Tim and I are taking a few days off, so enjoy the holidays with your loved ones .
Wednesday, December 24, 2025
Tuesday, December 23, 2025
The Internet Protocol Journal Volume 28, No.3, December 2025
The latest issue of the Internet Protocol Journal mixes technical thinking with some big-picture debates about where the Internet is headed. It kicks off with the editor’s notes and then dives straight into security and governance topics, including an article on how to protect a truly borderless Internet. A major theme in this issue is Internet governance, highlighted by two opposing pieces that ask whether the traditional “multistakeholder” model is breaking down—or if reports of its death are greatly exaggerated.
Beyond those heavier discussions, the issue also slows things down a bit with a thoughtful book review of Geopolitics at the Internet’s Core, which looks at how global politics shape the Internet’s infrastructure and decision-making. There’s also a memorial piece honoring Fearghas McKay, recognizing his impact on the networking community. Shorter sections like Fragments and Thank You! add some lighter, reflective moments between the more serious articles.
Overall, this IPJ issue strikes a nice balance between deep technical insight and broader reflections on policy, security, and the people behind the protocols. It’s a solid read for anyone who wants to stay informed not just about how the Internet works, but how it’s governed—and where it might be headed next.
click here or the above image for this issue
Monday, December 22, 2025
Saturday, December 20, 2025
Digital Aftershocks: How DDoS Attacks Are Reshaping the Cyber Battleground
The latest NETSCOUT DDoS Threat Intelligence Report (Issue 15: Findings from 1H 2025) paints a stark picture of how distributed denial-of-service (DDoS) attacks have evolved from occasional nuisances to potent instruments of disruption and geopolitical influence. In just the first half of 2025, more than 8 million DDoS attacks were recorded worldwide, with extreme bursts reaching 3.12 Tbps in bandwidth and 1.5 Gpps in packet throughput, underscoring the sheer scale and ferocity of modern attack campaigns. NETSCOUT
A key takeaway from the report is the increasing sophistication and diversity of DDoS threats. Long-standing groups like NoName057(16) continue to launch high-impact campaigns, while emerging actors such as DieNet and Keymous+ leverage DDoS-as-a-service platforms that lower barriers to entry for attackers. These campaigns often coincide with major geopolitical flashpoints and are powered by vast, adaptive botnets that exploit vulnerabilities in IoT devices, servers, and routers.
Beyond sheer volume and complexity, the report highlights how DDoS attacks are now weaponized in conjunction with political and social events, allowing hacktivists and other threat actors to amplify their impact. Attacks average around 18 minutes in duration, but even short bursts can inflict significant disruption on targeted infrastructure and the broader networks that depend on it. The report also shows regional variations in attack intensity and patterns, emphasizing the global and uneven nature of the threat landscape.
Finally, NETSCOUT stresses that the collateral damage from these attacks extends far beyond primary targets. Service providers and enterprises alike feel the ripple effects as traditional defenses struggle to keep pace with AI-enhanced automation, multi-vector strategies, and readily accessible attack services. The report underscores the importance of real-time intelligence, adaptive mitigation tools, and comprehensive visibility into internet traffic to stay ahead of evolving DDoS campaigns.
Friday, December 19, 2025
Stop Packet Hoarding: Why Enabling DHCP Logs Will Save Your Sanity
DHCP logs tell a clean, simple story: who asked for an address, when they asked, what they got, and why they maybe didn’t get one. You can immediately see failed requests, exhausted scopes, duplicate MAC addresses, or clients that just won’t stop asking nicely. Instead of squinting at hex values and scrolling past ARP chatter, you get human-readable entries that point straight to the problem. It’s the difference between reading a police report and watching every security camera in the city at once.
Another big win is time and storage. Packet captures grow fast and get unwieldy even faster. You capture too little and miss the issue, or capture too much and now you’re archiving a multi-gigabyte file named “dhcp_final_FINAL_v3.pcapng.” DHCP logs, on the other hand, are lightweight and continuous. You can leave them on without worrying about disk space or explaining to management why the firewall suddenly needs more storage than the file server.
That’s not to say packet captures are useless—sometimes you really do need the chainsaw. But for day-to-day DHCP troubleshooting, logs are faster, clearer, and far less likely to make you question your career choices at 2 a.m. Enable DHCP logging first, solve the problem in minutes, and save packet captures for when things get truly weird. Your future self, staring at fewer packets and drinking better coffee, will appreciate it.
here is an example of enabling DHCP
logging on a Ubqiuiti Edgrouter that is acting as a DHCP server.
configure
set service dhcp-server global-parameters 'log-facility local2;'
set system syslog file dhcpd facility local2 level debug
set system syslog file dhcpd archive files 5
set system syslog file dhcpd archive size 5000
commit; save
exit
After applying the changes, you can view the DHCP log with:
show log file dhcpd
Here is some sample output - before you freak out, do your dhcp homework
@Georgetown:~$ show log file dhcpd
Dec 11 09:57:58 Georgetown dhcpd3: uid lease 10.44.10.173 for client e8:ca:c8:57:fb:4c is duplicate on 10.44.10.0
Dec 11 09:57:58 Georgetown dhcpd3: DHCPDISCOVER from e8:ca:c8:57:fb:4c via eth2
Dec 11 09:57:58 Georgetown dhcpd3: DHCPOFFER on 10.44.10.37 to e8:ca:c8:57:fb:4c via eth2
Dec 11 09:58:12 Georgetown dhcpd3: uid lease 10.44.10.173 for client 24:3f:75:dd:af:38 is duplicate on 10.44.10.0
Dec 11 09:58:12 Georgetown dhcpd3: DHCPDISCOVER from 24:3f:75:dd:af:38 via eth2
Dec 11 09:58:12 Georgetown dhcpd3: DHCPOFFER on 10.44.10.36 to 24:3f:75:dd:af:38 via eth2
Dec 11 09:58:42 Georgetown dhcpd3: DHCPDISCOVER from 3c:7a:aa:9a:c3:8f via eth2
Dec 11 09:58:43 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 3c:7a:aa:9a:c3:8f via eth2
Dec 11 09:58:45 Georgetown dhcpd3: DHCPDISCOVER from 84:c8:a0:d3:b8:2e via eth2
Dec 11 09:58:45 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 84:c8:a0:d3:b8:2e via eth2
Dec 11 10:02:59 Georgetown dhcpd3: uid lease 10.44.10.173 for client e8:ca:c8:57:fb:4c is duplicate on 10.44.10.0
Dec 11 10:02:59 Georgetown dhcpd3: DHCPDISCOVER from e8:ca:c8:57:fb:4c via eth2
Dec 11 10:02:59 Georgetown dhcpd3: DHCPOFFER on 10.44.10.37 to e8:ca:c8:57:fb:4c via eth2
Dec 11 10:03:13 Georgetown dhcpd3: uid lease 10.44.10.173 for client 24:3f:75:dd:af:38 is duplicate on 10.44.10.0
Dec 11 10:03:13 Georgetown dhcpd3: DHCPDISCOVER from 24:3f:75:dd:af:38 via eth2
Dec 11 10:03:13 Georgetown dhcpd3: DHCPOFFER on 10.44.10.36 to 24:3f:75:dd:af:38 via eth2
Dec 11 10:03:43 Georgetown dhcpd3: DHCPDISCOVER from 3c:7a:aa:9a:c3:8f via eth2
Dec 11 10:03:44 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 3c:7a:aa:9a:c3:8f via eth2
Dec 11 10:03:45 Georgetown dhcpd3: DHCPDISCOVER from 84:c8:a0:d3:b8:2e via eth2
Dec 11 10:03:45 Georgetown dhcpd3: DHCPOFFER on 10.44.10.173 to 84:c8:a0:d3:b8:2e via eth2
Dec 11 10:08:00 Georgetown dhcpd3: uid lease 10.44.10.173 for client e8:ca:c8:57:fb:4c is duplicate on 10.44.10.0
Subscribe to:
Comments (Atom)
Popular post
-
I just wanted to take a few minutes to share the results of some of the "Capture Limit" testing I have been doing in my lab. These...
-
From Betty's Linkedin post I've updated my profiles! I've now got over 300 hashtag # Wireshark display filters to share. I had...
-
Everyone loves a reference sheet and this one is very helpful since GREP is so under utilized Found this on www.sysxplore.com my favori...
