DDOS on DNS: Stopping Internet blackouts

Writing in National Journal's Technology Daily, Andrew Noyes discusses the possibility of a massive Internet blackout caused by a distributed denial of service (DDOS) attack on the backbone infrastructure of the 'Net.

This type of high-tech ambush, which occurs when multiple compromised systems flood the bandwidth or resources of a targeted server to make Web pages unavailable, could be devastating for global online communication, said Susan Crawford of the Internet Corporation for Names and Numbers.
The most significant attack in recent years came on Feb. 6, when six of 13 root-zone servers were slammed by an army of "zombie computers," which were compromised by hackers, the Cardozo Law School professor said at the think tank event.

The ultimate fix for this problem is to reduce the number of botnets--armies of computers that have been compromised by hackers--on the Internet. There are several paths to that goal.

One avenue is legislative. I have little hope that this could have much impact. There are two problems: legislators have little knowledge of technology and almost always end up making things worse, rather than better. Second, and more important, any legislative body is limited by national borders and the criminals are not.

That leaves us with international bodies like ICANN, INAN, or the Internet Governance Forum, but Crawford doesn't hold out much hope for that.

"None of the existing institutions will work," Crawford said. ICANN cannot do the job because its power is contractually based and too narrow, and the recently launched Internet Governance Forum is "highly political" and "not necessarily the best forum for a technical discussion of best practices," she contended.

Where does that leave us? Better computer security ultimately rests on the shoulders of users, most of whom are woefully ignorant of good security practices. Not a very pretty picture.

What do you think the answer is?