Cease and DE-CIX: German internet operator fights spies, IEEE eyes 802.11 future and more
Also: Juniper and the gang plus AI network research tools
Roundup German internet exchange operator DE-CIX has again attempted to block the country's spy agency from tapping its network – this time by filing a constitutional complaint.
The company brought a federal court lawsuit in 2016 that it lost in May this year, and late last week it was seen trying again.
Reuters wrote that DE-CIX issued a statement quoting board member Klaus Landefeld saying: "For us, the decision by the Federal Administrative Court to dismiss the case without consideration of the objections raised is legally not acceptable".
Rather than performing targeted surveillance, the BND gets a raw data stream from DE-CIX, essentially a mirror of all the traffic it has handled.
DE-CIX's new filing could be picked up by the Federal Administrative Court, which previously tossed DE-CIX's complaint. A second rejection would give the company the chance to escalate its case to a constitutional court.
Landefeld also said: "The violations of the principle of the secrecy of correspondence and telecommunications which were comprehensively demonstrated and argued in our lawsuit were not even dealt with by the Federal Administrative Court in the process. This is, for us, inexplicable."
Shodan-scan SD-WANs, but only for good please
You've always wanted a Shodan-style scan for SD-WAN instances? Of course you have, and here it is.
SD-WAN Harvester is the brainchild of white-hat Sergey Gordeychik as “SCADA Strangelove”, and it can “automatically enumerate and fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine for discovering, NMAP NSE scripts for fingerprinting, and masscan to implement some specific checks.”
The harvester needs a Shodan API key.
Of course, you'll only want to use it for good, not evil – for example, as Gordeychik showed on the SD-WAN Harvester page, the most common vulnerability on Cisco Viptela SD-WAN kit the scanner found is CVE-2017-15906, an OpenSSH vuln patched a year ago.
IEEE launches future Wi-Fi study group
The IEEE kicked off new Wi-Fi study groups this week, looking at how upcoming standards would support even higher throughput.
Disdaining the Wi-Fi Alliance's consumer-focused decision to ditch the 802.11 nomenclature (we're the standards boffins, we don't need dumbing down), the IEEE announcement said the “IEEE 802.11 Extremely High Throughput Study Group” will “initiate discussion on new IEEE 802.11 features for bands between 1 and 7.125 GHz”.
In particular, the group hopes to increase peak throughput for video over WLAN, augmented reality, and virtual reality applications.
Study group chair Michael Montemurro seemed to want the study group to move fast. Over six to nine months, the assorted engineers and boffins will look at supporting more spatial streams, multi-access-point techniques, and multiband switching, aggregation, and operation.
A second study group, the “IEEE 802.11 Real Time Applications Topic Interest Group”, is working to identify things that can spoil the experience for mobile and multiplayer games, robotics, and industrial automation.
The real time group's chair Allan Jones was quoted as saying: “Immersive gaming, for example, is very latency sensitive and requires a quick turnaround on packets for users to enjoy a high-quality experience. Jitter, packet loss and what’s going on throughout the network can have a large impact on these real-time applications, which may have only moderate bandwidth requirements but have very low tolerance for latency.”
Juniper, Nutanix expand partnership
Long-term buddies Juniper Networks and Nutanix announced an extended partnership at Juniper's NXTWORK conference this week.
Juniper's Contrail Enterprise Multicloud will be integrated with Nutanix APIs, to expose virtualised workloads to the management environment.
Second, Juniper’s Unified Cybersecurity Platform is linking arms with Nutanix's Flow SDN offering and its AHV hypervisor. This is supposed to provide better application security, with microsegmentation in the enterprise cloud, and the ability to block “lateral propagation of links”.
The announcement added that customers will be able to deploy Juniper's vSRX firewall into their Nutanix environments.
Cisco StealthWatch users: There are new links for threat analytics
Cisco has been quietly moving more workloads onto Amazon Web Services.
The news came not via a press splash or a blog post, but in a field notice telling admins to update their links. Switchzilla is relocating the Cognitive Threat Analytics service that backs its StealthWatch products to AWS.
The Cisco CTA landing page, portal, API services, and “Trusted Automated eXchange of Indicator Information (TAXII)” is already on AWS; in November, traffic telemetry ingest services will also move.
Broadcom emits more high-speed auto Ethernet silicon
Broadcom has added gigabit PHY-layer silicon, as well as a secure switch and smart camera microcontrollers to its automotive portfolio.
The chipsets are detailed here.
Its 100Base-T1/1000Base-T1 BCM8988x transceivers are designed to help cope with increasing traffic from infotainment, control systems, and sensors like radar, LIDAR, and cameras.
To reduce weight and space requirements, the transceivers are designed to operate over single pair UTP cables, as is the BCM8955x Secure Switch, while maintaining low electronic emissions. Both the transceivers and switch support the IEEE's Power over Data Lines (PoDL) standard that's gathering pace in the auto world.
The BCM8910x camera microcontroller chipset supports Ethernet streaming and integrated image processing.
Boffins exercise network protocols in the OpenAI Gym
Network protocol researchers can apply the OpenAI Gym reinforcement learning (RL) toolkit to their work, with the publication of a toolkit that integrates the popular ns-3 simulation tool into the gym.
Put together by Piotr Gawłowicz and Anatolij Zubow of the Berlin Technical University, the toolkit is at GitHub.
OpenAI Gym libraries are available for Tensorflow and Scikit-Learn, and agents can be written in Python.
Gawłowicz and Zubow explained their work in this paper at arXiv, and said they wrote the ns-3 tools with an eye to scalability, low entry overhead (including support for legacy ns-3 scripts in the RL environment), fast prototyping, and easy maintenance. Enjoy. ®
Sponsored: Becoming a Pragmatic Security Leader