From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ryoyi-0007Wd-DX for garchives@archives.gentoo.org; Sat, 18 Feb 2012 18:25:48 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D575DE0E39; Sat, 18 Feb 2012 18:25:39 +0000 (UTC) Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53]) by pigeon.gentoo.org (Postfix) with ESMTP id CBBA3E09DF for ; Sat, 18 Feb 2012 18:24:36 +0000 (UTC) Received: by bkcit16 with SMTP id it16so4277684bkc.40 for ; Sat, 18 Feb 2012 10:24:36 -0800 (PST) Received-SPF: pass (google.com: domain of mikemol@gmail.com designates 10.204.153.15 as permitted sender) client-ip=10.204.153.15; Authentication-Results: mr.google.com; spf=pass (google.com: domain of mikemol@gmail.com designates 10.204.153.15 as permitted sender) smtp.mail=mikemol@gmail.com; dkim=pass header.i=mikemol@gmail.com Received: from mr.google.com ([10.204.153.15]) by 10.204.153.15 with SMTP id i15mr7636369bkw.104.1329589476012 (num_hops = 1); Sat, 18 Feb 2012 10:24:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=b68NX+N7eceN5OUKr1X3i3HG407oSW0r9Bx16aq4+6I=; b=AJHQlXmj0+TRCP9HK3RbtCRq7GdQ1CT9+R0kd3QxsgOpt7rS2diAHRhlDYc9XvRRLS ZD/lXutOnaTR3otCn5R8Apx1QeARknRRqUwnNuL/O0pBSkE7LGSAI4HDKzStamz5/+l7 ExN2jXmphHnSO6w8hirKgMsa0mIbJgZpR2UOc= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.204.153.15 with SMTP id i15mr6197484bkw.104.1329589474118; Sat, 18 Feb 2012 10:24:34 -0800 (PST) Received: by 10.205.124.129 with HTTP; Sat, 18 Feb 2012 10:24:34 -0800 (PST) Received: by 10.205.124.129 with HTTP; Sat, 18 Feb 2012 10:24:34 -0800 (PST) In-Reply-To: References: <4F3F7CBA.9020600@gmail.com> <20120218124409.43286f16@khamul.example.com> <4F3F92C0.3060506@gmail.com> <20120218163613.6b3d20c9@khamul.example.com> Date: Sat, 18 Feb 2012 13:24:34 -0500 Message-ID: Subject: Re: [gentoo-user] Somewhat OT: Any truth to this mess? From: Michael Mol To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=0015175cd5ce4d4c8504b9412c58 X-Archives-Salt: 89cc18f4-e207-4327-9140-26cef4006a4d X-Archives-Hash: c77a506fec321d54ee6c933c0e04d129 --0015175cd5ce4d4c8504b9412c58 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable And every time that's successful, it's because some idiot admin wasn't filtering their incoming BGP traffic properly. Ditto the network in Florida which acted as a black hole for the entire Internet in the late 90s. Proper training and filtering helps prevent these kinds of issues. It's happened, sure. And it will happen again. And it will be recovered from again. Policies will be adapted, trained and forgotten, again. ZZ On Feb 18, 2012 1:15 PM, "Pandu Poluan" wrote: > On Sat, Feb 18, 2012 at 21:36, Alan McKinnon > wrote: > > On Sat, 18 Feb 2012 06:00:00 -0600 > > Dale wrote: > > > >> > And no, the intartubes will NOT be switched off. > >> > > >> > >> I don't really think they can unless they just cut power to all the > >> computers. After all, the internet is supposed to be redundant right? > >> If there is a few computers still running that have a connection, it > >> is still working. Sort of anyway. > >> > >> Does make one wonder tho. They have been talking about having a > >> internet "off switch" but I'm not sure it would be that easy. > > > > To switch off the internet, you don't switch off the computers on the > > internet. You switch off the routers that drive the internet. > > > > You don't need to turn off the routers. > > Just inject BGP poison. > > I just re-found the news: > > > http://www.computerworld.com/s/article/9197019/Update_Report_sounds_alarm= _on_China_s_rerouting_of_U.S._Internet_traffic > > The article I linked above contains 2 incidents: > > The first incident rerouted traffic for a huge swath of Internet, > including traffic destined to Microsoft, the Office of the USA SecDef, > and others. > > The second incident blocked traffic for some sites, notably Twitter, > Yahoo, and Facebook. > > BOTH incidents happened because of BGP poisoning. BOTH incidents > affected traffic FROM the USA to destinations IN the USA even though > the poisoning happened from OUTSIDE of the USA. > > The country where both incidents happened (in these cases, China) is > not essential. ANY country with a BGP router connected to the backbone > can easily poison other international backbone routers. Especially if > said country has a HUGE International bandwidth. > > Rgds, > -- > FdS Pandu E Poluan > ~ IT Optimizer ~ > > =E2=80=A2 LOPSA Member #15248 > =E2=80=A2 Blog : http://pepoluan.tumblr.com > =E2=80=A2 Linked-In : http://id.linkedin.com/in/pepoluan > > --0015175cd5ce4d4c8504b9412c58 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

And every time that's successful,=C2=A0 it's because some idiot = admin wasn't filtering their incoming BGP traffic properly. Ditto the n= etwork in Florida which acted as a black hole for the entire Internet in th= e late 90s.

Proper training and filtering helps prevent these kinds of issues. It= 9;s happened, sure. And it will happen again. And it will be recovered from= again. Policies will be adapted, trained and forgotten, again.

ZZ

On Feb 18, 2012 1:15 PM, "Pandu Poluan"= ; <pandu@poluan.info> wrote:=
On Sat, Feb 18, 2012 at 21:36, Alan McKinnon <alan.mckinnon@gmail.com> wrote:
> On Sat, 18 Feb 2012 06:00:00 -0600
> Dale <rdalek1967@gmail.com<= /a>> wrote:
>
>> > And no, the intartubes will NOT be switched off.
>> >
>>
>> I don't really think they can unless they just cut power to al= l the
>> computers. =C2=A0After all, the internet is supposed to be redunda= nt right?
>> If there is a few computers still running that have a connection, = it
>> is still working. =C2=A0Sort of anyway.
>>
>> Does make one wonder tho. =C2=A0They have been talking about havin= g a
>> internet "off switch" but I'm not sure it would be t= hat easy.
>
> To switch off the internet, you don't switch off the computers on = the
> internet. You switch off the routers that drive the internet.
>

You don't need to turn off the routers.

Just inject BGP poison.

I just re-found the news:

= http://www.computerworld.com/s/article/9197019/Update_Report_sounds_alarm_o= n_China_s_rerouting_of_U.S._Internet_traffic

The article I linked above contains 2 incidents:

The first incident rerouted traffic for a huge swath of Internet,
including traffic destined to Microsoft, the Office of the USA SecDef,
and others.

The second incident blocked traffic for some sites, notably Twitter,
Yahoo, and Facebook.

BOTH incidents happened because of BGP poisoning. BOTH incidents
affected traffic FROM the USA to destinations IN the USA even though
the poisoning happened from OUTSIDE of the USA.

The country where both incidents happened (in these cases, China) is
not essential. ANY country with a BGP router connected to the backbone
can easily poison other international backbone routers. Especially if
said country has a HUGE International bandwidth.

Rgds,
--
FdS Pandu E Poluan
~ IT Optimizer ~

=C2=A0=E2=80=A2 LOPSA Member #15248
=C2=A0=E2=80=A2 Blog : http://pepoluan.tumblr.com
=C2=A0=E2=80=A2 Linked-In : http://id.linkedin.com/in/pepoluan

--0015175cd5ce4d4c8504b9412c58--