APNIC Logo The APNIC 55 meeting was held in Manila, Philippines from 20th Feb to 02nd March 2023. The meeting was hosted by PhNOG, The Philippine Network Operators Group (PhNOG) and supported by DOST- Advanced Science and Technology Institute. Every year, APNIC ...
Continue..."A thank you note is the simplest form of showing gratitude". I am both humbled and honored that you have placed your confidence and support in me by electing me for the NRO NC Member and NIR SIG Co-Chair position. I sincerely thank you for casting your valuable vote ...
Continue...In this post, i will talk about configuring firefox browser to use DoH and not to fallback to OS native resolver Step 1 :- Configure DoH like the way it is mentioned here - https://support.mozilla.org/en-US/kb/firefox-dns-over-https . I am using https://doh.nkn.in/dns-query ....
Continue...An IP rating must begin with 5 for partial dust protection or 6 for complete dust protection. The IP rating is two digits, with the first and second digit defined as follows: First Digit (intrusion protection) 0. (or X - see section below): No special protection. Not rated ...
Continue... Are NIRs limiting the nation’s say in APNIC
governance policies?
(NIR: Boon or Bane – Is APNIC policy of Members Voting Rights
doing the Justice with NIRs and Corresponding Countries)
History of ROOT-SERVERS (A Journey from 4 nodes to 13 nodes at present)
Continue..."Availability of 5 GHz WLAN Channels in India under unlicensed band in India, Wireless Planning and Coordination Wing of Department of Telecom, under Ministry of Communication takes care of licensing of radio frequencies....
Continue..."With the evolution of IoT (Internet of Things), devices that connect wirelessly have increased many folds. From webcams, Smartwatches, fitness bands, firestick, Alexa, Google Home, and many more.., everything is going wireless for connectivity and so does the security threat...
Continue...IEEE-802.11n wireless standard uses multiple antennas for high data transmission..
Continue...This Document will explore the terms used in Wireless Communication...
Continue...The access points installed at T3, IGI Airport, New Delhi are of Cisco make, Internal access points with internal antennas. This is depicted in the below images – Cisco access points can be installed in two modes –
Continue...Today i come across a funny domain, name bad.horse; Its funny not because of its name but because of the certificate chain and traceroute to this domain. Both subCA hierarchy and tracroute, has the full lyrics of Bad Horse song. Interesting stuff and amazing use of technology.
Continue...Here we will discuss the flaw in the ServerKeyExchange messages of the TLS protocol which caused the Logjam attack over TLS while using Diffie-Hellman Key Exchange. Before SSLv3, we don't use to authenticate the
Continue...FREAK attack allows an attacker to intercept the SSL/TLS traffic between the vulnerable client & server and force them to use week encryption, typically Export Grade encryption (i.e, 512 bit RSA key exchange)..
Continue...What is export grade cryptography ? Since World War II, many countries including the U.S., U.K. and others, have regulated the export of cryptography in the interest of national security till 1992. Those countries used to believe that they had developed more advanced cryptographic solution than others and they wished to monitor the communication of other countries and hence restricted the advanced cryptographic solution to other nations, by their companies. Restriction had been eased down in 1992 and in 2000 but some are still there. Only those cryptography solutions which can be breaked by security agencies, were allowed to export and were known as Export Grade Cryptography. Ciphers itself are not of Export Grade as they properly follows algorithms. It is the use of cryptographic keys that are deliberately weekend so that security agencies can crack them as and when needed. The export-grade encryption had 512 bits, the maximum allowed under U.S. restrictions de...
Continue...
Please follow the below articles for IP to Country Mapping in Wireshark :-
https://www.wireshark.org/lists/wireshark-dev/200902/msg00154.html
https://wiki.wireshark.org/HowToUseGeoIP..
TLS does not provide a mechanism for a client to tell a server the name of the server it is contacting. It may be desirable for clients to provide this information to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address..
Continue...The extra latency and computational costs of the full TLS handshake impose a serious performance penalty on all applications that require secure communication. To help mitigate some of the costs, TLS provides an ability to resume or share the same negotiated secret key data between multiple connections..
Continue...Before the client and the server can begin exchanging application data over TLS, the encrypted tunnel must be negotiated: the client and the server must agree on the version of the TLS protocol, choose the cipher suite, and verify certificates if necessary. Unfortunately, each of these steps requires new packet roundtrips between the client and the server, which adds startup latency to all TLS connections.
Continue...HTTP is a protocol used to exchange or transfer hypertext. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. Tim Berners-Lee and his team at CERN are credited with inventing the original HTTP along with HTML and the associated technology for a web server and a text-based web browser.
Continue...SPDY (pronounced as SPeeDY) :- SPDY is an experimental protocol developed at Google, designed to reduce the latency of web pages. Specifically, its goal is to address the limitations of HTTP/1.1 and to remove existing bottlenecks like:- - head of line blocking, - inefficient use of underlying TCP connections, - and header bloat SPDY achieves reduced latency through compression, multiplexing, and prioritisation. The name "SPDY" is a trademark of Google and is not an acronym..
Continue...A cipher suite is a named combination of authentication , encryption , message authentication code (MAC) and key exchange algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol..
Continue...Transport Layer Security (TLS) is a successor of Secure Sockets Layer (SSL) and its a cryptographic protocol used for establishing an encrypted link between a Server and a Client over a public network. They use X.509 certificates and hence asymmetric cryptography to authenticate the certificate holder to its clients, and to negotiate a symmetric session key...
Continue...NIC IPv6 DNS Measurement Measuring who all are querying for nic.in or gov.in domain, what they are querying for and from where they are querying. NIC had tested its IPv6 connectivity with internet peers on June 8, 2011 (World IPv6 day) and next year on World IPv6 Launch Day (June 6, 2012), we had launched our IPv6 DNS Server (having address 2405:8A00:1000::2) along with some websites...
Continue...From whichever part of the world you belong, no matter what is your mother tongue, if you are reading this post, this means you understands English. Nearly half of the world doesn't know English But still accessing Internet was not very much friendly for those non-English speaking community to an extent due to the limitation of only having ASCII characters in domain names until few years back...
Continue...DNS Background The Domain Name System Protocol was first designed in 1980s and after that various features has been added while maintaining the compatibility with earlier versions of the protocol. DNS Packet was restricted to UDP 512 bytes in the early releases while keeping in mind the minimum MTU size is of 576 bytes in IPv4...
Continue...Both PGP and S/MIME protocols are used for authentication and privacy of messages over internet. S/MIME protocol refers to Secure/Multipurpose Internet Mail Extensions which has been incorporated in the various main exchange software, incl. Outlook, Thunderbird & others And also incorporated in all major browsers (chrome, Mozilla, IE and others)...
Continue...Google Public DNS Servers i.e., 8.8.8.8 (which are running in Anycast mode) was hijacked on 16th of March 2014 for the Internet users of Venezuela and Brazil for nearly 22 mins. Google's Public DNS servers are used for "130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day."..
Continue...Domain Name Service (or Server or System) is an internet service that translate easily memorized domain names into IP numbers and vice-versa. DNS Servers can be better understands as Yellow page directory to the Internet. Every ISP runs DNS services for their customers and users. A user can also runs DNS service for its own. ..
Continue...IP or Internet Protocol, is the primary network protocol used on the Internet, introduced by Vint Cerf and Bob Kahn in 1974. IP version 0 to 3 was introduced and used between 1974 and 1979. After changes and refinements in initial IP protocol, version 4 was introduced in 1981, commonly known as IPv4, described in RFC 791 , which become the backbone of Whole Internet in no time..
Continue...Best Current Practices in for IPv6 Address Allocation This Best Practices document aims to provide IPv6 Address allocation guidelines that a network operator can follow while planning the IPv6 sub-netting for its network (based on the issues faced and learning’s from IPv6 implementation in NKN and NIC network)...
Continue...DIG is a command-line tool for querying DNS Name Server (similar to nslookup utility available in Windows and host utility). dig utility can be used for querying DNS about the host address (both A and AAAA), name server(NS), mail exchange(MX), Pointer Record(PTR), SOA (Start Of Authority) and others...
Continue...DIG is a domain query tool and a part of BIND package of ISC. Using dig is very simple in Linux but is little bit tricky to use the same in Windows. I have tried to do the same and sharing you the steps which i follow for configuring the dig in my windows machine...
Continue...There was a time when we use to get a call from marketing companies selling blah-blah products and these calls were the last call we want to receive. Then comes a National Do Not Call and we get a rid of these marketing calls. But what about internet. Big internet marketing companies (like Google and others) whose business base is marketing and selling ads are tracking us...
Continue...National Knowledge Network The NKN is a state-of-the-art multi-gigabit pan-India network for providing a unified high speed network backbone for all knowledge related institutions in the country. The purpose of such a knowledge network goes to the very core of the country's quest for building quality institutions with requisite research facilities and creating a pool...
Continue...Wi-Fi is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections. Wireless networks operate using radio frequency (RF) technology, a frequency within the electromagnetic spectrum associated with radio...
Continue...A Root name server is a name server for DNS root zone. Every new DNS query resolved by our local resolver first goes to Root Name Server and then root name server directs it to required domain server. This means that if in any case, root name servers goes down, then whole internet goes down (don't worry this cannot be done so easily as most of root name servers...
Continue...