Weekend Gedankenexperiment - The Kill Switch
George Bonser
gbonser at seven.com
Fri Feb 4 07:59:45 UTC 2011
>
> 3. Website: as above, keep a duplicate copy of your basic HTML pages
> on
> some DoK that you can take with you. Have the user+pswd to your
> registrar so you can repoint your DNS to some new site you now
> setup up
> with the new updated info about your downtime.
>
> -Hank
Having a DNS server and MX host outside the borders of the country would
help as well.
I believe that any "attack" is likely to come from within, not from an
external source. It would seem most likely to me that some malware
would be spread around ahead of time that does nothing to bother the
host until it is time for it to act. At that point, cutting off
international links will have little/no impact and would possibly be the
entire goal of the event. Shutting down the Internet would be "mission
accomplished".
The government should be, in my opinion, focusing its efforts on how it
can best facilitate a coordination of efforts to A: profile the traffic
so it can be blocked B: locate infected nodes so they can be
disconnected or disinfected.
The source of the attack is not likely going to be network
infrastructure but instead the millions of end user devices out there.
Questions like: who is monitoring traffic and noting traffic profiles of
malware and developing some mechanism for distributing those traffic
profiles to network operators so they can be blocked or otherwise acted
on?
How can that distribution channel be made "robust" in the face of a
general public network breakdown?
Is there a need for some sort of an operational "order wire" network
that interconnects network operators as sort of an "out of band"
communications path for handling emergency coordination among operators?
What would be the connectivity requirements for such a network?
The government could be a lot of help in keeping the network up in the
face of attack rather than simply shutting it off. The emphasis should
be on keeping it working, not how to most efficiently shut it down.
More information about the NANOG
mailing list