This story appeared on Network World Fusion at

'Net Insider:

Your tax dollars at work

By Scott Bradner
Network World, 06/04/01

Despite what some critics say, government-sponsored research continues to play an important role in our understanding of what's going on in today's Internet and in the development of tomorrow's Internet.

Private industry does not and cannot do everything by itself in spite of the billions of dollars of venture capital money that has been spent in the past few years on innovative start-ups.

A good example of the kind of work that might not be done without government support is a recent report by the University of California at San Diego's (UCSD) Cooperative Association for Internet Data Analysis on the prevalence of denial-of-service (DoS) attacks on the Internet.

The report, done in conjunction with UCSD's Jacobs School of Engineering, took a look at the electronic debris scattered all over the 'Net during the common types of DoS attacks. The aim was to see how often attacks occurred and what types of Internet nodes had been attacked.

In these types of attack, computers are programmed to send thousands of requests to Internet-connected nodes such as Web servers or routers. To make it hard to track down the attacking computers, the requests are sent with forged, usually random, source addresses. The servers then respond to the forged addresses, but since the addresses are randomly created there is nothing to receive the response.

Monitoring packets destined to nonexistent nodes and examining their source addresses can reveal which systems were under attack and for how long.

The UCSD researchers found evidence that more than 12,000 DoS attacks occurred during the 3-week period when they collected their data. Most of these were on Web servers.

About 5% of the attacks were on Internet infrastructure systems such as routers and domain name servers. The latter are worrisome and underline the fact that ISPs must take care to architect their networks with such attacks in mind.

It should be noted that the attacks studied were not the high-profile ones on Yahoo and Microsoft, but those that went unmentioned in the press. A number of the attack targets turned out to be home computers connected via cable modems or DSL.

This is useful information that helps us understand more about these types of attacks and may help protect against them. Information like this is unlikely to have been gathered by industry. Even if such information were gathered, it is unlikely it would have been distributed as this study has been.

We, as a country, need to continue to strongly support government funding for basic research. One percent of the cost of a new aircraft carrier might do a lot more to protect our electronic infrastructure than all the planes that an aircraft carrier could handle.

Disclaimer: Harvard does lots of government-supported research, so my guess is that it would support this opinion. But I didn't ask.

All contents copyright 1995-2002 Network World, Inc.