Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Programming Security The Internet

GA Tech: Internet's Mid-Layers Vulnerable To Attack 166

An anonymous reader writes "Evolution has ossified the middle layers of the Internet, leaving it vulnerable but security breaches could be countered by diversification of protocols, according to Georgia Tech, which recommends new middle layer protocols whose functionality does not overlap, thus preventing 'unnatural selection.' Extinction sucks, especially when it's my favorite protocols like FTP."
This discussion has been archived. No new comments can be posted.

GA Tech: Internet's Mid-Layers Vulnerable To Attack

Comments Filter:
  • by msauve ( 701917 ) on Monday August 22, 2011 @08:56PM (#37173698)
    an article which discusses "the six [sic] layers..."

    I understand that IP protocols predate the 7 layer ISO/OSI model, but that's what everything is mapped to in modern terms.

    The article seems even more confused, when it reverses the layers, claiming that "at layers five and six, where Ethernet and other data-link protocols such as PPP (Point-to-Point Protocol) communicate..."

    What are they teaching at GA Tech? This is networking 101.
  • by norpy ( 1277318 ) on Monday August 22, 2011 @09:05PM (#37173772)

    Not only did they combine the presentation and application layers from the OSI model they completely misunderstand WHY that the transport layer is less diverse in number of protocols.

    They propose that we should create new transport protocols that do not overlap with existing ones.... The reason we only have a handful of them is because of the fact that there are not many ways to differentiate a transport protocol.

  • by fuzzyfuzzyfungus ( 1223518 ) on Monday August 22, 2011 @09:08PM (#37173790) Journal
    There seems to be the unstated(but vital to the conclusion asserted) assumption that competition actually makes protocols more secure and that competition must occur at the protocol level, rather than the implementation level. Without those assumptions holding, all this article really says is that people use TCP and UDP a lot. Yup. That they do.

    This seems like it might be true in the (not necessarily all that common) case of a protocol whose security is fucked-by-design competing with a protocol that isn't fundamentally flawed, in a marketplace with buyers who place a premium on security, rather than price, features, time-to-market, etc.

    Outside of that, though, much of the competition and security polishing seems to be at the level of competing implementations of the same protocols(and, particularly in the case of very complex ones, the de-facto modification of the protocol by abandonment of its weirder historical features). It also often seems to be the case that(unless you are in the very small formally-proven-systems-written-in-Ada market, or something of that sort) v1.0 of snazzynewprotocol is a bit of a clusterfuck, and is available in only a single implementation, also highly dubious, while the old standbys have been polished considerably and have a number of implementations available...
  • by postbigbang ( 761081 ) on Monday August 22, 2011 @09:50PM (#37174014)

    It's pretty freshmen-ish stuff. FTP hasn't been used in a long time. Glass-screen protocols went the way of the 386 long ago. I'm surprised these guys don't understand various secure protocols, key exchange methods, and so forth. Nice fluffy stuff, but very dated for the reality check. Show me someone using ftp and I'll show you a password theft followed by a crack. Ye gawds.

Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie

Working...