Networking

Image: Matthew Thomas
In an effort to detect whether a network will hijack DNS queries, Google’s Chrome browser and its Chromium-based brethren randomly conjures up three domain names between 7 and 15 characters to test, and if the response of two domains returns the same IP, the browser believes the network is capturing and redirecting nonexistent domain requests.
This test is completed on startup, and whenever a device’s IP or DNS settings change.
Due to the way DNS servers will pass locally unknown domain queries up to more authoritative name servers, the random domains used by Chrome find their way up to the root DNS servers, and according to Verisign principal engineer at CSO applied research division Matthew Thomas, those queries make up half of all queries to the root servers.
Data presented by Thomas showed that as Chrome’s market share increased after the feature was introduced in 2010, queries matching the pattern used by Chrome similarly increased.
“In the 10-plus years since the feature was added, we now find that half of the DNS root server traffic is very likely due to Chromium’s probes,” Thomas said in an APNIC blog post. “That equates to about 60 billion queries to the root server system on a typical day.”
Thomas added that half the DNS traffic of the root servers is being used to support a single browser function, and with DNS interception being “certainly the exception rather than the norm”, the traffic would be a distributed denial of service attack in any other scenario.
Earlier in the month, Sans Institute dean of research Johannes Ullrich looked into how many of the world’s 2.7 million authoritative name servers it would take to disable 80% of the internet.
“It only takes 2,302 name servers or about 0.084%!” Ullrich wrote.
“0.35% of name servers are responsible for 90% of all domain names.”
Ullrich found GoDaddy was responsible for 94.5 million records, Google Domains had 20 million, the trio of dns.com, hichina, and IONOS had 15.6 million each, while Cloudflare had 13.8 million records.
“Using a cloud-based DNS service is simple and often more reliable than running your name server. But this large concentration of name services with few entities increases the risk to the infrastructure substantially,” he said.
To lower the risk of a provider outage making parts of the internet inaccessible, Ullrich said people should run secondary name servers in-house, and make sure to use more than one DNS provider.
Telstra provided an example of how a DNS failure can appear as an internet outage to users, in this case, the telco successfully performed a denial of service attack on itself.
“The massive messaging storm that presented as a denial of service cyber attack has been investigated by our security teams and we now believe that it was not malicious, but a Domain Name Server issue,” the telco said at the start of the month.
Last month, Cloudflare provided a similar example on a much bigger scale.
Related Coverage More

There has been a significant increase in online access to financial offerings and government services in Brazil among low-income citizens, according to a study on the role of the Internet during the Covid-19 outbreak.
The study carried out by Cetic.br, research arm of the Brazilian Network Information Center (NIC.br) suggests that Internet access through all devices has gone up significantly and online traffic in Brazil has reached record levels in the last five months, peaking at 13,5 Tbps.
Considering the Brazilian socioeconomic class system ranging from the elite (class A), the upper-middle class (class B), the lower middle class (class C), the working-class poor (class D) and the extremely poor and unemployed (class E), the study has found an increase in Internet access among the classes D and E. This was mostly driven by e-commerce, entertainment, education and digital access to government services.
According to the Cetic.br report on Internet access during the health emergency crisis in Brazil, the percentage of individuals shopping online has gone from 37% to 64% among the class C, while the percentage has gone from 18% to 44% among the classes D and E. Conversely, online shopping among wealthier Brazilians has gone from 63% to 83%.
There was also a threefold increase in the percentage of Brazilians that order food via delivery apps, according to the study, from 15% to 44% over the last five months.
When it comes to online entertainment, which was already pervasive among richer Brazilians, the percentage of individuals paying for streaming services such as Netflix has gone up from 29% to 41% among the class C and it has gone from 11% to 32% among the classes D and E. Consumption of movies and series online has gone from 50% to 53% among Brazilians on higher incomes.

The percentage of Brazilians using music streaming services during the pandemic has gone from 8% to 14%. Among the classes D and E, it has gone from 4% to 8%. Music streaming has gone from 16% to 26% among the classes A and B.
Another important driver that has been boosting Internet access among the poor is access to services such as the government’s relief scheme. The program is being delivered mostly through digital means, with mobile operators enabling access to the service for free. According to Cetic.br, data on that particular project will be provided in an upcoming study.
Brazil has been accelerating public service digitization during the pandemic. A recent United Nations report has positioned Brazil as one of the fast-movers in digital government globally.
In addition, the Cetic.br study noted that companies have ramped up the use of online communications to talk to their audiences, with instant messaging apps such as WhatsApp playing a key role to enable sales. According to the study, the percentage of businesses that use such tools has gone up from 26% to 46% during the pandemic.
Despite that apparent progress, digital exclusion is still a reality for many Brazilians. A recent study carried out by the Brazilian Internet Steering Committee (CGI.br) has found that 71% of Brazilian households currently have access to the Internet. However, more than 20 million households are digitally excluded.
The issue of lack of connectivity is particularly noticeable in households in the poorest areas of the country: 35% of homes in the Northeast region of Brazil don’t use the web, and this is also a reality for 45% of Brazilian families on minimum wage. More

Image: TPG Telecom
TPG Telecom — the renamed Vodafone Hutchinson Australia (VHA) that went on to swallow the former TPG in a merger — reported its first half results on Friday, and they require some history to effectively dissect.
Due to the timing of the merger, the accounts released to the ASX included four days of TPG Corporation — the new name of the former TPG — due to the merger being approved by the NSW Supreme Court on June 26. However, the merger implementation date was July 13 and it was at that time the company’s debt was restructured.
Consequently, the new TPG Telecom reported not only statutory results, but it also prepared pro forma results as though the old TPG had been part of it since the start of the half, as well as pulled out standalone results for the former Vodafone and TPG businesses.  
On a standalone basis, the former VHA reported a AU$210 million drop in revenue to AU$1.5 billion for the half. This flowed onto AU$546 million in earnings before interest, tax, depreciation, and amortisation (EBITDA), which was a decrease of AU$46 million on the corresponding period last year. This then led to AU$71 million in EBIT, but AU$188 million in financing costs undid all the prior good work to leave VHA with a net loss of AU$117 million, which was a AU$27 million reduction on the AU$144 million loss posted during the first half of 2019.
Three-quarters of the fall in revenue was pinned on a AU$157 million reduction in handset revenue for VHA.  
The company added that the decrease in EBITDA was partially due to a 200,000 reduction in prepaid mobile subscribers and a 62,000 decrease in postpaid mobile customers. Half of the prepaid reduction was due to the impact of coronavirus, the company said, with AU$38 million of the hit to EBITDA being ascribed to the pandemic.
TPG Telecom said it had seen an 80% reduction in roaming, as well as a 30% reduction of prepaid connections, and 20% reduction in postpaid connection due to COVID-19, and the impact is set to continue for the rest of the year. It added the pandemic has also hit the former Vodafone’s store footprint and call centres, as well as its costs related to bonus data and calls. The pandemic also saw the company suspend late payment fees and hold out on sending debt collectors.
When the numbers from VHA rolled up into TPG Telecom, the new entity recognised a AU$226 million deferred income tax credit, which left the new company with a post-tax profit of AU$83 million.
See also: Vodafone Australia and TPG merger: Everything you need to know
In the four days that the former TPG contributed to the above figure, it recorded AU$27 million in revenue, AU$9 million in EBITDA, and AU$4 million in net profit. The TPG Telecom figures also included AU$30 million in merger expenses.
Pretending that the two telcos have been together since the start of Vodafone’s fiscal year would have resulted in revenue being AU$2.7 billion on a pro forma basis, AU$918 million in EBITDA being posted, and theoretical net profit being AU$140 million.
Of the above numbers, the old TPG chipped in AU$1.25 billion of revenue, AU$391 million of EBITDA, and AU$138 million of the net profit.
Across the first half, Vodafone and the old TPG paid AU$204 million in spectrum payments.
In its last set of results as a standalone company, TPG reported a steady half to January 31.
Since the merger, TPG Telecom has upgraded 445 mobile sites and spectrum held by TPG Corporation has been integrated into Vodafone’s network. The company is also working on extending TPG fibre to 700 Vodafone mobile sites as it begins to shift MVNO customers with former TPG brands onto the Vodafone network directly.
“Customers began experiencing the benefits of the merger from day one, and over the past six weeks, we have delivered significant boosts to data speeds and performance for customers from these deployments,” former VHA and now TPG Telecom CEO Iñaki Berroeta said.
“By using our own mobile network, we’ll be able offer customers more inclusions for less, with new customers to receive 50 per cent off their plans for six months and existing migrating customers to receive two months’ free access.”
The company wants its 5G network to hit 85% population coverage by the end of next year, with Berroeta adding that the company has 1,200 sites in planning and is working on 5G standalone mode.
Related Coverage
Vodafone Australia and TPG merger: Everything you need to know
While labelled a merger of equals, in accounting terms, Vodafone is swallowing up TPG while simultaneously bringing a ton of baggage and discarding another ton on its current owners.
Vodafone Australia testing 700Mhz spectrum for 5G
Nokia equipment used in field test around Parramatta.
ACCC appeal about TPG prepayments dismissed at Federal Court
TPG ekes out another win against the Australian consumer watchdog.
Vodafone’s first 5G sites go live in Sydney’s west
The telco also vows that 5G international roaming is ‘coming soon’. More

Image: KT
The South Korea government will install an additional 10,000 free Wi-Fi access points in public areas by the end of the year, the Ministry of Science and ICT said.
By 2022, the ministry hopes to have installed 41,000 access in total at public areas such as transportation stations and community service centres nationwide.
Old Wi-Fi access points installed before 2014 — amounting to around 18,000 units — will also be swapped out for new ones, the government said.
South Korean telco KT has been given a budget of 18 billion won ($15 million) to handle the project.
The new access points will be based on the latest Wi-Fi 6 standard.
In light of the COVID-19 pandemic, the ministry explained that public Wi-Fi services have become essential for bridging digital divides and reducing household data costs.
The government added that an integrated monitoring centre has been set up to monitor all of the Wi-Fi access points across the country to inspect data traffic and maintain quality of service.
Last year, South Korea installed free Wi-Fi on 23,000 buses nationwide. 
Related Coverage More

Image: Commerce Commission New Zealand
The latest Measuring Broadband New Zealand report, which uses data from May, has shown New Zealand is experiencing a 10% speed drop in the fastest plan available on its Ultra-Fast Broadband network — the up to 950Mbps Fibre Max plan.
Compared to previous reports, Fibre Max users on the North Island saw a 28.5Mbps drop on average 24-hour speeds to 719Mbps, while the South Island was over 200Mbps slower and saw a larger drop, down 55.3Mbps to 515Mbps.
At peak times, the North Island and South Island reported 691Mbps and 460Mbps, respectively, which gave an average peak speed drop of 66Mbps, or 10%. The report said the drop in peak speeds suggested a “real drop” in network performance.
“While Fibre Max plans are achieving the fastest download speeds of the plans we test, this deterioration is a concern given the premium price consumers pay for this service,” Commerce Commission New Zealand Telecommunications Commissioner Tristan Gilbertson said. “The drop in performance is apparent across all retailers and wholesalers.”
“We are continuing our work with SamKnows and industry stakeholders to understand the reasons for these variations and the drop in speed.”
The report reiterated previous advice that Fibre Max plans were unlikely to provide a noticeable difference over Fibre 100 plans.
“Fibre Max is only really worthwhile if there is a genuine requirement for additional performance on top of Fibre 100. Fibre Max does not necessarily outperform Fibre 100 for intensive applications like high definition video streaming or online gaming,” the report said.
“Examples of situations where Fibre Max might provide benefits over Fibre 100 include frequently uploading large files or using data-heavy applications hosted overseas.”
The test also showed the range of speeds possible on Fibre Max, with 23% of users getting over 900Mbps, 62% getting between 300Mbps and 900Mbps, and the remaining 15% getting under 300Mbps, 3% of which could not reach 100Mbps.
Last month, a similar SamKnows report in Australia introduced video conference testing and attempted to correlate the performance of services to the physical location of servers.
The exercise resulted in the Australian Competition and Consumer Commission (ACCC) removing the results of a number of vendors from a reissued report, following uproar from Zoom and Cisco.
“Zoom and Cisco advised us that in addition to hosting video conferences on servers based overseas, they do host some video conferences on servers based in Australia, depending on the amount of traffic at any given time,” the ACCC said in a correction.
“It is not known how much traffic is off-loaded onto international servers.”
The ACCC said its report was based on free accounts with the services.
Undeterred, the New Zealand report waded into the same hot water with a bunch of new video conferencing latency numbers based on using a free account.
“Zoom free services leverage data centres in the United States, which results in an average latency approximately a tenth of a second higher, compared to the paid version of Zoom which makes use of Zoom’s global data centres, including Australia,” the report said.
“The impact of the additional network latency in routing via the USA is imperceptible to most end-users and in rare occasions it may impact end user experience. It should be noted that network latency is just one factor that affects end user experience. For example, the use and efficiency of video compression will also have an impact on user experience.”
In terms of raw numbers, Zoom had latency of 184ms on a Fibre 100 plan, while Google Meet reported 35ms on the same plan, Teams had latency of 43ms, and Skype had latency of 15.5ms.
Related Coverage More

Cisco has disclosed a critical flaw affecting its ENCS 5400-W Series and CSP 5000-W Series appliances, which is due to their software containing user accounts with a default, static password.
During internal testing Cisco discovered its Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for the appliances have user accounts with the fixed password. 

Networking

NFVIS helps customers virtualize Cisco network services such as its Integrated Services Virtual Router, virtual WAN optimization, Virtual ASA, virtual Wireless LAN Controller, and Next-Generation Virtual Firewall. 
SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)
The default password means a remote attacker without credentials could log into the NFVIS command-line interface of a vulnerable device with administrator privileges.  
Customers with the affected appliances need to apply Cisco’s updates if the appliances are running vWAAS with NFVIS-bundled image releases 6.4.5, or 6.4.3d and earlier. 
There are no workarounds, so the update is the only way for customers to plug the flaw, which has a severity rating of 9.8 out of 10 and is being tracked as CVE-2020-3446.
Cisco lists four conditions under which an attacker could connect to the NFVIS CLI, depending on how customers have configured the device: 
The Ethernet management port for the CPU on an affected ENCS 5400-W Series appliance. This interface might be remotely accessible if a routed IP is configured.
The first port on the four-port I350 PCIe Ethernet Adapter card on an affected CSP 5000-W Series appliance. This interface might be remotely accessible if a routed IP is configured.
A connection to the vWAAS software CLI and a valid user credential to authenticate on the vWAAS CLI first.
A connection to the Cisco Integrated Management Controller (CIMC) interface of the ENCS 5400-W Series or CSP 5000-W Series appliance and a valid user credential to authenticate to the CIMC first.  
Cisco has also posted two more high-severity advisories that can be addressed by installing software updates it recently made available.
Multiple vulnerabilities affect Cisco’s Video Surveillance 8000 Series IP Cameras and may allow an unauthenticated attacker in the same broadcast domain as the vulnerable camera to knock it offline. 
The flaws reside in the Cisco Discovery Protocol, a Layer 2 or data link layer protocol in the Open Systems Interconnection (OSI) networking model.  
“An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera,” explains Cisco in the advisory for the flaws CVE-2020-3506 and CVE-2020-3507.  
“A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial-of-service (DoS) condition.”
The Cisco cameras are vulnerable if they are running a firmware version earlier than 1.0.9-4 and have the Cisco Discovery Protocol enabled. Again, customers need to apply Cisco’s update to protect the model because there’s no workaround. 
This bug was reported to Cisco by Qian Chen of Qihoo 360 Nirvan Team. However, Cisco notes it is not aware of any malicious activity using this vulnerability. 
The second high-severity advisory concerns a privilege-escalation flaw affecting the Cisco Smart Software Manager On-Prem or SSM On-Prem. It’s tracked as CVE-2020-3443 and has a severity score of 8.8 out of 10. 
SEE: Patch now: Cisco warns of nasty bug in its data center software
During internal testing Cisco discovered that an authenticated, remote attacker could elevate their privileges and execute commands with higher privileges up to an administrative role, which would give the attacker full access to the device. 
The bug affects all Cisco SSM On-Prem releases earlier than version 8-202004. It also affects all 6.x Cisco Smart Software Manager satellite releases. These are the same products.
Customers need to install Cisco’s updates since there is no workaround available. 
At the same time as patching the critical and high-severity flaws, the company has also issued fixes for a further 21 medium-severity vulnerabilities.
More on Cisco and network security More

The Australian Communications and Media Authority (ACMA) has said it will require the rebates paid by NBN for failing to meet its wholesale service levels to be passed onto customers by retailers.
As it currently stands, NBN pays rebates to retailers and there is no requirement for consumers to receive any of the rebate itself, despite consumers needing to see some benefit. For instance, the Australian Competition and Consumer Commission (ACCC) previously said one benefit could be a replacement service.
The ACCC last year said it did not want a general pass through requirement that would force retailers to hand rebates to customers, with the one exception being missed appointment rebates.
However, on Thursday, as the ACCC announced it was resuming the NBN inquiry it paused due to coronavirus, ACMA said it had worked with the consumer watchdog on the implications of wholesale rebates.
“The ACMA intends to make rules that will require telcos to: Pass on to affected customers any wholesale rebate received from NBN Co, in monetary form or in kind, should a framework for wholesale rebates be implemented; clearly spell out the retail service levels they will commit to providing customers, including what they will do for their customers when these levels are not met,” it said.
The ACMA said it would release a draft legislative instrument alongside a discussion paper addressing the rebates later this year. 
“The ACMA aims to have new obligations in place at the same time as agreement by telcos with NBN Co’s new wholesale broadband agreement, which implements the wholesale rebate scheme,” it said.
Also on Thursday, the ACCC said it was looking for feedback on a response by NBN relating to its entry-level access pricing and its wholesale service standards inquiries. 
“These inquiries were launched in response to concerns that NBN access terms were limiting competition and efficiency and risked making NBN products unaffordable for some consumers,” ACCC chair Rod Sims said.
“We are now seeking feedback on NBN Co’s proposed access arrangements with respect to each inquiry. Our current view is that NBN Co’s proposals are reasonable but we want to hear from others.”
If approved, the measures would be included in the wholesale broadband agreement between NBN and retailers that is due to start in December, and be in force for two years.
In its proposal, NBN said it was compromising to get the new agreement up in time for December by agreeing to increase capacity on its 12Mbps plan and shift to daily rebates.
For the entry level pricing, retailers would pay AU$22.50 for 1.7 Mbps of capacity, compared to the current AU$24.70 for 1.4Mbps rate. 
With rebates, NBN said it would shift from a AU$25 one-off connection rebate to daily rebates capped at 30 business days. For priority customers, that rebate would be AU$10 for each business day, while it would be AU$7.50 a business day for non-priority customers.
Changes to service fault rebates were also proposed, which would switch a AU$25 rebate to daily rebates of AU$20 per business day for priority customers, and AU$15 a business day for non-priority customers, capped at 60 business days.
For missed appointments, the AU$25 one-off payment would shift to a AU$50 rebate for missing an initial appointment, and AU$75 for each subsequent missed appointment dealing with the same issue.
The government-owned wholesaler also proposed to pay for when a fibre-to-the-node, fibre-to-the-basement, or fibre-to-the-curb connection is unable to hit the minimum guaranteed speeds of 25Mbps where an area is out of co-existence, or 12Mbps when it is in co-existence. 
In addition, NBN proposed paying a rebate of AU$10 a month for the first three months a connection is unable to hit those speeds, which would increase to AU$15 a month at the six-month mark, and AU$20 a month thereafter.
For users on congested fixed wireless towers, NBN proposed paying a AU$20 a month rebate for connections that are “persistently congested”, which includes those connected to towers where average busy hour backhaul packet loss is greater than 0.25%, or a user is receives less than 6Mbps in busy hours.
NBN said it would also bring its service transfer fee down to AU$5, as it flagged last year. 
Updated at 3:20pm AEST, 20 August 2020: added NBN’s proposed changes to rebates. 
Related Coverage More

Australian carrier Vocus is unsurprisingly looking to focus on its underlying earnings, after a AU$202 impairment to the goodwill of its retail division and a AU$56 million purchase price allocation that sent its statutory earnings plunging.
For the year to June 30, the company reported a 6% drop in revenue to AU$1.78 billion, with its recurring revenue down 1.1% to account for all but AU$25.5 million of the total and the remainder flowed from the large infrastructure line item, which was down by AU$94 million due to the completion of the Coral Sea subsea cable.
Statutory earnings before interest, tax, depreciation, and amortisation (EBITDA) increased 3.5% to AU$361 million, before the significant items came into play. Statutory EBIT dropped AU$215 million to a AU$109 million loss, thanks mainly to the impairment, and statutory net profit fell by a similar number to a AU$178 million loss.
In underlying terms, the company said its EBIT was down 7.5% to AU$190 million compared to last year, and underlying net profit fell 4% to AU$101 million.
Broken down by division, both Vocus Network Services (VNS) and its New Zealand business saw 6% increases in recurring revenue to AU$626 million and AU$378 million, respectively, while the impairment retail arm reported a 9.5% decrease in recurring revenue to AU$748 million.
For retail — which consists of its Dodo, iPrimus, Engin, and Commander brands — the consumer division reported a steady second half to record a 3% drop in revenue to AU$590 million for the full year. The news was not so good for its business retail segment, which reported a 27% drop in revenue to AU$116 million.
“The retail business is currently skewed to legacy voice and data products, such as PSTN, ISDN and ADSL. This legacy revenue is declining due to migration to VOIP and mobile solutions, and particularly to the NBN which also attracts lower margins,” the company said.
“Within the broadband market, one-time costs to acquire and connect customers to the NBN are high and chasing market share is expensive. Accordingly, the focus is to successfully migrate existing ADSL copper broadband customers to the NBN, and leveraging broadband as the entry point into the home, to bundle energy products.
“This has the benefit of lengthening customer tenure whilst growing margin and is a strategy that will be pursued.”
Net debt for the company fell from just shy of AU$1.1 billion in the first half of 2019 to AU$980 million at the end of the year.
Vocus CEO Kevin Russell said the results showed the company is on track to complete its three-year turnaround.
“VNS is well-positioned to capitalise on the unprecedented demand for bandwidth and diversity resulting from COVID-19. We had record sales in Q4 across all segments and RFP activity remains strong,” he said.
“New Zealand continued to deliver stable and consistent performance with its fifth consecutive year of organic EBITDA growth.”
The company said it successfully transitioned 1,700 of its employees to work from home within a week when the pandemic struck.
For the 2021 fiscal year, the company is expecting underlying EBITDA of between AU$382 million and AU$397 million, capital expenditure of between AU$160 million and AU$180 million, and to continue paying down its debt.
Related Coverage
Vocus ISPs Dodo and iPrimus taken to court by ACCC over NBN speed claims
NBN broadband speed claims during busy hour periods land retailers in Federal Court.
Vocus singing different tune on NBN
The telco that previously got out of a land grab now sees growth opportunities with NBN.
Vocus scores AU$15.7m BoM contract utilising NBN business satellite services
Telco uses a combination of its own fibre and NBN business satellite to serve much of the Australian Bureau of Meteorology footprint.
Bravo ACCC: Telstra begins flogging NBN overprovisioning as 15% speed boost
Consequences of ACCC deciding networking layers are for nerds begin to flow through. More