Internet vulnerabilities

Rodney_Joffe1 · July 5, 2002, 6:13pm

Bill Woodcock wrote:

> Or, are you saying that an anycast host has to be a router running BGP ?

No, typically they run OSPF.

Perhaps a little further explanation may help Marshall... think: a *nix
box running zebra, connected to a router.

> This works for DNS, but not for the things I would like to anycast.

Mmm, like what? This is all ancient history at this point... It seems
unlikely that anyone would discover something that didn't work at this
late date.

Just as a guess, Marshall is probably thinking of using anycast for
something other than DNS, like http, or ftp, or telnet. And he's
wondering about state

Chat with Genuity.new about what they did with Hopscotch from
Genuity.orig. It used to deal with that.

http://164.195.100.11/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=‘6185619’.WKU.&OS=PN/6185619&RS=PN/6185619
or
http://www.delphion.com/cgi-bin/viewpat.cmd/US06185619__

Sean_Donelan · July 6, 2002, 12:02am

I don't understand many of the cyber-scare articles. If I was cynical,
and I thought we had a clever government, I would say it was all a
diversionary tactic to distract attackers from the more vulnerable
infrastructures.

Disrupting the Internet is a matter of scale and time. It is fairly
trivial to disrupt large portions of the Internet for short periods of
time. You don't need to be a hacker to do that. Most of the senior
network engineers on this list have done it by accident or unplanned
maintenance. Just look at the Internet during major maintenance windows
to see what can be done. With BGP dampening, its possible to DOS yourself.

On the other hand, disrupting a large portion of the Internet for more
than a few (e.g. 6) hours is slightly more difficult. Most of that time
is consumed by response team activation. Nevertheless there are a few
attacks which could take longer than 24 hours to recover. The loyal
order of disgruntled, unemployed network engineers met at a bar at
a previous NANOG and come up with several interesting, yet practical
attacks. I'm not talking about permanent events, such as a massive solar
flare ending all life on earth.

What's nice about the Internet is it is a relatively loosly-coupled.
Which means many different people can work on fixing their part of the
Internet without needing too much coordination. The Internet doesn't
have the equivalent of a LERG, so you can connect your piece of the net
back into whatever other pieces of the Net still working without
centralized coordination. Highly visible things like root name servers
are under attack a lot, but for the most part the net stumbles throught
it. Highly visibile things tend to also be highly protected.

But why bother? There are other infrastructures which are more vulnerable
to attack than the Internet, and more likely to get significantly more
news coverage than any attack on the Internet could achieve.

Daniel_Golding6 · July 8, 2002, 3:31pm

RFC1546.

Really, anycast is a bad name for it. "nearcast" or "closecast" might be
better. Anycast just has a nice ring...

- Daniel Golding