Weekend Reads 120618

Paris Traceroute allows you to deterministically measure particular paths by setting particular flow IDs — effectively setting combinations in packet headers to be treated consistently by routers on a path. Using this trick to run many traceroutes with different flow IDs to a target may reveal an entire topology, but without extra logic, it may involve tens of thousands of traceroute packets to do so. Many of those packets will be sent over hops that never change, making those packets redundant while also consuming bandwidth and time. —Kevin Vermeulen @APNIC

So, when people talk about serverless, what does it mean? Well, it doesn’t mean servers are GONE. Of course not: That “client-server model” is still the backbone of how things are getting done. Serverless refers to a developer’s ability to code, deploy, and create applications without having to know how to do the rest of it, like rack the servers, patch the operating system, and create container images. —Jen Wike Huger @opensource.com

The average size of Distributed Denial of Service (DDoS) attacks — where attackers seek to take down a website, application, or infrastructure by flooding it with requests — increased by 24% in 2018. In addition, the attack peak sizes have skyrocketed, as the memcached-based attacks that started in February 2018 ushered in the terabit era of attacks with a 1.7 Tbps attack in late February. —Steinthor Bjarnason @APNIC

In 2018, there was a large upswing in attacks using SSDP reflection, where the UDP source port wasn’t 1900 but a random value. To make a long story short, this is due to a bug in a popular Linux library called libupnp, which is included in most customer premises equipment (CPE) used to connect consumers to the Internet. These kinds of attacks are referred to as ‘SSDP diffraction’ to distinguish them from normal SSDP attacks. —Steinthor Bjarnason @APNIC

Many of the attack vectors that are used for DDoS attacks use services that are usually not sent across the Internet. Among those are SSDP, memcached, chargen and others. In addition, protocols like NTP, which are commonly used across the Internet, generate very little traffic and should not be allowed at high volumes. —Steinthor Bjarnason @APNIC

It looks like the smartphone party has come to an end. The slow down which began in the 2013/2014 timeframe has shifted to decline phase with fewer smartphones sold in 2017 as compared to the 2016 numbers. @CircleID

What if a hyperscale rack designer decided not to locally optimize legacy form factors for thermal management, but instead to start over and design a rack based on optimizing thermal efficiency? —Paul Teich @The Next Platform