[AusNOG] NBN must avoid becoming 'failed state'

Mark Newton newton at internode.com.au
Sun Sep 19 11:55:50 EST 2010 

On 18/09/2010, at 8:39 PM, David Hughes wrote:

>> Didn't really happen.  Speaking holistically, it's hard to argue that the
>> state of the security art is any worse now than it's ever been.
> 
> Can't say I can agree with that Mark.  I reckon it did happen.  In the days of Dial-up, the outbound capability of the average compromised machines was so limited that the target of a DoS attack was pretty much restricted to other dial-up clients.  V.90 only gave you 33k outbound so you'd need a metric shedload of compromised machines to do any significant damage to a well connected content source.

Given that the metric shedload is relatively easy to accumulate, 
an that a sufficiently large botnet packs a wallop large enough to
launch practically any attack EVEN IF all of its members are on 
dialup, I'm not convinced that that makes any difference.

I'm also filtering the message through increasing cynicism about 
the credibility of the security industry.  I know it's unfair to
tar Roland with this brush, but as long as the industry that gets
more money by pumping-up irrational security risks continues to 
employ hyperbole to press its case, I'll continue to employ 
defensive skepticism.

I mean, seriously, look at this:
http://www.symantec.com/norton/theme.jsp?themeid=cybercrime_report

Apparently, "65% of adults worldwide have been a victim of cybercrime."
That's an extraordinary claim. It means that if you're sitting in a 
Boeing 737, everyone who has a window seat or an aisle seat is a 
"cybercrime victim" -- Even if the plane is populated predominantly 
with Asian farmers or African tribesmen who barely ever use a 
telephone, let alone conduct commerce over the internet.

Perhaps I'm the only individual on the planet with actual internet
access who hasn't been a cybercrime victim. Who knew?

Yet this kind of bullshit is taken seriously by the asshats who
dream up "cyber security" responses in our parliaments.

If the doomsayers had established a track record of being right 
over the last 10 years I might have a different attitude.  But we're
in a world where the vast majority of people live perfectly normal
lives even though security is abysmal, and where the maximum impact
that most people feel from a successful "attack" is the minor 
inconvenience of having to reinstall their OS after a virus
infestation.  The sky is not, and never has been, falling.

That's not to say that it shouldn't be taken seriously, only that 
the seriousness ought to be accompanied by thoughtfulness, 
discretion, and a healthy sense of proportion.  We're in an 
environment where our politicians instinctively respond to 
any threat they don't understand by legislating away basic 
liberties, and perhaps more of these discussions should include
careful exploration of likely consequences in nations that
don't have bills of rights.

> With the advent of ADSL, the dramatically increased outbound capacity means that a botnet can now have a pretty good crack at a tier-1 web property or the root nameservers.   Take that to an NBN environment and you have gone for a 20:1 outbound ratio at 20mbps to a 2.5:1 ratio at 100mbps.  I'd suggest that even a single NBN attached machine could do significant damage to an "average" web site.

A single NBN attached machine doing that will be shut down in a 
New York minute.

The only reason DoS attacks work is because the originator of the
attack is unknown.  Turning it into a known source address attack
definitively alters the threat model.

> So I stand by my autobahn analogy.  The problem has always existed.  But at higher speeds it just more dramatic (or a dramatic outcome is much easier to achieve).

Mostly agree, except that I'd suggest "different" in place of "more 
dramatic," and go on to note that even though the problem has always 
existed we seem to have been doing a pretty good job of ignoring it,
which strongly suggests that it barely rates in the grand scale of 
things.

  - mark

--
Mark Newton                               Email:  newton at internode.com.au (W)
Network Engineer                          Email:  newton at atdot.dotat.org  (H)
Internode Pty Ltd                         Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223

More information about the AusNOG mailing list