[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bruce Schneier on DDOS und die Architektur des Internet
- To: debate@fitug.de
- Subject: Bruce Schneier on DDOS und die Architektur des Internet
- From: "Axel H Horns" <horns@t-online.de>
- Date: Wed, 16 Feb 2000 19:29:49 +0100
- Comment: This message comes from the debate mailing list.
- Organization: PA Axel H Horns
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
Wenn ich Lawrence Lessig lese, "Code is Law", und dann den (etwas
dissonanten, aber umso lauteren) Chor der Copyright-Lobby hoere, die
die Struktur des Internet veraendern moechte, um IP besser
durchsetzen zu koennen (Stichwort: "RPS"), gehen bei mir diverse
Alarmlampen an, wenn ich Bruce Schneier davon reden hoere, bezueglich
anti-DDOS "any long-term solution will involve redesigning the
entire Internet". Sicher kann man Schneier nicht mit Bartloff in
einen Topf werfen, aber jede Argumentation in diese Richtung weckt
Begehrlichkeiten aller nur denkbaren Stake- und Shareholder. Es gibt
keinen rationalen "herrschaftsfreien Dialog" mehr, mit dem ein
derartiges Vorhaben auf Konsensbasis abwickelbar waere. Jeder auch
noch so gutgemeinte Versuch, Teile der Internet-Architektur zu
erneuern, wird in wirtschaftlich und politisch motivierte
Diadochenkaempfe ausarten, IMHO.
--AHH
------- Forwarded message follows -------
Date sent: Tue, 15 Feb 2000 23:33:58 -0600
To: crypto-gram@chaparraltree.com
From: Bruce Schneier <schneier@counterpane.com>
Subject: CRYPTO-GRAM, February 15, 2000
CRYPTO-GRAM
February 15, 2000
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
http://www.counterpane.com
[...]
I believe that any long-term solution will involve redesigning the
entire Internet. Back in the 1960s, some people figured out that you
could whistle, click, belch, or whatever into a telephone and make the
system do things. This was the era of phone phreaking: black boxes,
blue boxes, Captain Crunch whistles. The phone company did their best
to defend against these attacks, but the basic problem was that the
phone system was built with "in-band signaling": the control signal
and the data signal traveled along the same wires. In the 1980s, the
phone company completely redesigned the phone system. For example
SS7, or Signaling System 7, was out-of-band. The voice path and data
path were separated. Now it doesn't matter how hard you whistle into
the phone system: the switch isn't listening. The attacks simply
don't work. (Red boxes still work, against payphones, by mimicking
the in-band tones that count the coins deposited in the phones.)
In the long term, out-of-band signaling is the only way to deal with
many of the vulnerabilities of the Internet, DDS attacks among them.
Unfortunately, there are no plans to redesign the Internet in this
way, and any such undertaking might be just too complicated to even
consider.
[...]
------- End of forwarded message -------