Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Interview with Bill Cheswick. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Interview with Bill Cheswick
by Acidus at 11:36 am EST, Jan 22, 2007

The Internet runs on two fragile technologies: BGP connections among routers, and a bunch of root DNS servers deployed around the planet. How much longer do you think this setup could still be effective?

Bill Cheswick: For quite a while, actually, though there are obvious, well-known weaknesses with both systems. The DNS root servers appear to be 13 hosts, but are actually many more. They have been under varying, continual, low-level attacks for many years, a process that tends to toughen the defenses and make them quite robust. A few years ago there was a strong attack on the root servers, taking 9 of the 13 down at some point.

There are other root servers, of course. Anyone can run one, it is just a question of getting people to use it. I understand that China is proceeding with root servers of their own. DNSSEC is a way to get the right DNS answer, but its deployment has had problems for at least 10 years.

BGP is certainly another network issue. Where should my routers forward packets to? BGP distributes this information throughout the Internet. There are two problems here: 1) is the distribution working correctly, and 2) are the other players sending the correct information in the first place. This is usually an easy problem between an ISP and their customer. The customer is only allowed to announce certain routes, and the ISP filters these announcements to enforce the restriction. It is easy on a short list of announcements.

But at the peering point with other ISPs, this becomes hard, because there are hundreds of thousands of routes, and it isn't clear which is which. Should I forward packets for Estonia to router A or router B? We are far removed from the places where these answers are known.

Nice interview with Bill Cheswick, Firewall god, on Security Focus


 
RE: Interview with Bill Cheswick
by Decius at 3:06 pm EST, Jan 22, 2007

Acidus wrote:
Nice interview with Bill Cheswick, Firewall god, on Security Focus

I think his comments on network neutrality are off. ISPs don't have the same problem China does. They don't have any interest in stopping an underground of committed individuals from communicating. They just want to influence the mainstream. China acheives this, and so can anyone else.


 
 
Powered By Industrial Memetics