Skip Links

How vulnerable is the 'Net?

Security upgrades ongoing, but some argue more needs to be done.

By , Network World
April 18, 2005 12:11 AM ET

Network World - The unusual activity began two weeks before the attack. Officials from the Cooperative Association for Internet Data Analysis, which had begun monitoring Internet nameserver behavior at the start of 2002, noticed varying levels of performance degradation in early October of that year. Little did they realize that on Oct. 21 they would witness a flood of ping messages on the Internet's 13 DNS root nameservers that would cause the most notorious denial-of-service attack on the Internet to this date.

"It was an attempt to make a massive problem," says KC Claffy, principal investigator at CAIDA . "They certainly made a blip on a graph."

Also: Do we need a Sarbanes-Oxley for the Internet?

But the Internet and its users got off easy. The barrage lasted only an hour, and no end users were affected.

The attack did, however, serve as a wake-up call, as network operators and others have taken steps to better secure the Internet since then. But some still question whether the Internet is susceptible to attack and needs more authoritative oversight.

"If somebody was to do a real concerted, knowledgeable attack, it wouldn't be very difficult to have a catastrophic impact on a huge component of commerce," says Larry Jarvis, vice president of network engineering at Fidelity Investments. "It would be huge to the U.S. economy and to a lot of companies that now view the Internet as the equivalent to a dedicated circuit to all these entities."

Clif Triplett, global technology information officer at General Motors, says he is worried mostly about router and host software bugs, as well as broadcast storms such as distributed DoS (DoS ) attacks bringing down the 'Net.

"I'm highly concerned about it," Triplett says. "If that network is a core piece of your business, I think you're at a risk."

These IT professionals are not alone. Two-thirds of the 1,300 "technology leaders, scholars and analysts" surveyed recently by the Pew Internet & American Life Project said they "expect a major attack on the Internet or the U.S. power grid within the next 10 years."

Experts warn that the 'Net is particularly vulnerable in these areas:

  • DNS root servers.

  • Border Gateway Protocol (BGP ) peering points.

  • Individual router and switch elements.

  • Host/endpoint operating systems.

The root of the problem

The 13 DNS root servers resolve Internet naming and addressing. If they were knocked out, Internet sites would become inaccessible.

The servers repel distributed DoS attacks every day, operators say. CAIDA research shows that up to 85% of the queries against the DNS servers are "bogus" or repeated from the same host.

The system has been bolstered since the 2002 attack, with root servers now consisting of 50 to 100 physically distributed, highly redundant boxes in 80 locations across 34 countries. In 2002, far fewer servers were located in 13 sites across four countries.

This level of distribution and redundancy makes a complete shutdown of the DNS system unlikely, says Paul Mockapetris, chairman and chief scientist of IP address management vendor Nominum and the inventor of DNS.

The physical servers use Anycast, a routing technique that heightens resiliency by multiplying the number of servers with the same IP address and balancing the load across an army of geographically dispersed systems.

"If I was going to try and arrange a DNS 9/11, it's a very bad target to try and attack because it's so distributed - you'd have to take [the servers] out everywhere," Mockapetris says. "If you took out one root server today, nobody would notice."

But the more distributed a system is, the more difficult it is to defend, notes Stephen Cobb, an independent security consultant who was recently quoted in a Network World column stating a belief that the 'Net can be brought down and kept down for 10 days or more. Cobb say the 'Net is up only because of the moral high ground of those who know how to bring it down.

"I just don't think technologically we can ever harden the Internet to where it's invulnerable to intelligent, determined people," he says. "The reason it hasn't gone down for days so far is that the people who know how to do it aren't so inclined."

However, the good guys are inclined to implement security best practices, like those outlined in an IETF informational document on root server operation called RFC 2870 , says Jose Nazario, security researcher and senior software engineer at Arbor Networks, which makes products carriers use to protect their networks from cyberattacks. Originally drafted in 2000, RFC 2870 has been extended over the past couple of years.

Even so, experts don't discount the possibility of another attack equal to or exceeding the scope of the October 2002 event. But they also are confident that the DNS root servers and Internet users will experience minimal disruption.

"There's no way to get them all with truck bombs; there's no way to get them all with a single attack; and there's no way to keep an attack going long enough that I could not usefully counteract it," says Paul Vixie, president of the Internet Systems Consortium, which also operates the DNS F root server. "It's better for me to simply not accept any traffic from [the attacker] even though I will be losing a certain number of Web hits. As soon as you rendered the attack worthless, then it's actually in the attacker's best interests to stop launching it because otherwise you will trace it back."

The Internet Corporation for Assigned Names and Numbers (ICANN ) is responsible for top-level coordination and global policy-making for the DNS, and plays a central role in assuring the integrity and stability of the system.

"Taking out the whole Internet for 10 days - I'm a little skeptical," says Steve Bellovin, a computer science professor at Columbia University, former researcher at AT&T Labs and a member of ICANN's Security and Stability Advisory committee. "If you look at the kinds of attacks we've had thus far - worms and [distributed] DoS attacks - many of these things have had noticeable impact in the short run but they weren't too hard to counter."

Routing around catastrophe

Bellovin and others are not as confident about the routing infrastructure. Cisco, the leading provider of Internet routers, regularly issues bug alerts. And BGP, which distributes routing information between networks on the Internet, is susceptible to IP address spoofing.

"BGP peering has some security problems," says Sam Hartman, area director for the IETF's Security Area working group. "What's there now is hard to configure, and it's something that the community has identified as a real problem. You're not just depending on the security of the person you're directly connected to; you're also depending to some extent on the security of the people that are connected to them."

Work has been underway for a while on methods to authenticate BGP route advertisements. Secure BGP (S-BGP) has been incubating for more than eight years and its alternative, Secure Origin BGP (soBGP), is also a multiyear effort. Yet these proposals are not implemented because router vendors have not incorporated them into their products - they say BGP already has enough integral security features that can be exploited through proper implementation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News