Re: A code red that could bring down the net?

From: Ian Stoba (ian@BabcockBrown.com)
Date: 07/25/01 

Message-Id: <200107251559.IAA17265@bay.babcockbrown.com>
Date: Wed, 25 Jul 2001 08:58:42 -0700
From: Ian Stoba <ian@BabcockBrown.com>
Subject: Re: A code red that could bring down the net?
To: felix@warlords.net

I think if you're looking for a "killer app" in that sense of the term,
DDOSing the root name servers is not going to be the way to do it.

Predicting failure in any complex system begins with an analysis looking
for single points of failure. These could be physical (turning off the
power to MAE West would take down a pretty good chunk of the internet)
or logical.

In the logical category I think the most obvious ones would be if
someone found an effective remote kill for BIND or a flaw in BGP4,
particularly Cisco's implementation.

I've had a hunch for some time that a vulnerability in BGP4 was behind
the L0pht's claim to Congress that they could take down the internet in
half an hour.

FWIW, I'm rather fond of the internet and this is in no way meant to be
any kind of encouragement for anyone to try to attack it.

--Ian

On Tuesday, July 24, 2001, at 03:25 AM, Felix Harris wrote:

>
> As I've said previously, DDos wouldn't work particularly well,
> because there's a lot of hosts to hit, and the root nameservers are
> fairly well maintained. The next suggestion would be just a typical
> memory leaky-thingy (I love technical terms) or something along
> those lines to kill the named. This is also fairly difficult as the
> primary nameservers run different nameds (as far as I know), and
> so would require multiple applications to be flawed.