Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICMP_HOST_BELOW_HORIZON - TCP/IP Into Orbit

Posted by Hemos on from the packets-in-spaaacceee! dept.

Christopher Neufeld writes "As reported on ScienceDaily today, on April 10 of this year, some standard IP modules were uploaded to UoSAT-12, and got it answering pings. "

20 of 150 comments (clear)

  1. Re:Is the technology transferable to Iridium? by phil+reed · · Score: 3
    Trip time to geosynch orbit is 23000/186000 = .12 seconds, so round trip transit time is about a quarter of a second. UoSAT12 isn't that high, so the trip time is shorter.

    The rest is left as an excercise for the reader.


    ...phil

    --

    ...phil
    "For a list of the ways which technology has failed to improve our quality of life, press 3."
  2. Bring On The Packet Monkeys.... by Uruk · · Score: 4

    Slashdot will have that thing DOS'd out of the sky by this evening, I'm sure.

    --
    -- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
  3. Security -- this is foolish! by waldoj · · Score: 4

    This is cool and all, but, all jokes aside, isn't this a security nightmare. Sure, you can put up a firewall, password proection, IP filtering, PGP, etc., but is that really enough?

    From the article:
    From the comfort of home, an engineer logs onto the Internet using a laptop computer and communicates with an orbiting spacecraft. Using industry standard Internet protocols, simple keystrokes send commands adjusting the spacecraft's attitude.

    "Comfort of home&quot? Pretending that I'm a $6/hour ISP admin, couldn't I trap those packets and crash a satellite?

    I'm not trying to be a fearmonger, but I really do think that this is a case of Too Much Stuff Connected To The Internet. We all laughed a few years ago when kooks started saying that "Internet hackers" could shut down power plants and kill small woodlands animals. At the time, of course, none of these things were net connected.

    Now, between IPv6-addressable squirrels and this satellite, we really could have a problem on our hands.

    -Waldo

    1. Re:Security -- this is foolish! by Dr.+Zowie · · Score: 3
      Tell me about it. Much of our unmanned space program is inextricably linked with internet access. When I worked for the SOHO project at NASA/GSFC, several of the internal computers were cracked. Among them was mine -- a science workstation that could've (at the time) been used as a staging area for a more concerted attack on the command computers themselves (thanks to trusted-host protocols). The attackers used a well-known but unpatched hole in IRIX 6.2 (by default, the line printer account had no password). They were content to fire up an IRC server and brag about how kew1 they were -- we were lucky it was a random heist.

      Some of the other instruments' actual command computers were compromised in similar ways at other times. If the attackers had known what they were doing, (I think they, too, were script kiddies) they could've sent commands to the spacecraft, a million miles away.

      The problem for that project, as for so many, is lack of clear forethought about security and time pressure once the system was installed. We had a heterogeneous network set up by people from something like 10 different countries, and many workstations (mine included) that were administered by the scientists who used them.

      The big shock for me, both in my experience at NASA and at other high-technology, high-risk ventures, is that people remain people even if they work for NASA. Folks who are interested in flying spacecraft have little time to install the latest OS patches or to design secure protocols -- they're too busy shooting from the hip, making huge volumes of hastily written code work right, or cranking out the next research paper.

      IMHO, we need *less* connectivity, not more, to our spacecraft and their ground systems!

    2. Re:Security -- this is foolish! by SatelliteBoy · · Score: 4
      Well,

      Actually, satellite ground systems are already using TCP/IP. Ground systems communicate through the satellite on special commanding boxes, but those boxes get their commands through ethernet.

      Now, many amateurs receive signals from satellites, then decommutate and decode the telemetry. The old style C band satellite dishes work for this, they just need a little refit. One COULD command a bird with more hardware and some hacking - the US and USSR did it to each other's birds during the cold war.

      What's my point? I don't think this necessarily makes satellites more vulnerable. After all, the commanding and payload (commercial signals) ususally pass through different paths, and the command paths have a bit of security involved, including encryption chips with closed-source algorithms, courtesy NSA. That encryption applies only to US owned birds, BTW.

  4. Re:How about some Amateur Sats? by Detritus · · Score: 3

    Hard drives contain air at normal atmospheric pressure, not a vacuum. Most of them are not completely sealed, there is a small air filter that allows for pressure equalization. You would need to mount the hard drive inside a pressurized container on the spacecraft.

    --
    Mea navis aericumbens anguillis abundat
  5. How about some Amateur Sats? by cvoid · · Score: 3
    so, now that this has been done, how long until some of the amateur sats in orbit have this capability? with the launch of phase-3d, with its reprogrammable modems and modules, maybe we will have something to play with.

    i am actually suprised this wasn't done earlier with amateur satellites, as it is (aside from the issues involving communication with orbiting communications systems) just a wireless network connect. if the satellite was in polar orbit you'd have availability problems, but a sat in the clarke belt would be nifty.

    anyone know of plans in the amateur community to do this?

    oh, and check out AmSat for info on amateur satellites and whatnot.

    --
    cvoid - satellites are cool
    1. Re:How about some Amateur Sats? by Tackhead · · Score: 5
      And of course, I'm surprised nobody has suggested the obvious application:

      Get Gold & Appel (or some similar organization) to launch a mess of "sats" into "orbit" at the Earth/Sun Lagrange points. Run something like "Freedom" on them. Give each sat a bunch of space-hardened (i.e. you need an atmosphere and some radiation and heat shielding) umpteen gigabyte RAID drives.

      15 minute ping times, sure. But how the fsck will RIAA stop us from downloading MP3s when the servers are located in deep space? :) :) :)

      All it takes is one .com billionaire with a really twisted sense of humor.

  6. Is the technology transferable to Iridium? by Andy+Cole · · Score: 3

    This story is good news for the Save Iridium project. If the technology can be transferred to run on the Iridium satellites they could be used to enhance the internet backbone. Any idea what the ping is to a satellite from earth? AFAICT it will be in the 1 to 2 seconds range, which isn't terribly ideal but would suffice for large downloads with large packet sizes, making the ping time have little effect.

    Just my 2c.

    1. Re:Is the technology transferable to Iridium? by 2sheds · · Score: 3

      Sadly a lot of the harware in Iridium is specifically desgined for switching voice comms - ICO however were able to re-design their sats due to the fact that they haven't got any into orbit yet...

      j.

      --

      Absit Invidia
  7. Immediately followed by a suit from Metallica... by crosseyedatnite · · Score: 3

    when Napster was loaded onto it and a Metallica song uploaded. This is confirmed to be the highest upload recorded. The spacecraft has no comment at this time

    --
    e to the i pi equals negative one
  8. This will make Vint Happy by David+A.+Madore · · Score: 5

    Vinton Cerf (the "father" of the Internet, perhaps even without the quotes) is constantly talking about Internet in space, interplanetary Internet and so on. For example, in his celebrated essay (an Internet draft) "The Internet is for Everyone" (now the official motto of the ISOC), he writes:

    "The Internet is moving off the planet. Already, an interplanetary Internet is part of the NASA Mars mission program now under way at the Jet Propulsion Laboratory. By 2008 we should have a well-functioning Earth-Mars network that serves as the nascent backbone of an interplanetary system of Internets: InterPlaNet is a network of Internets. Ultimately, we will have interplanetary Internet relays in polar solar orbit so that such relays can see most of the planets and their interplanetary gateways for most if not all of the time."

    To be quite honest, if I didn't have so much admiration for him, I would say that Vint is going just a bit off his rocker, there. But, who cares? The idea is fun, and if a man can't dream, what's left for him to do?

    Did you know it, the ISOC has even formed an "Interplanetary International Special Interest Group" (IPNSIG).

    --
    David A. Madore (ISOC member)

  9. Nah. by hey! · · Score: 3

    "Comfort of home"? Pretending that I'm a $6/hour ISP admin, couldn't I trap those packets and crash a satellite?

    That's why things https and ssh exist. If I were a $6/hour ISP admin and could crack those, I wouldn't be a $6/hours ISP admin for long. There's tons of RSA encrypted traffic that's way more juicy.

    Combine VPN, strong encryption, and vigilant system administration and I don't think anyone will be sending spurious orders. Other than that I would see potential DOS problems, especially if the engineer is sending a sequence low level maneuvering orders that could be interrupted during execution. However you'd have to be brain damaged to design the system to work that way anyway -- what if your transmitter failed?

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  10. PINGS....IN....SPACE by yoshi · · Score: 4

    Sorry, I had to do this. Puns are way too much fun.

    On a more serious note, this bodes well for network engineers who want to get into the satcom industry. The differences between the computer industry and the communications industry are rapidly disappearing.

    -Josh

  11. Im^H'm in but thel ag is horrribl^H^H^H^Hible by SIGINT · · Score: 5

    w^HWell i finally got a shee^Hll on the satellite, but thhe lag is so bad i can'''t ^H^H^H^H''^Ht even use lynx well. Man, and theres something wrong with they^Hir stty settings. Anyway, FIRSTT POST FROM SPP^HACE! :wq^H^H^H oh yeah, i'm not in vii^H

  12. That's not the weak point. by Tau+Zero · · Score: 3
    ...you really have to wonder if this is a great idea. No matter how much security they put in, this makes either the satellite or their router vulnerable to a lot of the stuff people pull with TCP/IP these days.
    There are basically 2 ways to talk to the spacecraft: through your own radio gear, or through whatever gateways and firewalls other people have put between the Internet and their radio gear.

    If you have your own radio gear, you could have sent commands to the satellite using whatever protocol and authentication it wants even without TCP/IP. Adding TCP/IP, if the satellite functions are protected with the same authentication codes, doesn't make it significantly easier.

    The other way is to hack through someone else's gateway. If they've firewalled it, you've got the problem of defeating the firewall before you get to the satellite and its authentication mechanisms. Of course, if someone has left the authentication info lying around in an accessible place on their Internet-accessible computer, you're all set... assuming the satellite will accept configuration commands over the TCP/IP channel (it might not, the article didn't say if this was only used for the store/forward system or command and control as well).

    It's a pity we can't just ask Bruce Schnier for his opinion of their security model.
    --
    This post made from 100% post-consumer recycled magnetic

    --
    Time is Nature's way of keeping everything from happening at once... the bitch.
  13. You'll have to ping farther than that. by Tau+Zero · · Score: 5
    just something so cool about sending packets into outerspace and getting a response
    Space scientists would disagree with you on that point. This satellite is in low-earth orbit (LEO), which is not technically considered to be "outer space". If you uploaded a TCP/IP stack to one of the Voyager probes or even Galileo, that would certainly qualify. How many million msec is your timeout again?
    --
    This post made from 100% post-consumer recycled magnetic
    --
    Time is Nature's way of keeping everything from happening at once... the bitch.
  14. Packets from Mars? by CSG_SurferDude · · Score: 4

    Maybe I'm showing my age here, but does anyone else remember "Packets from Mars"?

    martian: n. A packet sent on a TCP/IP network with a source address of the test loopback interface [127.0.0.1]. This means that it will come back labeled with a source address that is clearly not of this earth. "The domain server is getting lots of packets from Mars. Does that gateway have a martian filter?" Compare Christmas tree packet, Godzillagram.

    jargon/m/martian.html
    From The Jargon file (4.2)

    --

    LongTail SSH Brute Force analysis tool is here!

  15. Security in space. by ClayJar · · Score: 3

    Okay, here's my take on the security thing. As of now, they are implementing TCP/IP over their satellite signals. I assume that they do not have the ground-based receiver connected to the public Internet, so there's not a whole lot of risk. Of course, then we get to the fun part.

    At some point in time, it is likely that researchers using the Internet proper will be able to communcate with a satellite. At that point, yes, there is a possibility of malicious individuals (or groups) getting into your sattellite. At least one barrier to entry would be the ground station-to-satellite link. If you kept this secure (using open and tested protocols and such), a malicious entity would require both a ground station of their own and strong knowledge of the ground-satellite signal specifications and protocols.

    If you set the satellite to only act on signals coming from known-good ground stations (based on geophysical location), then a ground station would have to be compromised in order to take over a satellite. This would add another layer of security.

    If you, say, hard code those coordinates and the verification routines (and make sure you don't pull a Hubble), you could be fairly certain that your satellite can't be controlled by anyone else, except through your links. If, then, you use secure connections through said link (which means keeping the stuff current, of course), you should be fine.

    All in all, it should be no easier to maliciously control a 'Net sat than it is to use an existing attack against the current generation. (Disclaimer: I am not a rocket scientist, although I did take a class covering the basics.)

  16. Independence Day by Sinjun · · Score: 3

    Wait a minute ... now aliens can come down and upload a virus to our satelites. We're opening the backdoor to alien hackers!