X
Tech

A Net meltdown is inevitable

The father of the Internet Gopher Protocol, warns that a recent attack on the US's domain-name service root servers should serve as a warning: people, not technology, compromise security.
Written by Bob Alberti, Contributor
COMMENTARY--Tuesday's attack on the Internet's root servers should serve as a warning: Something is seriously wrong with the organization that supposedly governs the Internet and is responsible for the maintenance of the root servers.

The Internet Corporation for Assigned Names and Numbers (ICANN) is a moribund bureaucracy centered on a culture of exclusivity and control, as was its predecessor, the Internet Assigned Numbers Authority (IANA). It has no legitimate charter for its authority, except that of cultural momentum. With its roots reaching back to the beginning, it is in control, period.

Over the years, ICANN, IANA and their methods have come in for criticism, but change has been slow. The original seven top-level domains, such as .com, .org, and .net, were not expanded until 2000, when public pressure and a shortage of names forced the organization to agree to expand the list. Two years later, however, the seven new top-level domains introduced have yet to be completely implemented.

ICANN's closed-door practices and unresponsiveness illustrate the seriousness of Tuesday's attack. Briefly crippling nine of the 13 root servers of the Internet, the attack reduced responsiveness and access to the Net by six percent. ICANN attempted to spin the outcome as a positive endorsement of its leadership. The truth of the matter is quite different.

Network engineers dismiss suggestions that the incident was a massive attack. One person posting a message on a newsgroup described it as "a pretty piddly and unintelligent smurf/ping flood combo." Yet the attack still affected more than half of the Net's root-level servers. It's safe to say things could easily have been a lot worse.

As far as is known, Internet vandals are responsible for launching the attack. But ICANN is not prepared for a more sophisticated attack, nor does it have adequate redundancy and safeguards in place. A sophisticated and coordinated attack could restrict access to all 13 top-level domain servers for a day, bringing portions of the global Internet to a grinding halt.

Why is the Internet supported by only 13 root-server arrays? Are there no other data centers on the planet qualified to support top-level domain service? Is there no better architecture than a root arrangement? Most importantly, why is ICANN in charge of the Internet, and to whom is it accountable?

These are confusing but important questions for the general public. For the vast majority of its users, the Internet is simply an amorphous something that works or doesn't work, with no operating authority or responsibility beyond that of each consumer's Internet service provider.

Considering what's at stake, it's time to question the robustness and security of the Internet under the control of ICANN. The interruption of global corporate virtual private networking (VPN) systems would cripple industrial productivity. The loss of e-mail would indeed spare us from spam, but would seriously hamper communications. And online commerce, already struggling to survive the current recession, would be seriously damaged.

The scope of these failures would not be merely local or national, but global. Indeed, a coordinated attack on ICANN might only cease when the network carrying the attacks had stopped functioning. Critics have described nightmarish scenarios in which the domain-name service (DNS) could be overwhelmed or rendered unusable. Ominously, they warn, that ICANN has refused to consider methods to ameliorate the damage that would be caused.

IANA, which started in the 1980s as a working group managing an academic venture, governed the Internet without serious challenge even as the Internet grew into an essential element of business and commerce. Four-year-old ICANN is continuing in that tradition. While it has played politics and stifled progress with its bureaucracy, it has left the Internet's critical domain-name services vulnerable to even fairly unsophisticated attacks. And when the terms of the five elected at-large board members expire on Dec. 15, ICANN will once again have no publicly selected board members and no prospect of there ever being any in the future.

Was Tuesday's root DNS incident an isolated act of mischief or a test run for a crippling distributed denial-of-service attack? Given ICANN's usual unresponsiveness, it seems we may only learn the answer to that question the hard way.

Bob Alberti is president of network security company Sanction and a co-author of the Internet Gopher Protocol, which was a predecessor to the World Wide Web.

Editorial standards