On Tue, Jul 25, 2000 at 08:40:32AM -0400, Nomen Nescio wrote:
>
> Cringeley had a good point. Properly deployed, Carnivore can shut down the net.
I love a government conspiracy theory as much as the next
cypherpunk, but there's too many technical holes in this one
to ignore it.
First off, as we all know, the Internet routes around damage. If one node
goes down, the traffic that went through it goes elsewhere. That makes it
really hard to "shut down the Internet" from any small number of points.
Unless you redefine the "Internet" as aol.com, yahoo.com and cnn.com,
there's just too many nodes that can carry traffic to allow anyone to
shut it all down.
To be able to "shut down the Internet", the Carnivore boxes would have
to be placed at the main interchanges like MAE-WEST, rather than at
ISPs. They'd have to contain malware that can disable many different types
of switches and routers. Even then, there would have to be many more than
the 25 or so Carnivores that the FBI claims to have, and they would need
to be physically placed at many points, both within large networks like
AOL's and at all the main interchanges and second-tier peering points.
Even then, the FBI's reach only (legally) extends throughout the US.
Even with all the major US nodes dead, there's still a lot of connections
to the rest of the world, especially on the two coasts. A lot of
sites would be able to route through Japan or Europe.
So, could "shutting down the Internet" really mean shutting down
the major ISPs that many Americans use to connect to the Internet?
That's a lot different from actually shutting down the Internet
but, if it could be done, it might achieve some shadowy FBI goal.
But is it technically feasible with a Carnivore planted in each ISP?
Not really. Large ISPs have large internal networks with many nodes,
all connected with switches. They're essentially miniature Internets.
Like the Internet, it's hard to kill an entire large ISP from one point.
If the Carnivores are placed at major ISPs, they could disable part of
each ISP. But think about what happens when the FBI turns the remote
switch that says "kill the ISP". Each ISP had sysadmins who deal with
network problems. They'd find the source of the problem-- the Carnivore
box-- and then call up the FBI agent who placed it and say "Dude, your
box was sending out bad packets and flooding our network. We figured
that it's crashed, so we unplugged it from the network. You might
want to come down and reboot it."
So I don't think that the FBI could even shut down a portion of
a large ISP for very long with one Carnivore box, let alone
"shut down the Internet" with a few boxes sprinkled in ISPs.
To do a good job of shutting down the Internet, they'd need thousands
of boxes all acting in concert. These boxes would need to be able
to implement attacks on many different types of routers, and those
attacks would need to be such that they can incapacitate each router.
That's difficult to do with current router designs- they' have already
been under attack from the hacking community, and for the most part the
holes have been fixed. In order to perform this attack the FBI would
need to be able to write attacks that are a significant leap over what
the public hacking community can do, and that's unlikely to happen.
Then there's the number of machines that would need to participate in
the attacks. Since there's many peering points to target, it would
be too difficult and time consuming to place a Carnivore at each one.
So the attacks would have to be done remotely. If the FBI can do that,
then they don't need the Carnivore boxes placed inside ISPs-- a group
of boxes connected to multiple points in the Internet would suffice to
launch the attack. Like with the recent DOS attacks on Yahoo et.al.
those boxes don't even need to be owned by the FBI.... at this point
it'd be hard to differentiate the FBI from a group of crackers. Even if
they did try to mount this sort of attack, they wouldn't need Carnivores
to do it. The Carnivores would in fact be a failure point for the FBI's
attack, as in the ISP discussion above ("Dude...") a number of them
would be removed from the network soon after the attack started.
Besides, the FBI already has a way of shutting down ISPs that _would_
actually work: a court order. Sure it's slow, but it uses a system
that the FBI hacks better than the Internet: the legal system.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Security consulting: secure protocols, security reviews, standards, smartcards.
