RE: [MLUG - DISCUSSION] Hackers defense: The computer did it

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "MLUG Off-Topic Discussion" <EMAIL:PROTECTED>
Subject: RE: [MLUG - DISCUSSION] Hackers defense: The computer did it
From: "Spurling, Shannon" <EMAIL:PROTECTED>
Date: Mon, 17 Nov 2003 09:55:51 -0600
Reply-to: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
Thread-index: AcOsc9YH2yb5uMO+SS+aRE1P0qyjBAAA8UVgACgZw7AAAgsI0A==
Thread-topic: [MLUG - DISCUSSION] Hackers defense: The computer did it

I do argue with the concept of smarter routers. It's an idealistic model
that doesn't really address the issue. The problem is that in addition
to the increasing demand for bandwidth and the associated increase in
performance that goes along with that, you also have the increase in
computational complexity associated with simple logical concepts that
people take for granted.
If you have a system that looks at a table and forwards a packet based
on a set of fixed rules, you have a simple router. 
In order to increase reliability, I add the ability for a router to
accept information from adjacent routers about the path to any
particular address. Then you have dynamic routing, and that increases
the computational requirements for the hardware performing that task.
Not by a lot, but there is some added complexity.
In order to optimize performance, for instance, there are several things
a person can do to the previous router. I can maintain a history and use
that to model and shape my output traffic based on historical data.
Problem with that is that you have to maintain a state database on the
traffic that has traversed the router. In Cisco routers they use the
concept of a flow to simplify statistic collection and switching. I have
a router that has a 10 minute time out on the flow information it
collects, and right now it's showing over 6 billion flows having
traversed it at this particular time. A flow is defined by the IP
addresses (Source and destination) and the TCP/UDP port numbers (Source
and destination). Modern router hardware is a bit different than what
most people think. If you are going to forward more than a couple
OC-3's, you would buy a router with dedicated forwarding hardware. What
it does is it has optimized algorithms running on it that forwards
packets unless they meet a specific pattern defined by the engineer. If
it matches the pattern it gets passed on to the more detailed
processing. Problem that occurs is that the more patterns you are
looking for, the more it slows down the forwarding, because you have
more checks you have to run. Even if you say "My router is hardware
based, so it doesn't slow down" that's not true. It means it's fast, but
you can only run as many checks as can be set up in the matrix of the
FPGA. Flexibility versus speed. 

So, in short, smart routers are fine in some ways, but you can't forget
you are impacting their forwarding capabilities severely. That's why
they typically only have one or two interfaces, are located on the edge
of the network, and are called Firewalls. You need that hard disk to
store your historical data. :-)


Shannon Spurling
WAN Engineer -Specialist

MOREnet, Network Services, Core Network
3212 LeMone Industrial Blvd.
Columbia, MO 65201

Main:(573) 884-7200   Fax:(573)884-6673

EMAIL:PROTECTED
EMAIL:PROTECTED


-----Original Message-----
From: EMAIL:PROTECTED
[mailto:EMAIL:PROTECTED] On Behalf Of Heivilin, Jim
Sent: Monday, November 17, 2003 8:38 AM
To: MLUG Off-Topic Discussion
Subject: RE: [MLUG - DISCUSSION] Hackers defense: The computer did it

> -----Original Message-----
> From: EMAIL:PROTECTED 
> Subject: RE: [MLUG - DISCUSSION] Hackers defense: The computer did it
<snip>
> The true answer is smarter routers who analyze the traffic 
> and can decide what is strange or bad traffic and turn it off 
> automatically. 
> 
I don't disagree with the concept of smarter routers but I believe the
*true* answer lies in consumer education.  If we keep making things
easier and easier to use then the consumers aren't going to exercise
their "muscles" (in this case their minds, and there seem to be fewer
and fewer people who actually bother to *think* so I don't want to make
this worse) and their muscles are going to atrophy (even more).  

If we treat them like morons they're going to behave like morons and
eventually become morons (presuming we aren't to this stage already in
some places).  

Jim

_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion


_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion

Prev by Date: RE: [MLUG - DISCUSSION] Obsolete hardware
Next by Date: RE: [MLUG - DISCUSSION] Hackers defense: The computer did it
Previous by thread: RE: [MLUG - DISCUSSION] Hackers defense: The computer did it
Next by thread: RE: [MLUG - DISCUSSION] Hackers defense: The computer did it
Index(es):
- Date
- Thread