Off Topic, and Rather Long, So Intrude at Your Own Risk!
Steve, you've raised some interesting points and present a good argument. This is a very complex subject to be covering with just a few posts, though, despite (or because of) the ease with which some generalities can be stated. I understand that this is off-topic for this thread, so I'll keep it brief. You know how hard that can be.
---
Let's take brown-outs, fiber-cuts, backhoe-fades, force majeure , and the occasional power failures off of the table for a moment, and consider the remainder of the most catastrophic public network failures of the past ten years, and examine where the problems have been.
One such calamity was the now famous Robert T. Morris Worm of 1988, which fits nicely into your argument, as it was highly visible in nature and put everyone on notice for what was potentially in store for the future of the Internet.
But since then, how many other attacks of this nature and magnitude have we seen?
[I don't know the answer to this one. I suspect the answer is none, from a comparative standpoint. I do know that some 16-year-old kid pointed out recently where there were some vulnerabilities in a popular router, but nothing of major consequence happened there. There are the occasional isolated outages that users sustain when carelessness replaces common sense. Granted, there have been thousands of reported cases where individuals and localized groups have been affected, sometimes beyond repair, and the whole thing costs a bundle to contain. A small price, perhaps, in comparison to the benefits we've enjoyed from this model. I would appreciate it if you or someone else here knows of any other significant outages similar to the Morris fiasco I referenced, if you would kindly enlighten.]
I'm not suggesting that it's unlikely, or even difficult for crackers to penetrate pockets of the Internet, or even its entirety in this fashion. But I am pointing out that in a comparative sense this form of outage has been minimal next to those which have been caused by OSS-related failures, as I cite below.
Perhaps a part of this immunity thus far has been due to all of the anti-virus measures that have been taken in a defensive way. Or maybe its simply because most of the crackers who would engage in this pastime are waiting in the shadows patiently, honing their tools, for the granddaddy of all opportunities, in another 374 days from now. POW!
---
Since 1988, there have been numerous other forms of network outages and disasters, both on the PSTN and the Internet, and both regional and national in scope, that were not caused by the intentional sending of internal message-bearing worms, Trojan Horses and viruses.
Instead, they were the result of OSSes misbehaving for one reason or another, due to either
- the cascading of bad code from one region to the next (SS7 failures of 88 through 91), or
- accidental or poorly-timed uploads (DNS loading snafus earlier this year on the 'net), or
- ill-conceived upgrades to new versions of Network Management code (the recent Frame Relay fiasco at T), or
- the failure of route servers, and so on.
With the exception of the Morris incident, these were all classified as "accidental" or abnormal operating occurrences, although some have hinted at malfeasance. Which leaves the door open to speculation, if not ample future opportunities for those who operate on the dark side.
---
Each of these cases involved the failure of an Operations Support System in the PSTN, or an Internet routing and/or directory services platform [which are equivalent in Internet jargon, and emerging functionality, to the status of a PSTN OSS].
Surely if an "accident" can achieve these levels of chaos and confusion on both the PSTN and the Internet, then I would think that these nerve centers and backbone underpinnings were equally vulnerable, and probably more desirable, to future attacks.
Why go for the limbs (user hard drives and servers), when you can take out the head (SS7/AIN/DNS/etc.)? I've had some lengthy discussions with some dubious characters, actually they were quite bright, during my recent university engagements. This is not unlike how they would think.
---
All of this notwithstanding, you're point is well taken, and I feel that I need to repeat the fact that you are correct:
It is easier to implant a virus or a worm on the public 'net through normal content messages, than it is to take it down by attacking the OSSes at their protected access points.
---
Consider this point that I've made before, though, once again, if you will:
In today's emerging network architecture[s], as the carriers and their vendors strive for integration at the byte and bit levels, irrespective of content matter or form, what difference will it make if the voice or the data network components go down, if both of them are parts of the same network fabric, from the physical layer right up through network management, and under the supervision of the same operating systems?
A case in point here that supports this position can be found in AT&T's recent Frame Relay outage. A growing number of Frame Relay links which constitute enterprise networks and international common carrier facilities used for voice are now used for voice transport as well as data transport. When the AT&T Frame Relay balloon went ka-boom, those voice lines that were riding piggy-back on the data streams went south, right along with the data lines. This was only a precursor of what lies ahead in this context. Say Hello to Convergence.
Best Regards, Frank C. |
