http://www.techweb.com/wire/story/TWB19980220S0001 (02/20/98; 9:39 a.m. EST) By John Borland, Net Insider Want to break the Net? It's easy, according to a pair of AT&T scientists who addressed the Computers, Freedom and Privacy conference in Austin, Texas, on Thursday. The Internet's architecture is not designed for the applications it is increasingly being used for, and it is badly vulnerable to relatively simple hacks or accidents at a number of different points, they said. "The Internet is not designed to resist certain kinds of malicious behavior," said Steven Bellovin, an AT&T network systems researcher. He cited the string of accidents that have resulted in disconnection of service, lost domain names, or rerouting of massive amounts of Net traffic. "I live in fear of someone noticing these accidents and saying, 'Hey, I could do that.' " Both Bellovin and his AT&T colleague Matt Blaze cited the vulnerability of the Net's decentralized routing system, in which ISPs and other nodes on the Net send packets of information from origin to destination along a path that the machines "tell" each other is the most efficient way at that moment. This routing information has been accidentally corrupted several times, they said, resulting in massive traffic flows being rerouted through single slow machines or blocked altogether. They said a hacker could also cause this kind of corruption. "This could be a massive denial of service attack on the Net, or an eavesdropping attack," Bellovin said. "Don't bother hacking a machine to eavesdrop on the Net -- route all the traffic to your own machine." The domain naming system, in which information about the millions of names such as www.netinsider.com are kept in centralized databases, is also badly vulnerable to attack, the scientists said. The .com database, run by Network Solutions, has been corrupted by accident at least once, rendering many of the Web's commercial sites unavailable for several hours. This and the other central registry root server databases are prime targets for hackers or criminals who want to disrupt Net traffic, the researchers said. "It doesn't even take someone to hack into these machines," Bellovin said. "All it takes is bribing the janitor." But mischievous or malevolent action are hardly the only threats to the Net's smooth functioning. Buggy routing or server software is often responsible for Net mishaps. New technologies that take advantage of the Net's growing ubiquity also threaten to clog the system badly. The new "killer apps," Blaze said, overwhelm the Internet's existing system of protocols. Video, Net telephony, and other high-bandwidth applications now in their infancy all pose some danger of this as they become more popular, he said. "The Net is not optimized for real-time transmission of high-bandwidth data," Blaze said. "It works reasonably well for the small-scale distribution of multimedia content. We have no idea how it will work for the large scale." Researchers are working on solving these problems, the pair said, though some are proving more intractable than others -- such as the vulnerability of routing systems. But the technical difficulties are not the most difficult barriers, Blaze said. "The much harder part is deploying [new protocols] on the scale of the Internet, and getting people to adopt them." Why aren't more users already screaming about a system that is apparently so ill-adapted for its current uses? "Part of the problem is that with the Net, we're accustomed to a very low level of service," Blaze said. "And our expectations are met," Bellovin concluded.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:35 PDT