title: Your tax dollars at work


By: Scott Bradner


Despite what some critics say, government sponsored research continues to play an important role our understanding of what is going on in today's Internet and in the development of tomorrow's Internet. Private industry does not and can not do everything by itself in spite of the billions of dollars of venture capital money that has been spent in the last few years on innovative (sometimes too innovative) startups.  A good example of some of the work that might not be done without government support is the recent report by the University of California, San Diego's (UCSD) Cooperative Association for Internet Data Analysis (CAIDA) (www.caida.net) on the prevalence of denial of service (DoS) attacks in the Internet.


The report (http://www.cs.ucsd.edu/~savage/papers/UsenixSec01.pdf), done in conjunction with UCSD's Jacobs School of Engineering, took a look at the electronic debris scattered all over the 'Net during the common types of DoS attacks to see how often such attacks occur and what types of Internet nodes had been attacked. The debris is a byproduct of a type of DoS attack. In this type of attack attacking computers are programmed to sent thousands of requests to Internet-connected nodes such as web servers or routers.  To make it hard to track down the attacking computers, the requests are sent with forged, usually random, source addresses.  The server then responds to the forged address but since the address was randomly created there is nothing to receive the response.  Monitoring packets destined to non-existent nodes and examining their source addresses can reveal which specific systems were under attack and for how long.


The UCSD researchers found evidence that more than 12,000 DoS attacks occurred during the 3-week period in which they collected their data.  Most of these were on web servers, with most of those being attacked just once in the 3-week period.  About 5% of the attacks were on Internet infrastructure systems such as routers and domain name servers. The latter are worrisome and underline the fact that Internet service providers must take care to architect their networks keeping in mind that the networks will be under frequent attack.  It should be noted that these attacks were not the high-profile ones on Yahoo and Microsoft, these attacks went un-mentioned in the press.  A number of the attack targets turned out to be home computers connected via cable modems or DSL.


This is very useful information.  This helps us to understand more about these types of attacks and that may help protect against them. Information like this is unlikely to have been gathered by industry.  Even if such information were gathered it is unlikely that it would have been distributed as this study has been.  We, as a country, need to continue to strongly support government funding for basic research.  One percent of the cost of a new aircraft carrier might do a lot more to protect our electronic infrastructure than all the plains that an aircraft carried could carry.


disclaimer:  Harvard does lots of government-supported research so my guess is that they would support this opinion but I did not ask.