Vulnerbilities of Interconnection

• Previous message (by thread): Vulnerbilities of Interconnection
• Next message (by thread): Vulnerbilities of Interconnection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Again, it seems more likely and more technically effective to attack 
internally than physically. Focus again here on the cost/benefit 
analysis from both the provider and disrupter perspective and you will 
see what I mean."

Is there a general consensus that cyber/internal attacks are more 
effective/dangerous than physical attacks.  Anecdotally it seems the 
largest Internet downages have been from physical cuts or failures.

2001 Baltimore train tunnel vs. code red worm (see keynote report)
1999 Mclean fiber cut - cement truck
AT&T cascading switch failure
Utah fiber cut (date??)
Not sure where the MAI mess up at MAE east falls
Utah fiber cut (date??)

Then again this is the biased perspetive of the facet I'm researching

Secondly it seems that problems arise from physical cuts not because 
of a lack of redundant paths but a bottlneck in peering and transit -  
resulting in ripple effects seen with the Baltimore incident.



----- Original Message -----
From: "William B. Norton" <wbn at equinix.com>
Date: Thursday, September 5, 2002 3:04 pm
Subject: Re: Vulnerbilities of Interconnection

> 
> At 02:45 PM 9/5/2002 -0400, alex at yuriev.com wrote:
> >This obviously would be a thesis of Equinix and other collo space 
> providers,>since this is exactly the service that they provide. It 
> won't, hower, be a
> >thesis of any major network that either already has a lot of 
> infrastructure>in place or has to be a network that is supposed to 
> survive a physical
> >attack.
> 
> Actually, the underlying assumption of this paper is that major 
> networks 
> already have a large global backbone that need to interconnect in 
> n-regions. The choice between Direct Circuits and Colo-based cross 
> connects 
> is discussed and documented with costs and tradeoffs. Surviving a 
> major 
> attack was not the focus of the paper...but...
> 
> When I did this research I asked ISPs how many Exchange Points 
> they felt 
> were needed in a region. Many said one was sufficient, that they 
> were 
> resilient across multiple exchange points and transit 
> relationships, and 
> preferred to engineer their own diversity separate from regional 
> exchanges. 
> A bunch said that two was the right number, each with different 
> operating 
> procedures, geographic locations, providers of fiber, etc. , as 
> different 
> as possible. Folks seemed unanimous about there not being more 
> than two 
> IXes in a region, that to do so would splinter the peering 
population.
> 
> Bill Woodcock was the exception to this last claim, positing 
> (paraphrasing) 
> that peering is an local routing optimization and that many 
> inexpensive 
> (relatively insecured) IXes are acceptable. The loss of any one 
> simply 
> removes the local  routing optimization and that transit is always 
> an 
> alternative for that traffic.
> 
> >
> > > A couple physical security considerations came out of that 
> research:> > 1) Consider that man holes are not always secured, 
> providing access to
> > > metro fiber runs, while there is generally greater security 
within
> > > colocation environments
> >
> >This is all great, except that the same metro fiber runs are used 
> to get
> >carriers into the super-secure facility, and, since neither those 
who
> >originate information, nor those who ultimately consume the 
> information are
> >located completely within facility, you still have the same 
> problem.  If we
> >add to it that the diverse fibers tend to aggregate in the 
> basement of the
> >building that houses the facility, multiple carriers use the same 
> manholes>for their diverse fiber and so on.
> 
> Fine - we both agree that no transport provider is entirely 
> protected from 
> physical tampering if its fiber travels through insecure 
> passageways. Note 
> that some transport capacity into an IX doesn't necessarily travel 
> along 
> the same path as the metro providers, particularly those IXes 
> located 
> outside a metro region. There are also a multitude of paths, 
> proportional 
> to the # of providers still around in the metro area, that provide 
> alternative paths into the IX. Within an IX therefore is a 
> concentration of 
> alternative providers,  and these alternative providers can be 
> used as 
> needed in the event of a path cut.
> 
> 
> > > 2) It is faster to repair physical disruptions at fewer 
> points, leveraging
> > > cutovers to alternative providers present in the collocation 
> IX model, as
> > > opposed to the Direct Circuit model where provisioning additional
> > > capacities to many end points may take days or months.
> >
> >This again is great in theory, unless you are talking about 
> someone who
> >is planning on taking out the IX not accidently, but 
> deliberately. To
> >illustrate this, one just needs to recall the infamous fiber cut 
> in McLean
> >in 1999 when a backhoe not just cut Worldcom and Level(3) 
> circuits, but
> >somehow let a cement truck to pour cement into Verizon's manhole 
> that was
> >used by Level(3) and Worldcom.
> 
> Terrorists in cement trucks?
> 
> Again, it seems more likely and more technically effective to 
> attack 
> internally than physically. Focus again here on the cost/benefit 
> analysis 
> from both the provider and disrupter perspective and you will see 
> what I mean.
> 
> 
> >Alex
> 
> 
> 

• Previous message (by thread): Vulnerbilities of Interconnection
• Next message (by thread): Vulnerbilities of Interconnection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]