Slashdot Mirror
Karl Auerbach Speaks Out on ICANN
richard koman writes "Here's an interview I did with Karl Auerbach about ICANN in the aftermath of their eliminating public board members. 'October's distributed, denial-of-service attack against the domain name system--the most serious yet, in which seven of the thirteen DNS roots were cut off from the Internet--put a spotlight on ICANN, the nongovernmental corporation responsible for Internet addressing and DNS. The security of DNS is on ICANN's watch. Why is it so susceptible to attack, when the Internet as a whole is touted as being able to withstand nuclear Armageddon? It's religious dogma, says Karl Auerbach, a public representative to ICANN's board. There's no reason DNS shouldn't be decentralized, except that ICANN wants to maintain central control over this critical function. Worse, Auerbach said in a telephone interview with O'Reilly Network, ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corporations with similar names.'" A Wired article suggests the five elected board members won't be stepping down on December 15 after all.
There is, believe it or not, a diference between a nuclear attack and a DDoS attack.
If there is a direct nuclear strike on the location of one of the DNS roots, the others are unscathed. You need a whole lot of nuke strikes to fully disable the DNS servers.
However, although 7 of the DNS roots were down during the DDoS, the fact remains that SIX WERE UNAFFECTED.
I.e. the system behaved the way it is supposed to behave, and proved that it is relissialnt after all.
I offer no comment oin the rest of the article.
People should not be afraid of their governments - Governments should be afraid of their people.
The internet would still work without ICANN... Just not domain names...
:-) Do you?
If you knew the IP addresses so you could reach the servers you desired, and didn't have to use domain names, you can still reach the servers (in fact this is a useful way to get around some types of blocking.)
ICANN just converts the domain name to an IP address... And unfortunately, it's kinda difficult to have a non-central way to handle that (albeit, I have seen some interesting papers on this topic... discussion for another time.)
the Internet is built that if the base architecture is not one server dependent. (in other words, if one server isn't all that is connect two sections of the internet.) Then it will work, since no taking out of one server will disrupt the connections between the rest.
The only thing that fails if ICANN fails is the domain names. Which means that if you don't know the IP addresses to those sites that are important, then you can't do much.
I know Slashdot's IP... that's all that matters to me.
~ kjrose
Let me ask you - did YOU notice problems with the net on the day of this attack? more than half of the root nameservers were down and the average internet user didn't even notice. Things kept working and the other root nameservers took the load. The DNS system explicitly is NOT susceptible to attack and I think that this attempt at DOS-ing it supports this.
Free Online Dark Fantasy RPG - http://www.blackmud.com
but what is hindering us to build up our own public DNS service database ??? You remember, ot worked with freedb.org
This whole nuclear attack thing is crap. From the perspective of network connectivity, what's the difference between a nuclear detonation and a few well-placed backhoe accidents? (Yes, yes, I know, they're totally incomparable because of the catastrophic effects of a nuclear detonation, but I'm talking about the effects on the network, not on people and buildings.) How many times in the last ten years have we seen major routing issues to a metropolitan city or even a geographic region arise after a backhoe cut something it shouldn't have? Admittedly, recovery from a nuclear detonation would take much longer than recovery from a backhoe accident... And if, God forbid, most of the metropolitan cities in the U.S, Europe, and Asia are destroyed in nuclear Armageddon, then the Internet's going to suffer big-time.
If the media hadn't reported on the root server DDoS, then 99.999(9?)% of the Internet community wouldn't have even known that anything had happened. DNS caching and the redundant servers helped things continue working despite the DDoS. On the other hand, if someone launched a DDoS against something like eBay or ETrade -- something the average person can see, feel, touch, and understand much more clearly than DNS -- then, one, the effects would've been much more apparent much more quickly and, two, the reactions from the average user of those services would've been much angrier.
Is DNS security an issue? Sure. But so is Internet security in general, but when major websites are inaccessible because of a worm or DDoS, who do we yell at aside from the site operator/owner? Not sure. As deplorable as ICANN's behavior is, they're also being made a scapegoat for bigger network issues, methinks, because there's no other actual organization to yell at.
Quote: "Worse, Auerbach said in a telephone interview with O'Reilly Network, ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corporations with similar names."
.reg !
The registered trademark symbol ® (called 'R' in a circle or RTM) identies them in physical world - isn't it obvious something is required in cyberspace to perform same function?
Facts:
The United Nations World Intellectual Property Organization and the United States Department of Commerce are hiding the simple solution to trademark and domain name problem. But they would rather be aiding and abetting corporations to violate Trademark and Competition Law.
Virtually every word is trademarked - most are many times over (in different types of business and/or country) so every domain can be 'stolen' in UDRP from the legal owner, on the premise that it is confusingly similar.
Corporations have no desire at all to prevent confusion on the Internet - they just wish illegal dominance of it.
You can legally use any word, words or initials to start a new business without registering a trademark - providing you are not passing off, of course. Take for example the word 'apple'. It is legally used by thousands of businesses - large and small all over the world. Indeed, it is impossible that they all register themselves as trademarks - they are bound to conflict with many others, being confusingly similar. In my local phone book alone, there are at least five using this word - two garages (seems not connected), a car centre, fruit growers and a decorating firm. These are unlawfully being prevented from getting their name in Sunrise period.
In this vast ocean of domains on the Internet, mostly non-trademarks, a marker is absolutely essential - for people to identify it as trademark - e.g. a new protected TLD of
name.class.country.reg would identify all trademarks - e.g. apple.computer.us.reg and apple.record.uk.reg.
This could be used as certificate of authentication. There is no restriction on business, it can still use current/new domain, just directed to dot REG.
For more facts please visit World Intellectual Piracy Organization - Not associated with United Nations WIPO.org
Few memes bug me more than this one.
The internet is not designed to survive a nuclear attack.
The Arpanet was not designed to survive a nuclear attack.
Read Where the wizards stay up late: the origins of the internet for confirmation.
The Arpanet was built with multiple redundant paths to withstand normal, mundane disasters, like fires, local power outages, construction backhoes digging up communications cables, not nuclear attack.
Yet you hear well-educated people, who should know better, repeat this nonsense all the time. I guess it makes too good a story.
Yes, I can see Richard didn't actually say it could survive a nuclear attack, merely that it was touted as being able to survive. But this meme is so annoying it bugs me when people even hint it is true.
There is definitely a difference between a nuclear attack and a DDOS all out blanket effect. I saw this case as kind of like the war on drugs really; against DNS as a hacker you might put a marginal dent in supply every once in a while but demand will still flourish. In this case the backbone as has already been understated was "quite resilient" and packet flow was only approximately halved after an attack by how many unknown remote hijacked systems? I tip my hat to the people that built that system; it survived the one of the gnarliest waves of DDOS attacks that I personally have heard of and its a fine example of precisely the way a mission-critical redundantly linked server network is supposed to flourish in the face of adversity and threats inbound from multiple opponents. To take the analogy a step further it was like an aikido expert who battled against many unknown foes and it triumphed through its strength of design and the foresight of the experts that alertly run it as opposed to having to rely only on its techniques and form. They won their battle without even needing to know their opponent and to me thats a good chunk of what network security ought to be in an ideal world. There was no politics involved from a casual observers point of view, the attack simply failed due to superior defensive design.