Concerns Mount over Major Web Strike

Discussion in 'privacy general' started by optigrab, Aug 25, 2004.

Thread Status:
Not open for further replies.
  1. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    eWeek:

    Concerns Mount over Major Web Strike

     
  2. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    This is very troubling. I am one who believes in the fragility of the infrastructure of the Internet. The so-called "safeguards" just don't amount to much in a well-coordinated attack. I hope this man is wrong, but something like it is inevitable at any rate.

    I have posted here before - a year and a half ago maybe? - about the most severe threat to the Internet. I believe that to be the physical security of the 13 DNS root servers. So much focus has been placed on the technological attacks and, I believe, not enough on the physical security of these 13 crucial parts of Internet infrastructure. Of the 13, 11 are located in the United States. They are vulnerable to bombing attack or attacks from the air. Any simultaneous attack on several of these servers and it's down -- for a good long period of time -- enough to do great damage to the economy and even our national security. This cannot be ignored.
     
    Last edited: Aug 25, 2004
  3. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Thanks for your good post, luv2bsecure.
     
  4. RCC

    RCC Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    32
    To Much Coast to Coast and George Noory!
     
  5. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I'm no expert, but I'm not too worried about physical security of the root servers. Yeah, logically there are 13 root DNS servers, but as I understand it, several of the operators of a given logical server actually host multiple, geographically dispersed, fully redundant physical servers. So, for example, Internet Systems Consortium, Inc. which operates server "F" has multiple nodes in places such as Auckland, New Zealand; Paris, France; Dubai, UAE; Sao Paolo, Brazil; Hong Kong, China; Johannesburg, South Africa; Los Angeles, CA, USA; Lisboa, Portugal; New York, NY; etc... Perhaps there is one central resource that could totally disable the "F" server, but I sort of doubt it. I imagine that significant redundancy has been built into these server sub-networks as well as the overall root-domain network. Moreover, at least a couple of the root servers are operated by military entities ("G" - U.S. DOD Network Information Center, and "H" U.S. Army Research Lab).

    I seem to recall that a few years ago, some rumor got started that one of the root servers ("D", at the University of Maryland, I believe) was supposedly just some simple PC server sitting there in some professor's office. The US government naturally was concerned by such reports, so supposedly they then instituted fairly routine root server inspections. The story turned out to be totally false, but apparently it at least served to prod these routine inspections.

    Maybe I'm just overly naive or optimistic, but internet terrorism while a significant economic threat and all, really just doesn't keep me up at night. I just think that there are so many more real-world, physical threats to concern oneself with.
     
  6. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    I had to Google to see what "Coast To Coast" was and who George Noory is. I assume you thought my post was tin foil conspiracy stuff?

    I wish.

    If planes can be hijacked and hit the Pentagon, WTC towers and another down before it hit the White House (or whatever), planes or bombs can hit the Root Servers and put the net down cold.

    I fail to see how one is too much Coast To Coast conspiracy stuff and the other is not? In fact, as we all know, the first attacks are written in our history books.

    The threat to the Internet (whether it be via cyber or physical attack) is all too real.

    John
    Luv2BSecure
     
    Last edited: Aug 25, 2004
  7. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    This is a controversial issue within the infosec community. Physical threat or hackoterrorism, some say it just is "no big deal." Others say it is all very serious and critical. I fall into the latter group.

    I understand the views of the "other side" and still feel that the stability of the Internet - via threats to infrastructure - are very real. I respect the views of others, but feel on this issue - it's better safe than sorry.

    Remember, the Internet is not just chat rooms, game sites, message boards, and other superficial use. Large energy providers are configuring systems to operate their electrical grids via the net. Some 911 systems are now using the Internet in various ways. Banking and commerce, stock trading via the net is now routine, emergency plans for disaster, on and on and on. Too much of our economic engine relies on the Internet being up and stable. Threats to that are not to be taken lightly (IMO) and if we do - we do it at our own peril.

    John
    Luv2BSecure
     
  8. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Honestly, I mean no disrespect, but I have to say that I heard many of the same arguments regarding Y2K. Ok, sure, more and more infrastructure is being made available and/or controllable via the internet on daily basis. However, I think many of the concerns expressed by many either:
    1. fail to account for disaster recovery programs that often were set in place prior to many organizations moving towards greater reliance upon the internet for routine management and infrastructure availability;
    2. underestimate the knowledge and experience of those running many of the critical resources in question; and/or
    3. overestimate the capabilities, resources, and influence of potential attackers.
    Certainly, I'm not saying we should not be concerned, or that we should not make contigency plans. On the contrary, I'm saying that, in general, I think many fine, up-standing, knowledgeable people are doing precisely that on a daily basis. In fact, I think you, in your own way, are just trying to do the same by sounding the alarm somewhat. It's just that I sort of disagree on the level of alarm that should be raised in public discussions because I tend to think that such discussions can easily distort the real priorities and the real threats; and sometimes are counterproductive in that they can induce anxiety about uncontrollable factors at the expense of action on controllable factors.
     
  9. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Alec,

    I understand your point of view and respect that - it is one shared by many. However, I want to add one more thought to your response. As per the quote above: I would disagree to the extent that I do not believe they are mutually exclusive. I don't believe that placing attention on any one area of vulnerability has to take away from attention to any other threat. The United States has the ability, through the private sector alone, to address possible vulnerabilities on all fronts. I don't think attention on one detracts from another.

    You also mentioned all of the individuals working on the problem of a secure Internet. This is an assumption that I am afraid is too optimistic. There is a lot of talk about what to do (or not do) and lots of discussion -- but unfortunately -- very little action. Many recommendations from security experts have still gone unaddressed - especially by the new layers of governmental bureaucracy setup in this country since 09-11-01.

    All the best,
    John
    Luv2BSecure

    .
     
  10. RCC

    RCC Registered Member

    Joined:
    Aug 24, 2004
    Posts:
    32
    Attempt at levity – Your points are well taken and arguments well made. The threats you speak of are very real. It’s just that I am tired of all the impending doom, thats all – I hope no offense was taken on your part.

    Optimistic Regards,

    RCC
     
  11. xmp

    xmp Guest

    They already attacked the core with DDOS or DRDoS attack. However, they blocked most of the garbage pretty easily. In a Gibsonian moment, the l0pht claimed they could take down the net in 30 minutes.

    I dunno if the Inet going down is really a national security issue. Certainly it would cause economic damage. But critical mil and intel networks are separate from the internet.

    A HERF gun or EMP-T bomb would take out the core better than physical bombs.
     
  12. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Could this be the work of the terrorists?
     
  13. nhd493

    nhd493 Guest

    Depends on your definition of a terrorist. Here in the US the greatest threat of terror is from the media.
     
  14. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I think if it comes right down to it the structure of the internet is a lot more resilient in nature than it is given credit for. Not indestructable but what is.
     
  16. Cyber Surfer

    Cyber Surfer Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    41
    In Canada, I'm more afraid of my government!!! :eek:
     
  17. dog

    dog Guest

    You should be, I'm watching You :ninja: *puppy* :ninja:

    Beware of dog!
     
  18. An important subject

    This may show the perspective from "the other side". Without mentioning any names, there is a large, large number of followers of someone, now dead, who, from their early childhood, are taught that there are two parts to this world:

    - One part of the world is under "their" (religious/civil) rule. Democratic elections are halted as soon as they achieve power, which is then, absolute tyrrany.

    - The rest of the world is what they are "at war" against, until it is under "their" rule.

    That is the underlying teaching, upon which, all their teachings rest. All teachings are to wage the war until it is won. Simple observation will conclude that any means justifies the end. This message is "right" to them.

    Europe is increasing in "their" numbers, especially France and Germany. They are on the brink and are totally oblivious of it.

    I won't get into the aspect of the "unseen" realm's part in this, other than to say that it is the exact same spirit that was over the WWII Axis powers (Germany, Italy, Japan). Hey, I had first-hand observation of the "dark side" for ten years. Not funny.

    Just discovered this site. I take my hat off to all the extremely knowledgeable and helpful people. A really nice bunch.

    AK
     
  19. ???

    ??? Guest

    So, ther are two groups who think the same thing, you are for them or again them, no shades just my side or there side.

    That's what heart listerer should have said.

    And both sides believe they are totally right.

    Who is good who is eveil maybe neither,

    they are both too extreme
     
Loading...
Thread Status:
Not open for further replies.