Slashdot Mirror
The Root of All E-Mail
wiredog writes "A Washington Post story about the DNS, the VeriSign NOC, and some of the security therein." Especially interesting in light of the recent security lockdowns throughout much of the Western world. The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad.
You'd think that the people with VeriSign would want a little redundancy in their DNS root system, but apparently this is what happens when you let one corporation monopolize critical national resources...
Obscurity is the first line of defense. The building is unmarked, its address unspecified in company literature and its managers tight-lipped about disclosing driving directions or identifying markings to strangers.
They are apparently okay with featuring the place in an article in the Washington Post, though. Sheesh.
I watched C-beams glitter in the dark near the Tannhauser gate.
Verisign offer Tours of their Virginia NOC. Do they take you there blindfolded?
0xB
Reading about the physical security is interesting. I'm wondering why they wouldn't just contract out with the Government and move the operation to a secure military installation somewhere in the DC area. There are plenty of them around there. Granted, it seems that they have taken care of their current security needs, but it might be cheaper/easier to locate it in a protected area that is already guarded. I get the feeling that "Security through Obfuscation" (the actual building) might not be the best policy.
Still fascinating though.
Jason
He's totally creeping out the Great One, eh...
Security through obscurity will never solve anything when used as the first line of defense.
If you're going to build a place like this, someone unauthorized will eventually find out about it. Hell, just look at the security of the government's nuclear research labs and the whole Wen Ho Lee fiasco a few years back. And nuclear secrets are far more dangerous than a temporary internet slowdown.
If I was them, I'd quit worrying about how plain looking and unmarked the building is and start worrying about how hardended it was made. Ideally, they would place it inside a mountain so it would be immune to various airliners falling out of the sky. Also, it would have a myriad of redundant network links.
Secrets have never worked in security before, and they won't work now. If they want to protect the root servers, they'll have to base it on sound engineering, not the assumption that no one will ever find which building it's located in (any network engineer with a sense of adventure and a flashlight can prowl the sewers tracing data lines, anyway.).
is Dogbert the CIO at Verisign or something?
"He who controls the information controls you. I CONTROL THE INFORMATION!!"
Someone needs to check their HTML. Italics are hard on the eyes.
"I hope they legalize drugs so you hurry up and fucking die." Charles Bronson (the band, not the man)
"Obscurity is the first line of defense. The building is unmarked, its address unspecified in company literature and its managers tight-lipped about disclosing driving directions or identifying markings to strangers."
Hmmm....
VeriSign Network Operations Center
21345 Ridgetop Circle
Sterling, VA 20166
I don't think security is *quite* as tight as they say. Course, if A root where to go down, I wouldn't know the difference betweent that and the crappy windows DNS servers here....
Venkman - "I'm a little fuzzy on the whole good/bad thing. What do you mean, bad?"
Egon - "Try to imagine all life as you know it stopping instantaneously and every molecule in your body exploding at the speed of light."
Ray - "Total protonic reversal..."
Venkman - "Alright, important safety tip. Thanks, Egon."
Ah, one of the great comedies of the 80's...
---
"how can the same street intersect with itself? i must be at the nexus of the universe!" - cosmo kramer
This is a good reason why non-centralized services are a good idea--they don't need that level of 'eggs-in-one-basket' security.
"It's ... It's ... It's the STAY-PUFT MARSHMALLOW MAN!"
:)
"The Stay-Puft Marshmallow Man! He was on
all the packages we used to buy when I was
a hax0r. We used to roast Stay-Puft marshmallows at DEFCON.."
Sorry..
"Hey! Unless this is a nude love-in, get the hell off my property!!"
Hemos said...
Especially interesting in light of the recent security lockdowns throughout much of the Western world. The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad.
Absolute proof that the Slashdot editors don't even bother to read the articles, and just depend on their wrong understanding of things.
From the article...
"The DNS is built so that eight or more of the world's 13 master root servers would have to fail before ordinary Internet users started to see slowdowns, according to John Crain, manager of technical operations for the Internet Corporation for Assigned Names and Numbers (ICANN).
ICANN manages the DNS and sets policies for registry operators and domain name retailers.
"Theoretically, if 'A' were to disappear, we could pick it up from one of the other servers," Crain said. "Moving the place where the zone is picked up is very simple."
In other words, don't panic. The A server is just the highest profile target.
Sometimes it's best to just let stupid people be stupid.
The article seemed to be a little scare-mongery, considering how they go on to describe that the other root servers can easily take over.
A bigger question is: how well protected are the public peering points, like MAE East and MAE West? Since even international traffic is often routed through them, we would see an instant slowdown if one of those two nerve centers were destroyed. Big businesses might have private peering arrangements that would survive, but you can bet that a ton of smaller sites would be affected by a loss of a MAE.
Your right to not believe: Americans United for Separation of Church and
"The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad. "
No, read the goddamn article already;
"The DNS is built so that eight or more of the world's 13 master root servers would have to fail before ordinary Internet users started to see slowdowns, according to John Crain, manager of technical operations for the Internet Corporation for Assigned Names and Numbers (ICANN)."
Duh.
-Leperflesh
I am allowed to criticize you: you are not allowed to criticize me. Sorry, that's just how things are.
I thought the Internet was designed to survive nuclear war. I guess the fine print must read "as long as the bombs don't fall on certain bottleneck locations".
What? No guards with shotguns? No dogs? No mines?
Geez. They're a bunch of wimps.
If losing a root server is so bad, then maybe all of us with *nix and *BSD boxes should start running caching DNS servers? It'd essentially be a distributed DNS, but then you'd lose all central control of DNS names. If they fear losing one of their root servers, maybe they should offer a distributed solution that would make it hard to take out 'the server,' if you will.
As we've seen with other distributed networks, like gnutella and Kazaa (please excuse the crude analogy), it's nearly impossible to take the entire network down in one fell swoop, as it is with a centralized server (like Napster had/has).
Just my two cents.
Out of curiosity, I've seen pictures of lots of NOCs that have similar setups as what's described in the article. What kind of software is usually used for putting real-time "war room" statistics up on NOC displays? Is it usually custom-written for each setup?
These people's mastery of the 'Net didn't even extend to being able to discern Evil Bert.
A lot of good wanking in that article but I wouldn't be too worried about the A Root Server being a very realistic prime target for terrorists. After all, I'm sure the A root service would be back online within hours operating a different location and although there might be a few hiccups, things would return to normal fairly quickly.
Much better to remain horribly paranoid about nuclear facilities, dirty bombs, EMPs, smallpox, etc..
mje0w!!!1!
kinda makes you wish the internet more was peer to peer huh?
-Cyko
This message was brought to you by the death of 30 brain cells.
i remember hearing about a project someone had started to set up an alternate set of root servers primarily for the purpose of re-allocating top-level domains and eliminating the artificially limited resource that is the current state of the web's dns... what ever happned to those guys? mabye they're project could be just the thing the web needs now...
Hmmm, the article seems to make a BIG point out of the fact that losing the A root would be non-catastrophic. Indeed, they mention that 8 of 13 roots would have to be down before the average user would notice the slowdown. It's nice to know the users here aren't the only ones who like to post without reading the article.
But the article further goes to mention how important the Internet is to our economy. Is this true?? I don't really think of the internet as critical infrastructure.
If the Net went down tomorrow, and was down for a week, would this really affect the economy in a signifigant way?? (Well, aside from the panic of investors...)
I understand that more and more comapnies are using the Net in a part of their workflows, but I don't think the internet provides and unique service that couldn't be done without.
E-mail: Use the phones.
Web: Read a book
Any data that is transferred could just as easily go by modem.
The internet serves as a convenience in many ways, but I dont think this almost 10 year old (less in the corporate mind) bit of infrastructure has become crucial to us yet. It has really been just the last few years that anybody started doing anything with the net at all, and mostly that has been VPN and changing communication methods. (i.e. Use the net instead of UUCP and a modem.)
So, my question is, what kind of critical services would be missing if the net suddenly went away. Sorry, I do not consider e-mail a critical service.
~Hammy
nothing4sale.org
anyways, just food for thought.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I thought this was another article about the spam coming out of China! ;).
April 21-27-- Slashdot Blackout: Do your duty.
I was surprised that the equipment is on the top floor.
It would seem that you would be better off going w/the basement. In fact the deeper the better, I would think.
Airplane strikes come to mind as one reason.
Or the fact that if someone took out the ground floor- the floors above it go too, but if you are deep enough that could be avoided.
Apparently physical security isn't of the utmost importance, as they say.
The raised floor is always good- or the night guy's beer wouldn't stay cold.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
IN AD 2002 WAR WAS BEGINNING
(Scene: Verisign Data Center inside Washington DC. Huge explosion on top floor of red brick office building, sending flaming servers flying through the night sky)
(Cut to home of Verisign CEO, he is in bed with his fat wife, snoring loudly. The phone rings, and he wakes up, wiping the slobber from his chin while answering)
Verisign CEO: "What you want!"
Voice on the phone: "Somebody set us up the bomb!"
CEO: "What you say!"
Phone voice: "We get signal!"
(static on phone, all of a sudden a voice breaks in)
Arabian voice: "How are you gentlemen? By the Grace of Allah, All your A Root Servers are belonging to us! You have no chance to survive, make your time!"
CEO: "It's YOU! Restore backup! Implement Emergency Response Plan A! Move every server! For great justice!"
Arabian voice: "HA HA HA HA HA HA HA!"
mje0w!!!1!
The DNS system is probably one of the least problematic systems. The zone files that are spread out to the root servers are also "publicly" availiable. No, you can't get them (would be a problem because of spam, etc.) but ie. large ISPs can get them to run their own root level hiearchy. This is good for large ISPs as it will cut down on bandwidth usage. This might also be a great solution for the future. If ISPs hosted the root level zones themselves, the DNS system would be virtually unbreakable and the bandwidth usage due to DNS requests would dissapear.
The last thing I'd want someone to think is that they could put a bomb around their waist and hug the A root and think they're going to significantly impact the Internet," Rippe said.
Rippe said that while such an attack could kill many employees, the Internet's addressing system is designed to withstand the destruction of much of the physical infrastructure that houses it.
So the threat of someone cracking the DNS server and screwing it up in such a way that it wouldn't get noticed immediately could be worse. Let's say you start altering the records. Once that starts to replicate from the root server on down, you can cause a lot of trouble. Do that to just eBay's or Amazon's domain (or gasp! Slashdot's), and you could cause quite a stir.
Robotiq.com is heavily tested on animals
I got the impression that counting the A server, there were at least 4 of the main ones they're talking about in this one building. Granted taking out one of the servers wouldn't hurt you, not even the A, but if there are at least 4 in this one building... a terrorist would only have to take out 5 buildings at most. That is assuming there are not more than 4 in this building and no more than one at each of the other locations.
It's easy to stand out when the general level of competence is so low.
"Obscurity is the first line of defense. The building is unmarked, its address unspecified in company literature and its managers tight-lipped about disclosing driving directions or identifying markings to strangers.
While the location of the building is not a true secret -- dozens if not hundreds of Internet addressing insiders know where it is -- it would be difficult for a casual vandal or criminal to stumble across it, Rippe said.
And the casual vandal or criminal would be interested in it because?
For crying out loud, a 1 second Google search on "Verisign NOC" reveals the COMPLETE ADDRESS in a PARTY INVITATION!?!? in the very first result!
Yeah, I feel safe.
I have a world map with root-servers pointed on it, looks like the area in which the A server is (Virginia, Maryland) hosts not one but six (A, C, D, G, H and J) servers, some of which (like H, run by US Army) are probably veeery well defended...
I found a link to the same pic on the net:
cs.ucla.edu
...or maybe just nuke the whole area and you take down 6 of them
Vacuum cleaners suck. Kings rule.
http://www.open-rsc.org/
there is a hope. anyone can set up a dns server. anyone can choose to use or not use that server.
http://www.open-rsc.org/
check this vision out... it seems to me that
they're time may have come.
Just snipping the connection between these machines and the rest of the world would suffice. I hope its more complicated than it sounds, but each of those machines has to plug into something, right? Just find where that something (all 10 zillion fiber cables or what not) exits the building in which it is housed and SNIP! All done!
In case of fire, do not use elevator. Use water!
and completely fail to worry about the company that runs it. an attack on the net by VeriSign is much more likely to succeed than an attack on the root servers by terrorists.
.COM, .ORG, or .NET domain name.
oh wait. the attack already happened, and that's why VeriSign retains effective control over the root and manages to impose a tax on every
"The DNS is built so that eight or more of the world's 13 master root servers would have to fail before ordinary Internet users started to see slowdowns, according to John Crain, manager of technical operations for the Internet Corporation for Assigned Names and Numbers (ICANN)."
Where did this magic number 8 out of 13 come from?
-- everyones not everybody and neither is everybody like everyone.
Old map showing the approximate locations of each of the root servers.
Although there are 6 listed in the VA/MD area, they're all in different places, some in different towns.
Of course, some of the locations may have changed by now, but I don't think they'd be silly enough to put 4 in the same building. Rather defeats the purpose!
As briefly noted in the Post article, the DNS infrastructure, like most essential net technology, pretty much doesn't have any single points of failure. It's immune to local physical attacks or natural disasters. The article is just a sensationalist trip into a modern high security datacenter full of Ooh-ing and Aah-ing, and doesn't have much relevance at all to the security or stability of the 'net.
11*43+456^2
I almost got as far as the rest of the posters here before giving up in disgust.
"Security and stability are like Siamese twins. You cannot have stability without security," said Mark Rippe, vice president of technical operations for VeriSign Global Registry Services.
Huh? I mean, it's the other way around. You can't have security without stability, but you most certainly have stability without security. Shit, the various DOS flavours had no security model whatsoever, but I never heard anyone bitching about DOS kept crashing their spreadsheet. On the other hand, an unstable system with a good security model (think NT as an example) can cause security problems when components stop working as designed.
At this point, there are some minor doubts as to whether this person, Mark Rippe, should be trusted, but I won't discount it yet. To continue:
". . . Our primary function is the stability of the global Internet."
Again, things are backward here. The internet does not need DNS to function. DNS relies on the internet. It's not the other way around.
Obscurity is the first line of defense.
Thank you and good night. Middle managers should not be promoted to VP or C-level positions. I hope that this is soon realized by the Verisign global registry services group, and that Mark Rippe is soon back to his previous job of moving paper from the 'In' box to the 'Out' box. Maybe then things will run smoothly at Verisign, and they won't have to scam customers by sending them fake renewal notices.
Even if someone were able to take out all 13 "master" locations, the basic root server information (well, in the event of such a catastrophe you would be fine with information a few days old) is probably stored in hundreds of spots at the big ISPS. So no, the internet isn't vulnerable to physical attack. Smart viruses, generated by either EXTREMELY (i.e. godlike) hackers or some sort of artificial intelligence are one way it could be brought down.
sheesh.
without the internet, i have no business. pretty simple. likewise amazon, ebay and /. have no business without the net.
5???
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
I was thinking at least round-robin DNS cluster but it seems like A root server is just one box. I'd worry about hardware failure more than terrorism if it was just ONE machine running the zone. What kind of hardware does the A server run on anyways?
There's 10 types of people in this world, those who understand binary and those who don't.
It was stated that if 8 of the 13 root servers were destroyed, the internet would slow down?
Ummm... no. It wouldn't slow down. DNS resolution would stop. Thats it. Most users might think the entire internet came to a complete halt, but thats not the case.
Skiers and Riders -- http://www.snowjournal.com
Comment removed based on user account deletion
No one mentioned that this building is one of the approach paths of Dulles Airport, where the plane that hit the Pentagon on Sept. 11th took off from.
Hows THAT for security?
-db
Well, some operator put in "The internet doesn't exist any more" into the root server, and all the so-called backups blindly copied it.
Mention it today for your free karma!
OOG USED TO RUN A-SERVER IN OPEN-SOURCE CAVE. OOG FATHER SOLD MANY BAGS CAVE WEED to AFFORD BANDWIDTH COSTS!! OOG NEVER HAD to WORRY ABOUT TERRORISTS BECAUSE OF OPEN-SOURCE SABRE TOOTH TIGER PROTECTION!!! OOG SOLD A-SERVER TO GOVERNMENT IN EXCHANGE FOR 50 CAVE-HO'S!!!
So.. let me get this straight. Verisgn realizes that they basically "run" the internet and as a result they don't care if they blow customers off. I'm sure I'm not the only one who has had major issues with Verisgn. Even writing to them for a simple answer to a simple question about how often domain names are flushed from their database results in them coming back to me with a request for more information. I ask them
"> How often do you guys "flush" your database so
that expired domain names
> become public again? There are some domain names (even ones I've owned
> but not renewed that after a year are still in the database)."
and they say:
"Please know we genuinely want to help you in this matter.
In order for us to assist you please send the following to:
customerservice@networksolutions.com
a) A detailed description of your concern or question
b) The domain name
c) account number (if applicable)
d) Any NIC tracking numbers you may have received. These
appear in the subject line of the header of all messages
sent from VeriSign (example: NIC-010409.3ee1)"
What Ever! I included more then enough information in my e-mail. Perhaps the fact that Verisng is "god" of internet domains and NSI is the reason they haven't expired domains that have expired since 1 - 1 1/2 years ago!!!?!?
If someone should be able to knock out all these root servers, zone-files and the major DNS's in the world the net would still excist. In the days to follow such a thing hackers would start running DNS-servers, searching logs and reconstruct the domains. Following weeks governments world wide would have reconstructed the net on more solid bandwidth.
Look a monkey!
Just FYI:
:-)
The root-servers know where to find everything which is below the root (like com, edu, net, nl, au, cn, tw, us).
The gtld-servers (global top level domain, i.e. the non-country codes) know where to find everything which is like philips.com, freebsd.org and berkely.edu.
The country-code-servers know where to find xs4all.nl, org.au and co.uk.
In the past I've made a small tool called dnstracer (shameless plug) which shows you what queries your DNS server is doing to get the answer for a hostname.
If you play a little bit around with it you'll see how easy it is to live without connectivity to the root-servers.net machines, thanks to caching etc. Well, for the first two days that is
bash$
This fellow frankly doesn't know his head from his /dev/null.
Anyone following the Wen Ho Lee scandal would know that the whole thing was enormously overblown. In the end, he was let go with a misdimeanor dealing with improper storage of data, and the judge sincerely apologized for the government.
Bob
Science, like Nature, must also be tamed, with a view turned towards its preservation.
The internet serves as a convenience in many ways, but I dont think this almost 10 year old (less in the corporate mind) bit of infrastructure has become crucial to us yet.
Think about any business that uses a PBX phone system. You may have 2,000 internal phone numbers, but only 500 outside lines. Suddenly the PBX goes down. Most likely your entire company loses communications. Within a couple of days you could have those 500 lines distributed to your workers, giving 1/4 of them direct lines. Then you have to worry about getting those hundreds of phone numbers out to every client and potential client.
Business use this scheme because it is much cheaper than having as many outside lines as employees. And it's more convenient to administer. Could businesses go on without it? Sure. But the short-term dislocation would be horrendous. It's the same with the internet. Those businesses that rely on it use it for cost and convenience. They could do without it, but the transition would be painful.
Nope, no sig
In any security situation all you would need to find is the weakest link. It doesn't matter how well that building is protected it needs to comunicate with the world and therfore this issue is more complex than it sounds.
DRM? No thanks, I'll just get it somewhere else...
it's also amazing how articles critizing
ICANN are enthusiastically accepted, whereas
articles critizing VeriSign are labelled
as trolls.
I've gotta hand it to the VeriSign folks -
they're masters at pulling wool over
people's eyes.
I wanted to forcefully insert some more TLDs like .(my first name) and other cool stuff. Boy was I a lamer to try that. I can't remember how I did it, but I remember verifying that each root server was like 5x redundant and there was like A-K. Man what a hack that would be.
Since keeping a low profile and getting a relatively calm surrounding for this 'A' box is evidentially vital, I propose that the server is moved outside of the U.S.A..
;-)
Since terrorist attacks (hackers == terrorists, right?) are the largest threat to this system, it is obvious that such vital machines should not be put inside the backyard of Uncle Sam.
This might also be helpfull if the system actually turns out to be helping in circumventing any US patents, and thus violating the DMCA or whatever strange stuff you do over there.
Thirteen roots for the geeks and surfers
One root to rule them all, one root to find them and on the Internet bind them.
One line blog. I hear that they're called Twitters now.
Once upon a time, the MAE NAPs were certainly a big choke point. A few years ago, you could have blown up two nondescript buildings across the street from each other in Tyson's Corner, VA (MAE-East 1 and 2) and a tall building on Market Street in San Jose (MAE West) and pretty much taken down the Internet.
However, that's not so much the case today. The fact is that most traffic (in the US at least) goes between the Big Three (UUNET/WorldCom, Sprint and Cable & Wireless), or at least it could go because most networks have an upstream multihomed connection to one or more of the big three. And those guys have plenty of private interconnections, some of which are outside of the NAPs.
Networks have also shifted away from the old MAE model (FDDI connections into these huge mother-f***er DEC gigaswitches housed in the MAE buildings) and towards ATM-based NAPs, where you just get a virtual circuit in a "cloud" in the area. The weakness of the FDDI-gigaswitches model that caused people to move away from them was not the security aspect, but rather that they were a huge pain to upgrade and became a huge sinkhole for packet loss when they were overburdened (e.g., MAE-East in late 1997).
Of course, the MAEs still are important - there's a hell of a lot of fiber running through there, and taking it out would require everyone to route around it, causing a HUGE temporary disruption - but they're not the tremendous choke point/security risk that they once were.
"95% of all Slashdot
Didn't Sun hardware run at least one of the .root servers at one point, leading to their "We're the dot in .com" ads?
Michael C. Hollinger
Hey... this Staypuft guy isn't so bad... He's a sailor... he's in New York.... We get this guy laid, we got nothing to worry about...
Winston: This job is definitely not worth $11,500 a year.
Fire and Meat. Yummy.
I thought the root of all e-vil^H^H^H mail was outlook?
"The last thing I'd want someone to think is that they could put a bomb around their waist and hug the A root and think they're going to significantly impact the Internet,"
Forget the bomb. What techie wouldn't get a boner for the chance to "hug the A root"?!?
I'm against picketing, but I don't know how to show it.
I know this is offtopic, and I know the poster already got reamed for misunderstanding/not reading the article, but that Marshmallow Man line had me laughing for a whole minute. I don't describe nearly enough of my life in terms of Ghostbusters!
I will be greatly saddened to be modded down for this silly little comment.
"The reason why you're seeing such a focus on VeriSign is that the safety and the integrity of these systems needs to be analyzed and needs to be improved upon regardless of how safe they currently are." -- Commerce Department spokesman Trevor Francis
No matter how good it is, we need to improve it. That makes a whole lot of sense. 'Hey people, we're doing something to make you safer!'. What a bunch of loons.
Denial of Service attacks or a recent
The whole "Wen Ho Lee fiasco" was a lot of FUD by the FBI to coverup the fact that they knew nothing about how nuclear secrets were stolen.
Yes, he broke a lot of regulations by allowing his daughter to login, copying data onto floppies to keep safe, etc. I know his daughter and we used to play the same MUD and she used to login to his account in order to get a better network connection yet they made it out as if he was letting Chinese secret agents into his account instead.
Mmmm.. Donuts
All your marshmallow belong to us!
But I don't have DNS half the time [corp FW] and the other half it's slow, so I put important sites in a big @$$ /etc/hosts [doubleclick.net 127.0.0.1] .
I don't think I'd notice DNS out except for an inexplicable speedup :)
The havoc of losing the A root server would be bad, like Staypuft Marshmallow Man bad.
Psh! I don't care if all DNS servers collapsed! I've got 64.28.67.150 tattoed on the back of my hand.
Pinky: "What are we going to do tomorrow night Brain?"
Brain: "I would tell you Pinky but this 120 char limi
Why of course it's important to the economy! Ask Hillary Rosen or Jack Vallenti, and they'll tell you that just as soon as they can strip our ability to move bits from here to there, they'll stand to gain Billions in lost revenue. That isn't important to the economy?
Why would terrorists want to attempt to destroy or cripple the Internet? It would be naive to think that they do not use it for communication and information. I could be wrong, but to me it would not make sense for them to try and destroy or harm the Internet as a whole.
Attacking portions of the Internet might make more sense, but I still do not think that terrorists would try to destroy or criple extremely vital portions of the Internet that affect it as a whole.
The actual location of the A root server will not be shown to visitors nor the building itself but another "NOC", most likely the corporate NOC. Still looks impressive but is not the one mentioned in the article. Its a corporate gathering if I'm not mistaken.
with private peering points among the national backbone providers. International traffic though would be more vunerable but far less than in previous years. The trans-atlantic/pacific cables themselves would seem to be a bigger target but given where they are located and what would have to happen to take them out it would seem very unlikely.
From now on, I'm viewing slashdot with images turned off. Fuck this shit.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
It's not imposible to take out a transoceanic cable. A deep-sea trawler (fishing boat) severed the AT+T cable from mainland US to Hawaii in 1989. Trawlers are the sea-going equivalent of the backhoe.
http://www.deadmedia.org/notes/43/437.html
--Pat / zippy@cs.brandeis.edu
Dream on, loser.
.
And proud we are here at Anonymous Central.
I was having coffee today with Anonymous President and Anonymous Defense Secretary and we all thought it a shame there weren't more first posts by Anonymous Coward.
Any right thinking American realizes the only way to post on slashdot is anonymously. It's the only way to protect your Constitutional right to privacy and freedom of expression at the same time. All these, "I logged in" people are just desperate for attention.
Have a nice Anonymous Day.
Anonymous Advocate
I wish you people would quite worrying so much about this stuff.
I'm the sysadmin and I've backed up all the necessary files on a floopy disk that, for security reasons, I keep in my sock drawer.
So relax. The Internet is safe and secure.
This may seem a bit insensitive, but would the A root server be secure if a 747 crashed into it?
The "security through obscurity" doesn't seem so brilliant either, with the admission that a few hundered network admins know where it is. It's protected against "casual criminals?" We ain't caring about casual criminals.
On the other hand, it must be remembered that the verisign root server is getting a lot of publicity basically because verisign are proud of it. As the article said (but in more boring language), it could drop into a black hole now and the internet would just keep going. Woohoo.
More like "total protonic reversal" bad.
"Egon this reminds me of the time you tried to drill a hole through your head."
"That would have worked if you hadn't stopped me."
Once more unto the breach dear friends...
Not really Keith, half the readership of slashdot are VeriSign employees and/or shareholders.
that has been taken care of. each root is actualy two root-servers that are load balanced. if one fails the all the trafic is redirected to the other. each half having 2 cpus, 2 network interfaces, 2 disks (mirrored), 2 power sulpies, there own UPS that are only used until the 2 redundent generators have time to start up.
and perhaps more importantly, what sort of software???
What about a DRDoS attack?
What about this:
We know that women like two things, your time and your money,
therefore...
women = time x money
Now time equals money, so
women = money x money
Money is the root of all evil, so
money = square root of evil
By squaring both sides of the equation,
money squared = evil
Now go back to the equation
women = money x money
See where I'm headed?
women = money squared = evil
... in the Compaq (formerly DEC) Internet Exchange in Palo Alto off University Ave. My rack was one cage over.
I'd walk by it and think 'holy sh*t, that's a root-server!! I can't believe it is so puny!'
But the place is an underground vault with very formal security, it's not like you could just barge in and spill a can of Coke on it.
I thought it was funny.
-- darkmoon
I would want to grind it, gain root, and make it show pictures of that chick out of bridget jones diary on the console in ascii text (and not in that particular order)