title:

Is a new Internet architecture needed?

By Scott Bradner

I got a call from a reporter the other day. He wanted to talk about the denial of service attacks on prominent Internet sites including Yahoo, CNN and eBay. He did have some idea what was going on, not always the case when I get such a call, but seemed to want me to say that the architecture of the Internet needed to be changed to deal with such attacks. I declined to do so.

It is true that the openness of the Internet architecture makes the kinds of attacks that we saw a few weeks ago easier to do while at the same time making it harder to track down the perpetrators. But it is that same openness that created the economic engine that the Internet has become. We need to be very careful to not overreact to the extent of commencing to kill the features that have made the Internet successful.

There were two different types of attacks that were used in the recent incidents -- SYN flooding and smurf attacks. I wrote about smurf attacks almost two years ago ( It hurts to be smurfed - nww April 27, 1998) and SYN attacks have been known for quite a while. Attackers using these techniques depend on forging the source addresses of the packets they send to hide their tracks.

RFC 2267 (http://www.ietf.org/rfc/rfc2267.txt) describes how network managers can help protect the Internet from people or corrupted computers at their sites by ensuring that packets leaving the sites do not have forged source addresses. This RFC was published two years ago as an Informational RFC and has just been approved for republication as a Best Current Practices (BCP) RFC, a category that the IETF uses to label documents that describe the best thinking on how to perform some function.

Filtering, such as described in RFC 2267, is not a cure-all, since not everyone does it and it does not stop the attack itself, but it can make tracking easier. There are well-know ways that sites can protect themselves from the effects of SYN attacks and other ways to filter out some of the effects of smerf attacks. But we are now seeing calls for more drastic actions.

At first glance one of the most attractive methods would be to require that all Internet traffic include authentication information so the sites would know who they were talking to. The technology exists to do this. But this cure would be far worse than the disease since the same authentication would mean that a perfect record could be kept of the activities of all Internet users - not a pleasant prospect for anyone who is remotely concerned with individual privacy.

Lets try to figure out how to address the problems raised by the attackers without requiring each of us to undress for governments and big business.

disclaimer: Harvard tries to track at least the location of its alumni but that is for fundraising not privacy violation reasons so the above plea is mine.