[132793] in North American Network Operators' Group
Re: FUD: 15% of world's internet traffic hijacked
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Wed Dec 1 15:42:59 2010
From: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <m2fwuhkzjv.wl%randy@psg.com>
Date: Wed, 1 Dec 2010 15:42:55 -0500
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dear Randy;
On Dec 1, 2010, at 3:28 PM, Randy Bush wrote:
>> At the very least you might want to review:
>> http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
>> Renesys provides one data point but there are others that clearly =
show
>> traffic routed *through* China (meaning they did indeed
>> originate/hijack, and then pass data on to the original destination).
>=20
> as usual i see no traffic measurements in the renesys note. i see
> inference of traffic based on some control plane measurements. and, =
has
> been shown, such inferences are highly suspect.
>=20
Doesn't this traceroute (from the above) seem fairly convincing of =
transit ? (Not of the _amount_ of transit, just of its _existence_ ?)=20
...here's one of the typical traceroutes we saw during the incident, =
between the London Internet Exchange and a host in the USA, passing =
through China Telecom. This trace was collected at 16:03 UTC, about 13 =
minutes into the event. Total time in transit is 525ms (this trace =
typically takes no more than 110ms under normal conditions).
1. <our host> 0.785ms # London
2. 195.66.248.229 1.752ms # London
3. 195.66.225.54 1.371ms # London
4. 202.97.52.101 399.707ms # China Telecom
5. 202.97.60.6 408.006ms # China Telecom
6. 202.97.53.121 432.204ms # China Telecom
7. 4.71.114.101 323.690ms # Level3
8. 4.68.18.254 357.566ms # Level3
9. 4.69.134.221 481.273ms # Level3
10. 4.69.132.14 506.159ms # Level3
11. 4.69.132.78 463.024ms # Level3
12. 4.71.170.78 449.416ms # Level3
13. 66.174.98.66 456.970ms # Verizon
14. 66.174.105.24 459.652ms # Verizon
[.. four more Verizon hops ..] =09
19. 69.83.32.3 508.757ms # Verizon
20. <last hop> 516.006ms # Verizon
And doesn't the graph in Craig Labovitz's blog seem consistent with a =
modest (not overwhelming, or even unusual)=20
amount of excess traffic during the event ?=20
=
http://asert.arbornetworks.com/2010/11/china-hijacks-15-of-internet-traffi=
c/
So, putting this, and everything else, together, wouldn't it be =
reasonable to conclude, that
- some traffic was diverted but
- nowhere near 15% of the Internet, by orders of magnitude ?
Regards
Marshall
> randy
>=20
>=20
