Firewall Wizards mailing list archives

RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks

From: Rick Smith <rick_smith () securecomputing com>
Date: Thu, 13 Apr 2000 11:35:59 -0500

At 07:55 AM 04/13/2000 -0700, Mark.Teicher () predictive com wrote:

Actually, security was a big contributor in the Internet evolving, if it 
was not for initial military funding, the Interner would not have existed 
as early as it did.  Security features were definitely a big part back 
then, but after some of the initial involvement was completed, other 
parties got involved and things have evolved to what we have today..


You seem to suggest that the Internet "lost" some security capabilities it
had in its early days.

I say that those security features would have prevented today's Internet
from evolving.

The security features you allude to were part of the original ARPANET,
which was a closed network that could only be extended if the controlling
authority (the DOD) agreed. All the "routers" (IMPS in Arpanet parlance)
resided in relatively secure machine rooms managed by organizations that
the DOD trusted to some extent (military bases, defense contractors, and
universities heavily involved in defense research). It was a very difficult
and expensive proposition to get connected to the Arpanet. The network
never grew past dozens of nodes and hundreds of hosts.

Contrast this with the Internet. All you had to do was get a telecom
connection to an ISP and you yourself could become an ISP. Nobody had to
ask permission to add hosts to the Internet, they just did it. ISPs grew up
in garages, basements, under beds, anywhere. The lack of centralized
control fueled the Internet's growth. But the technical flexibility that
supported its exponential growth also allowed the recent rash of DDOS attacks.

Incidentally, none of us who worked on the Arpanet considered it a
particularly "secure" network. Most of its security relied on the physical
protection of IMPs and on administrative control of connected host
computers. Software based access control was weak or nonexistent in many
places, and dial-in numbers were widely and carelessly distrubuted. But it
was very rare for peoples' work to be disrupted by outside interference. So
the user community didn't really want much more security.

Rick.
smith () securecomputing com

Current thread:

Re: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Paul D. Robertson (Apr 04)
- <Possible follow-ups>
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Mark . Teicher (Apr 13)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Andrew J. Luca (Apr 18)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) Rick Smith (Apr 18)
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Mark . Teicher (Apr 18)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Andrew J. Luca (Apr 20)
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Mark . Teicher (Apr 18)
  - RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks Rick Smith (Apr 18)