backtop


Print 4 comment(s) - last by StuckMojo.. on Mar 29 at 5:59 PM

Coalition will also work to secure DNS servers

Comcast Corp. (CMCSA), Time Warner Cable, Inc. (TWC), AT&T, Inc. (T), Cox Communications, CenturyLink, Inc. (CTL), Deutsche Telekom AG's (ETR:DTE) subsidiary T-Mobile USA, and  Verizon Communications Inc. (VZ) and Vodafone Group Plc.'s (LON:VOD) joint cellular venture, Verizon Wireless, at a special meeting in Washington D.C. all agreed to join forces with the U.S. Federal Communications Commission's (FCC) Communications, Security, Reliability and Interoperability Council (CSRIC) in policing the internet.

I. DDOS Blockade -- a Thorny Issue

While "policing the internet" is typically associated with the ISPs' volunteer efforts to combat copyright infringement (which in ISP eyes brings legal risks and extra bandwidth use), the new effort deals with fighting aggressors who look to exploit routing to destructive ends.

One issue the coalition will look to combat is botnets.  A botnet is formed when malware infects thousands of computers, giving a distributed platform controlled from a central command and control (CnC) server.  A botnet is a powerful tool.  A large botnet can take down many webpages simply by ordering all its controlled machines to visit the target page, overloading it with traffic.  At the same time, they can be employed in more sophisticated for-profit crime, such as sending spam email or Bitcoin mining.

Microsoft Corp. (MSFT) has joined with law enforcement to take down several top botnets in the last year.  Its approach has focused on "decapitating" the botnet by locating and killing the CnC server.  But many feel that ISPs could help cut off the greater body of botnets at their source, given that they have access to data that could be used to identify and target solutions at infected machines.

Together the ISPs and feds have crafted a guiding document titled "Anti-Bot Code of Conduct."

With regard to distributed denial of service (DDOS) attacks, where things could get interesting is in the case where individual non-infected users commit a mass attack.  In such cases the attack can closely resemble a botnet-driven DDOS attack.  In such a case ISPs could step in and kill the attackers' internet connections -- either thinking or claiming them to be part of a botnet.  

Anonymous
New policies could make it harder for Anonymous to engage in DDOS webpage takedowns.
[Image Source: Jason Mick/DailyTech]

While many would feel that cutting off this weapon used by Anonymous and others would be a great thing, others feel that eliminating non-malware DDOS campaigns would be akin to silencing public protest.  Some view DDOS attacks by users as a digital equivalent of a sit-in/strike and view countermeasures as totalitarian.

II. Protecting DNS, Fighting Routing Hijacks

A second issue considered by the coalition is routing hijacks.  The issue gained notice when millions of connections were "accidentally" routed through Chinese servers last year.  While China claimed it was an innocent glitch, some saw it as a concerted hijacking effort.  By redirecting traffic through its servers, an aggressor nation could potentially glean valuable bits of intelligence, by decreasing its difficulty in intercepting conversations.  While sophisticated secure channels typically keep track of the delay between connections and thus would shut off in such a scenario, such loss of secure links could prove almost as bad as their compromise.

Bundled with the second issue is the third issue of vulnerabilities to the domain name system (DNS), the databases that associate websites' text-string URL representation with specific numeric internet protocol addresses.  Domain hijacking via DNS attacks remains a popular method of hacking, and in some cases hackers have taken down entire DNS server blocks.

Mess of wires routing
Domain hijacking and traffic rerouting can raise serious threats to national security online. [Image Source: Chris Woebken/Flickr]

The FCC and some others have advocated a new protocol dubbed DNSSEC ("Domain Name System Security Extensions"), but the coalition shied away from accepting that effort.  The key point of contention is that the new protocol would expose all the domains within a particular host, which would give attackers a virtual laundry list of who to attack.

Standards committees are working to address this major security flaw, but a robust solution has not yet been fully realized.

In the meantime, the coalition hopes to push browser-makers to do a better job monitoring DNS antics, and protecting users from visiting known hostile domains.

Together, the ISPs and FCC's DNS/routing pact is dubbed "the DNS code of conduct".

The two pacts are not without their controversies (most notably, the possibility of the anti-botnet provisions being used as a tool to suppress public protest via DDOS).  However, for the average user, these efforts may help cut your spam burden and cut down on the danger of getting your system unwitting hijacked.

Sources: FCC [press release], [meeting notice; PDF]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

DDOS public protest?
By TSS on 3/26/2012 2:58:34 PM , Rating: 1
Such bullshit. Protests are peacefull. When stuff starts to get damaged, then it's a riot, not a protest.

A peacefull protest would be making a facebook page then gaining enough size and support to make the people of whatever it is your protesting think twice about their actions. Taking down a server is basically the same thing as looting a store - using the chaos for your own personal gain.

Still i'm not viewing this as an entirely positive development. The hijacking side, yes, that's positive. That the chinese can just flip a switch and reroute the entire internet through their servers is ridicolous.

But it feels they are tagging the DDOS issue onto it to kill 2 birds in 1 stone: To track the less informed protesters. Those who think the DDOS is a good thing, but would find a better way of protesting if you explained that it's not. To the average person supporting one of these "manual DDOS attacks" it probably seems like the least harmfull of protests with requiring the least amount of effort, allowing you to track the most people of dissenting opinion.

Maybe i'm reading a little too much into it. Botnets and such are a problem. But disabling one of the few tools we have if we'd actually have to take down a website or a network? i'm not sure.

Not that it really matters all the good networks have DDOS protection, it's not like this is a new issue. But still.




Here's a good idea
By borismkv on 3/26/12, Rating: -1
RE: Here's a good idea
By tdktank59 on 3/26/2012 3:24:24 PM , Rating: 2
If you think this will stop groups like anonymous or lulzsec think again. Some tech companies such as Linode use IRC for their community support channel.

I used to think it was basically useless until I needed some help. Poped right in and found about 20 people willing to help me with an issue I had. Ended up walking away with more knowledge on why it wasn't working and how to fix it because of these individuals.


RE: Here's a good idea
By StuckMojo on 3/29/2012 5:59:23 PM , Rating: 2
Exactly, IRC is used for a hell of a lot more than warez and cracking. See irc.freenode.net, which has support channels for just about every opensource project there is.

Now, arguing for shutting down warez/cracking centric irc servers like efnet wouldn't be as stupid, but I still wouldn't agree.


"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki