nanog mailing list archives

Re: FUD: 15% of world's internet traffic hijacked

From: Marshall Eubanks <tme () americafree tv>
Date: Wed, 1 Dec 2010 15:42:55 -0500

Dear Randy;

On Dec 1, 2010, at 3:28 PM, Randy Bush wrote:

At the very least you might want to review:
http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
Renesys provides one data point but there are others that clearly show
traffic routed *through* China (meaning they did indeed
originate/hijack, and then pass data on to the original destination).


as usual i see no traffic measurements in the renesys note.  i see
inference of traffic based on some control plane measurements.  and, has
been shown, such inferences are highly suspect.


Doesn't this traceroute (from the above) seem fairly convincing of transit ? (Not of the _amount_ of transit, just of 
its _existence_ ?) 

...here's one of the typical traceroutes we saw during the incident, between the London Internet Exchange and a host in 
the USA, passing through China Telecom. This trace was collected at 16:03 UTC, about 13 minutes into the event. Total 
time in transit is 525ms (this trace typically takes no more than 110ms under normal conditions).

1. <our host>   0.785ms         # London
2. 195.66.248.229       1.752ms         # London
3. 195.66.225.54        1.371ms         # London
4. 202.97.52.101        399.707ms               # China Telecom
5. 202.97.60.6  408.006ms               # China Telecom
6. 202.97.53.121        432.204ms               # China Telecom
7. 4.71.114.101 323.690ms               # Level3
8. 4.68.18.254  357.566ms               # Level3
9. 4.69.134.221 481.273ms               # Level3
10. 4.69.132.14 506.159ms               # Level3
11. 4.69.132.78 463.024ms               # Level3
12. 4.71.170.78 449.416ms               # Level3
13. 66.174.98.66        456.970ms               # Verizon
14. 66.174.105.24       459.652ms               # Verizon
[.. four more Verizon hops ..]                          
19. 69.83.32.3  508.757ms               # Verizon
20. <last hop>  516.006ms               # Verizon

And doesn't the graph in  Craig Labovitz's blog seem consistent with a modest (not overwhelming, or even unusual) 
amount of excess traffic during the event ? 

http://asert.arbornetworks.com/2010/11/china-hijacks-15-of-internet-traffic/

So, putting this, and everything else, together, wouldn't it be reasonable to conclude, that

- some traffic was diverted but
- nowhere near 15% of the Internet, by orders of magnitude ?

Regards
Marshall

randy

Current thread:

Re: FUD: 15% of world's internet traffic hijacked Randy Bush (Dec 01)
- Re: FUD: 15% of world's internet traffic hijacked Marshall Eubanks (Dec 01)
- Re: FUD: 15% of world's internet traffic hijacked Christopher Morrow (Dec 01)
  - Re: FUD: 15% of world's internet traffic hijacked Randy Bush (Dec 01)
    - Re: FUD: 15% of world's internet traffic hijacked Christopher Morrow (Dec 01)
    - Re: FUD: 15% of world's internet traffic hijacked Brett Watson (Dec 01)
    - Re: FUD: 15% of world's internet traffic hijacked James Hess (Dec 02)
    - Re: FUD: 15% of world's internet traffic hijacked Jeremy L. Gaddis (Dec 02)