Posts by Marek Majkowski

Broken packets: IP fragmentation is flawed

Published on by Marek Majkowski.

As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be? CC BY 2.0 image by ajmexico, inspired by This is an old question and the IPv4 RFCs answer it pretty clearly. The idea was to split the

TLD glue sticks around too long

Published on by Marek Majkowski.

Recent headline grabbing DDoS attacks provoked heated debates in the DNS community. Everyone has strong opinions on how to harden DNS to avoid downtime in the future. Is it better to use a single DNS provider or multiple? What DNS TTL values are best? Does DNSSEC make you more or

Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras

Published on by Marek Majkowski.

Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications. They appear to come from an IoT botnet (like Mirai and relations) which were responsible for the large attacks against Brian Krebs. Our