Interviste
Q&A: Internet pioneer Stephen Crocker on this week's DDOS attack
Q&A: Internet pioneer Stephen Crocker on this week's
DDOS attack
Content Type: Story
Source: Computerworld
This week's distributed denial-of-service (DDOS) attack
on the Domain Name System (DNS) root server system (see story) got the
attention of the Internet Corporation for Assigned Names and Numbers (ICANN),
the U.S.-created private group that is charged with ensuring the stability
and security of the DNS.
ICANN, which has been increasing its focus on security issues since the
Sept. 11 terrorist attacks, formed a security committee to examine what
can be done to improve DNS system security.
Internet pioneer Stephen Crocker, who helped develop protocols for Arpanet,
the original network that became the basis for the Internet, chairs that
committee. Crocker will be discussing the DDOS attacks at ICANN's annual
meeting in Shanghai next week, and in an interview with Computerworld
reporter Patrick Thibodeau, he assessed the impact of the recent attack
and outlined some of the options for improving DNS security.
Q: What's your assessment of the DOS attack?
A: There is good news and complications here. There are 13 root servers.
Some of them were effectively out of service for a while, but the impact
on the whole community was negligible. Further good news is that a number
of the servers were very, very well set up, well provisioned, have first-class
staffs who rose to the occasion and worked very hard to stave off the
affects of the attack and stay up in service.
In a sense, one can say, the defenses were tested and it turns out that
the system is pretty good. The impact on the community was pretty modest.
Q: What's the bad news?
A: Does that mean we should all sleep soundly? Not really; suppose the
attack was bigger or lasted longer?
I think the result there is somewhat nuanced. It's the nature of the DNS
service that because there is a lot of caching [in other DNS servers],
most of the world would go on pretty well for a long time, for a day or
so, before there would be much degradation -- if all the servers went
down.
If an attack went on for a day, vastly more resources would be brought
to bear. It would be expensive, but I still think the impact on the community
would have been relatively modest.
Q: How was the attack conducted?
A: There are two elements to an attack like this. The amount of traffic
sent, and how long it goes on for. At the level of traffic that was generated,
which was quite substantial, it effectively stopped some of servers from
responding because they were overwhelmed with noise and not real traffic.
But enough of them continued to operate and provide service anyway, and
they could have done that indefinitely.
To effectively stop service, you would have to have a much larger attack
and somewhat more sophisticated. I don't want to get into the details,
but there is some evidence that this was not the most sophisticated possible
attack.
Q: What are the lessons learned from this attack?
A: There are some old lessons that are just evident again. This doesn't
teach us anything we didn't know before. As with any attack, it reminds
us that we need to make some progress. We shouldn't say everything is
fine and expect the system to survive indefinitely. There will be other
attacks, and they'll be more sophisticated and they'll be more massive.
Q: Where is improvement needed?
A: There are three areas for improvements. They range from relatively
easy to relatively hard to do, and range from useful to more important.
The first is improving the core protocols and service for DNS, and second,
tightening up the Internet against DDOS attacks by having the Internet
service providers impose some discipline and authentication on the hosts.
In today's Internet, it's relatively easy for a host to lie about its
address and send packets with misleading return addresses. It's possible
to fix this.
As part of tightening up the basic DNS system, we need to deploy the DNS
security protocol [DNSSEC, a security protocol intended to improve data
origin authentication] and create a wider set of implementations of BIND
[the Internet Software Consortium's Berkeley Internet Name Domain server
software used for DNS]. I hasten to add that lack of diversity is not
actively causing any harm, and the main reason for wanting diverse implementations
is general good practice. On the other hand, we do know that many people
are running obsolete versions of BIND, and the older versions are known
to have critical bugs.
Q: The third problem?
A: What I think our biggest problem globally is are off-the-shelf computers.
The minute you plug them in they are susceptible to being enlisted unwittingly
to a DOS attack. And I don't understand why that's OK. To have that same
computer be used to attack someone else, it's a public nuisance issue.
Computers should not be wide open.
Q: Will this incident accelerate the work of the ICANN security committee?
A: I think we're pretty motivated. The attack acts as a certain amount
of stimulus, but there is not enough new information in this. I think
it's kind of a reflected effect. We recognize that because something like
this happens, it causes other people and the media to take notice, and
that increases the pressure and perhaps increases the opportunity.