Denial of Service

DoS = EOI (End of Internet)
By Jim Louderback
February 11, 2000

Denial of Service attacks are just the first wave of a flood of
opportunistic attacks on the Internet. These attacks signal
the end of the Internet as we know it. The pendulum is
swinging back to controlled, proprietary networks.

Attacks like Denial of Service take advantage of a
fundamental flaw of the Internet. It's an open network,
controlled by no one. Although changes can reduce the risk
of this particular attack, crooked hackers will always be one
step ahead. That's because the Internet is fundamentally
flawed.

Openness didn't used to be a negative. In fact, the Internet
has become such an incredible place simply because it is so
open. The lack of oversight let a thousand million business
models bloom. But it also contained within it the seeds of
destruction.

First, there are no guarantees that the path from one computer
to another on the Internet is valid. A return address can easily
be altered so that no one knows who sent a particular message,
or packet. Equally important, the cost of sending a packet from
one place to another is virtually free to the sender. It's the
receiver who has to pay. If a receiving computer does not have
enough capacity to simultaneously receive a flood of packets,
it will deny service to those that can't be accommodated. It's
as if the best restaurant in town was free, and on Friday night
everyone in town tried to get a table.

So what does a business like eBay do? It's financially impossible
to get enough bandwidth to handle a Denial of Service type
attack. The Web auction site could try to build a bunch of chains,
eBay1, eBay2, eBay3, and build a way to move users from one to
another when capacity was constrained. But that's easy for a
malicious hacker to break. Just flood each of the chains.
EBay could embark on an arms race, in effect building an
antimissle defense system to counter those incoming Scud
attacks. But even with a bunch of smart routers, eBay can never
guarantee that it'll be a step ahead. Just as the United States'
Smart Pebbles system failed miserably, the openness of the
Internet will ensure that malicious hackers are always a step
ahead of legitimate businesses.

But there is a third way.

Change the Rules!

What other options are there? Change the rules and move from
an open, uncontrolled network to a closed, proprietary one. Use
the basic Internet transports, but do it in a way that gives eBay
complete control over who sends packets, and from where they
come.

This would mean the end of the browser for any sort of business
transactions. Instead, potential eBay customers would have to
load and run a special proprietary program to access the site.
This application would contain some sort of guaranteed delivery
mechanism, along with end-point and route identification.
We're already seeing the beginning of specialized proprietary,
post-browser applications. DoDots, a new company that provides
desktop-based windows into websites, is only one of many
examples I saw at this year's Demo 2000 conference.

Sure, these proprietary connections can be hacked too, but it's
much harder. Because eBay and other companies would have
control over end-points, they could easily change the destination
locations, and also easily cut off potentially dangerous hacks.
The Internet is moving from a small town, where everyone keeps
their doors unlocked, to one where we barricade our buildings and
only let in trusted individuals. This movement from open to
proprietary won't happen overnight. But it will happen. We'll contact
most of our favorite sites through proprietary interfaces within a few
years. Sure, there will probably always be an open interface to most
sites-- but the real business will happen on closed networks. It's a
loss to us, but there's really no other way.