Off by Default!

  • ,
  • Yatin Chawathe ,
  • Sylvia Ratnasamy ,
  • Timothy Roscoe ,
  • Scott Shenker

Published by ACM

Publication

The original Internet architecture was designed to provide universal reachability; any host can send any amount of traffic (modulo congestion control) to any destination. This blanket openness enabled the Internet to adopt a single, globally routable address space. Unfortunately, today’s less trustworthy Internet environment has revealed the downside of such openness—every host is vulnerable to attack by any other host(s). In the face of mounting security concerns, a primitive set of protective mechanisms (such as firewalls and NATs) have been widely deployed while the research community has produced numerous proposals that address security vulnerabilities in a more comprehensive fashion.