Interesting People mailing list archives
WORTH READING djf '1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons
From: David Farber <dave () farber net>
Date: Tue, 18 Mar 2008 04:03:11 -0700
________________________________________ From: Karl Auerbach [karl () cavebear com] Sent: Tuesday, March 18, 2008 2:04 AM To: David Farber Cc: ip Subject: Re: [IP] '1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons Drifting away from the topic of data mining and spying on citizens, I'd like to discuss the question of "what if" an internet attack is a real possibility (which I believe it is) and "what if" it happens. And in this discussion I tend to blend human "attacks" with natural disasters. (Were I an attacker, which I am not - sadly the atmosphere of this era seems to require such a disclaimer - I would try to coordinate any attack with a natural event - timing it to occur at sunset during a heavy snowstorm on the US east coast or after an earthquake, or even the next time an oceanic cable is sliced by an anchor from a ship.) The idea of a combined attack is hardly new. But that does not make it any less of a concern. But the paranoia displayed by UK and US governments has made it almost certain that should such an attack occur that we would be slow to notice the onset and not be in any position to recover quickly. First of all, those of us who have spent years learning about network pathology and building tools have been increasingly locked out and treated as potential threats rather than as sources of expertise equipped with effective tools and with deep knowledge of how to analyze and cure complex network problems. Second, the quality of much of the software in machines on the net is very, very low. To a considerable degree the internet is filled with code that is vulnerable to even minor variations from the status quo. And this vulnerability is increasing with the deployment of under-tested implementations of complex and implementation-flaw prone protocols such as SIP for VoIP. IPv6, for all the good things it might bring, will also create a wash of buggy implementations. And even with solid implementations it is pretty obvious, to me anyway, that a new class of attacks will arise that are based on doing one thing via IPv4 while doing something else via IPv6. Third, many of the security walls that purport to provide protection may act as barriers when the immediate event is over and recovery begins - those who could help will find that they can not provide that help because of locks and walls. And some security mechanisms might actually amplify certain threats: Look at DNSSEC - it may well be that this tool designed to defend against one security threat could prove to be a weakness against another threat: It is unclear how long it might take to resume DNS services should name servers have to come up afresh and do signature calculations on tens of millions, even hundreds of millions of names: Is that time measured in minutes, hours, or in days? Forth, the UK and particularly the US have created the false impression that somebody is actually watching and rather sensitive parts of the internet and is ready with tools, resources, access rights, and knowledge to resurrect a failed part of the net. It will take rather longer to crawl back to normalcy when people have to deal with the surprise of finding, and finding at exactly the worst time, that the assurance they believe they had was merely posturing and vapor. Fifth, the idea of local recovery has been lost. We are being increasingly being told that net recovery will come from above, from governments and their agencies. Yet when collapse occurs it is often far more effective for local recovery to occur in parallel and then re-fuse the local lumps to the revived core. But that entire approach has been left to wither. Local recovery will, of course, occur. But without planning and pre-deployment of assets and access rights such recovery will not happen as well as it could. Several years back I proposed, unsuccessfully, that one body engaged in governance of the DNS create a bootable CD (now it would be a DVD) that could be stuffed into an ordinary PC and booted up with a skeletal DNS root and a reasonably usable subset of contents from the .inaddr-arpa, .com, .net, .org and other major top level domains. This would allow a community that has suffered an outage - for example from a large earthquake - to quickly begin to re-establish its local communications infrastructure without waiting for the outside to dig its way back in. That kind of DVD could be stuffed among the spare water, food, portable generator caches that are not all that uncommon in places where people suffer natural (and human) disasters. One part of the net that is particularly vulnerable is the domain name system - to a large degree the theory of the singular root has lead to a single point of failure and an obvious focal point of attack. Yet the "private" agency that was created by the US gov't to assure that DNS would be stable has not engaged even a single tooth of a single gear of a single engine to even monitor for DNS trouble, much less to require defensive and recoverable operations, and even less to prepare to quickly recover a damaged system. To a degree one might say that the internet is a Katrina waiting to happen. And that what we see are governmental policies (and "public-private partnership" policies) that are tantamount to dredges that appear, above the water line, to be raising, with great hoopla, the height of the levees while, unseen under the surface, are digging out the foundations. --karl-- ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- WORTH READING djf '1984' after all: UK's MI5 wants all travel data of 17 million commuting Britons David Farber (Mar 18)