Cyberattack FUD

Kurt Erik Lindqvist kurtis at kurtis.pp.se
Wed Nov 20 21:54:47 UTC 2002


>     Kurt> I am not  sure what you mean with 25%  of the Internet? What
>     Kurt> connectivity would degrade? From where to where?
>
> If you randomly  select nodes to remove, by the  time you have removed
> 25% of them, the network breaks up into many isolated islands. As Sean

Well, depending on topology and where you shut things off - you could 
make one new island per node I take away. I don't see anything 
relatively new to this. All networking people at the larger ISPs have a 
pretty good knowledge of exactly which nodes to take out to...

> pointed  out, the  CAIDA study  considered a  sample of  the  50k most
> connected nodes.  So a  successful attack aimed  at 12500  big routers
> simultaneously would break the Internet into little pieces.

To be honest - you would need to go for far less than 12500 routers if 
you know what you are doing. That everything worked well on the 
Internet on 9-11 most likely comes from comparing it with the phone 
network. The "Internet" (rather specific networks) where affected by 
9-11 and only stayed up due to co-operation among a lot of people.

> Taking the  fear mongering  and sabre rattling  too seriously  is much
> more dangerous than any possible network outage.
>

Although I generally agree with this - there is a large risk with 
underestimating the problem as well. We have for the last few years 
been busy catching up with the attackers, mostly because of sloppiness 
and laziness on the operators side. no ip directed broadcast and more 
recently the discussions of ingress-filtering are just examples of this.

- kurtis -




More information about the NANOG mailing list