Re: [iwar] news / iwar Internet keystone target => root servers

From: Fred Cohen
From: fc@all.net
To: iwar@egroups.com
Mon, 21 Aug 2000 18:02:27 -0700 (PDT)

Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: Tony Bartoletti To: "[iwar] Information Warfare Explained ;-)"
Previous message: From: James Crooks To: "[iwar] news / iwar Internet keystone target => root servers"

fc  Mon Aug 21 18:03:15 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Mon, 21 Aug 2000 18:03:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Aug 22 01:03:08 2000)
X-From_: sentto-279987-494-966906149-fc=all.net@returns.onelist.com  Mon Aug 21 20:03:00 2000
Received: from jj.egroups.com (jj.egroups.com [208.50.144.82]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id UAA05727 for ; Mon, 21 Aug 2000 20:03:00 -0500
X-eGroups-Return: sentto-279987-494-966906149-fc=all.net@returns.onelist.com
Received: from [10.1.10.36] by jj.egroups.com with NNFMP; 22 Aug 2000 01:02:27 -0000
Received: (qmail 25005 invoked from network); 22 Aug 2000 01:02:28 -0000
Received: from unknown (10.1.10.142) by m2.onelist.org with QMQP; 22 Aug 2000 01:02:28 -0000
Received: from unknown (HELO all.net) (24.1.84.100) by mta1 with SMTP; 22 Aug 2000 01:02:27 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id SAA08636 for iwar@egroups.com; Mon, 21 Aug 2000 18:02:27 -0700
Message-Id: <200008220102.SAA08636@all.net>
To: iwar@egroups.com
In-Reply-To: <8nsi8n+1qrv@eGroups.com> from "James Crooks" at Aug 22, 2000 12:41:59 AM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Mon, 21 Aug 2000 18:02:27 -0700 (PDT)
Reply-To: iwar@egroups.com
Subject: Re: [iwar] news / iwar Internet keystone target => root servers
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by James Crooks:

> How realistic is Milo Medin's scenario? Comments please... /jc

It has been widely known for a long time that the DNS system of the
Internet is a relatively non-redundant point of failure, that it is
vulnerable to denial of services and sequential attacks (such as the one
against RSA) involving DoS of the DNS system and replacement by forged
DNS servers.  This would not, however sever the Internet - just the
linkage between domain names and IP adderesses.  Local caches would pick
up the slack for a while.  In many cases, DNS entries are not even used
- I use hosts files for important IP addresses and run the CCD's secure
DNS server when that is important. 

As to taking down the Internet - severing Australia from the rest of the
world, it is relatively easy to do if you are skillful enough, but to
keep it down for an extended period of time takes quite a bit more in
the way of intelligence and capabilities.  It's pretty hard to outdo the
will of millions of people willing to spend millions of dollars for a
very long time. 

> ``You wouldn't even be able to access your homepage,'' Medin says.

Of course if your home page is in Australia, then the DoS attack from
outside of Australia will fail once you have severed Australia from the
rest of the world... 

> The Internet's achilles heel is its reliance on a domain-name system
> (DNS) that uses root servers, the big computers that hold 
> authoritative details of the  world's domains (such as .com, .net, 
> .org).

The root servers are not as important as they are somtimes made out to
be - but they are certainly important.

FC

--
	   My PGP keys are available at https://all.net/pgpkeys.html
Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
				Have a great day!!!

[This communication is confidential to the parties to which it is sent. 
If you get this email in error, please delete it immediately and do not
use, repost, reprint, or view the contents.  This message is and all
messages to or from the sender of this message are recorded.  Reading
this message or sending email to its sender constitutes consent for such
recording.  ISPs, governments, and a wide array of other folks gather
and analyze email.  While I have a reasonable expectation of privacy in
my email as in my USPS mail, I may not actually get it in either.]

Per the official policy of Sandia National Laboratories, the reader should be
aware that:
  - Fred Cohen of Fred Cohen & Associates is the same Fred Cohen who is a
    Principal Member of Technical Staff at Sandia National Laboratories.
  - Fred Cohen & Associates - is owned and operated by Fred Cohen and is
    separate and independent from the work done by Fred Cohen at Sandia
    National Laboratories. 

---------------------------------------------------------------------

------------------
http://all.net/

Next message: From: Tony Bartoletti To: "[iwar] Information Warfare Explained ;-)"
Previous message: From: James Crooks To: "[iwar] news / iwar Internet keystone target => root servers"