Combined response

Bob Morris morris.bob at GMAIL.COM
Wed Feb 1 08:59:01 CET 2006 

Yes, it only works for the reason you say. In organizations where the
network administration is unable, undertrained, underfunded, or unwilling to
assert total physical control of all the machines on the local network, it
can break down badly while still working correctly. A few months ago a a
professor in another department  improperly put a machine on the campus
network using an IP address assigned to our department, which happened to be
that of our department's mail server. Because the university has not
invested enough in network management hardware and software, it required 6
hours of searching for the rogue machine by unplugging network cables one at
a time from 10 different devices each with 48 cables, and testing for
whether the rogue machine had gone away. During all that time, and the 12
hours preceding where we didn't know that our problem was a rogue machine,
no mail whatsoever could reach us. The DNS correctly identified the IP
address. The Internet routers and the campus routers correctly found the
machine with the published IP address, and naturally that machine declined
to answer email protocol requests, which then queued up all around the world
awaiting whatever the sender's retry and local timeout policies dictated.
The network worked exactly as it was designed to, and we were screwed. This
shows you why, for example, nobody operates telephone systems in which
end-users get to choose their own telephone number, at least without
enforceable permission from an authority. Worse, IP and  DNS are badly
spoofable in many situations where it is not worth the expense to prevent
the spoof. Examples are outside the realm of this list, but probably most
apply to GUID resolution to. It should be examined at the workshop whether
spoof insulation is a requirement or not.


On 2/1/06, Richard Pyle <deepreef at bishopmuseum.org> wrote:
>
> Bob Morris wrote:
>
> > > I agree that it might, but I don't think it necessarily has
> to.  Again,
> I
> > > point to IP addresses and DNS.  They are obviously harmonized, but
> aren't
> > > locked up in administrative layers (or are they???)
> >
> > Yes, they are, big time. Both have a hierarchy of organizational
> > administrative control ending at IANA, the Internet Assigned Numbers
> > Authority, http://www.iana.org/. If an individual proposes to put a
> machine
> > onto the internet, they receive permission, an IP address, and a dns
> name
> from
> > the appropriate local authority managing the network to which they will
> > physically connect. Often that permission and issuance is done by
> software
> > on a network host on that network (usually a DHCP, dynamic host control
> > protocol, server. In turn, the network administrators will have received
> > permissions from the next administration up the chain to issue a
> specific
> > block of IP addresses, or specific form of names.
>
> I think the active phrase is "locked up".  My point is that the system
> works -- right?  Or does it only "work" because the en-users are so well
> insulated from the administrative process?  Would IP work more effectively
> if it wasn't harmonized on a global scale, in a centralized sort of way?
>
> Rich
>

------=_Part_6078_18600824.1138802341157
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Yes, it only works for the reason you say. In organizations where the network administration is unable, undertrained, underfunded, or unwilling to assert total physical control of all the machines on the local network, it can break down badly while still working correctly. A few months ago a a professor in another department&nbsp; improperly put a machine on the campus network using an IP address assigned to our department, which happened to be that of our department's mail server. Because the university has not invested enough in network management hardware and software, it required 6 hours of searching for the rogue machine by unplugging network cables one at a time from 10 different devices each with 48 cables, and testing for whether the rogue machine had gone away. During all that time, and the 12 hours preceding where we didn't know that our problem was a rogue machine, no mail whatsoever could reach us. The DNS correctly identified the IP address. The Internet routers and the campus routers correctly found the machine with the published IP address, and naturally that machine declined to answer email protocol requests, which then queued up all around the world awaiting whatever the sender's retry and local timeout policies dictated. The network worked exactly as it was designed to, and we were screwed. This shows you why, for example, nobody operates telephone systems in which end-users get to choose their own telephone number, at least without enforceable permission from an authority. Worse, IP and&nbsp; DNS are badly spoofable in many situations where it is not worth the expense to prevent the spoof. Examples are outside the realm of this list, but probably most apply to GUID resolution to. It should be examined at the workshop whether spoof insulation is a requirement or not.
<br><br><br><div><span class="gmail_quote">On 2/1/06, <b class="gmail_sendername">Richard Pyle</b> &lt;<a href="mailto:deepreef at bishopmuseum.org">deepreef at bishopmuseum.org</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Bob Morris wrote:<br><br>&gt; &gt; I agree that it might, but I don't think it necessarily has to.&nbsp;&nbsp;Again,<br>I<br>&gt; &gt; point to IP addresses and DNS.&nbsp;&nbsp;They are obviously harmonized, but<br>aren't<br>&gt; &gt; locked up in administrative layers (or are they???)
<br>&gt;<br>&gt; Yes, they are, big time. Both have a hierarchy of organizational<br>&gt; administrative control ending at IANA, the Internet Assigned Numbers<br>&gt; Authority, <a href="http://www.iana.org/">http://www.iana.org/
</a>. If an individual proposes to put a<br>machine<br>&gt; onto the internet, they receive permission, an IP address, and a dns name<br>from<br>&gt; the appropriate local authority managing the network to which they will
<br>&gt; physically connect. Often that permission and issuance is done by software<br>&gt; on a network host on that network (usually a DHCP, dynamic host control<br>&gt; protocol, server. In turn, the network administrators will have received
<br>&gt; permissions from the next administration up the chain to issue a specific<br>&gt; block of IP addresses, or specific form of names.<br><br>I think the active phrase is &quot;locked up&quot;.&nbsp;&nbsp;My point is that the system
<br>works -- right?&nbsp;&nbsp;Or does it only &quot;work&quot; because the en-users are so well<br>insulated from the administrative process?&nbsp;&nbsp;Would IP work more effectively<br>if it wasn't harmonized on a global scale, in a centralized sort of way?
<br><br>Rich<br></blockquote></div><br>

More information about the tdwg-tag mailing list