WORTH READING djf '1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons

[David Farber <dave () farber net>]

________________________________________
From: Karl Auerbach [karl () cavebear com]
Sent: Tuesday, March 18, 2008 2:04 AM
To: David Farber
Cc: ip
Subject: Re: [IP] '1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons

Drifting away from the topic of data mining and spying on citizens, I'd
like to discuss the question of "what if" an internet attack is a real
possibility (which I believe it is) and "what if" it happens.

And in this discussion I tend to blend human "attacks" with natural
disasters.  (Were I an attacker, which I am not - sadly the atmosphere
of this era seems to require such a disclaimer - I would try to
coordinate any attack with a natural event - timing it to occur at
sunset during a heavy snowstorm on the US east coast or after an
earthquake, or even the next time an oceanic cable is sliced by an
anchor from a ship.)

The idea of a combined attack is hardly new.  But that does not make it
any less of a concern.

But the paranoia displayed by UK and US governments has made it almost
certain that should such an attack occur that we would be slow to notice
the onset and not be in any position to recover quickly.

First of all, those of us who have spent years learning about network
pathology and building tools have been increasingly locked out and
treated as potential threats rather than as sources of expertise
equipped with effective tools and with deep knowledge of how to analyze
and cure complex network problems.

Second, the quality of much of the software in machines on the net is
very, very low.  To a considerable degree the internet is filled with
code that is vulnerable to even minor variations from the status quo.
And this vulnerability is increasing with the deployment of under-tested
implementations of complex and implementation-flaw prone protocols such
as SIP for VoIP.  IPv6, for all the good things it might bring, will
also create a wash of buggy implementations.  And even with solid
implementations it is pretty obvious, to me anyway, that a new class of
attacks will arise that are based on doing one thing via IPv4 while
doing something else via IPv6.

Third, many of the security walls that purport to provide protection may
act as barriers when the immediate event is over and recovery begins -
those who could help will find that they can not provide that help
because of locks and walls.  And some security mechanisms might actually
amplify certain threats: Look at DNSSEC - it may well be that this tool
designed to defend against one security threat could prove to be a
weakness against another threat: It is unclear how long it might take to
resume DNS services should name servers have to come up afresh and do
signature calculations on tens of millions, even hundreds of millions of
names: Is that time measured in minutes, hours, or in days?

Forth, the UK and particularly the US have created the false impression
that somebody is actually watching and rather sensitive parts of the
internet and is ready with tools, resources, access rights, and
knowledge to resurrect a failed part of the net.  It will take rather
longer to crawl back to normalcy when people have to deal with the
surprise of finding, and finding at exactly the worst time, that the
assurance they believe they had was merely posturing and vapor.

Fifth, the idea of local recovery has been lost.  We are being
increasingly being told that net recovery will come from above, from
governments and their agencies.  Yet when collapse occurs it is often
far more effective for local recovery to occur in parallel and then
re-fuse the local lumps to the revived core.  But that entire approach
has been left to wither.  Local recovery will, of course, occur.  But
without planning and pre-deployment of assets and access rights such
recovery will not happen as well as it could.

Several years back I proposed, unsuccessfully, that one body engaged in
governance of the DNS create a bootable CD (now it would be a DVD) that
could be stuffed into an ordinary PC and booted up with a skeletal DNS
root and a reasonably usable subset of contents from the .inaddr-arpa,
.com, .net, .org and other major top level domains.  This would allow a
community that has suffered an outage - for example from a large
earthquake - to quickly begin to re-establish its local communications
infrastructure without waiting for the outside to dig its way back in.
That kind of DVD could be stuffed among the spare water, food, portable
generator caches that are not all that uncommon in places where people
suffer natural (and human) disasters.

One part of the net that is particularly vulnerable is the domain name
system - to a large degree the theory of the singular root has lead to a
single point of failure and an obvious focal point of attack.

Yet the "private" agency that was created by the US gov't to assure that
DNS would be stable has not engaged even a single tooth of a single gear
of a single engine to even monitor for DNS trouble, much less to require
defensive and recoverable operations, and even less to prepare to
quickly recover a damaged system.

To a degree one might say that the internet is a Katrina waiting to
happen.  And that what we see are governmental policies (and
"public-private partnership" policies) that are tantamount to dredges
that appear, above the water line, to be raising, with great hoopla, the
height of the levees while, unseen under the surface, are digging out
the foundations.

                --karl--

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com