[53696] in North American Network Operators' Group
Re: Cyberattack FUD
daemon@ATHENA.MIT.EDU (Kurt Erik Lindqvist)
Wed Nov 20 16:55:14 2002
Date: Wed, 20 Nov 2002 22:54:47 +0100
Cc: <nanog@nanog.org>
To: William Waites <ww@styx.org>
From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>
In-Reply-To: <86of8kvv1v.fsf@styx.org>
Errors-To: owner-nanog-outgoing@merit.edu
> Kurt> I am not sure what you mean with 25% of the Internet? What
> Kurt> connectivity would degrade? From where to where?
>
> If you randomly select nodes to remove, by the time you have removed
> 25% of them, the network breaks up into many isolated islands. As Sean
Well, depending on topology and where you shut things off - you could
make one new island per node I take away. I don't see anything
relatively new to this. All networking people at the larger ISPs have a
pretty good knowledge of exactly which nodes to take out to...
> pointed out, the CAIDA study considered a sample of the 50k most
> connected nodes. So a successful attack aimed at 12500 big routers
> simultaneously would break the Internet into little pieces.
To be honest - you would need to go for far less than 12500 routers if
you know what you are doing. That everything worked well on the
Internet on 9-11 most likely comes from comparing it with the phone
network. The "Internet" (rather specific networks) where affected by
9-11 and only stayed up due to co-operation among a lot of people.
> Taking the fear mongering and sabre rattling too seriously is much
> more dangerous than any possible network outage.
>
Although I generally agree with this - there is a large risk with
underestimating the problem as well. We have for the last few years
been busy catching up with the attackers, mostly because of sloppiness
and laziness on the operators side. no ip directed broadcast and more
recently the discussions of ingress-filtering are just examples of this.
- kurtis -
