[CII] Advocatus Diaboli

Joe St Sauver joe at oregon.uoregon.edu
Wed Dec 2 15:14:06 UTC 2009 

Felix commented:

#> I'm not sure that *any* new BGP vulnerability is required for
#> BGP-based failures... The sheer vulnerability of BGP to hostile
#> announcement of more specific routes is already sufficient to make
#> BGP a major potential point of failure. See, for example,
#> http://www.uoregon.edu/~joe/fall2006mm/
#
#Sure, but it would be too well known a problem to convey the idea
#behind the experiment. I wanted to skip the "but we know how to filter"
#discussion with Tier1 operators ;)

Tier 1 providers may know how to filter, but we've seen from natural 
experiments that plenty of others may not (and for a proof by example,
I give you the Pakistan Youtube incident, see
http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml )

#> I'd flag *both* throughput *and* latency issues. Satellite is not a 
#> fungible replacement for fiber either for applications that are highly
#> interactive, or for applications that need to quickly move large
#> files.
#
#Agreed, but wouldn't it still be the most widely used alternative
#anyway?

Sure, but my point is that there are some applications which simply won't
work, or if they do work, they'll work poorly. The problem is that some
people will consider them to be perfect substitutes, but they're not.

#> Encryption can potentially reduce the eavesdropping issue.
#
#If you can get your key distribution figured out in an emergency ;)

On the fly key negotiation is an option (ala ssh), but then MITM issues
are the issue, of course. 

#> VoIP providers do use packet networks for transport. Trivial example:
#> many consumer-grade VoIP users connect over existing consumer
#> broadband connections, and VoIP providers routinely use packet
#> transport for long haul trunks.
#
#Packet transport != Internet. 

Consumer broadband connections are definitely "Internet"

#We already concluded that most private networks would still work, which
#would also hold true for the connection of the consumer-grade VoIP user
#over broadband to the provider's next data center.

I'd distinguish a provider offering an integrated VoIP solution, perhaps
as part of a triple play package from the local xDSL or cable provider
("get voice, video and data for one low monthly price and with the 
convenience of a single statement!") from users who may get third party 
VoIP service from Vonage or Skype or MagicJack :-) or <fill in the blank>

#But again, wouldn't placing the order by phone or even messenger
#(the intern in his car) still take place?

Distribution networks can be conceptualized as two pyramids stacked
point-to-point on top of each other. A relatively large number of 
suppliers send products to distributors who then service supply 
houses (apex of the pyramids) who then sell to pharmacies and 
hospitals and other purchasers.

Imagine the data entry issues, opportunities for errors, drop in
transaction processing speed, and stock keeping issues that a wholely
manual system would introduce.

"Hi Betty, this is Bob, funny to finally meet you in person. 
I've got a list of 750 products we need tomorrow..."

<Bob returns the next day to pick up his order>

"Hi Bob, unfortunately, we don't have all the items you need, you'll 
need to check with one of your other suppliers for 280 of the products 
you wanted. Let me tell you what it turns out we didn't have..."

etc., etc., etc. Recall, too, that not being able to get a single
drug or supply might be enough to derail an entire surgical procedure.

#I am tempted to agree here, since I can imagine the military actually
#relying on the Internet for logistics (which would be a bad decision,
#especially for them). 
#
#Do we have any evidence that this is in fact the case?

If you're not a believer, see events such as http://www.ncwevent.com/

#> Likewise, sharing tactical intelligence gets a whole lot harder if the
#> network isn't up, just to mention a second example.
#
#How so? Isn't the military the one group that has many different
#communication methods at its disposal?

Their options aren't a lot broader than the civilian sector, we all
use the same physics. :-) Granted, they have access to dedicated
spectrum and dedicated physical assets (such as military satellites)
that non-military folks do not, but their options are still basically:

-- fiber or copper
-- RF (including microwave, HF/VHF/UHF, etc.)
-- satellite
-- optics (e.g., lasers/FSO, etc.)

and when you add on additional requirements imposed by the
battlefield, you're not going to be able to do a 3 meter dish in
many circumstances, for example. :-;

Regards,

Joe

More information about the CII mailing list