Reply
Tue 12 Nov, 2002 07:07 pm
From today, 11/12/02:
Quote:To date, we've had 190 responses to our survey. Here's what we learned.
Question 1:
Do you think U.S. businesses are vulnerable to a coordinated massive cyber attack that could knock-out network communications?
Yes: 85% No: 14%
Clearly our subscribers believe that this is a credible threat - especially after the Denial of Service attack on the DNS root servers last month.
Question 2:
Do you independently monitor the quality of Internet performance from your providers, or do you believe their reports on meeting agreed service levels?
Yes: 54% No: 45%
Question 3:
Do you use more than one ISP?
Yes: 55% No: 44%
Matrix believes that the right mix of service providers is critical. It's ineteresting to note that almost half of our readers remain dependent on one provider.
Question 4:
Are you using an IP/VPN?
Yes: 69% No: 30%
Clearly IP/VPN is as hot among our subscribers as it is market-wide. Reliance on the Internet for even the most critical applications is clearly not slowing down.
Question 5:
If so, how do you rate the quality of your VPN (Five being the highest)?
1: 0% 2: 6% 3: 35% 4: 53% 5: 25%
IP/VPN vendors are obviously doing a good job, with the vast majority of our subscribers finding the performance of their IP/VPN to be average or better.
Question 6:
How satisfied are remote and SOHO users with the performance of your IP/VPN (Five being the highest)?
1: 1% 2: 7% 3: 35% 4: 40% 5: 15%
It has been our experience that what the network managers believe and what network users believe are often two different things. However, the majority of the users appear to be pleased with their IP/VPN networks.
Thanks again to all of our contributors.
See question 1. Duh.
sumac
My answers:
Question 1:
Do you think U.S. businesses are vulnerable to a coordinated massive cyber attack that could knock-out network communications?
No. This is a very exaggerated threat. The internet might be disrupted for a day or so. But hacking is very very unlikely to do that. And it's near impossible for hacking to cause the apocalyptic scenarios being bandied about.
I say knowcking out a substantial portion of telecvommunications is much more likely to happen by a dumb accident (like when an upstart ISP started with a bad configuration asking for all DNS requests and then overloaded and couldn't handle it. This took out blocks of the ney for a few hours (I believe it was in 97).
But taking down the net by hacking is a pipe dream. If by some way they manage to cause extensive damage the net could be back up in 12 hours.
I follow hacking events closely and do not rate this as a major threat. I think the hacking attacks will focus on database mining and not on DOS because that's futile (the DNS attack affected only 6% of the DNS requests, it was only remarkable because all 12 got hit at once).
Question 2:
Do you independently monitor the quality of Internet performance from your providers, or do you believe their reports on meeting agreed service levels?
Yes. I monitor all the backbones as well. I run a small ISP (just for me and my friends) and follow this closely.
Question 3:
Do you use more than one ISP?
Yes. I pay for 5 different ways to access the net and my private ISP even uses IP addresses from these other ISPs.
Question 4:
Are you using an IP/VPN?
I did. I am closing my ISP and will soon move.
Craven are you saying that a2k is spread about?
No I was saying that my ISP is spread about. My ISP and my host are not related. My ISP is just a private ISP I run for myself and friends so that they can play games etc at fast speeds.
But yes, A2K is spread about. The problem is that only one host hosts the database and the only problem I have had so far is with the database stability.
Craven,
I'm not convinced that vulnerability automatically translates to "taking down the internet" in some kind of bombed out destructive fashion. But disruption could cause all kinds of economic loss, and certain kinds of disruption could cause loss of code, changes in code, etc.? If true, and not readily knowable until after extensive damage results, the economic loss could be substantial. No?
sumac
I think it's possible to cause economic damage but not substantially disrupt communication on a wide scale.
Hackers already cost the net economical damage by stealing credit cards and making people afraid to shop on the net. But I rate the likelyhood of them managing to hurt the economy in a massive attack as low to nil.
During the China/Spy Plane fiasco there was a large effort made by some pretty good hackers and they ended up daisy chaining in cirlcles.
I think people overestimate hackers greatly. Most hacking consists of simply finding a hole that was left open by a dumb mistake (like when network administrators don't change default passwords). The rest is from sheer tenacity (brute force password cracking and database flooding) and both these methods are not good for orchestrated attacks.
I'll take your word for it.
I'm not saying it's impossible, just that the nature of hacking is very misunderstood. Hackers tend to be tenacious rather than skilled. The nature of hacking is such that most hacking is trial and error.
I might eat my words but just don't think it's likely.
Craven,
Have you seen the report (I got mine from MessageLabs) that a hacker or hackers appears, at first glance, to be mass mailing backdoor AMLs using Microsoft's MS01-020 vulnerability, and then using those compromised systems to launch more? They have intercepted about 300, in different countries, but mainly in the US? I'm not much of a conspiracy theorist, but they appear to be leaning in that direction.
sumac
Specially formatted mail is becomeing one of the most common kiddie scripts I'm seeing. You can do this with almost every mail reader out there.
That particular hole was patched by Microsoft a long time ago, but conflicting information about the patches caused it to continue to be exploited.
I ran my own test on it I infected a computer on my network with several worms that exploit it and found that even with modified worms the patch worked.
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace