to the company about the website, its owner, and its visitors. As explained by DreamHost, the request involves ‘1.3 million visitor IP addresses, in addition to contact information, email content, and photos of thousands of people, in an effort to determine who simply visited the website’. DreamHost challenged the DoJ on its warrant, arguing that rights such as privacy and freedom of expression are at stake. In reaction, the DoJ has filed a motion in the Washington DC Superior Court asking for an order to compel DreamHost to provide the required information. The company has filed legal arguments in opposition of the DoJ request, and a court hearing on the matter will be held on 24 August. [Update] The DoJ modified its request for information and stated it was not interested in IP addresses.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top