[132178] in North American Network Operators' Group
Re: FUD: 15% of world's internet traffic hijacked
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Wed Nov 17 11:56:57 2010
From: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <9d6ee1807a9547e918ac6d2336cb9b71@192.168.152.50>
Date: Wed, 17 Nov 2010 11:56:44 -0500
To: Ryan Rawdon <ryan@u13.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Anyone want to give me a quote for an AmericaFree.TV report ? Off-list, =
please.
Regards
Marshall
On Nov 17, 2010, at 11:51 AM, Ryan Rawdon wrote:
>=20
>=20
> On Wed, 17 Nov 2010 11:45:14 -0500, Bob Poortinga
> <bobp+nanog@webster.tsc.com> wrote:
>> This is starting to be picked up by mainstream media, but was was =
first
>> reported here (I believe):
>>=20
>>=20
> =
<http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=3D24=
9>
>>=20
>> "Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet
>> Traffic"
>>=20
>> "For 18 minutes in April, China.s state-controlled telecommunications
>> company
>> hijacked 15 percent of the world.s Internet traffic, including data
> from
>> U.S.
>> military, civilian organizations and those of other U.S. allies."
>>=20
>> This article, which quotes Dmitri Alperovitch of McAfee, is full of
> false
>> data as far as I can tell. I assert that much less than 15%, =
probably
> on
>> the order of 1% to 2% (much less in the US) was actually diverted. =
The
>> correct statement is that 15% of the world's network prefixes were
>> "hijacked",
>> but the impact was minimal in the US.
>>=20
>> My concern is that this "report" will be presented to the US Congress
>> without
>> being refuted by experts in the know.
>>=20
>> My request is that someone with some gravitas please issue a press
> release
>> setting the facts straight on this matter. I have been in contact =
with
> Dan
>> Goodin at The Register but I'm just a lowly grunt with a small =
network.
>=20
> Also worth pointing out that if this was a normal prefix hijack =
without
> them actually delivering the packets to the intended recipient =
(unlikely
> the case), then there would be very little TCP data seen. A few =
packets on
> existing connections before they time out, and SYNs on new connection
> attempts. Unless they were able to push the traffic back to another =
ISP
> which didn't see their originated routes, things would break more =
likely
> than be "routed via" the hijacking AS.
>=20
> Ryan
>=20
>=20
>=20
