Frobnicator's Journal: From an article about the degradation of the Internet

You sell a simpler box where security is the primary factor. A lot of grandmas and older people might go for something that only does AOL, mail, web browsing and maybe printing and digital photos.

That might solve part of the problem (consumer side) but not the issue that the article was about. It does not solve the real issue.

Making a grandma-friendly, secure, e-mail and download-only box would not do what the article suggests is happening. It might keep grandma from getting infected with the latest worm, but she will still get progressively less useful bandwidth from her modem. Grandma might have a 256Kbps DSL modem. She might even be fairly lucky and after dropping the malformed packets and garbage already out there, get a 200Kbps rate right now. But next year it might be 150Kbps, then 100Kbps as a few million script-kiddies are scanning for the next generation of BackOrafice trojans. Then she'll go buy a faster connection, because her Internet connection is slower than she wants. Her new connection will give her more visible speed, but would still be dropping a majority of the packets.

I've seen the issue first hand. I'm with a small business, where we have a shared T1 line. Our upstream provider performs some packet filtering, but not much. After we pay for the data through our T1, we filter it. We drop malformed packets, packets from reserved and unassigned addresses, source-routed packets, and so on. We detect and block portscans and other obvious attacks at that point as well. We average a 7-10% packet loss through that filter daily. Next, we run SpamAssassin at a high filter level (15) along with attachment and virus blocking of emails, which collectively drop thousands of e-mail messages daily. Additionally our computers are running ad-filtering programs that save us a lot of bandwidth, but ads still slip through.

If we were to assume that all the ads also got through, that is about 20-25% of our bandwidth wasted in complete junk, and that percentage has been increasing for the past two years that I have been watching it. Next we have a bunch of legitimate, but unwanted, traffic. That includes file sharing and trojan ports, incoming http, mail, telnet, DNS, ftp, rpc, and other assorted ports. We get a few hundred of these each day, and the number is always growing. Some might be people in the company trying to use NetMeeting or something, even though it is against policy. Some may be legitimate errors, while the remaining others are probably probing for systems to attack.

The article says that the problem is this growing collection of junk -- currently about a quarter of our bandwidth -- which will quickly kill the Internet unless there is a change.

Unfortunately, I agree with the author of the article; unless we see some fundamental changes, it will become unusable. There are a number of good ideas already out there as to what that may be.

One idea that I like is to remove the anonymity of end-to-end, while preserving the end-to-end functionality. Every handler of every packet signs the packet, and drops packets from sources they do not trust or with invalid signatures. The sender cannot deny sending the message, each handler signs the packets and cannot deny that they handled it, each handler can state that they directly know who they received it from, and that all end-points can verify the sources. That allows any message not properly signed and not properly addressed to be dropped, and allow for law enforcement or system admins to find out who the attackers are, or exactly which machines have been compromised.

The only significant drawbacks to that system are the resources involved in all the digital signatures and the loss of anonymity. I can only see a few reasons for anonymous speech (whistle-blowers, victims of crime, etc.) but there are other anonymous outlets for them. Online, I think non-repudiation should be built in, so long as you have encryption tools available. Your boss/government/police/mafia could know that you said something, but not know what it was.

Until that level of fundamental infrastructure change spreads across the Internet, making a grandma-friendly Internet console isn't enough. The DDoS attacks on everything from spam blacklists, litigous companies like RIAA and SCO, honest mistakes like U. Wisconson's time servers, and script-kiddie behavior will continue to degrade the Internet. The spammers clogging up mailboxes and usenet will degrade the Internet. Tomorrows worms, along with todays worms on unpached systems, will continue to degrade the Internet. More people with cable-modems downloading movies will degrade Internet performance. In short, continuing our course will be just a little worse until we hit a very-near critical threshold. Then our performance will be like a figher jet slamming into a wall of jello. We need to change course, or face some serious performance losses.

frob