Weekend Gedankenexperiment - The Kill Switch
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet". What do you do when you get home to put it back on the air -- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take? Do you have out-of-band communications (let's say phone numbers) for enough remote contacts? Cheers, -- jra
---- Original Message -----
What do you do when you get home to put it back on the air -- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take?
Focus on this part, BTW, folks; let's ignore the politics behind the shutdown. :-) Cheers, -- jra
On Feb 3, 2011, at 10:10 PM, Jay Ashworth wrote:
---- Original Message -----
What do you do when you get home to put it back on the air -- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take?
Focus on this part, BTW, folks; let's ignore the politics behind the shutdown. :-)
So if I get what you're saying, I could have something operational from scratch in a few hours. I've got a variety of Cisco routers and switches, Linux and Mac OS X boxes in various shapes and sizes, and a five CPE + one AP 5 GHz Mikrotik RouterOS-based radio system, 802.11b/g wireless AP, 800' of Cat 5e cable, connectors, and crimpers. The radios, if well placed, could allow me to connect up several strategic locations, or perhaps use them to connect to other sources of Internet access, if available. If it really came down to it, I could probably gather enough satellite communications gear from the office to allow me to stand up satellite Internet to someone. Of course, the trick would be to talk to that "someone" to coordinate connectivity over the satellite which may be hard to do given the communications outage you described. I wouldn't be so worried about transmitting to the satellite, in this case I'd just transmit without authorization, but someone needs to be receiving my transmission and vice versa for this to be useful. At a minimum, I could enable communications between my neighbors. Regards, Ryan Wilkins
On Thu, 3 Feb 2011, Ryan Wilkins wrote:
---- Original Message -----
What do you do when you get home to put it back on the air -- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take?
Focus on this part, BTW, folks; let's ignore the politics behind the shutdown. :-)
1. I always keep a printed copy of all email and cellphone contacts that I normally would have access to online. 2. Critical is contacting your users. Normally your company has its mailing list but that is now down. You could set up a new list via Google groups or Yahoogroups or even your own Mailman on a VPS, but what about the list of users? Always keep an updated exported list of your users on a DoK so you can rebuild later. 3. Website: as above, keep a duplicate copy of your basic HTML pages on some DoK that you can take with you. Have the user+pswd to your registrar so you can repoint your DNS to some new site you now setup up with the new updated info about your downtime. -Hank
3. Website: as above, keep a duplicate copy of your basic HTML pages on some DoK that you can take with you. Have the user+pswd to your registrar so you can repoint your DNS to some new site you now setup up with the new updated info about your downtime.
-Hank
Having a DNS server and MX host outside the borders of the country would help as well. I believe that any "attack" is likely to come from within, not from an external source. It would seem most likely to me that some malware would be spread around ahead of time that does nothing to bother the host until it is time for it to act. At that point, cutting off international links will have little/no impact and would possibly be the entire goal of the event. Shutting down the Internet would be "mission accomplished". The government should be, in my opinion, focusing its efforts on how it can best facilitate a coordination of efforts to A: profile the traffic so it can be blocked B: locate infected nodes so they can be disconnected or disinfected. The source of the attack is not likely going to be network infrastructure but instead the millions of end user devices out there. Questions like: who is monitoring traffic and noting traffic profiles of malware and developing some mechanism for distributing those traffic profiles to network operators so they can be blocked or otherwise acted on? How can that distribution channel be made "robust" in the face of a general public network breakdown? Is there a need for some sort of an operational "order wire" network that interconnects network operators as sort of an "out of band" communications path for handling emergency coordination among operators? What would be the connectivity requirements for such a network? The government could be a lot of help in keeping the network up in the face of attack rather than simply shutting it off. The emphasis should be on keeping it working, not how to most efficiently shut it down.
do you have a satellite dish? what are your dish pointing coordinates......we just need to find out what is going on the air interface ... ________________________________ From: Ryan Wilkins <ryan@deadfrog.net> To: Jay Ashworth <jra@baylink.com> Cc: NANOG <nanog@nanog.org> Sent: Fri, February 4, 2011 4:46:47 AM Subject: Re: Weekend Gedankenexperiment - The Kill Switch On Feb 3, 2011, at 10:10 PM, Jay Ashworth wrote:
---- Original Message -----
What do you do when you get home to put it back on the air -- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take?
Focus on this part, BTW, folks; let's ignore the politics behind the shutdown. :-)
So if I get what you're saying, I could have something operational from scratch in a few hours. I've got a variety of Cisco routers and switches, Linux and Mac OS X boxes in various shapes and sizes, and a five CPE + one AP 5 GHz Mikrotik RouterOS-based radio system, 802.11b/g wireless AP, 800' of Cat 5e cable, connectors, and crimpers. The radios, if well placed, could allow me to connect up several strategic locations, or perhaps use them to connect to other sources of Internet access, if available. If it really came down to it, I could probably gather enough satellite communications gear from the office to allow me to stand up satellite Internet to someone. Of course, the trick would be to talk to that "someone" to coordinate connectivity over the satellite which may be hard to do given the communications outage you described. I wouldn't be so worried about transmitting to the satellite, in this case I'd just transmit without authorization, but someone needs to be receiving my transmission and vice versa for this to be useful. At a minimum, I could enable communications between my neighbors. Regards, Ryan Wilkins
On Feb 6, 2011, at 8:57 AM, isabel dias wrote:
do you have a satellite dish? what are your dish pointing coordinates......we just need to find out what is going on the air interface ...
I don't personally have one but of of the companies that I contract to is in the satellite networks business. It wouldn't take much to pack up a 1.2m antenna, LNB, BUC, iDirect router, cables, and be on the air. The 3.8m would be a bit more difficult to pack up. ;-) As for pointing, pick a Ku-band satellite viewable from Chicago and I could be on it. There's a bunch of them. The iDirect 7350 router will do iDirect TDMA or SCPC. Regards, Ryan Wilkins
On Thu, Feb 3, 2011 at 11:46 PM, Ryan Wilkins <ryan@deadfrog.net> wrote:
On Feb 3, 2011, at 10:10 PM, Jay Ashworth wrote:
---- Original Message -----
What do you do when you get home to put it back on the air -- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take?
Focus on this part, BTW, folks; let's ignore the politics behind the shutdown. :-)
So if I get what you're saying, I could have something operational from scratch in a few hours. I've got a variety of Cisco routers and switches, Linux and Mac OS X boxes in various shapes and sizes, and a five CPE + one AP 5 GHz Mikrotik RouterOS-based radio system, 802.11b/g wireless AP, 800' of Cat 5e cable, connectors, and crimpers. The radios, if well placed, could allow me to connect up several strategic locations, or perhaps use them to connect to other sources of Internet access, if available. If it really came down to it, I could probably gather enough satellite communications gear from the office to allow me to stand up satellite Internet to someone. Of course, the trick would be to talk to that "someone" to coordinate connectivity over the satellite which may be hard to do given the communications outage you described. I wouldn't be so worried about transmitting to the satellite, in this case I'd just transmit without authorization, but someone needs to be receiving my transmission and vice versa for this to be useful. At a minimum, I could enable communications between my neighbors.
Regards, Ryan Wilkins
I agree that setting up "local" connectivity between the folks in my neighborhood wouldn't be too much of a challenge. Getting anything much beyond that up and running would be a stretch. -- Josh Smith KD8HRX email/jabber: juicewvu@gmail.com phone: 304.237.9369(c)
On Feb 7, 2011, at 3:53 PM, Josh Smith wrote:
I agree that setting up "local" connectivity between the folks in my neighborhood wouldn't be too much of a challenge. Getting anything much beyond that up and running would be a stretch.
Yeah, but the more people communicating the better. I don't know what all my neighbors are capable of doing. Some of them may be capable of helping the cause in ways that I hadn't considered. Regards, Ryan Wilkins
On Mon, Feb 7, 2011 at 5:01 PM, Ryan Wilkins <ryan@deadfrog.net> wrote:
On Feb 7, 2011, at 3:53 PM, Josh Smith wrote:
I agree that setting up "local" connectivity between the folks in my neighborhood wouldn't be too much of a challenge. Getting anything much beyond that up and running would be a stretch.
Yeah, but the more people communicating the better. I don't know what all my neighbors are capable of doing. Some of them may be capable of helping the cause in ways that I hadn't considered.
Regards, Ryan Wilkins
Ryan, I agree the more people communicating the better. I was just commenting on what my own, and suspect many others on the list's capabilities are. While I would love to have access to a satellite type of data service as a backup link its simply not in my budget and even if it was I suspect any service available via satellite might suffer from similar problems if the methods used to disrupt connectivity in Egypt were employed here. Thanks, -- Josh Smith KD8HRX email/jabber: juicewvu@gmail.com phone: 304.237.9369(c)
On Mon, 07 Feb 2011 17:49:36 EST, Josh Smith said:
even if it was I suspect any service available via satellite might suffer from similar problems if the methods used to disrupt connectivity in Egypt were employed here.
The real question isn't "If they shut you down, can you restart?". The real question is "If they shut you down, can you restart in a way that avoids them attempting a second shutdown with a bullet?"
On 07/02/2011 21:53, Josh Smith wrote:
I agree that setting up "local" connectivity between the folks in my neighborhood wouldn't be too much of a challenge. Getting anything much beyond that up and running would be a stretch.
I can't help noticing some irony in seeing one nanog thread about working around a supposed government internet kill switch by using wireless transmission kit, and another about the US Navy reputedly trashing connectivity in an entire country by, uh, jamming wireless transmission links. Nick
----- Original Message -----
From: "Nick Hilliard" <nick@foobar.org>
Subject: Re: Weekend Gedankenexperiment - The Kill Switch On 07/02/2011 21:53, Josh Smith wrote:
I agree that setting up "local" connectivity between the folks in my neighborhood wouldn't be too much of a challenge. Getting anything much beyond that up and running would be a stretch.
I can't help noticing some irony in seeing one nanog thread about working around a supposed government internet kill switch by using wireless transmission kit, and another about the US Navy reputedly trashing connectivity in an entire country by, uh, jamming wireless transmission links.
Irony != coincidence. One is the government interrupting communications, and the other one is ... the government interrupting communications. Oh look: those even came out in the same character positions. :-) Cheers, -- jra
On Thu, Feb 03, 2011 at 10:43:09PM -0500, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
legal paperwork or pound sand. [very small hurdle, pathetic how many LEOs seek to avoid it] The rest of it waits for that. -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
On 04/02/2011, at 2:13 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
Turn off the room lights, salute, and shout, "Mission Accomplished." The FBI dude with the gun won't know the difference. - mark -- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Feb 3, 2011 at 9:09 PM, Mark Newton <newton@internode.com.au> wrote:
On 04/02/2011, at 2:13 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
Turn off the room lights, salute, and shout, "Mission Accomplished." The FBI dude with the gun won't know the difference.
No. The correct answer is that in the U.S., if the Agent in question has a valid subpoena or N.S.L., you must comply. If he doesn't, then you do not have to comply. I cannot answer for any other jurisdiction. Also, make sure you have staff attorneys well-versed in Internet law -- you'll need them either way. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNS4sCq1pz9mNUZTMRAu1EAKCMTVfXnYlbzjpyrKNfiW1grhaUgwCfQTos KDDZdBA0Xd/2cy0Wx9qf3gc= =vNsc -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On 04/02/2011, at 3:43 PM, Paul Ferguson wrote: Also, make sure you have staff attorneys well-versed in Internet law -- you'll need them either way. The Internet has it's own law now? MMC -- Matthew Moyle-Croft Peering Manager and Team Lead - Commercial and DSLAMs Internode /Agile Level 5, 150 Grenfell Street, Adelaide, SA 5000 Australia Email: mmc@internode.com.au<mailto:mmc@internode.com.au> Web: http://www.on.net<http://www.on.net/> Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999 Fax: +61-8-8235-6909
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Feb 3, 2011 at 9:26 PM, Matthew Moyle-Croft <mmc@internode.com.au> wrote:
On 04/02/2011, at 3:43 PM, Paul Ferguson wrote:
Also, make sure you have staff attorneys well-versed in Internet law -- you'll need them either way.
The Internet has it's own law now?
The Internet is not immune to the law, as you should well know. In fact, the Internet seems to be a legal "proving ground" these days, so word to the wise. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNS46qq1pz9mNUZTMRAphoAJsGW/J6Y7lrWkJF0nQMMudHmom5dQCg13a9 LSNA73S6cRpfNELRSsyApTc= =t13Y -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
The Internet is not immune to the law, as you should well know. In fact, the Internet seems to be a legal "proving ground" these days, so word to the wise.
And, the US National Communication Service (http://www.ncs.gov/index.html) "technically" has the ability to order all US telecommunications providers to disconnect for the express purpose of maintaining the integrity of the US Telecommunications system. If the NCS does not have implicit authority, a Executive order would grant it. So beware, most of the "US Internet Kill Switch" talk in Washington DC is politics from people who have not read that can be done now using existing authorities.
On 04/02/2011, at 3:43 PM, Paul Ferguson wrote:
On Thu, Feb 3, 2011 at 9:09 PM, Mark Newton <newton@internode.com.au> wrote:
On 04/02/2011, at 2:13 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
Turn off the room lights, salute, and shout, "Mission Accomplished." The FBI dude with the gun won't know the difference.
No. The correct answer is that in the U.S., if the Agent in question has a valid subpoena or N.S.L., you must comply.
Subpoenas and NSLs are used to gather information, not to shut down telcos. They're just an enforceable request for records. Considering that politicians in the US have suggested that they need "kill switch" legislation passed before they can do it, and further considering that "kill switch" legislation doesn't currently exist, what lawful means do you anticipate an FBI special agent to rely on in making such a request? I'm not actually in the US. In a question arising from the Egypt demonstrations earlier this week, Australia's Communications Minister said he didn't think the law as written at the moment provided the government with the lawful ability to shut down telecommunications services. http://delimiter.com.au/2011/02/03/no-internet-kill-switch-for-australia-say... - mark -- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Feb 3, 2011 at 9:27 PM, Mark Newton <newton@internode.com.au> wrote:
On 04/02/2011, at 3:43 PM, Paul Ferguson wrote:
On Thu, Feb 3, 2011 at 9:09 PM, Mark Newton <newton@internode.com.au> wrote:
On 04/02/2011, at 2:13 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
Turn off the room lights, salute, and shout, "Mission Accomplished." The FBI dude with the gun won't know the difference.
No. The correct answer is that in the U.S., if the Agent in question has a valid subpoena or N.S.L., you must comply.
Subpoenas and NSLs are used to gather information, not to shut down telcos. They're just an enforceable request for records.
Considering that politicians in the US have suggested that they need "kill switch" legislation passed before they can do it, and further considering that "kill switch" legislation doesn't currently exist, what lawful means do you anticipate an FBI special agent to rely on in making such a request?
I'm not actually in the US. In a question arising from the Egypt demonstrations earlier this week, Australia's Communications Minister said he didn't think the law as written at the moment provided the government with the lawful ability to shut down telecommunications services. http://delimiter.com.au/2011/02/03/no-internet-kill-switch-for-australia- says-conroy/
I share your sentiment. One of the best commentaries I have read lately on this issue was earlier today: http://www.zdnet.com/blog/government/ive-changed-my-mind-america-must-never - -allow-an-internet-kill-switch-heres-why/9982 Worth a quick read. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNS49Qq1pz9mNUZTMRAg63AJ9XifxhugBVp9eyMrGQW7W9uKiAMACgor23 ISBUTZgvbwKKjJ5qBnJxPrg= =O3vq -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Paul, a key piece in the article is on the second page: "In fact, a lot of what the bill provides for are a very good ideas. The bill sets out the concept that cyberspace is a strategic asset for the United States and needs to be protected like any other strategic asset. This is good. The bill also acknowledges that we’re likely to come under severe attack and need to have a way to respond. We also need to have a single point of authority to make sure we respond in a coordinated way, instead of having all of America’s security forces working at cross-purposes. That single point of authority is the President. This makes sense." In all seriousness here, I wonder how the Egyptian law was worded, that allowed them to legally (let's assume so) send out propaganda text messages through all mobile operators (force operators to comply), and even shut down the Internet (force operators to comply). It is fully possible that the law says something very similar to that above, that when the state is under stress or attack (by its own storm troopers...), the state is allowed to step in to take protective measures, all in the good interest of the state, authorized by their single point of authority. This is a dangerous design, specifically as it assumes that the state under all circumstances is good which most observers will note, especially now, that states cannot be assumed to be, forever and always. Essentially, I'm not seeing the upside in assuming any state will always be good, forever and always. And it boils down to what's been discussed earlier: centralizing control of the Internet, whether political or technical, makes it less robust to failures and more prone to abuse/attack, as the value of a single point or target increases. This sub-thread is a bit off-topic, and to the thread starter I only suggest you look into the Egypt situation/operations a bit, but I guess that's where you got your inspiration for the question anyway. :) Cheers, Martin On Fri, Feb 4, 2011 at 12:32 AM, Paul Ferguson <fergdawgster@gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, Feb 3, 2011 at 9:27 PM, Mark Newton <newton@internode.com.au> wrote:
On 04/02/2011, at 3:43 PM, Paul Ferguson wrote:
On Thu, Feb 3, 2011 at 9:09 PM, Mark Newton <newton@internode.com.au> wrote:
On 04/02/2011, at 2:13 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
Turn off the room lights, salute, and shout, "Mission Accomplished." The FBI dude with the gun won't know the difference.
No. The correct answer is that in the U.S., if the Agent in question has a valid subpoena or N.S.L., you must comply.
Subpoenas and NSLs are used to gather information, not to shut down telcos. They're just an enforceable request for records.
Considering that politicians in the US have suggested that they need "kill switch" legislation passed before they can do it, and further considering that "kill switch" legislation doesn't currently exist, what lawful means do you anticipate an FBI special agent to rely on in making such a request?
I'm not actually in the US. In a question arising from the Egypt demonstrations earlier this week, Australia's Communications Minister said he didn't think the law as written at the moment provided the government with the lawful ability to shut down telecommunications services. http://delimiter.com.au/2011/02/03/no-internet-kill-switch-for-australia- says-conroy/
I share your sentiment.
One of the best commentaries I have read lately on this issue was earlier today:
http://www.zdnet.com/blog/government/ive-changed-my-mind-america-must-never - -allow-an-internet-kill-switch-heres-why/9982
Worth a quick read.
- - ferg
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFNS49Qq1pz9mNUZTMRAg63AJ9XifxhugBVp9eyMrGQW7W9uKiAMACgor23 ISBUTZgvbwKKjJ5qBnJxPrg= =O3vq -----END PGP SIGNATURE-----
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Feb 3, 2011 at 10:34 PM, Martin Millnert <millnert@gmail.com> wrote:
Essentially, I'm not seeing the upside in assuming any state will always be good, forever and always. And it boils down to what's been discussed earlier: centralizing control of the Internet, whether political or technical, makes it less robust to failures and more prone to abuse/attack, as the value of a single point or target increases.
In this, we completely agree. And as an aside, governments will always believe that that they can control the flow of information, when push comes to shove. This has always been a hazard, and will always continue to be so. As technologists, we need to be cognizant of that fact. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNS57lq1pz9mNUZTMRAlnAAKDoz15jmBf/N54958iUDbysbDPWkwCgx42x TAOZkWP+Dq0aOe7qzOB8WvQ= =rEH0 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On 03/02/11 10:38 PM, Paul Ferguson wrote:
And as an aside, governments will always believe that that they can control the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies. Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the direction of Egypt, where pressure on just a few companies CAN shut down the entire internet. Otherwise we end up with a few companies that will play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security". If you *really* believe that the TSA is effective, you would be in favor of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any safer, then you should equally be very concerned that someone ever has the power to order that the internet be "shut down" for our safety. jc
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes) Does it not bode ill for "national security" if any party could take out a massive communication system by destroying/pressuring a few choke points? -----Original Message----- From: JC Dill [mailto:jcdill.lists@gmail.com] Sent: Thursday, February 03, 2011 11:39 PM To: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch On 03/02/11 10:38 PM, Paul Ferguson wrote:
And as an aside, governments will always believe that that they can
control
the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies. Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the direction of Egypt, where pressure on just a few companies CAN shut down the entire internet. Otherwise we end up with a few companies that will play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security". If you *really* believe that the TSA is effective, you would be in favor of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any safer, then you should equally be very concerned that someone ever has the power to order that the internet be "shut down" for our safety. jc
the protocols ability to "route around" failures is an attribute of packet based protocols. it has little to do with legal compliance of an order to cease and desist forwarding packets. end of the day, i guess it boils down to the question of -civil disobedience- if the law is unjust, do you comply because it is the law, or do you protest, at the risk of punishment/death? hardly a wire-protocol question - no? --bill On Fri, Feb 04, 2011 at 01:49:09PM -0800, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Does it not bode ill for "national security" if any party could take out a massive communication system by destroying/pressuring a few choke points?
-----Original Message----- From: JC Dill [mailto:jcdill.lists@gmail.com] Sent: Thursday, February 03, 2011 11:39 PM To: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch
On 03/02/11 10:38 PM, Paul Ferguson wrote:
And as an aside, governments will always believe that that they can
control
the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies.
Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the direction of Egypt, where pressure on just a few companies CAN shut down
the entire internet. Otherwise we end up with a few companies that will
play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security".
If you *really* believe that the TSA is effective, you would be in favor
of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any
safer, then you should equally be very concerned that someone ever has the power to order that the internet be "shut down" for our safety.
jc
----- Original Message -----
From: bmanning@vacation.karoshi.com
if the law is unjust, do you comply because it is the law, or do you protest, at the risk of punishment/death? hardly a wire-protocol question - no?
Correct: a decision each person must make for themselves... which is why it was *not* the topic of my inquiry. I was just curious as to whether people had given any thought to *whether and how* they could do it, if they decided it was necessary. Cheers, -- jra
On Fri, Feb 4, 2011 at 1:49 PM, Hayden Katzenellenbogen <hayden@nextlevelinternet.com> wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Does it not bode ill for "national security" if any party could take out a massive communication system by destroying/pressuring a few choke points?
As has been noted previously, it's all about your frame of reference. If the US is removed from the Internet, it does not mean the Internet stops working; from the perspective of the rest of the world, the Internet is still there. likewise, when Egypt shut down the internet (from their perspective), it was essentially a complete shutdown, from their viewpoint; nothing on the internet was reachable. This did not mean the Internet shut down; for most of the rest of the world, they barely noticed Egypt was gone. The Internet itself will continue to function, no matter what silliness the US political system attempts to engage in; from the perspective of those in the US, it may appear that "the Internet" is unable to survive such an attack; but from the perspective of the rest of the world, it really will be localized damage in the US, and not at all a case of the Internet being shut down. Matt
On Fri, 2011-02-04 at 14:27 -0800, Matthew Petach wrote:
As has been noted previously, it's all about your frame of reference. If the US is removed from the Internet, it does not mean the Internet stops working; from the perspective of the rest of the world, the Internet is still there.
Many years ago, there was a headline in the London Times: "Fog In Channel, Europe Cut Off" Regards, K. PS: Might be an apocryphal story :-) -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/kauer/ +61-428-957160 (mob) GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687 Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
On 05/02/2011, at 8:57 AM, Matthew Petach wrote: As has been noted previously, it's all about your frame of reference. If the US is removed from the Internet, it does not mean the Internet stops working; from the perspective of the rest of the world, the Internet is still there. I suspect you'll find it would be pretty crippled if the US was removed. Given the majority of my country's (Australia) internet connectivity is to the USA (English language speakers looking for English language content) we'd probably find that we were left with very limited connectivity. Quite a number of Australian ISPs would have no international connectivity at all. We'd have limited capacity to Europe as the Westward paths are thin and expensive and it's mostly via the USA. This is one of the risks the world, now relying on the "Interwebz" for communication runs. The heavy centralisation of the core of the internet (ie. really "Tier1" defines connectivity inside the USA only and is vague for the rest of the world) as well as Asia especially having very poor intra-Asia connectivity for various reasons. (ie. A number of Asian carriers optimise for connectivity to the USA and have silly views about "regional tier 1" that means they peer poorly within Asia. This leads to a lack of local connectivity. If the USA went "dark" then we'd lose connectivity to them). So, really, this is a call to the rest of the world to start thinking about the benefits of more regional connectivity and connectivity between Asia and Europe avoiding the USA so that any "kill switch" implemented doesn't cause the world to have any more problems than it needs to face. MMC
On Fri, Feb 04, 2011 at 02:27:32PM -0800, Matthew Petach said:
The Internet itself will continue to function, no matter what silliness the US political system attempts to engage in; from the perspective of those in the US, it may appear that "the Internet" is unable to survive such an attack; but from the perspective of the rest of the world, it really will be localized damage in the US, and not at all a case of the Internet being shut down.
Hardly. A lot of top level/very popular sites likely have no extra-US redundancy. However, shutting the internet down (you know, when they press the magic button that makes my telebit trailblazer no longer able to do UUCP) would instantly create a market for services more robust/localized/ culturally-customized than those that suddenly go missing on that day. (wonder if anyone has contingency plans in the wings waiting for such an event). That's a pretty dumbass business decision, IMHO. Will nevar evar happen. Political and economic suicide. "internet presence vacuum" - there I coined it. [ side question, how many of the root servers evaporate on that day? ] [ additionally, when the usa is shutdown taking 80% of Canada with it, (truly, w'iz yr biyatches) do we declare a diplomatic emergency/act of war for american actions? or do we just hang our heads in shame at our poor redundancy? ] I suspect the 'internet kill switch' will be used in far more localized situations, like containing single ISPs/cells/threat vectors, as required. (Harkens back to GWB's rarely-mentioned theorizing end-run around Posse Comitatus suggesting 'who else but the military to contain an epidemic outbreak' without mention of threat authentication by independent civilian bodies). Popular uprising in city X tweeting out the new version of Rodney King? Good night and good luck. /kc -- Ken Chase - ken@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
----- Original Message -----
From: "Ken Chase" <ken@sizone.org>
However, shutting the internet down (you know, when they press the magic button that makes my telebit trailblazer no longer able to do UUCP) would instantly create a market for services more robust/localized/ culturally-customized than those that suddenly go missing on that day. (wonder if anyone has contingency plans in the wings waiting for such an event).
So, Ken. Where *is* your Trailblazer? Is it hooked up? Have you tested it lately? Do you have Taylor UUCP installed? Configured? Have peers? Cheers, -- jr ':-)' a
On Fri, Feb 04, 2011 at 09:34:09PM -0500, Jay Ashworth said:
Where *is* your Trailblazer? Is it hooked up? Have you tested it lately?
Do you have Taylor UUCP installed? Configured? Have peers?
No, but i have old drives full of uucp maps around. I'd start with those. And I'd use the terrestrial phone system to call up/figure out who's still out there (im friends/colleagues or know how to reach many of the people who ran my old peers). Once it became clear it was a long outtage, the effort required to get all this going again would be worth it. I have the tools around to make it happen, if I needed to, and I know several others who also do. (Maybe time to keep a copy of uu*.deb around though..) Oh whoops, except I have a dry copper loop in my house for my dsl. Dang nabbit. Stupid advancing technology. (During an internet outtage I wonder if new orders for POTS phone service would be quashed in the interest of 'public safety'... :) /kc -- Ken Chase - ken@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto Canada Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Dang nabbit. Stupid advancing technology. (During an internet outtage I wonder if new orders for POTS phone service would be quashed in the interest of 'public safety'... :)
/kc --
UUCP works just fine over TCP/IP and works with Exim and Postfix (I have used both with UUCP over TCP/IP) with regular ARPA style addresses (@ addressing). Might be worthwhile to set up just to keep in practice. Once served as an MX host for a local family that moved overseas for a while and they had their own domain. They would connect to the Internet when they could, connect to me and pull the family's mail by UUCP over TCP/IP. That wasn't that long ago (less than 10 years ago). It is actually a pretty decent way to collect email for an entire domain when you have only intermittent connectivity.
On 2/4/2011 8:25 PM, Ken Chase wrote:
However, shutting the internet down (you know, when they press the magic button that makes my telebit trailblazer no longer able to do UUCP) would instantly create a market for services more robust/localized/ culturally-customized than those that suddenly go missing on that day. (wonder if anyone has contingency plans in the wings waiting for such an event).
Eh, We'd all rub our eyes, see the light creeping under the door, and actually go and see what's going on outside. :) Except the HAM operators. They don't need the Internet to stay inside. Jack
On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Does it not bode ill for "national security" if any party could take out a massive communication system by destroying/pressuring a few choke points?
You mean, like drop a couple of trade towers and take out three class five switches, causing communication outages throughout New England and New Jersey, and affecting places as far away as Chicago? Nope. Couldn't happen. More seriously, yes, one could in fact take out any connectivity one wants by withdrawing routes (which is reportedly what Egypt did), and if you hit enough interchange points that could get serious. At the risk of sounding naive and pollyanna-ish, we have a few more of those interchange points in the US than they have in Egypt. In theory, yes. Making it actually happen could be quite an operation.
-----Original Message----- From: JC Dill [mailto:jcdill.lists@gmail.com] Sent: Thursday, February 03, 2011 11:39 PM To: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch
On 03/02/11 10:38 PM, Paul Ferguson wrote:
And as an aside, governments will always believe that that they can
control
the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies.
Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the direction of Egypt, where pressure on just a few companies CAN shut down
the entire internet. Otherwise we end up with a few companies that will
play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security".
If you *really* believe that the TSA is effective, you would be in favor
of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any
safer, then you should equally be very concerned that someone ever has the power to order that the internet be "shut down" for our safety.
jc
On 2/5/2011 6:43 AM, Fred Baker wrote:
On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Maybe not quite an UL... <http://www.rand.org/about/history/baran.html> On the average, The Rand Corp is extremely careful about what it publishes, yet here it is, repeating the claim. Back in the '70s, I always heard "survive hostile battlefield conditions" and never heard anyone talk about comms survival of a nuclear event, but I wasn't in any interesting conversations, such as in front of funding agencies... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
On Feb 5, 2011, at 6:11 PM, Dave CROCKER wrote:
On 2/5/2011 6:43 AM, Fred Baker wrote:
On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Maybe not quite an UL...
<http://www.rand.org/about/history/baran.html>
On the average, The Rand Corp is extremely careful about what it publishes, yet here it is, repeating the claim.
But Len Kleinrock adamantly disputes it.
Back in the '70s, I always heard "survive hostile battlefield conditions" and never heard anyone talk about comms survival of a nuclear event, but I wasn't in any interesting conversations, such as in front of funding agencies...
To survive an EMP, electronics needs some fancy circuitry. I've never worked with a bit of equipment that had it. It would therefore have to have been through path redundancy.
Back in the '70s, I always heard "survive hostile battlefield conditions" and never heard anyone talk about comms survival of a nuclear event, but I wasn't in any interesting conversations, such as in front of funding agencies...
To survive an EMP, electronics needs some fancy circuitry. I've never worked with a bit of equipment that had it. It would therefore have to have been through path redundancy.
It was designed to be robust but it wasn't designed to survive nuclear war. There WERE some networks that were designed to survive, though, so maybe some have confused them. I think what I hear seems to confuse MILNET with MILSTAR where MILNET was the military portion of the Internet (what has eventually evolved into NIPRNet) and MILSTAR which is a satellite network designed to be nuclear survivable. When it absolutely positively has to get there.
On Sat, Feb 05, 2011 at 08:29:44PM -0800, Fred Baker wrote:
On Feb 5, 2011, at 6:11 PM, Dave CROCKER wrote:
On 2/5/2011 6:43 AM, Fred Baker wrote:
On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Maybe not quite an UL...
<http://www.rand.org/about/history/baran.html>
On the average, The Rand Corp is extremely careful about what it publishes, yet here it is, repeating the claim.
But Len Kleinrock adamantly disputes it.
Back in the '70s, I always heard "survive hostile battlefield conditions" and never heard anyone talk about comms survival of a nuclear event, but I wasn't in any interesting conversations, such as in front of funding agencies...
To survive an EMP, electronics needs some fancy circuitry. I've never worked with a bit of equipment that had it. It would therefore have to have been through path redundancy.
i suspect that the idea of survivalbility has everything to do w/ packet oriented communications vs circuit switching. packets work best w/ path redundancy... :) i've worked w/ EMP resistnt kit. its not something a commercial offering would ever have. --bill
On 02-05-11 8:29 PM, Fred Baker wrote:
On Feb 5, 2011, at 6:11 PM, Dave CROCKER wrote:
On 2/5/2011 6:43 AM, Fred Baker wrote:
On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Maybe not quite an UL...
<http://www.rand.org/about/history/baran.html>
On the average, The Rand Corp is extremely careful about what it publishes, yet here it is, repeating the claim.
But Len Kleinrock adamantly disputes it.
Back in the '70s, I always heard "survive hostile battlefield conditions" and never heard anyone talk about comms survival of a nuclear event, but I wasn't in any interesting conversations, such as in front of funding agencies...
To survive an EMP, electronics needs some fancy circuitry. I've never worked with a bit of equipment that had it. It would therefore have to have been through path redundancy.
For more specifics from Paul Baran himself, you may read his interview with Stewart Brand. Lots of good stuff circa late 50s - early 60s. http://www.wired.com/wired/archive/9.03/baran_pr.html one fun excerpt, re: asking the phone co to build a packet switch: ---- SB: How seriously did AT&T look at the proposal? PB: The response was most interesting. The story I tell is of the time I went over to AT&T headquarters - one of many, many times - and there's a group of old graybeards. I start describing how this works. One stops me and says, "Wait a minute, son. Are you trying to tell us that you open the switch up in the middle of the conversation?" I say, "Yes." His eyeballs roll as he looks at his associates and shakes his head. We just weren't on the same wavelength. ---- Paul's memory is backed up by his meticulous records. I worked at Com21 1997-2K and heard similar recounts from Paul over Com21 BBQ lunches at the company's Tasman site. I wished for a while he'd write a history but came to understand he's always been a doer not a historian. Cheers, - Michael
On Saturday, February 05, 2011 11:29:44 pm Fred Baker wrote:
To survive an EMP, electronics needs some fancy circuitry. I've never worked with a bit of equipment that had it. It would therefore have to have been through path redundancy.
Surviving EMP is similar to surviving several (dozen) direct lightning strikes, and requires the same sort of protection, both in terms of shielding and in terms of filtering, as well as the methods used for connections, etc. There is plenty of documentation out there on how to do this, even with commercial stuff, if you look. The biggest issue in EMP is power, however, since the grid in the affected area will likely be down.
On February 5, 2011 at 18:11 dhc2@dcrocker.net (Dave CROCKER) wrote:
On 2/5/2011 6:43 AM, Fred Baker wrote:
On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Maybe not quite an UL...
<http://www.rand.org/about/history/baran.html>
On the average, The Rand Corp is extremely careful about what it publishes, yet here it is, repeating the claim.
I agree with Dave, I think this idea that it's an urban legend has now become an urban legend. If you focus it down very sharply like this: DARPA specified (or, perhaps, the project was sold to DARPA with a promise...) that the network being designed in the late 1960s should be resistant to a nuclear attack. That's probably an urban legend, who knows, it's probably not all that interesting. But was it observed over and over from the early on that a packet network, versus the then predominant technology of virtual (or even real) circuit networks, would be resistant to damage of all sorts? Yes. Another early motivation which isn't often mentioned in these discussions was the sharing of supercomputer resources. Supercomputers generally cost tens of millions of dollars back then, approaching $100 million if you took the infrastructure into account. I worked on a $100M supercomputer proposal as it evolved into 50 tons of chilled water on the roof to shoring up the roof to hold that much water, to running a private gigawatt power line from the local utility thru Boston...etc. And the sort of people who needed access to those supercomputers were spread across the country (and world of course.) It was becoming a matter of whether to move the researchers, not very practical (how many finite element analysis experts do you really need at one university?), or buy each of them a supercomputer (kind of expensive), or try to hook them up remotely. At first dial-up seemed plausible but data visualization, graphical access, became more and more important even in the late 1970s and early 80s. Researchers were shipping large cartons of magtape so they could use local computers to generate graphical results of their computations. It was unwieldy to be kind. The internet was a good answer to that problem, and that vision of "high-speed" (for the era) remote access certainly factored into proposals such as the JVNC-era proposals, NSFnet, etc. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
On 2/6/2011 10:47 AM, Barry Shein wrote:
If you focus it down very sharply like this:
DARPA specified (or, perhaps, the project was sold to DARPA with a promise...) that the network being designed in the late 1960s should be resistant to a nuclear attack.
That's probably an urban legend, who knows, it's probably not all that interesting.
But was it observed over and over from the early on that a packet network, versus the then predominant technology of virtual (or even real) circuit networks, would be resistant to damage of all sorts?
Yes.
Sorry, but I think the technical implications of a goal to survive 'hostile battlefield conditions' versus 'nuclear attack' are (small pun) massively different. Hence I think the actual language used matters. And the fact that the common language around the net during the '70s was the former and not the latter matters. Which is why it would be helpful to get some credible documentation about use of the latter. I'd expect the major difference in the two terms is the scale of the outage. A few square miles, versus possibly thousands. To that end, I remember an anecdote about van Jacobson from the 1989 quake in California that might provide some insight about a large-scale outage:[1] He was living in Berkeley but was visiting Stanford when the quake hit and he wanted to check that his girlfriend was safe. Of course, the phone didn't work.[2] Out of sheer frustration and the need to do /something/ he sent her an email. He got a response within a few minutes. Surprised that the net was still working (and working quite well), he did a traceroute from the Stanford system to the one his girlfriend was using.[3] Not surprisingly, the path did not cross the San Francisco Bay, as it normally would have. Instead it went down to Los Angeles, across the southern US, up the East Coast and back across the Northern U.S. Although the outage was fairly small-scale, the scale of the re-routing suggests that a larger, 'regional' outage from something like a nuclear event would adapt readily. (We can ignore the additional question of EMP effects, since that only affects the scale of the outage.) And, of course, there have been other test cases since then... d/ [1] This is anecdotal; I've never confirmed the story with him. [2] That does not automatically indicate a system failure, given the switch to an emergency mode for the phone system that restricts access during major events like these. [3] Van created traceroute. <http://en.wikipedia.org/wiki/Traceroute> -- Dave Crocker Brandenburg InternetWorking bbiw.net
Hi, Dave, On 06/02/2011 04:09 p.m., Dave CROCKER wrote:
Sorry, but I think the technical implications of a goal to survive 'hostile battlefield conditions' versus 'nuclear attack' are (small pun) massively different. Hence I think the actual language used matters.
And the fact that the common language around the net during the '70s was the former and not the latter matters. Which is why it would be helpful to get some credible documentation about use of the latter.
How about: Clark, D. 1988. "The Design Philosophy of the DARPA Internet Protocols". Computer Communication Review, Vol. 18, No. 4, 1988. ? Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
the authoritative and secondary servers for the "ميسر." zone were unreachable, a circumstance which existed a year ago for the .ht zone. the authoritative and secondary servers for the ".eg" zone were mutually unreachable. wireline dialtone was prevalent during the prefix withdrawal period. suggestions for oob control, 56kb tech and (signed) zone transfer would be useful. graceful conversion to a sparse 56kb and vsat connectivity regime may be a general form of robustness.
----- Original Message -----
From: "Fred Baker" <fred@cisco.com>
You mean, like drop a couple of trade towers and take out three class five switches, causing communication outages throughout New England and New Jersey, and affecting places as far away as Chicago?
3 class-5s? I thought it was a 5E and a 4E. I heard the 4E stayed online *past* 1400, talking to its fiber neighbors... Cheers -- jra
On Feb 5, 2011, at 7:00 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Fred Baker" <fred@cisco.com>
You mean, like drop a couple of trade towers and take out three class five switches, causing communication outages throughout New England and New Jersey, and affecting places as far away as Chicago?
3 class-5s?
I thought it was a 5E and a 4E.
I may have it wrong. My source is a talk given along with renesys-030502-NRC-911.pdf to a NAE committee writing http://www.nap.edu/openbook.php?isbn=0309087023. The author told us that there were two class five switches in one of the towers and one in a neighboring building; the neighboring building was damaged by debris from the tower.
I heard the 4E stayed online *past* 1400, talking to its fiber neighbors...
Cheers -- jra
Does anyone know when they took down connectivity in Egypt did they also bring down the MPLS networks global companies use? Cheers Ryan -----Original Message----- From: Fred Baker [mailto:fred@cisco.com] Sent: Saturday, February 05, 2011 9:43 AM To: Hayden Katzenellenbogen Cc: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Does it not bode ill for "national security" if any party could take out a massive communication system by destroying/pressuring a few choke points?
You mean, like drop a couple of trade towers and take out three class five switches, causing communication outages throughout New England and New Jersey, and affecting places as far away as Chicago? Nope. Couldn't happen. More seriously, yes, one could in fact take out any connectivity one wants by withdrawing routes (which is reportedly what Egypt did), and if you hit enough interchange points that could get serious. At the risk of sounding naive and pollyanna-ish, we have a few more of those interchange points in the US than they have in Egypt. In theory, yes. Making it actually happen could be quite an operation.
-----Original Message----- From: JC Dill [mailto:jcdill.lists@gmail.com] Sent: Thursday, February 03, 2011 11:39 PM To: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch
On 03/02/11 10:38 PM, Paul Ferguson wrote:
And as an aside, governments will always believe that that they can
control
the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies.
Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the
direction of Egypt, where pressure on just a few companies CAN shut down
the entire internet. Otherwise we end up with a few companies that will
play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security".
If you *really* believe that the TSA is effective, you would be in favor
of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any
safer, then you should equally be very concerned that someone ever has
the power to order that the internet be "shut down" for our safety.
jc
No - at least some links were still up. I saw both IPVPNs and leased lines still working during the event. aj -----Original Message----- From: "Ryan Finnesey" <ryan.finnesey@HarrierInvestments.com> Date: Sat, 5 Feb 2011 23:58:35 To: Fred Baker<fred@cisco.com>; Hayden Katzenellenbogen<hayden@nextlevelinternet.com> Cc: NANOG list<nanog@nanog.org> Subject: RE: Weekend Gedankenexperiment - The Kill Switch Does anyone know when they took down connectivity in Egypt did they also bring down the MPLS networks global companies use? Cheers Ryan -----Original Message----- From: Fred Baker [mailto:fred@cisco.com] Sent: Saturday, February 05, 2011 9:43 AM To: Hayden Katzenellenbogen Cc: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
Not sure if it has been said already but wasn't one of the key point for the creation of the internet to create and infrastructure that would survive in the case of all out war and massive destruction. (strategic nuclear strikes)
Urban legend, although widely believed. Someone probably made the observation.
Does it not bode ill for "national security" if any party could take out a massive communication system by destroying/pressuring a few choke points?
You mean, like drop a couple of trade towers and take out three class five switches, causing communication outages throughout New England and New Jersey, and affecting places as far away as Chicago? Nope. Couldn't happen. More seriously, yes, one could in fact take out any connectivity one wants by withdrawing routes (which is reportedly what Egypt did), and if you hit enough interchange points that could get serious. At the risk of sounding naive and pollyanna-ish, we have a few more of those interchange points in the US than they have in Egypt. In theory, yes. Making it actually happen could be quite an operation.
-----Original Message----- From: JC Dill [mailto:jcdill.lists@gmail.com] Sent: Thursday, February 03, 2011 11:39 PM To: NANOG list Subject: Re: Weekend Gedankenexperiment - The Kill Switch
On 03/02/11 10:38 PM, Paul Ferguson wrote:
And as an aside, governments will always believe that that they can
control
the flow of information, when push comes to shove.
This has always been a hazard, and will always continue to be so.
As technologists, we need to be cognizant of that fact.
In the US, by accident (surely not by design) we are lucky that our network of networks does not have the convenient 4 chokepoints that the Egyptian network had, making it easy for the government to shut off the entier internet by putting pressure on just 4 companies.
Where we *really* need to be fighting this battle is in the laws and policies that are producing a duopoly in much of the US where consumers have 2 choices, the ILEC for DSL or their local cableco for Cable Internet. As theses companies push smaller competing ISPs out of business, and as they consolidate (e.g. Cablecos buying each other up, resulting in fewer and fewer cablecos over time), we head down the
direction of Egypt, where pressure on just a few companies CAN shut down
the entire internet. Otherwise we end up with a few companies that will
play Visa and PayPal and roll over and play dead when a government official says "Wikileaks is bad" - and equally easily will shut down their entire networks for "national security".
If you *really* believe that the TSA is effective, you would be in favor
of an Internet Kill Switch. If you understand that this is really security theater, and despite all the inconvenience we aren't really any
safer, then you should equally be very concerned that someone ever has
the power to order that the internet be "shut down" for our safety.
jc
No. The correct answer is that in the U.S., if the Agent in question has a valid subpoena or N.S.L., you must comply. If he doesn't, then you do not have to comply.
I cannot answer for any other jurisdiction.
Also, make sure you have staff attorneys well-versed in Internet law -- you'll need them either way.
- - ferg
The federal government clearly has the authority to manage communications across the border of the country and between states but it would be questionable if the federal government has the authority to manage any communications completely within a state. Do they have the authority to tell me to turn down a connection that terminates within the same state that I am in? Sure, they would have the authority to tell me to turn down any international tunnels I might have running or a point-to-point that crosses state lines but I doubt they have the authority to tell me to turn down a cross-connect terminating in the same building. That would be the jurisdiction of state authority, not federal.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Feb 3, 2011 at 10:07 PM, George Bonser <gbonser@seven.com> wrote:
The federal government clearly has the authority to manage communications across the border of the country and between states but it would be questionable if the federal government has the authority to manage any communications completely within a state. Do they have the authority to tell me to turn down a connection that terminates within the same state that I am in?
Sure, they would have the authority to tell me to turn down any international tunnels I might have running or a point-to-point that crosses state lines but I doubt they have the authority to tell me to turn down a cross-connect terminating in the same building. That would be the jurisdiction of state authority, not federal.
I am making no argument to the contrary. But I should caution you that there are forces at work currently which are making motions to federalize this authority. I think we all should be deeply concerned -- some of this pandering/politicizing/scar-mongering can have ill effects. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNS5kHq1pz9mNUZTMRAv3oAKCsa61VtcyKOiVWqGZ2mJX4eFScuACffSWB thx5VA2MbLZyGn/GzH3Qz2M= =oKF9 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On 2/3/2011 7:43 PM, Jay Ashworth wrote:
An armed FBI special agent shows up at your facility and tells your ranking manager to "shut down the Internet".
Let's look at this from a different perspective. What level of impairment would the feds face if they ordered wide spread net shut downs. Do the feds have a big enough network of their own, that they can continue to operate without the commercial nets being up? I mean they would need to declare martial law and coordinate enforcement activities. Can they do this all via satellite networks? Also what's to stop the operations staff from saying "no way jose" and walking out? Ok. Let's say they aren't dependent on the net being up. What would the scenario look like? Presumably this would be at a major IX, colo etc? Like say One Wilshire or something? They would show up with several agents, and probably some tech folks. One presumes they would have an injunction or some other legal authority to order you to terminate connectivity. This would have to be spelled out to the letter (terminate all IX traffic, drop all external sessions, take down core routers etc).
What do you do when you get home to put it back on the air
Put what back on the air? Regional connectivity to let people coordinate a revolution? (I'm dead serious by the way. If things have gotten to the point where the feds are shutting down the net, it's time to follow our founding code: That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it Depending on the geography, one could establish some long distance links via 802.11/3.65ghz. Hopefully that gear is already on stand by.
-- let's say email as a base service, since it is -- do you have the gear laying around, and how long would it take?
Well I'm a huge data ownership guy and have been preaching to folks the importance of self hosting. Lots of details are on my wiki at http://wiki.knownelement.com/index.php/Data_Ownership So yes, I have the gear in service already doing my hosting. I also run a small neighborhood WISP. I only offer net access via that WISP, but it would be trivial to stand up a neighborhood xmpp/irc/mail/www server in that VLAN. Maybe I should do that now. Get people using it before hand, so it's what they naturally turn to in time of distress/disaster. Hmmm....
Do you have out-of-band communications (let's say phone numbers) for enough remote contacts?
How much phone service would still work, if the feds hit all the major IX points and terminate connectivity? I seem to recall much discussion about the all IP back bone of the various large carriers (Qwest/ATT). I guess calls in the same CO and maybe between regional CO's might work. Think of this from a disaster preparedness perspective (ie a major earthquake or terrorist attack significantly damages One Wilshire and/or various IXes in the bay area). AT&T has a very large CO right next to One Wilshire, with something like 1.5 million lines terminated in the building. It wouldn't take that much work for the FBI to shut those places down if they felt a significant need to. Interesting thought exercise. Let's keep the conversation going guys/gals!
On 2/4/2011 11:13 AM, Charles N Wyble wrote:
How much phone service would still work, if the feds hit all the major IX points and terminate connectivity? I seem to recall much discussion about the all IP back bone of the various large carriers (Qwest/ATT). I guess calls in the same CO and maybe between regional CO's might work.
Yeah, that's the problem. The Internet isn't the Internet. The data needs of public Internet have reached a level that it is actually cheaper to consider the networks we use to transport that data as our primary networks, and run everything else over it as bonus recovery revenue (and MPLS became really popular). Most LECs are at least considering, if they haven't implemented, SIP/MGCP from DLC/ONT to local or region soft switches. In addition, long distance is increasingly running over pseudowire or SIP trunks. Cell networks are definitely pushing hard to drop the old T1 circuits and cranking up 300mb+ circuits, which often causes the carriers of those circuits to backhaul the other cell companies who still require T1 via pseudowire. They aren't being picky either. I about died laughing watching a small LEC setup some feeds for some cell towers. The circuits cross 4 different networks with at least 3 different types of transport configurations (gpon through a calix E7, which is pure L2 ethernet, Lucent DMX ethernet over sonet, and a high end Alacatel IP/MPLS network which I'm sure carries Internet traffic as well). Jack
participants (32)
-
Alastair Johnson
-
Barry Greene
-
Barry Shein
-
bmanning@vacation.karoshi.com
-
Charles N Wyble
-
Dave CROCKER
-
Eric Brunner-Williams
-
Fernando Gont
-
Fred Baker
-
George Bonser
-
Hank Nussbacher
-
Hayden Katzenellenbogen
-
isabel dias
-
Jack Bates
-
Jay Ashworth
-
JC Dill
-
Joe Provo
-
Josh Smith
-
Karl Auer
-
Ken Chase
-
Lamar Owen
-
Mark Newton
-
Martin Millnert
-
Matthew Moyle-Croft
-
Matthew Petach
-
Michael Coxe
-
Nick Hilliard
-
Paul Ferguson
-
Randy Bush
-
Ryan Finnesey
-
Ryan Wilkins
-
Valdis.Kletnieks@vt.edu