FUD: 15% of world's internet traffic hijacked
Marshall Eubanks
tme at americafree.tv
Wed Dec 1 20:42:55 UTC 2010
Dear Randy;
On Dec 1, 2010, at 3:28 PM, Randy Bush wrote:
>> At the very least you might want to review:
>> http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
>> Renesys provides one data point but there are others that clearly show
>> traffic routed *through* China (meaning they did indeed
>> originate/hijack, and then pass data on to the original destination).
>
> as usual i see no traffic measurements in the renesys note. i see
> inference of traffic based on some control plane measurements. and, has
> been shown, such inferences are highly suspect.
>
Doesn't this traceroute (from the above) seem fairly convincing of transit ? (Not of the _amount_ of transit, just of its _existence_ ?)
...here's one of the typical traceroutes we saw during the incident, between the London Internet Exchange and a host in the USA, passing through China Telecom. This trace was collected at 16:03 UTC, about 13 minutes into the event. Total time in transit is 525ms (this trace typically takes no more than 110ms under normal conditions).
1. <our host> 0.785ms # London
2. 195.66.248.229 1.752ms # London
3. 195.66.225.54 1.371ms # London
4. 202.97.52.101 399.707ms # China Telecom
5. 202.97.60.6 408.006ms # China Telecom
6. 202.97.53.121 432.204ms # China Telecom
7. 4.71.114.101 323.690ms # Level3
8. 4.68.18.254 357.566ms # Level3
9. 4.69.134.221 481.273ms # Level3
10. 4.69.132.14 506.159ms # Level3
11. 4.69.132.78 463.024ms # Level3
12. 4.71.170.78 449.416ms # Level3
13. 66.174.98.66 456.970ms # Verizon
14. 66.174.105.24 459.652ms # Verizon
[.. four more Verizon hops ..]
19. 69.83.32.3 508.757ms # Verizon
20. <last hop> 516.006ms # Verizon
And doesn't the graph in Craig Labovitz's blog seem consistent with a modest (not overwhelming, or even unusual)
amount of excess traffic during the event ?
http://asert.arbornetworks.com/2010/11/china-hijacks-15-of-internet-traffic/
So, putting this, and everything else, together, wouldn't it be reasonable to conclude, that
- some traffic was diverted but
- nowhere near 15% of the Internet, by orders of magnitude ?
Regards
Marshall
> randy
>
>
More information about the NANOG
mailing list