Firewall Wizards mailing list archives
RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply
From: Rick Smith <rick_smith () securecomputing com>
Date: Wed, 19 Apr 2000 11:09:31 -0500
At 05:00 PM 04/18/2000 -0700, Mark.Teicher () predictive com wrote:
Read the book "When Wizards Stayed Up Late" (or something like that) a BBN Publication. Discussing the history of the @ sign and other trivial Internet history..
Pardon me, but I read it, too, and I worked with those people. Ron DuFresne was right-on in saying that the military funding did nothing to promote an effective Arpanet security posture. In fact, I don't remember anything in that book that would contradict what Ron said. If there is, then the author is *wrong*. Trust me, authors *do* make mistakes (I certainly do) though if we're lucky the important mistakes get caught by the publisher's reviewers before the book goes to press (think of it as a form of beta testing). Actually, the nuclear warfare angle comes out of that '60s RAND report (I forget the author, but RAND recognizes it is one of their most influential reports and has it on-line). When the Arpanet was in operation, its presumed robustness in the face of nuclear war was a topic of dry humor and not a true design constraint. Like today, the phone company tended to bundle their cables together, so that "redundant" connections could be taken out by a single backhoe. We didn't take the redundancy requirements seriously enough to address that. The Arpanet was primarily an experiment in the feasibility of packet switched digital networks (as opposed to the phone company's connection based networks), and the ability of such a network to operate reliably by automatically exploiting redundant comm links and nodes. The focus was *reliability* and not *access control* or *confidentiality*. Around 1980 I seem to remember the Arpanet had a couple hundred separate leased lines and 64 (six bit address field!) nodes. There'd be a few scattered lines down at any particular time, and at least one node would go down (temporarily) daily. But traffic was automatically rerouted to adjust for component failures and to balance the load, and that was the point of the "experiment." Even then, the Arpanet was considered an experimental facility and people weren't supposed to use it for operational traffic. In fact, several military organizations (primarily logistics) were already using it. They didn't mind the relatively lax security I described in my earlier message. Now, it's true that Honeywell took the "open source" version of the Arpanet IMP software and used it as the basis of the military's super-secure WWMCCS interconnection network. However, they didn't break much ground in security, either. Their security relied on restricted physical access to IMPs (routers), on military-grade encrypted comm links, and on '70s era host security. Nothing surprising, nor particularly helpful in Internet security. But I expect that WWMCCS had better resistance to nuclear war than the original Arpanet :-> Rick. smith () securecomputing com
Current thread:
- RE: SANS Flash: Urgent Request For Help In Stopping DOS Attacks (fwd) -reply Rick Smith (Apr 20)