Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Could the Internet Be Taken Down In 30 Minutes?

ScuttleMonkey posted more than 5 years ago | from the millions-of-voices-suddenly-cried-out-in-terror dept.

Security 289

GhostX9 writes "Tom's Hardware recently interviewed Dino A. Dai Zovi, a former member of Sandia National Labs' IDART (the guys who test the security of national agencies). Although most of the interview is focused on personal computer security, they asked him about L0pht's claim in 1998 if the Internet could still be taken down in 30 minutes given the advances on both the security and threat sides. He said that the risk was still true."

cancel ×

289 comments

Sorry! There are no comments related to the filter you selected.

Yes (5, Insightful)

2.7182 (819680) | more than 5 years ago | (#27478717)

By a nuclear war for example.

Re:Yes (3, Funny)

techprophet (1281752) | more than 5 years ago | (#27478729)

Or a new strain of rapidly spreading electricity-consuming tiberium.

Or me.

nah. (2, Informative)

neo (4625) | more than 5 years ago | (#27478735)

Actually, this is exactly what it's supposed to survive.

Re:nah. (5, Informative)

canajin56 (660655) | more than 5 years ago | (#27478835)

Not true! ARPANET was designed as it was because there were only a few super computing sites at the time, and they were separated by quite a bit. The redundancy comes in to play only because they didn't want to lose important access if a router broke somewhere, as they are wont to do. All it was designed for was to survive a single point of failure. But even that is distorted. Just because ARPANET was designed that way decades ago, doesn't mean that large corporations decided to keep with that philosophy when they took over!

NAH (4, Interesting)

neo (4625) | more than 5 years ago | (#27479185)

"A memorandum published by the DoD in March 1982 declared
that the adoption of TCP/IP as the DoD standard host-to-host
protocol was mandatory and would provide for "host-to-host
connectivity across network or subnetwork boundaries."

          Military requirements for interoperability, security,
          reliability and [b]survability[/b] are sufficiently pressing to
          have justified the development and adoption of TCP and IP in
          the absence of satisfactory nongovernment protocol
          standards."

Emphasis mine.
http://www.columbia.edu/~rh120/other/tcpdigest_paper.txt [columbia.edu]

Re:NAH (4, Insightful)

iluvcapra (782887) | more than 5 years ago | (#27479311)

The DoD also approved the Space Shuttle's final dimensions on the basis of $100/lb launch costs and a constant schedule of military payloads... I think if you were to hand the DoD a purchase order for a pallet load of marshmallow peeps, they'd only be to happy to certify their nuclear/chem/bio survivability and tactical necessity. They just like to buy toys, and nobody questions them about wether they really need something, and nobody ever tests them to make sure they really use it...

At least in this case we ended up with the Internet, and not the spaceplane-that-wouldn't-die-and-syphons-science-money.

Re:NAH (3, Funny)

truthsearch (249536) | more than 5 years ago | (#27479359)

I think if you were to hand the DoD a purchase order for a pallet load of marshmallow peeps, they'd only be to happy to certify their nuclear/chem/bio survivability and tactical necessity.

That would be a mistake. They should only certify Twinkies.

If Family Guy has taught me anything, it's that everyone should go to the nearest Twinkie factory in the event of a nuclear holocaust.

Re:NAH (5, Funny)

BarryJacobsen (526926) | more than 5 years ago | (#27479475)

If Family Guy has taught me anything, it's that everyone should go to the nearest Twinkie factory in the event of a nuclear holocaust.

If Family Guy has taught you anything, then may god have mercy on us all.

Re:NAH (2, Insightful)

eleuthero (812560) | more than 5 years ago | (#27479469)

yes, it does syphon science money. Why is this a bad thing? Having focused expensive projects is a way to maintain interest in science in general and provide an opportunity for related projects to be developed. Sure, it is bad news for the ag seed libraries, but even these have benefited from our ridiculously expensive space program.

On a related note, I really like orange tang and appreciate the early space program.

YAH!! (1)

Fungii (153063) | more than 5 years ago | (#27479427)

Survivability.. so maybe

All it was designed for was to survive a single point of failure.

(note that I'm quoting canajin here in case there is any confusion)

What makes you think survivability implies the ability to survive nuclear war? The fact that you've heard as much parroted anecdotally countless times in the past?

Re:nah. (1)

2.7182 (819680) | more than 5 years ago | (#27478895)

OK, then what about by a Cylon invasion? (Which of course, would begin with a nuclear strike.) I doubt that our toaster children would have any trouble with Mccafree or Norton products.

Re:nah. (1)

JWSmythe (446288) | more than 5 years ago | (#27479033)

    It didn't start with a nuclear strike. They had operatives on the ground already. Watch the 1st episode again. :)

Re:nah. (1)

2.7182 (819680) | more than 5 years ago | (#27479257)

You mean watch the mini-series again. The first episode was "33".

Re:nah. (5, Funny)

ParanoiaBOTS (903635) | more than 5 years ago | (#27479117)

OK, then what about by a Cylon invasion? (Which of course, would begin with a nuclear strike.) I doubt that our toaster children would have any trouble with Mccafree or Norton products.

In my experience if we did have a Cylon invasion McAfee and Norton may be our ONLY defense. Upload it and watch as they can no longer function

Re:nah. (5, Funny)

freyyr890 (1019088) | more than 5 years ago | (#27479387)

OK, then what about by a Cylon invasion? (Which of course, would begin with a nuclear strike.) I doubt that our toaster children would have any trouble with Mccafree or Norton products.

In my experience if we did have a Cylon invasion McAfee and Norton may be our ONLY defense. Upload it and watch as they can no longer function

You're horrible. Not even the Cylons deserve Norton and McAfee.

Re:nah. (5, Funny)

interkin3tic (1469267) | more than 5 years ago | (#27478999)

Actually, this is exactly what it's supposed to survive.

Well, I'm reasonably certain my computer can't withstand a nuclear attack, and I don't think most porn stars are radiation-resistant, so it's really trivial to me whether or not there is still an internet after a nuclear war.

Re:nah. (4, Funny)

rcamans (252182) | more than 5 years ago | (#27479241)

The stars may not survive, but their videos could in a datastore underground. And your computer could survive in a bomb shelter. Underground. You know, where you live. In your mama's basement.
Heh heh

Mutant Porn! (0, Offtopic)

Pearson (953531) | more than 5 years ago | (#27479609)

But just think of all the possibilities of Mutant Porn!

Re:Yes (1)

Ruede (824831) | more than 5 years ago | (#27478741)

i think it is not a big issue too switch a few routers and switches off.

Re:Yes (2, Informative)

Jurily (900488) | more than 5 years ago | (#27478899)

By a nuclear war for example.

That doesn't count.

Unless of course, you'd be worried about your WoW account while billions of people are dying.

Re:Yes (1, Funny)

Cube Steak (1520237) | more than 5 years ago | (#27479163)

But I have level 80, purple gear you insensitive clod!

Re:Yes (4, Funny)

Chris Burke (6130) | more than 5 years ago | (#27479239)

By a nuclear war for example.

Why go to such extremes?

root@internet# shutdown -h +30 "Teh Intarwebs are going down!"

Re:Yes (0)

Anonymous Coward | more than 5 years ago | (#27479271)

Define the internet. If you hit google you got like the face of internet.

Seems quite easy, reading the recent DNS and routing news (remember youtube redirecting to china?)

Re:Yes (2, Funny)

dimko (1166489) | more than 5 years ago | (#27479279)

Or by a sucessfull Collider Experiment..

Re:Yes (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27479305)

Or by throwing anchor in Mediterranean sea :-)

Re:Yes (1)

eleuthero (812560) | more than 5 years ago | (#27479513)

or whatever it is that causes large middle eastern countries to lose all access to the outside world for days at a time (apart from satellite feeds) on multiple occasions all with multiple cable failures at the same time.

Re:Yes (2, Insightful)

MobileTatsu-NJG (946591) | more than 5 years ago | (#27479371)

By a nuclear war for example.

Heck, it'd go even quicker if the Vogons decided to build a hyperspace bypass! Come to think of it, if somebody travelled backwards in time incorrectly and destroyed the universe, the internet would probably be destroyed in negative minutes!!

Look at me, I'm Mr. Insightful, mod me up!

All it needs is a giant Slashdotting (5, Funny)

Anonymous Coward | more than 5 years ago | (#27478723)

Just visit url://internet

Re:All it needs is a giant Slashdotting (5, Funny)

Chris Mattern (191822) | more than 5 years ago | (#27479393)

Firefox tells me it doesn't understand URLs. I'd better just stick to HTTPs.

true (0)

Anonymous Coward | more than 5 years ago | (#27478747)

The internet can take down my pants in 30 minutes.

Re:true (5, Funny)

Anonymous Coward | more than 5 years ago | (#27478827)

In 30 minutes?

You're doing it wrong.

Internet Backbone DDOS in 2002 (5, Insightful)

eldavojohn (898314) | more than 5 years ago | (#27478757)

In 2002 4 or 5 of the 13 root servers [slashdot.org] were big news ... although we've come a long way since then, I think the integrity of the internet still depends on these things.

Every so often we get reports that the internet is a rickety old jalopy [slashdot.org] on it's last leg [slashdot.org] .

Given this impression and add to it the fact that the botnets seem to grow in tandem with the internet, I wouldn't be surprised to see an attack take her down in 30 minutes although I'm no expert. I think 30 minutes is a generous amount of time if one of the larger botnets turned its attention on the root servers for a DDOS attack. You'd have some fail overs and some courageous engineer might save the day but I'd put my money on the bad guys.

I would be surprised if it was down for more than 24 hours following that though.

Re:Internet Backbone DDOS in 2002 (4, Insightful)

afidel (530433) | more than 5 years ago | (#27478871)

The way to fix it would be egress filtering where all consumer class lines were barred from directly querying the root servers. Would suck greatly for anyone who wanted or needed to run their own resolver, and would break the original end to end design of the internet, but it would be the most likely response to the threat. The ISP's would love it too since it would allow them to have a captive audience for their ad laden DNS servers.

Re:Internet Backbone DDOS in 2002 (0)

Anonymous Coward | more than 5 years ago | (#27478951)

The way to fix it would be egress filtering where all consumer class lines were barred from directly querying the root servers. Would suck greatly for anyone who wanted or needed to run their own resolver, and would break the original end to end design of the internet, but it would be the most likely response to the threat. The ISP's would love it too since it would allow them to have a captive audience for their ad laden DNS servers.

Congratulations, you sound like the possible "courageous engineer" mentioned in my post. I only hope your solution is ready to be turned on at the flip of a switch and the ISPs have a corresponding fail over system to switch to for their consumers when it happens. Ad laden DNS servers are better than no DNS servers at all, correct?

Re:Internet Backbone DDOS in 2002 (1)

JWSmythe (446288) | more than 5 years ago | (#27479523)

    Oh please god, don't make those suggestions.

    I haven't been on a residential provider yet, where their DNS worked properly.

    I'm not rude enough to run my own nameserver at home. I piggy back off of my work networks, with finely tuned nameservers. :) It's amazing how much nicer they work, when there are a million people checking out youtube, myspace, and facebook. (oh, and the wonderful world of pron).

Re:Internet Backbone DDOS in 2002 (5, Interesting)

Shakrai (717556) | more than 5 years ago | (#27478949)

I think 30 minutes is a generous amount of time if one of the larger botnets turned its attention on the root servers for a DDOS attack

I think you are overlooking a two things:

1) There's a lot more than 13 root servers nowadays. Many of the servers are mirrored using anycast [wikipedia.org] . Wikipedia had a total of 123 in 2006 so it's a safe assumption that there are even more today.

2) Even if you could render the root servers inaccessible, this doesn't "take down" the internet. Many sites would still be accessible until their DNS cache entires timed out in the nameserver that you use (likely your ISP). A lot of sites set short timeouts on the www 'A' record (for load balancing purposes) but long timeouts on the 'NS' records for the domain. In this scenario your nameserver would still know where to go to get the 'A' record and wouldn't need to consult with the root servers.

Those caches wouldn't last forever but it would seem to offer enough time to deal with the DDOS. The internet would have limited functionality for awhile but it wouldn't "go down". Many operations (site to site VPNs for example) might not even notice.

Re:Internet Backbone DDOS in 2002 (2, Funny)

Anonymous Coward | more than 5 years ago | (#27479123)

1) There's a lot more than 13 root servers nowadays. Many of the servers are mirrored using anycast [wikipedia.org]. Wikipedia had a total of 123 in 2006 so it's a safe assumption that there are even more today.

One hundred and twenty three root servers ought to be enough for anyone.

Re:Internet Backbone DDOS in 2002 (1)

purpledinoz (573045) | more than 5 years ago | (#27478971)

One has to remember that even though the Internet was developed by the military to be resistant against attacks, the private sector has built most of it with cost in mind. So naturally it's not as robust as it could be, but it's quite cheap.

Re:Internet Backbone DDOS in 2002 (0)

Anonymous Coward | more than 5 years ago | (#27479259)

It was developed by research agencies to rapidly communicate data. It was most definitely built with cost in mind from the get-go.

It was never designed to be resistant to attacks, nuclear or otherwise, except that it was supposed to be a support tool for researchers who were probably studying those very things.

In any event, the research they were working on would not be a priority during such attacks if they had ever occurred. It would have been extremely unlikely to distill results in the time scale necessary to be an effective battlefield tool. Any information that researchers would be able to provide to commanders in the field could be communicated just as quickly with conventional means.

Re:Internet Backbone DDOS in 2002 (3, Informative)

Lumpy (12016) | more than 5 years ago | (#27479075)

Nope if you take out ALL The root servers right now I'll still be able to get around on the internet. My servers will still serve up information. my clients will still work.

Do it get to use the for dummies name resolution? nope.

If I type in 74.125.67.100 in my browser, google still shows up.

granted everything in google is useless as they dont log the IP addresses, but that's moot for me. PLUS I can always go to one of the alternate DNS servers and use them. or my local cache... that would work for weeks without the root servers.

Re:Internet Backbone DDOS in 2002 (1, Insightful)

ivan256 (17499) | more than 5 years ago | (#27479299)

If I type in 74.125.67.100 in my browser, google still shows up.

Sure, but the search results would be useless.

Who and Why? (1)

RiotingPacifist (1228016) | more than 5 years ago | (#27479161)

His answer is pretty vague, but if i know anything about computer security (and i don't), isn't the key thing to decide who your attackers are and what they want! I'd guess that the people running large botnets could DDOS the root DNS servers, but as they have no motive to do that its very unlikely they will. So who would want to take down the internet?
Perhaps russia/china/us if they were about to start a world war (possible, but if that were the scenario we'd have bigger problems)?

Re:Who and Why? (1)

Niris (1443675) | more than 5 years ago | (#27479423)

On one hand I think some people would want to take it down to go in history as the person who took down the Internet. On the other, they'd probably end up ripped apart by the hordes of WoW players who are forced out of their basements by the lack of Night Elf cleavage.

Re:Internet Backbone DDOS in 2002 (1)

iamhassi (659463) | more than 5 years ago | (#27479327)

Actually the question was if it could be taken down by hackers, not if the mainlines in the ocean being cut would take down the internet.

from article: [tomshardware.com]
"Alan: That's a great tip. One last question: in 1998, the members of L0pht testified in front of the US Congress that a committed team of hackers could take down the entire Internet in 30 minutes...Do you think that statement still holds today?"

"Dino: Yes, and I probably shouldn't say much more about it than that. "


Honestly, I think the guy's full of it.

Re:Internet Backbone DDOS in 2002 (4, Informative)

six (1673) | more than 5 years ago | (#27479373)

root DNS != Backbone

You can DDOS a server, a network, even big routers, but you can't DDOS the internet.

Cutting random cables here and there won't work either, at most you're going to isolate parts of the net.

The only way to take down the internet in 30 minutes is to exploit vulnerabilities in the BGP core routing protocol and announce netblocks that somehow (that's where something has to be exploited, bypassing filters, smaller blocks and routing costs considerations) takes the priority over other routes for every router that receives the announce.

Not saying that's impossible, but still tough ...

Re:Internet Backbone DDOS in 2002 (2, Insightful)

Ogive17 (691899) | more than 5 years ago | (#27479395)

Wouldn't there be some point where a DDOS would stop being effective because there's already too much traffic... therefore keeping up a small amount of the backbone?

If you're able to take down 80% of the servers, it's possible you wouldn't have a chance to even reach the other 20%. You'd probably lose a significant portion of your botnet if you took out that much of the backbone.

Re:Internet Backbone DDOS in 2002 (1)

JoeMerchant (803320) | more than 5 years ago | (#27479399)

I would be surprised if it was down for more than 24 hours following that though.

Concur - and if the bad guys would test the system more often (like they did 10 years ago when they hit Yahoo and E*Trade), we'd have a more robust system overall.

I'd be in favor of letting the white hats take a crack at the infrastructure 4 saturday mornings per year, see how much havoc they can wreak in 24 hours and then figure out how to stop them from doing it again in 3 months. We should pay them during the designated attack days based on how much trouble they cause, then pay a different set of people based on how well they withstand the same attacks 3 months later.

Re:Internet Backbone DDOS in 2002 (1)

rdebath (884132) | more than 5 years ago | (#27479473)

All you need to do is fetch and use ftp://rs.internic.net/domain/root.zone.gz [internic.net] and you're independent of the root name servers.

Re:Internet Backbone DDOS in 2002 (1)

JWSmythe (446288) | more than 5 years ago | (#27479485)

    Actually, that's a lot of the reason that they made some of the root nameservers multicast. Have a look at F, and I through M. It's not perfect, but it moved the root servers away from a handful of central points.

    Back in the day, the MAE's had their bandwidth graphs online. You could see the aggregate for all ports, and (if I recall correctly) utilization by port. Ports were listed out on another page, so you knew the port names, IP's and providers.

    It would have been a pretty simple matter to flood traffic towards a few specific ports in a couple MAE's, and watch things break.

    Now there are a lot more peerings, and those peerings are significantly more robust. It was one thing to kill a 100Mb/s interconnection (oohh, and that was fast then too), but filling up an OC192 will take a lot more work. To overwhelm a MAE, it wouldn't just be one or two OC192's, it would be a significant number of them.

    Have a look at the 1998 MAE services description [archive.org] . If you dig around a little bit on there, you'll see that they used to publish the IP's of each customer interface. "Ahh, lets knock down provider X", sure, you see the IP's of every interface. Flood them to death. :) Of course back then, most people were sitting on 56k dialups, which never really saw 56k, and those frequently connected through modem servers on a T1. You may be able to support 28 dialup modems on a T1, but they'd oversubscribe them like crazy.

    Now, people have bandwidth to do more damage, but it's much less likely to do damage to the core of the Internet. The real damage can occur on small sites, with single servers up on relatively slow lines.

    I was actually surprised there hadn't been a successful attack on some major peerings. I always assumed someone would manage a sustained attack that would do damage. Now it's than much more complex, where you don't get the luxury of bandwidth graphs on the target. :) The only real successful large scale "attacks" I've seen lately were where one provider got annoyed by another provider, and cut off their peering on short notice.

It can be taken down much faster now. (5, Informative)

Anonymous Coward | more than 5 years ago | (#27478815)

http://www.networkworld.com/news/2009/040209-obama-cybersecurity-bill.html

A federally enabled Internet kill switch will place an Internet Off Button in the White House which can be used to instantly deactivate the Internet in case of an emergency, such as the plebes getting riled up. This bill, introduced to the Senate on April Fools, is expected to pass.

Re:It can be taken down much faster now. (4, Insightful)

Leafheart (1120885) | more than 5 years ago | (#27479187)

Your Internet maybe, not mine. At least, not because of that.

Re:It can be taken down much faster now. (2, Informative)

Anonymous Coward | more than 5 years ago | (#27479405)

People misunderstand the scope and power of this law. Sure, only American & NATO NAPs will be turned off, so some IP routing may continue. However, DNS will be vaporized, as it is currently controlled by America. So your internet will become your hosts file, and any IP addresses you've memorized. Have fun with that.

(Job) security (5, Interesting)

Anonymous Coward | more than 5 years ago | (#27478847)

Guy who works in security testing wants people to believe that the state of internet security is OMGcritical? Shouldn't this be tagged "jobsecurity" rather than "security"?

Re:(Job) security (0)

Anonymous Coward | more than 5 years ago | (#27479335)

Kind of like Global Warming and Research Scientists...

Is this news?? (2, Interesting)

eclectro (227083) | more than 5 years ago | (#27478869)

All it would take is the right cables to be cut [circleid.com] for the internet to go down. Perhaps with a rented backhoe even.

Re:Is this news?? (5, Funny)

myVarNamesAreTooLon (1474005) | more than 5 years ago | (#27479045)

All it would take is the right cables to be cut [circleid.com] for the internet to go down. Perhaps with a rented backhoe even.

A single backhoe might have some trouble getting the entire internet in 30 minutes. What's the top speed on those things?

Re:Is this news?? (4, Insightful)

ckaminski (82854) | more than 5 years ago | (#27479255)

If you want a ride bouncier than the storm chasers in KC10s you can do about 22-25 mph in a Ford 555 (80's vintage backhoe). And that's on a decently paved street. You hit a decent pothole and you better have your feet on the posi button because when your steering wheels hit ground again, you're likely to zoom into traffic or onto the sidewalk.

It's why I only ever did over-street travel in ours at night. Then again, backhoe's are naturally overbalanced to the rear, I never did try to get our straight farm tractor up to speed on surface streets.

I've popped a wheelie in exactly two tractors in my day, one a backhoe, another a dozer. Sort of frightening when you do it for the first time and aren't expecting it.

30 mins might be optimistic (5, Interesting)

Minupla (62455) | more than 5 years ago | (#27478887)

Assuming a vulnerability is exploited in BGP, the internet would go bibi in a hurry. That's all our eggs in one basket, and it's a fairly rickety basket. There's still a lot of trust inherent in the BGP fabric and trust is a 4 letter word to anyone who deals with infrastructure security.

Min

Re:30 mins might be optimistic (1)

gandhi_2 (1108023) | more than 5 years ago | (#27479127)

All these posts... and YOU are the first guy to point out that, at its heart, the internet is a routing protocol problem, not a DNS problem.

Tag this: +1, Only guy who knows what the fuck.

Re:30 mins might be optimistic (1)

LostCluster (625375) | more than 5 years ago | (#27479195)

BGP by design trusts in routing settings being honest... just program a router with can't-get-there-from-here routes, and you'll down the surrounding area's Internet speed, or even connections.

Re:30 mins might be optimistic (4, Informative)

vlm (69642) | more than 5 years ago | (#27479451)

BGP by design trusts in routing settings being honest... just program a router with can't-get-there-from-here routes, and you'll down the surrounding area's Internet speed, or even connections.

No, no one trusts their peers anymore and their configs reflect that. Not since at least the 90s. Since before I started doing BGP support, everyone has filtered their customers routes. WAY WAY too many people try to redistribute 10/8 from their IGP, or maybe try to send us a 0/0. And unscientifically, I'd say about 25% of newbie BGP admins think they own their previous ISPs IP space... so if old ISP gave them 1.2.3/24 they'd ask us to modify our filters to allow the /24, we'd check (have to check each and every customer every time) and see its part of their old ISP's /18, and we'd educate them.

Re:30 mins might be optimistic (5, Interesting)

spacerog (692065) | more than 5 years ago | (#27479199)

Actually if I remember correctly the specific flaw that we discovered waaay back in the olden days of 1999 (or was it 98?) was with the Border Gateway Protocol which would cause a cascade router failure. We estimated best case scenario that large chunks of the Internet could be unreachable for up to 12 hours and worst case could be down for several days.

The really funny thing about all this is that after Senator Thompson and the Government Affairs committee was finished pimpimg us out as media whores several unrelated people approached us and said "Hey, where you thinking of taking the net down this way..." And we would say "No, that's not what we thought of but your idea would probably work just as well."

The thing is many of those ideas are still valid. The global Internet network is a rickety piece of technology held together with bubble gum and bailing wire. If it wasn't for the fact that people are actively trying to keep it operational I fear it would fall apart under its own weight in a very short amount of time not to mention if someone actually wanted to take it down.

- Space Rogue
http://www.lopht.com [lopht.com]
http://www.spacerog.net [spacerogue.net]

Re:30 mins might be optimistic (1)

lord_sarpedon (917201) | more than 5 years ago | (#27479243)

Trust is usually a four letter word to me, but my speling kinda sucks

Re:30 mins might be optimistic (1)

JWSmythe (446288) | more than 5 years ago | (#27479597)

    It's much better now. Not perfect, just better.

    But, do you remember when someone advertised 0.0.0.0/0, and that ended up sending everything in the wrong directions? :) That was ... ummm ... around 1997 sometime, I think.

Possible, (1)

powerslave12r (1389937) | more than 5 years ago | (#27478925)

Now that the internet has been slashdotted...

YES!! (1)

s1lhouette (1319369) | more than 5 years ago | (#27478927)

Pay the right people, know what you are doing, and you could take the ENTIRE thing down. The entire Structure of the Internet is VERY hacked together. Take BGP for example. Very little security in it. And although they are working on sBPG, the current state of things is dreadful. Not to even mention DNS. So yes. We might not have Internet tomorrow. Although I am not an alarmist, I recognize that there are no good assurances in the Internet.

Re:YES!! (5, Interesting)

vlm (69642) | more than 5 years ago | (#27479297)

Take BGP for example. Very little security in it.

Sounds like somebody not involved in actual BGP work and/or just scaremongering (worship me because I say scary things).

Nobody configures their peers using dns addresses. Doesn't everyone use md5 hashes? Doesn't everyone filter their customers routes?

I did "most of" the customer side BGP at an ISP for "years" with quite a few customers... if every time someone redistributed 0/0 or 10/8 to us we took down the internet, frankly, it would have been down most of the time. Not to mention people whom thought their old providers IP space was their own (as opposed to actual ARIN space)

Then there's the guys who prepend like a hundred times, always good for a laugh or two.

Folks whom think they can take down global BGP by flapping their routes a couple times and don't even know what route dampening is... well...

Now, yeah, one bad dude could take over one router and maybe temporarily down one ISP that is run by fools who don't follow the "rules", but one badly run ISP out of bazillions is not "the internet".

Overall, I'd say out of 30K AS, of which at least 50% don't really know what they're doing, yet they still can't take the sucker down, god knows I've seen everything tried at least once, so a couple black hats don't even have a chance.

Re:YES!! (1)

morgan_greywolf (835522) | more than 5 years ago | (#27479531)

While I tend to agree with you, I do think that a couple of very skilled and knowledgeable black hats with a severely huge and well-distributed botnet who were absolutely intent on taking down the entire Internet, could probably do so using multi-pronged attacks (BGP hacks would only be one part. Remember, for example, the Pakistan YouTube thing a while back?)

Also bear in mind that 99.999% of attacks are perpetrated by completely incompetent amateurs.

Thing is, though, anyone with that much skill and knowledge would have far better things to do and would probably not benefit in anyway from bringing down the whole thing.

I call BS (1)

jimbolauski (882977) | more than 5 years ago | (#27478937)

The whole internet could not be taken down so easily any attempt would have to not only destroy the internet in a precise manor as to make sure that pockets were not created but also make sure that when backups kick in that the attack can reach them.

Re:I call BS (2, Insightful)

KillerBob (217953) | more than 5 years ago | (#27479385)

There's an awful lot of redundancy and inter-networking going on in the Internet, but a concerted attack at the right points in the Internet could take them offline, and break those links between networks.

No, it wouldn't cause your computer to blow up. It wouldn't break your home network. It wouldn't break your ISP's network. But if AT&T, L3, Verizon/UUNet, GBLX, Qwest, Sprint, etc. couldn't talk to each other, you'd as good as break the Internet. Remember the connectivity issues that were caused last year when L3 and Cogent de-peered each other? And those are relatively small players. Imagine if it were AT&T and UUNet that de-peered each other.

Somebody who knows the architecture of the Internet and *really* wanted to take it down wouldn't have a hard time at it. Just target the peering points between the big networks.

As others have pointed out, there's other weak points in the network, too. Gateway protocols and DNS are vulnerable to attack, as well, for example. :)

Just to get it out of the way (0)

Anonymous Coward | more than 5 years ago | (#27478957)

There's no way the Internet could be tak

[NO CARRIER]

Re:Just to get it out of the way (0)

Anonymous Coward | more than 5 years ago | (#27479041)

Nah, the fact that you (and only you) were disconnected doesn't mean that the whole intern

[NO CARRIER]

Depends on who you ask... (5, Funny)

imajinarie (1057148) | more than 5 years ago | (#27479025)

According to my parents and people in my office, the Internet is occasionally down for several hours at a time. Fortunately, they have the ability to reboot it when necessary.

Re:Depends on who you ask... (1)

Andr T. (1006215) | more than 5 years ago | (#27479103)

Yeah, yesterday I was getting an Internet from some friends and I only got it today.

It's not just like a big truck, you know.

Ask my girlfriend . . . (5, Funny)

PolygamousRanchKid (1290638) | more than 5 years ago | (#27479303)

. . . she accuses me of "turning off" or "breaking the Internet" at least once a day.

That's the power that you get with 57 levels of Slashdot Achievements. A big switch labeled "Internet On/Off."

kdawson article? (0, Troll)

kj_kabaje (1241696) | more than 5 years ago | (#27479091)

Checking to see if this is a kdawson article... Nope. Read on panic mf-er. Panic!

it was demonstrated last year (4, Informative)

Paralizer (792155) | more than 5 years ago | (#27479109)

When Pakistan decided to block youtube [slashdot.org] they inadvertently caused a global routing blackhole. The internet is built with the BGP routing protocol, which is based on trust. You trust that your peers will advertise correct routes. If they don't then you get misinformation like in the Pakistan/Youtube situation and it spreads, pretty soon everyone thinks going through Pakistan is the best way to reach youtube so all traffic (or almost all) goes there, then Pakistan simply drops those packets.

Of course this was an accident, but a malicious attack could simply advertise lots of incorrect routes and hose up everything ... at least for a little while.

Re:it was demonstrated last year (1)

John Hasler (414242) | more than 5 years ago | (#27479277)

> When Pakistan decided to block youtube ... Of course this was an accident...

Was it?

Re:it was demonstrated last year (3, Insightful)

vlm (69642) | more than 5 years ago | (#27479515)

The internet is built with the BGP routing protocol, which is based on trust. You trust that your peers will advertise correct routes.

Only and exclusively amongst the tight knit community of tier 1 providers. No one accepts unfiltered routes from their customers. (except for unintentional mistakes).

Also, You Tube is not "the internet" as in "the entire internet". Good luck advertising a 0/0 route, even amongst tier 1 ISPs.

Ohhh yeah. (1)

Aphoxema (1088507) | more than 5 years ago | (#27479155)

30 minutes? With how fast the internet is (There's few places in the world I get a ping reply within seconds), the internet could be taken down within 30 seconds if the perfectly right-wrong thing happened.

It'll probably happen eventually, but I wouldn't lose any sleep over it. It's not like the internet, you know, is a living creature that depends on every breath to survive.

We need to mesh more (1)

Casandro (751346) | more than 5 years ago | (#27479159)

ISPs should be forced to have to peer at any POP they join. Then the Internet would potentionally be a lot more stable.

Re:We need to mesh more (2, Insightful)

LostCluster (625375) | more than 5 years ago | (#27479265)

Forced peering would lead to situations where the data flow could be tilted from one side to another. "Peering" requires relatively equal data flow between the partners.

Re:We need to mesh more (2, Insightful)

Casandro (751346) | more than 5 years ago | (#27479481)

Yes, but where is the problem? A line doesn't need to be equially loaded in both directions. That's just a decision beancounters made. It doesn't make much sense in real life.

Just get a line between 2 ISPs and route only the trafic between those 2 ISPs on that line until it's full. The rest can go the long way.

Re:We need to mesh more (2, Insightful)

vlm (69642) | more than 5 years ago | (#27479547)

ISPs should be forced to have to peer at any POP they join.

Forced to peer with spammers? no thanks!

Also "the internet" is mighty big. You might pull this off in one country, maybe the entire EU, but probably not the whole world. We (as a planet) can't even agree on basic human rights, much less the middle school girl game of whos gonna peer with who.

Prevent Over Logging (3, Funny)

teko_teko (653164) | more than 5 years ago | (#27479177)

Today we take the Internet for granted, but it could go down any time from over logging. We have to prevent this by using the Internet when truly necessary, and to only view Internet porn twice a day... max.

Re:Prevent Over Logging (0)

Anonymous Coward | more than 5 years ago | (#27479361)

Today we take the Internet for granted, but it could go down any time from over logging. We have to prevent this by using the Internet when truly necessary, and to only view Internet porn twice a day... max.

point the finger at yourself. not everyone is a internet engineer.

Yes, it can (1)

DirkBalognapantz (609779) | more than 5 years ago | (#27479205)

With the Anti-Life Equation.

summing up (1, Troll)

godrik (1287354) | more than 5 years ago | (#27479225)

the only two statement of the interview:

-"I can not say anything"

-"macs are great"

...

I am ready for the DNS takedown! (5, Funny)

belloc1 (1118477) | more than 5 years ago | (#27479251)

I have all my most important sites IP addresses written on Post It notes all over my wall.

Bring it!

30 minutes? (0)

Anonymous Coward | more than 5 years ago | (#27479275)

London would like a word with you...

All it takes is some retard cutting undersea lines or cutting a bunch of underground wires.

I find his lack of faith disturbing (1)

RiotingPacifist (1228016) | more than 5 years ago | (#27479281)

Are jail/chroot/other sandboxes so ineffective the only way he can securely browse the web is in a virtual machine?

I know VMs are all the rage nowadays but it seams pretty dumb to rely on them for secuirty instead of designing secure systems.

30 won't do at all (1)

Captain Spam (66120) | more than 5 years ago | (#27479301)

30 minutes? Hm, nah, that won't do. Better make it 45. Gotta save all my work first.

DNS? (1)

rickb928 (945187) | more than 5 years ago | (#27479397)

And would a determined botnet herder be able to 'take down' the Internet by launching a worldwide DNS cache poisoning attack and redirecting to a botnet-based DNS server farm? How much of the Internet would die?

Probably much easier to coordinate multiple botnets to DDOS the root servers, and also nail a few prominent servers at larger ISPs.

Naww. That's been pretty much fixed. Attacking BGP is so much more effecient. Nevermind.

October 27, 1980 ... (0)

Anonymous Coward | more than 5 years ago | (#27479403)

One word: RFC789.

"On October 27, 1980, there was an unusual occurrence on the ARPANET. For a period of several hours, the network appeared to be unusable, due to what was later diagnosed as a high priority software process running out of control. [...]"

I have a raid! (1)

red90tsi (1404931) | more than 5 years ago | (#27479413)

I sure hope the internet doesn't go down, all those poor souls in Northrend will die if I cant stop Kel' Thuzad and Malygos.

Yes, but... (1)

BitwizeGHC (145393) | more than 5 years ago | (#27479459)

Yes, but no one will believe that it can be until a crazed ex-federal agent stages a "fire sale" in order to prove it. And then disaster will be narrowly averted because Bruce Willis kicks his ass.

Hell yes you can! (1)

bazonkers (744424) | more than 5 years ago | (#27479491)

All I have to do is unplug this little wire and the internet completely goes offli{#`%${%&`+'${`%&NO CARRIER

Do not underestimate the power of the darknet. (1)

Maintenance Goof (1487053) | more than 5 years ago | (#27479603)

Fine they take thirty minutes to shut down the internet for ten minutes. Some areas stay down because they remain infected or untrustworthy. Some areas loose phone service and the ability to contact the machines they need to contact to make a repair. Tons of technicians have to actually visit remote servers clean up and reboot them. At the end of the week, we have a stronger network and Rush blames Al Gore for not making a stronger series of pipes in the first place.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?