For want of a single ethernet card, an airport was lost ...

Zach White zwhite-nanog at
Tue Aug 21 09:30:36 UTC 2007

On Mon, Aug 20, 2007 at 10:11:33PM -0500, Stephen Sprunk wrote:
> The problem is that if you have a second path of entry with lesser security 
> protocols, attackers will find a way to get themselves onto that path.  For 
> instance, imagine the terrorists have papers that look legit but they know 
> won't pass computer cross-references; any time they want to come in, they 
> would just disrupt the computer network and force the agents to rely on the 
> papers alone.  That's why people get stuck on the runways waiting for the 
> computers to come back up.

So what happens when the attack changes from trying to harm/kill people
to disrupting daily life in general? If the attackers (who may or may
not be terrorists, whatever that means) can disrupt our networks 
whenever they want why isn't that a bigger problem than the fact they 
might slip a few people in? 

Remember, almost all of the 9/11 hijackers came into this country 
legitimately and had verifiable (if not legit) ID.

To bring this back into the sea of on-topicness, I invite you to 
remember the early 90s, when the biggest security problem a network 
operator had to face was compromised machines. Everyone "knew" that 
this was the only real aspect to computer security, and the fact that 
some sites could cram (a lot) more data down a pipe than others was 
known, but only crackpots thought it was a problem.

Then a little tool called smurf was released, and the game changed. It
opened our eyes to the fact that not all security problems involve 
illegitimate access. We realized that a Denial of Service attack was
just as bad, sometimes even worse, than a system compromise.

This same period gave rise to other tools that became the bane of 
network operators and irc users everywhere. Pepsi, winnuke, sping, jolt.
These tools didn't do anything to help the user gain access to a system,
but they allowed the user to cause just as much trouble. How many of you
who were working in any capacity then can honestly say you never spent 
hours calling upstream providers to get a flow of packets stopped?

At some point our networks have to remain useful. If they can be shut
down for hours or days at a time are they really secure?


More information about the NANOG mailing list