When the Internet breaks, who ya gonna call?
The last time the Internet had a major upgrade was in 1986.
By James Turner | Correspondent for The Christian Science Monitor/ August 25, 2009 edition
Michael Sloan
At this point, it’s hard to imagine life without the Internet, at least in the developed world. But buried underneath the breathtaking Web applications and streaming media that we use on a daily basis, the actual software that makes the Internet work is starting to show its age.
As recent events have demonstrated all too clearly, the Internet is especially vulnerable to deliberate attacks. Massive networks of hijacked computers, known as “botnets,” can be used to deluge target websites with enough traffic to essentially shut them down, much as a radio station running a call-in contest will have a constantly busy phone number. These attacks succeed, at least partially, because they are able to exploit weaknesses in the existing Internet protocols.
Twitter, the social-networking site with millions of users, was the victim of just such a denial of service (DoS) attack in early August. There is much speculation that the attack was triggered by the postings of a Georgian separatist, but whatever the root cause, all it took was a few keystrokes to unleash a botnet’s fury against Twitter, taking it down for half a day.
Like a jazzy sports car that has never had its oil changed, the underlying protocols of the Internet have remained largely unchanged since it came into being in the mid-1980s. The Internet can be surprisingly fragile at times and is vulnerable to attack.
The Internet evolved from the experimental military ARPAnet project, where technical decisions were made by consensus among the researchers involved. When consensus was reached, changes were made throughout the entire network. As it became clear that there was interest in the uses of the Internet beyond the limited research community it encompassed, the military (and later the National Science Foundation, who inherited the Internet) opened it up gradually to commercial traffic.
The Internet grew too big too fast, says John Doyle, professor of electrical engineering at the California Institute of Technology in Pasadena, Calif.
“The original was just an experimental demo, not a finished product,” he says. “And ironically, [the originators] were just too good and too clever. They made something that was such a fantastic platform for innovation that it got adopted, proliferated, used, and expanded like crazy. Nothing’s perfect.”
Rather than create a more robust network using the lessons we learned from the ARPAnet and early days of the Internet, we’ve instead been patching it up for the past 2-1/2 decades, Dr. Doyle says.
Unfortunately, the spirit of trust that had typified the ARPAnet and early Internet doesn’t hold up so well today. Many of the underlying computer protocols assume that everyone is an honest player, and increasingly there have been incidents where malicious parties have exploited this trust for their own purposes.
A glaring example is “DNS poisoning.” The domain name system (DNS) is the part of the Internet responsible for turning a name such as CSMonitor.com into the Internet version of a street address, which in this case is 66.114.52.47.
Because DNS servers trust one another, it is possible for a wily wrongdoer to convince the computer to start providing the wrong number for a name and send Web surfers to the wrong website, perhaps a malicious one. That’s probably not a catastrophe when it’s CSMonitor.com, but potentially devastating if it’s BankOfAmerica.com.
Vinton Cerf, widely considered the “father of the Internet,” believes that this problem can be reduced by using cryptography to validate DNS records – but it will take time and maybe a little strong-arming to update the world’s Internet hubs.
Mr. Cerf also thinks that increased use of cryptographic authentication can also help with other areas, such as spam e-mail. Yet to Doyle, it is just another example of the patchwork fixes that he says epitomize the Internet.
The Internet can also suffer problems due to human error, sometimes with frustrating results.
When Pakistan tried to ban the video-sharing site YouTube in February 2008, the government mistakenly told computers around the world that Pakistan was now the best route to the site. As a result, every YouTube video started flowing through Pakistan’s relatively anemic data pipeline, causing a huge bottleneck and preventing most people from getting to the site at all.
The last time the Internet had any kind of a major upgrade was in 1985 and 1986, when the government agency overseeing the ARPAnet started to transition it from a military project to a more general research network.
At that time, a switch was made from the existing networking address system, which could only accommodate a couple of hundred computers, to the Internet Protocol version 4 (IPv4) that we still use today for more than 4 billion possible addresses.
This move marks the last time that the Internet had a mandated, coordinated change.
Unlike the nation’s airwaves, which are controlled by the FCC, the Internet has no governing body with ultimate say on its operation. So there is no ability to require a change, such as we saw earlier this year with the switch from analog to digital television.
The closest thing that the Internet has to an owner is the Internet Engineering Task Force (IETF), an advisory organization that promotes new protocols and researches fixes to vulnerabilities in the Internet infrastructure.
But because the Internet is really composed of hardware and software owned and maintained by millions – if not billions – of companies, governments, and individuals, there is no way to just “flip a switch.”
One glaring example of this weakness is the rapidly diminishing availability of those 4 billion Internet addresses. The IPv4 system may have seemed sufficient in 1985, but with China, Brazil, and India quickly connecting more people to the Web, the supply is rapidly running out.
A solution has existed for close to a decade: IPv6, which uses address numbers that are four times longer and would probably never run out. In fact, under IPv6, there would be enough addresses for every person on the planet to have eight for each atom in their body.
Vinton Cerf believes that a move to IPv6 is critical. “[We need to implement] IPv6, so as to be ready for the run out of IPv4 sometime around 2011.”
But as Doyle points out, there is little financial incentive for the companies that provide Internet service to consumers and businesses to upgrade, because it doesn’t generate additional revenue.
He claims that basic work on improving fundamental network infrastructure has taken a back seat in our culture to the development of flashy new Internet applications, such as Twitter and Facebook.
This opinion seems to be proved true by the slow adoption of IPv6.
In spite of the fact that all major computer-operating systems and network hardware have supported IPv6 for years, it is almost impossible to get an IPv6 address from an Internet service provider.
In a written response, Jean McManus, executive director for Verizon Network & Technology states in regard to IPv6 that “it is an important development that we are actively working, but Verizon has nothing to announce at this time.”
A notable exception is Comcast, which is testing residential IPv6 service with plans to roll it out generally in 2010.
Doyle thinks that what is really needed is a from-the-ground-up redesign of the underlying Internet architecture.
“To the extent I’ve been working in this field for the last 10 years, I’ve been mostly working on band-aids. I’m really trying to get out of that business and try to help the people, the few people, who are really trying to think more fundamentally about what needs to be done.”
He speculates that such a new network could coexist with the current Internet. In fact, he says, what we know today could eventually become just a small piece of a new, more secure network.
But Doyle says that there’s a lot of basic research that needs to be done before that could happen.
( More stories )
Comments
2. Tony McNamara | 08.26.09
Co-Existence usually fails. OS/2 was co-existently compatible with Windows, with OS/2-native apps having more resources and the systems being more stable; didn’t matter. S-VHS was largely compatible especially through “Q” mode) with VHS; never really took off. The two high-def CD formats both died lingering deaths.
For IP6 or any other system to succeed, it will have to provide an additional advantage that cannot be provided by IP4 at all. Otherwise, the drivers (which means “those of us with money”) can simply continue using the current system while the price if IP(4) addresses sort-of bids up.
4. PurveyorOfScientificAtheism | 08.26.09
What does this chap actually think is fundamentally wrong with IPv6 that would require a parallel network to co-exist with the existing system? Does he refer to weaknesses in DNS?
If internet technologies need a re-design, perhaps he would care to suggest which ones.
This article is more than a little thin on specifics.
DNS poisoning is not new, but is not such a large problem anyway, since it is usually trusted entities that control the majority of DNS servers, and any malignant scumbugs that will not retain their connectivity for very long.
Surely there are some problems, but like all such issues, when they become too severe to live with, they will inevitably be fixed. We are heading in the correct direction, but without government intervention, market forces are an extremely weak and impotent tool with which to direct technical progress.
5. christian | 08.26.09
After a decade of developing software, and for large firms, I can tell you that major overhauls never take off, and that you have to think incrementally.
a “major overhaul from the ground up” is dead on arrival
6. hwertz | 08.27.09
I agree with Purveyor…
Example of DNS, DNSSec would work, if implemented. Spam — there’s supposedly solutions as well, although to be honest filtering is very effective for me. Internet protocols have been doing quite well, really; they have scaled well past any traffic loads they were originally designed for, but they are flexible and extensible… Internet Protocol has been given options to handle much higher speeds of modern networks, use “the pipe” more efficiently, and share better than the original specifciations; POP, IMAP, and SMTP have had improvements as needed, and so on.
But, really, if ISPs are not implementing these incremental improvements fast enough, they are far less likely to put in place some completely new network based on idealized protocols… I simply don’t see that as a solution at all.
7. todd | 08.27.09
Are you crazy yes we need this to be implimented now,as a matter of fact this needed to be implimented a decade ago. So many have dynamic ips because of limited ips on ip4,if we migrated to ip6 static ips would become affordable for everyone bring costs down. If everyone on the net had only static ips trouble makers could be easily banned for good. We wont have to ban the whole isp range blocking the innocent along with the offender. And locating and prosecuting offenders would be a bit more feasable. Encryption is a very good idea as many things are already encrypted so why not the rest. As for youtube,facebook,twitter they are all identity theft waiting to happen and i will not subject myself to such worthless material…
8. Dominic | 08.27.09
I agree with Christian. You don’t just do a major overhaul on something this large. Patchwork is how it’s going to have to be done.
As for IPv6, it’s not such an easy thing as flipping a switch and you’re done. You (well an ISP really) need something in place that can convert from IPv4 to IPv6 for all those legacy systems that can not handle IPv6. You have to remember that your average user doesn’t have any idea how a network works. They’re not going to know they need to flash their router so it can handle IPv6 traffic. However, they know exactly who to complain to when the internet stops working for them. That’s what these large companies are afraid of and I don’t blame them.
9. erick9 | 08.27.09
This looks like a national emergency which should be taken care of immediately. The world is married to the Internet; without the Internet might be the equivalent of a world without electricity. This would put the world back into the 18th century. Can anyone imagine a world like that? No phones, TV, ovens, lights, radios. Yet something similar happened around the years 450 A.D. in the Roman Empire. An advanced civilization collapsed due to corruption of leaders, floods of immigration, religious strife, the huge gap between rich and poor, slavery, and lust for entertainment, over-emphasis on sports, etc. Sounds familiar? The Empire then degenerated and the known world went back several centuries until it finally picked up at the Renaissance 1000 years later.
10. Gabe | 08.28.09
I think it will work itself out. I think what is not needed is an FCC of the Internet.
The FCC is why the US switched from analog to digital in 2009 instead of 1999.
Keep politics out of the Internet.
The Internet will be upgraded as needed. There will be security problems in as so far as what people will tolerate.
But the Internet is right now, cheap, effective, somewhat secure, and more reliable than virtually anything managed or regulated by a government. Nonesense predictive prescribtions by a some type of authority will make the Internet: more expensive, less-effective, censored, monitored, maybe more secure (but probably less secure, because information needed to keep people out of your computer will be restricted as well as information needed to get into someone else’s computer. The only people with access to “hacker” and “protection against hackers” data will be either the governing body or people who obtain the information illegally.) but it will feel more secure, like airport security. If people want more security then they will demand it and prices will go up, but for a good reason.
A second Internet for high security purposes sounds like a good idea, but will only exsist with there is an economic mandate for such a network.
11. Gabe | 08.28.09
Oh, and stop comparing the US to the Roman Empire. There are far more differences than simuliarities and fixing the US’s problems with a Roman Empire diagnosis is dangerous and just plain stupid.
The US is unlike any nation ever to exsist and will need to behave in ways like no nation ever has (which is pretty much what its done for 235 years, anyway.)
12. Tim | 08.28.09
There have been stories saying the internet is going to break or similar since it was invented and they always manage to keep it going. I’m sure the move to ipv6 will happen when it has to.
13. AWBilinski | 08.28.09
Of course, this wouldn’t be an excuse to let the powers that be (fill in the blanks as you choose)devise a way to better monitor and control what has up to now been a pretty unstructured system of world wide communication (Carnivore and PRC censorship notwithstanding)?
14. W Kenneth Ryan | 08.30.09
Instead of a “major overhaul from the ground up” may I suggest opening the Internet infrastructure to competitive, for profit commercial development? Currently the IETF (which is not a standards sanctioning organization), claims an inherent monopoly on developing infrastructure standards, and is traditionally opposed to encumbered (i.e. patented) technology. Isn’t this a commercial philosophy the Internet, as a DARPA project, was created to protect us from? The Internet continues to grow, but not as quickly as the safer, more secure, and commercially competitive mobile telecom market.
15. Handsomeyin | 09.01.09
Dear James Turner
You ‘v wrote:
//
One glaring example of this weakness is the rapidly diminishing availability of those 4 billion Internet addresses. The IPv4 system may have seemed sufficient in 1985, but with China, Brazil, and India quickly connecting more people to the Web, the supply is rapidly running out.
//
I think the The IPv4 system is becomming infufficient reason is USA has too many address, i.e some USA compay or universiry has calss A IPv4 address,but most country have not calss A IPv4 address.
16. v4tilIretire | 09.01.09
NAT has kept us online but handsomeyin is right, the American corporations dominate ownership of the vast majority of public addresses, which may not be unjust. After all, we did invent the beast. When American corporations own v4 addressing, what do you think the chances are that they will jump into v6 implementations?
So NAT can get us online with the one-to-many implementations but those with the public addresses will have a valuable commodity on their hands. Maybe IBM will start leasing IP addresses while keeping v6 at bay.
Trackbacks/Pingbacks
6. v6AtWork - Real World Applications of IPv6 from NTT Communications » Blog Archive » When the Internet Breaks, Who Ya Gonna Call? | 09.03.09
Leave a Comment
We do not publish all comments, and we do not publish comments immediately. The comments feature is a forum to discuss the ideas in our stories. Constructive debate - even pointed disagreement - is welcome, but personal attacks on other commenters are not, and will not be published.
Tip: Do not write a novel. Keep it short. We will not publish lengthy comments. Come up with your own statements. This is not a place to cut and paste an email you received. If we recognize it as such, we won't post it.
Please do not post any comments that are commercial in nature or that violate copyrights.
Finally, we will not publish any comments that we regard as obscene, defamatory, or intended to incite violence.
1. mlk | 08.26.09
Good to hear that a high profile ISP, Comcast, is serious about providing ipv6 connectivity.
There are other lesser known entities like Hurricane Electric (he.net) that have been doing it for quite some time.