* * * * *
Balkanization of the Internet
Ten years ago, just prior to the commercialization of the Internet was a good
time indeed. No spam, no worms, no Verisign and generally no problems. Every
machine on the Internet was a full peer of every other machine on the
Internet and things pretty much worked (like talk and FTP (File Transfer
Protocol)).
Life on the Internet was good, then.
The Internet today is a vastly different creature than the Internet of a
decade ago. Mark [1] just informed me that yet another [2] remote exploit of
OpenSSH [3] is floating out there. Which means an upgrade to OpenSSH [4].
When I asked Mark why not just download the latest version, do a ./configure,
make, and make intall he said it wasn't that simple on a modern Linux system
since this is “open source” with its “dependancy dance from Hell” so the best
course of action is to use the existing package program to update.
Of course the package program refuses to install the latest version of
OpenSSH until you update the package program itself, which involves (again,
due to the dependance dance) upgrading a slew of other packages …
Sigh.
I personally don't see why downloading the latest version of OpenSSH and
compiling it won't work, but Mark is insistent that we go the package route.
“This is a modern Linux system, Sean,” he said. “You just can't do that
compile thing anymore without breaking something.”
All this on top of our recent discussion on installing a firewall on our
server—to keep network data out of our server (well, specifically, to keep
network data from getting to MySQL [5] (which according to Mark, is a pile of
Swiss cheese in the security department).
To top this off, Mark is also planning on removing Seminole (webserver he's
been writing) from distribution. It's GPL (GNU General Public License) [6]ed
with an option to get a commercial license (to remove the GPL (GNU General
Public License) restrictions) but most of the downloads have been coming from
(according to Mark) India and China, which don't necessarily honor IP
(Intellectual Property) rights, pissing Mark off. He was planning on just
blocking all network traffic from Asia itself, but decided that wasn't good
enough.
And now it seems that a VeriSign site will come up for non-registered domains
[7] (for .NET and .COM), and apparently also accepts email (not fully, but
enough to collect valid email addresses) to such non-registered domains.
System and network admins are upset; enough to consider blocking the IP
address 64.94.110.11 entirely.
This, on top of the recent worms and virii like SoBig [8] and Slammer [9] so
now you have ISP (Internet Service Providers)s blocking certain network
traffic and slowly, ever so slowly, the full peer-to-peer nature of the
Internet is Balkanizing to where we won't even have an Internet anymore.
Oh, I'm sure there will still be a vast network of connected computers, but
with so much filtering going on, and the attacks against peer-to-peer
networking software (the whole peer-to-peer thing was puzzling to me since
when I started using the Internet, it was peer-to-peer and systems like
Napster, Gnuster and Kazaa just seemed silly to me—little did I realize just
how Balkanized the Internet has become for such software to become necessary)
what I'm used to as being the Internet will cease to exist (if it hasn't
already).
And President Bush [10] isn't helping matters either …
[1]
http://www.conman.org/people/myg/
[2]
gopher://gopher.conman.org/0Phlog:2002/06/25.1
[3]
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html
[4]
http://www.openssh.org/
[5]
http://www.mysql.org/
[6]
http://www.gnu.org/copyleft/gpl.html
[7]
http://slashdot.org/article.pl?sid=03/09/16/0034210&mode=flat&tid=126&tid=95&tid=98&tid=99
[8]
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=SoBig&btnG=Google+Search
[9]
http://www.cert.org/advisories/CA-2003-04.html
[10]
http://news.com.com/2100-1028-994216.html?tag=sas_email
Email author at
[email protected]
