Vulnerbilities of Interconnection

"Again, it seems more likely and more technically effective to attack
internally than physically. Focus again here on the cost/benefit
analysis from both the provider and disrupter perspective and you will
see what I mean."

Is there a general consensus that cyber/internal attacks are more
effective/dangerous than physical attacks. Anecdotally it seems the
largest Internet downages have been from physical cuts or failures.

2001 Baltimore train tunnel vs. code red worm (see keynote report)
1999 Mclean fiber cut - cement truck
AT&T cascading switch failure
Utah fiber cut (date??)
Not sure where the MAI mess up at MAE east falls
Utah fiber cut (date??)

Then again this is the biased perspetive of the facet I'm researching

Secondly it seems that problems arise from physical cuts not because
of a lack of redundant paths but a bottlneck in peering and transit -
resulting in ripple effects seen with the Baltimore incident.

The thing is, the major cuts are not "attacks;" the backhoe operators
aren't gunning for our fiber (no matter how much it seems like they
are). If I wanted to disrupt traffic, intentionally and maliciously,
I would not derail a train into a fiber path. Doing so would be very
difficult, and the legal ramifications (murder, destruction of
property, etc, etc) are quite clear and severe. However, if I
ping-bomb you from a thousand "0wn3d" PCs on cable modems, I never had
to leave my parents' basement, I'm harder to trace by normal police
methods, and the question of which laws that can be applied to me is
less clear.

-Dave

The thing is, the major cuts are not "attacks;" the backhoe operators
aren't gunning for our fiber (no matter how much it seems like they
are). If I wanted to disrupt traffic, intentionally and maliciously,
I would not derail a train into a fiber path. Doing so would be very
difficult, and the legal ramifications (murder, destruction of
property, etc, etc) are quite clear and severe. However, if I
ping-bomb you from a thousand "0wn3d" PCs on cable modems, I never had
to leave my parents' basement, I'm harder to trace by normal police
methods, and the question of which laws that can be applied to me is
less clear.

This fails to address how this affects someone who has no problem with legal
ramfications - i.e. a terrorist.

Alex

Even a terrorist will tend towards things that allow him to continue
to be a terrorist. If I can do X amount of damage, and get caught, or
do X amount of damage, and not get caught, then he'll do the second.
Even a terrorist that will die to kill will probably not die to
inconvenience.

> This fails to address how this affects someone who has no problem with legal
> ramfications - i.e. a terrorist.

Even a terrorist will tend towards things that allow him to continue
to be a terrorist. If I can do X amount of damage, and get caught, or
do X amount of damage, and not get caught, then he'll do the second.
Even a terrorist that will die to kill will probably not die to
inconvenience.

This presumes he subscribes to the western value system. It had been proven
to be a fatally incorrect presumption.

Alex

To reinforce a dissenting opinion, And your explanation accounts for
suicide bombers how? I would think a smoking hole in the ground
containing a train or whatever, particularly if lose of life is
involved, would be much more appealing to the motivations of most
terrorists than a couple of computers with blue screens of death. I
would think 9-11 would provide a compelling example of current terrorist
practice.

Just my 2�

Best regards,

My explanation accounts for suicide bombers in the statement: "Even
terrorist that will die to kill will probably not die to
inconvenience." This does not presume a western value system, either,
as somebody suggested. Many a terrorist will gladly give their lives
to destroy a hated enemy, or to terrify them, or to change their way
of life. I cannot believe, however, that there are people who will
give their lives to increase the download times for porn for a few
days.

-Dave

My explanation accounts for suicide bombers in the statement: "Even
terrorist that will die to kill will probably not die to
inconvenience." This does not presume a western value system, either,
as somebody suggested. Many a terrorist will gladly give their lives
to destroy a hated enemy, or to terrify them, or to change their way
of life. I cannot believe, however, that there are people who will
give their lives to increase the download times for porn for a few
days.

Taking out an a collo would more than just increase time to download porn
for a few days.

alex

Hi,

sgorman1@gmu.edu wrote:

"Again, it seems more likely and more technically effective to attack
internally than physically. Focus again here on the cost/benefit
analysis from both the provider and disrupter perspective and you will
see what I mean."

Is there a general consensus that cyber/internal attacks are more
effective/dangerous than physical attacks. Anecdotally it seems the
largest Internet downages have been from physical cuts or failures.

It depends on what you consider and internet outage. Or how you define
that. IMHO.

Jane

> Is there a general consensus that cyber/internal attacks are more
> effective/dangerous than physical attacks. Anecdotally it seems the
> largest Internet downages have been from physical cuts or failures.

It depends on what you consider and internet outage. Or how you define
that. IMHO.

Lets bring this discussion to a some common ground -

What kind of implact on the global internet would we see should we observe
nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
major known interconnect facilities?

Alex

Keep in mind that traffic in the global internet after N x 500 kgs of
explosives are simultaneously detonated will upsurge, directed towards
major news sites.

I'll go back to lurking now.

Ryan

Hi Alex,

alex@yuriev.com wrote:

> > Is there a general consensus that cyber/internal attacks are more
> > effective/dangerous than physical attacks. Anecdotally it seems the
> > largest Internet downages have been from physical cuts or failures.
>
> It depends on what you consider and internet outage. Or how you define
> that. IMHO.

Lets bring this discussion to a some common ground -

What kind of implact on the global internet would we see should we observe
nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
major known interconnect facilities?

N? Well, if you define N as the number of interconnect facilities, such
as all the Equinix sites (and I'm not banging on Equinix, it's just
where we started all this) then I think globally, it wouldn't make that
much difference. People in Tokyo would still be able to reach the globe
and both coasts of the US. Maybe some sites in the interior of the US
would be difficult to reach. I'd have to run a model to be sure, but
every one of the major seven have rerouting methodologies that would
recover from the loss. And I don't think they exclusively peer at
Equinix. The more I think about it, the more sure I am that they don't.
However I could be wrong. Wouldn't be the first time.

Jane

>
> Lets bring this discussion to a some common ground -
>
> What kind of implact on the global internet would we see should we observe
> nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> major known interconnect facilities?

N? Well, if you define N as the number of interconnect facilities, such
as all the Equinix sites

Lets say that N is 4 and they are all in the US, for the sake of the
discussion.

(and I'm not banging on Equinix, it's just
where we started all this) then I think globally, it wouldn't make that
much difference. People in Tokyo would still be able to reach the globe
and both coasts of the US.

This presumes that the networks peer with the same AS numbers everywhere in
the world, which I dont think they do.

The other thing to think about is that the physical transport will be
affected as well. Wavelenth customers will lose their paths. Circuit
customers that rely on some equipment located at the affected sites, losing
their circuits.

Alex

I'm guessing increased packet loss and latency

Oh yeah, horrible loss of life and another blow to the economy.

- Daniel Golding

Hi Alex,

alex@yuriev.com wrote:

> >
> > Lets bring this discussion to a some common ground -
> >
> > What kind of implact on the global internet would we see should we observe
> > nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> > major known interconnect facilities?
>
> N? Well, if you define N as the number of interconnect facilities, such
> as all the Equinix sites

Lets say that N is 4 and they are all in the US, for the sake of the
discussion.

Which four? Makes a big difference. And there, we just got
proprietary/classified. I've often wondered what difference there would
be in attacking cable heads instead of colo sites. Cut off the country
from everywhere. How bad would that be.

> (and I'm not banging on Equinix, it's just
> where we started all this) then I think globally, it wouldn't make that
> much difference. People in Tokyo would still be able to reach the globe
> and both coasts of the US.

This presumes that the networks peer with the same AS numbers everywhere in
the world, which I dont think they do.

Hadn't thought of that. I'm not sure then of the impact.

The other thing to think about is that the physical transport will be
affected as well. Wavelenth customers will lose their paths. Circuit
customers that rely on some equipment located at the affected sites, losing
their circuits.

For individual users, it might be devastating. Overall, globally, that's
a different story.

Jane

alex@yuriev.com said:

Taking out an a collo would more than just increase time to download porn
for a few days.

and went on to say:

> > Is there a general consensus that cyber/internal attacks are more
> > effective/dangerous than physical attacks. Anecdotally it seems the
> > largest Internet downages have been from physical cuts or failures.
>
> It depends on what you consider and internet outage. Or how you define
> that. IMHO.

Lets bring this discussion to a some common ground -

What kind of implact on the global internet would we see should we observe
nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
major known interconnect facilities?

The answer to the first thing is "Yes, it would be back at full speed
in 24 hours" and the second thing is "Unless N is unreasonably large,
not much." The reason is that people like us work on running the
internet.

In case 1, suppose I am a porn magnate. (Obviously, I am not, or I
would dress better and work less, but stay with me for a moment.) I
sell two products: pictures, and online strippers. The pictures are a
static gold mine, so chances are, I have them backed up. The
strippers are at a studio near my hosting/colocation site, and
backhauled via your favorite fiber-based protocol. I get a call
saying, "Hey, a terrorist from group X walked into the colo facility
with a 12008 chassis filled with plastique, and, well, the entire site
is a charred hole in the ground." After a few seconds of horror,
greed takes over, and I call other nearby providers to see who can get
me back up today, pay the telco a nice hefty fee to reroute my SONET
connection to that provider, and the money is rolling in before
sunset.

In case 2, suppose it is 4 major peering points. No big deal for the
bulk of traffic, because the bulk of traffic goes between the big
players, and they are all privately peering. So are many of the
medium-sized folks. Smaller folks often buy transit from a larger
provider to reach everybody they cannot peer with. And even if you
don't buy transit and don't have overseas peering and lose your
connectivity because they picked your 4 favorite sites, you're not
going to be down for long, because somewhere, you are close enough to
a UUnet or a AT&T or a Level 3 who can toss you a cable until you can
get back on your feet.

Yeah, an attack can make the Internet uncomfortable and cause a lot of
scurrying and odd deals, but the provider who is completely screwed by
an attack on 1 colo or 4 peering points is going to be an exception,
not the rule.

-Dave

Wow, nothing like jumping into the middle of a running discussion after
deleting all previous messages unread

Hi Alex,

>
> > >
> > > Lets bring this discussion to a some common ground -
> > >
> > > What kind of implact on the global internet would we see should we observe
> > > nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> > > major known interconnect facilities?
> >
> > N? Well, if you define N as the number of interconnect facilities, such
> > as all the Equinix sites
>
> Lets say that N is 4 and they are all in the US, for the sake of the
> discussion.

Which four? Makes a big difference. And there, we just got
proprietary/classified. I've often wondered what difference there would
be in attacking cable heads instead of colo sites. Cut off the country
from everywhere. How bad would that be.

I was under the impression that OCS/Homeland Security had already done a
little study, perhaps aided by some other 3 letter agencies and some
Telco's, for this very thing. I was also under the impression that the
number of sites had to be sigificantly higher than 4 to do any real
damage.

>
> > (and I'm not banging on Equinix, it's just
> > where we started all this) then I think globally, it wouldn't make that
> > much difference. People in Tokyo would still be able to reach the globe
> > and both coasts of the US.
>
> This presumes that the networks peer with the same AS numbers everywhere in
> the world, which I dont think they do.

Hadn't thought of that. I'm not sure then of the impact.

Additionally, a majority of peering, big peering, isn't on public
exchanges is it? So, you'd have to find all the places that the larger
providers connect to eachother and perhaps target these. Even with this
there are the public exchanges so things 'should' fail over to them...

Overall I recall the outcome from the study being that the internet was a
significantly difficult target to completely kill, and even making a
performance impact was somewhat difficult... I will say though, that my
memory is a bit foggy on this particular study, I didn't participate in
it, and I didn't read the actual results. Any info I have on it is third
hand via a lawyer, so take all this with a grain of salt

>
> The other thing to think about is that the physical transport will be
> affected as well. Wavelenth customers will lose their paths. Circuit
> customers that rely on some equipment located at the affected sites, losing
> their circuits.
>

For individual users, it might be devastating. Overall, globally, that's
a different story.

This was about the result I heard, you can easily cut out 'mom and pop'
ISP, but cutting out a large provider is a tougher task with bombs... we
already know its possible with the right routing 'update'

I think you have a sampling bias problem.

The "biggest" national/international network disruptions have generally
been the result of operator error or software error. Its not always easy
to tell the difference. It may be better for carrier PR spin control to
blame a software/router/switch vendor.

Until recently physical disruptions have been due to causes which don't
effect the stock price, carriers were more willing to talk about them.
Carriers usually don't fire people due to backhoes, hurricanes, floods, or
train derailments.

What does this say about the effect of an external or internal
cyber-attack?

Not much. Naturally occuring physical and procedural disruptions have
different properties than a directed attack. Not the least is hurricanes
and trains don't read NANOG, and generally don't alter their behavior
based on the "recommendations" posted.

Wouldn't you prefer a good game of chess?

> > > > Lets bring this discussion to a some common ground -
> > > >
> > > > What kind of implact on the global internet would we see should we observe
> > > > nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> > > > major known interconnect facilities?
> > >
> > > N? Well, if you define N as the number of interconnect facilities, such
> > > as all the Equinix sites
> >
> > Lets say that N is 4 and they are all in the US, for the sake of the
> > discussion.
>
> Which four? Makes a big difference. And there, we just got
> proprietary/classified. I've often wondered what difference there would
> be in attacking cable heads instead of colo sites. Cut off the country
> from everywhere. How bad would that be.

I was under the impression that OCS/Homeland Security had already done a
little study, perhaps aided by some other 3 letter agencies and some
Telco's, for this very thing. I was also under the impression that the
number of sites had to be sigificantly higher than 4 to do any real
damage.

That study probably came from the same people who believe that Echelon can
intercept every single email sent, in addition to every phone conversation
and fax. Bankruptcies of two fiber carriers showed rather clear that those
companies themselves do not know where do they have what and what depends on
what.

> > > (and I'm not banging on Equinix, it's just
> > > where we started all this) then I think globally, it wouldn't make that
> > > much difference. People in Tokyo would still be able to reach the globe
> > > and both coasts of the US.
> >
> > This presumes that the networks peer with the same AS numbers everywhere in
> > the world, which I dont think they do.
>
> Hadn't thought of that. I'm not sure then of the impact.

Additionally, a majority of peering, big peering, isn't on public
exchanges is it? So, you'd have to find all the places that the larger
providers connect to eachother and perhaps target these. Even with this
there are the public exchanges so things 'should' fail over to them...

Interconnect sites are not public peering. It is simply a location where
the networks exchange traffic with each other.

This was about the result I heard, you can easily cut out 'mom and pop'
ISP, but cutting out a large provider is a tougher task with bombs... we
already know its possible with the right routing 'update'

Tell it to those whose primary facility was in one tower of WTC and backup
facility in another.

Alex

:would be difficult to reach. I'd have to run a model to be sure, but
:every one of the major seven have rerouting methodologies that would
:recover from the loss. And I don't think they exclusively peer at

Even if we were to model it, the best data we could get for
the "Internet" would be BGP routing tables. These are also
subjectve views of the rest of the net. We could take a full
table, map all the ASN adjacencies, and then pick arbtrary
ASN's to "fail", then see who is still connected, but we are
still dealing with connectivity relatve to us and our peers,
even 5+ AS-hops away.

I would imagine this is one of the tasks CAIDA.org is probably
working on, as it seems to fall within their mission.

So even if we all agreed upon a common disaster to hypothesize
on, there would be little common ground to be had, as our
interpretations could only be political arguments over what is
most important, because there is no technically objective view
of the network to forge agreement on.

Cheers,