[gentoo-user] Somewhat OT: Any truth to this mess?

[gentoo-user] Somewhat OT: Any truth to this mess?

[Dale]

Howdy,

I ran across this and though it was a joke.  Did a news search and sure
enough, it is reported in lots of places.  Random linky:

http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml

Is there any truth to this mess?  My bigger and better question, how is
shutting down the internet going to fix this?  When the net comes back
up, they are still going to be infected.  Right?

I'm glad I run a really nice Linux OS.

Dale

:-)  :-)
-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Alan McKinnon]

On Sat, 18 Feb 2012 04:26:02 -0600
Dale <rdalek1967@gmail.com> wrote:

> Howdy,
> 
> I ran across this and though it was a joke.  Did a news search and
> sure enough, it is reported in lots of places.  Random linky:
> 
> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml
> 
> Is there any truth to this mess?  My bigger and better question, how
> is shutting down the internet going to fix this?  When the net comes
> back up, they are still going to be infected.  Right?
> 
> I'm glad I run a really nice Linux OS.


Gawd, I hate it when morons write sensational articles that attempt to
make sense to other morons. You get crap like that.

So if this is legit, and I'm not saying it is, what happened is this:

The malware changes the DNS cache settings on infected machines,
sending the user to rogue caches. The FBI captured some (or all) of
these rogue caches and (possibly) tried to fix them. A court has now
said those rogue caches must now be shut down.

So if the morons reading the article do nothing, on March 8 the DNS
caches they use will be down. The user's DNS will not work.

OMFG!!!!!!! Da intartubes is broken!!!!!

<sigh>

Instead, why not just set the DNS caches to something NOT owned by Ivan
The Russian Spammer?

And no, the intartubes will NOT be switched off.




-- 
Alan McKinnnon
alan.mckinnon@gmail.com

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Dale]

Alan McKinnon wrote:
> On Sat, 18 Feb 2012 04:26:02 -0600
> Dale <rdalek1967@gmail.com> wrote:
> 
>> Howdy,
>>
>> I ran across this and though it was a joke.  Did a news search and
>> sure enough, it is reported in lots of places.  Random linky:
>>
>> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml
>>
>> Is there any truth to this mess?  My bigger and better question, how
>> is shutting down the internet going to fix this?  When the net comes
>> back up, they are still going to be infected.  Right?
>>
>> I'm glad I run a really nice Linux OS.
> 
> 
> Gawd, I hate it when morons write sensational articles that attempt to
> make sense to other morons. You get crap like that.
> 
> So if this is legit, and I'm not saying it is, what happened is this:
> 
> The malware changes the DNS cache settings on infected machines,
> sending the user to rogue caches. The FBI captured some (or all) of
> these rogue caches and (possibly) tried to fix them. A court has now
> said those rogue caches must now be shut down.
> 
> So if the morons reading the article do nothing, on March 8 the DNS
> caches they use will be down. The user's DNS will not work.
> 
> OMFG!!!!!!! Da intartubes is broken!!!!!
> 
> <sigh>
> 
> Instead, why not just set the DNS caches to something NOT owned by Ivan
> The Russian Spammer?
> 
> And no, the intartubes will NOT be switched off.
> 

I don't really think they can unless they just cut power to all the
computers.  After all, the internet is supposed to be redundant right?
If there is a few computers still running that have a connection, it is
still working.  Sort of anyway.

Does make one wonder tho.  They have been talking about having a
internet "off switch" but I'm not sure it would be that easy.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Volker Armin Hemmann]

Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
> Alan McKinnon wrote:
> > On Sat, 18 Feb 2012 04:26:02 -0600
> > 
> > Dale <rdalek1967@gmail.com> wrote:
> >> Howdy,
> >> 
> >> I ran across this and though it was a joke.  Did a news search and
> >> sure enough, it is reported in lots of places.  Random linky:
> >> 
> >> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-Ma
> >> rch-8-virus-concerns.html?ito=feeds-newsxml
> >> 
> >> Is there any truth to this mess?  My bigger and better question, how
> >> is shutting down the internet going to fix this?  When the net comes
> >> back up, they are still going to be infected.  Right?
> >> 
> >> I'm glad I run a really nice Linux OS.
> > 
> > Gawd, I hate it when morons write sensational articles that attempt to
> > make sense to other morons. You get crap like that.
> > 
> > So if this is legit, and I'm not saying it is, what happened is this:
> > 
> > The malware changes the DNS cache settings on infected machines,
> > sending the user to rogue caches. The FBI captured some (or all) of
> > these rogue caches and (possibly) tried to fix them. A court has now
> > said those rogue caches must now be shut down.
> > 
> > So if the morons reading the article do nothing, on March 8 the DNS
> > caches they use will be down. The user's DNS will not work.
> > 
> > OMFG!!!!!!! Da intartubes is broken!!!!!
> > 
> > <sigh>
> > 
> > Instead, why not just set the DNS caches to something NOT owned by Ivan
> > The Russian Spammer?
> > 
> > And no, the intartubes will NOT be switched off.
> 
> I don't really think they can unless they just cut power to all the
> computers.  After all, the internet is supposed to be redundant right?
> If there is a few computers still running that have a connection, it is
> still working.  Sort of anyway.
> 
> Does make one wonder tho.  They have been talking about having a
> internet "off switch" but I'm not sure it would be that easy.

basically, yes. Take down the core routers and backbones and everything falls 
apart.

-- 
#163933

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Dale]

Volker Armin Hemmann wrote:
> Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:

>>
>> I don't really think they can unless they just cut power to all the
>> computers.  After all, the internet is supposed to be redundant right?
>> If there is a few computers still running that have a connection, it is
>> still working.  Sort of anyway.
>>
>> Does make one wonder tho.  They have been talking about having a
>> internet "off switch" but I'm not sure it would be that easy.
> 
> basically, yes. Take down the core routers and backbones and everything falls 
> apart.
> 

But how long would it take to actually do this?

Another thing, the Government, especially the military, uses the
internet too.  What would they do?  Without?  What about other
countries?  Just because the US Government wants the net shut down does
not mean other countries would follow.

I'm just curious as to how this could be done and just how any person
can shut down the internet globally much less one country.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Alan McKinnon]

On Sat, 18 Feb 2012 06:39:27 -0600
Dale <rdalek1967@gmail.com> wrote:

> Volker Armin Hemmann wrote:
> > Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
> 
> >>
> >> I don't really think they can unless they just cut power to all the
> >> computers.  After all, the internet is supposed to be redundant
> >> right? If there is a few computers still running that have a
> >> connection, it is still working.  Sort of anyway.
> >>
> >> Does make one wonder tho.  They have been talking about having a
> >> internet "off switch" but I'm not sure it would be that easy.
> > 
> > basically, yes. Take down the core routers and backbones and
> > everything falls apart.
> > 
> 
> But how long would it take to actually do this?
> 
> Another thing, the Government, especially the military, uses the
> internet too.

Not quite. They use the same internet *technology* you do, not
necessarily the same internet *devices*.


-- 
Alan McKinnnon
alan.mckinnon@gmail.com

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Dale]

Alan McKinnon wrote:
> On Sat, 18 Feb 2012 06:39:27 -0600
> Dale <rdalek1967@gmail.com> wrote:
> 
>> Volker Armin Hemmann wrote:
>>> Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
>>
>>>>
>>>> I don't really think they can unless they just cut power to all the
>>>> computers.  After all, the internet is supposed to be redundant
>>>> right? If there is a few computers still running that have a
>>>> connection, it is still working.  Sort of anyway.
>>>>
>>>> Does make one wonder tho.  They have been talking about having a
>>>> internet "off switch" but I'm not sure it would be that easy.
>>>
>>> basically, yes. Take down the core routers and backbones and
>>> everything falls apart.
>>>
>>
>> But how long would it take to actually do this?
>>
>> Another thing, the Government, especially the military, uses the
>> internet too.
> 
> Not quite. They use the same internet *technology* you do, not
> necessarily the same internet *devices*.
> 
> 


What about banks?  Credit cards?  Heck, even food stamp cards?  Would
phones work?  I'm not just thinking about Vonage or Skype either.

When you think about all this stuff, it could get scary.  If the
internet went down, even by accident somehow, what all would we lose and
not realize it?

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Michael Mol]

On Sat, Feb 18, 2012 at 10:34 AM, Dale <rdalek1967@gmail.com> wrote:
> Alan McKinnon wrote:
>> On Sat, 18 Feb 2012 06:39:27 -0600
>> Dale <rdalek1967@gmail.com> wrote:
>>
>>> Volker Armin Hemmann wrote:
>>>> Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
>>>
>>>>>
>>>>> I don't really think they can unless they just cut power to all the
>>>>> computers.  After all, the internet is supposed to be redundant
>>>>> right? If there is a few computers still running that have a
>>>>> connection, it is still working.  Sort of anyway.
>>>>>
>>>>> Does make one wonder tho.  They have been talking about having a
>>>>> internet "off switch" but I'm not sure it would be that easy.
>>>>
>>>> basically, yes. Take down the core routers and backbones and
>>>> everything falls apart.
>>>>
>>>
>>> But how long would it take to actually do this?
>>>
>>> Another thing, the Government, especially the military, uses the
>>> internet too.
>>
>> Not quite. They use the same internet *technology* you do, not
>> necessarily the same internet *devices*.
>>
>>
>
>
> What about banks?  Credit cards?  Heck, even food stamp cards?  Would
> phones work?  I'm not just thinking about Vonage or Skype either.

Banks, credit cards, etc. mostly operate on leased lines (Think T1,
T2, T3...) and landlines (point-of-sale vending, though that's
changing. ATMs also operate on landlines, and I don't believe that's
changing.).

You'd still have access to your money. You'd just have to go to a bank
branch or an ATM.

This whole thread is full panicked reasoning. The biggest risk we face
is a scenario like Iran or Egypt's, where the government requires
controls on border routers. Most likely, they'd do it at the ISP
level, not at the core router level. That said, they could conceivably
demand core router operators acquiesce to their demands, but the worst
you're likely to see there is some network blocks' being dropped
offline.

And it's not so easy to take the Internet down with injected BGP
routes any more, either; most network operators apply some sort of
filtering.

-- 
:wq

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Dale]

Michael Mol wrote:
> On Sat, Feb 18, 2012 at 10:34 AM, Dale <rdalek1967@gmail.com> wrote:
>> Alan McKinnon wrote:
>>> On Sat, 18 Feb 2012 06:39:27 -0600
>>> Dale <rdalek1967@gmail.com> wrote:
>>>
>>>> Volker Armin Hemmann wrote:
>>>>> Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
>>>>
>>>>>>
>>>>>> I don't really think they can unless they just cut power to all the
>>>>>> computers.  After all, the internet is supposed to be redundant
>>>>>> right? If there is a few computers still running that have a
>>>>>> connection, it is still working.  Sort of anyway.
>>>>>>
>>>>>> Does make one wonder tho.  They have been talking about having a
>>>>>> internet "off switch" but I'm not sure it would be that easy.
>>>>>
>>>>> basically, yes. Take down the core routers and backbones and
>>>>> everything falls apart.
>>>>>
>>>>
>>>> But how long would it take to actually do this?
>>>>
>>>> Another thing, the Government, especially the military, uses the
>>>> internet too.
>>>
>>> Not quite. They use the same internet *technology* you do, not
>>> necessarily the same internet *devices*.
>>>
>>>
>>
>>
>> What about banks?  Credit cards?  Heck, even food stamp cards?  Would
>> phones work?  I'm not just thinking about Vonage or Skype either.
> 
> Banks, credit cards, etc. mostly operate on leased lines (Think T1,
> T2, T3...) and landlines (point-of-sale vending, though that's
> changing. ATMs also operate on landlines, and I don't believe that's
> changing.).
> 
> You'd still have access to your money. You'd just have to go to a bank
> branch or an ATM.
> 
> This whole thread is full panicked reasoning. The biggest risk we face
> is a scenario like Iran or Egypt's, where the government requires
> controls on border routers. Most likely, they'd do it at the ISP
> level, not at the core router level. That said, they could conceivably
> demand core router operators acquiesce to their demands, but the worst
> you're likely to see there is some network blocks' being dropped
> offline.
> 
> And it's not so easy to take the Internet down with injected BGP
> routes any more, either; most network operators apply some sort of
> filtering.
> 


That has been my thinking all along.  I don't think it would shut down
quietly if it can be done at all.  I was just curious as to what we
would lose if it did go down.  As to the cards, I know when I go to a
store that is a Mom and Pop, they use dial-up.  They may connect
directly to the bank but it dials something.

I mostly think two things.  1:  The Government would have a very hard
time shutting down the internet especially globally.  2:  If it did and
I was the Pres, I'd go find me a bunker.  I can picture pitch forks,
torches and some really pissed off people.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Pandu Poluan]

On Sat, Feb 18, 2012 at 23:18, Michael Mol <mikemol@gmail.com> wrote:
>

---- >8 snippage

>
> And it's not so easy to take the Internet down with injected BGP
> routes any more, either; most network operators apply some sort of
> filtering.
>

Yes, there *are* filters against injecting BGP from non-trusted sources.

But if the government somehow controls a Network Service Provider
(NSP, the maintainers of Internet backbones), they can easily poison
the BGP updates. Routers connected to the NSP will happily accept the
poisoned updates since they rely on the NSP to provide "big picture"
traffic management.

Rgds,
-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pepoluan.tumblr.com
 • Linked-In : http://id.linkedin.com/in/pepoluan

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Michael Mol]

[-- Attachment #1: Type: text/plain, Size: 1304 bytes --]

(Sorry for the top-post...I'm mobile atm.)

My understanding is that core network operators filter ASs for which they
don't have a contract for transit. I.e, if I were to get my own PI space,
I'd have to pay tier 1 networks (or pay someone to ride on *their*
contract) for a contract to have packets destined for my AS to be able to
reach me across their network.

ZZ
On Feb 18, 2012 1:04 PM, "Pandu Poluan" <pandu@poluan.info> wrote:

> On Sat, Feb 18, 2012 at 23:18, Michael Mol <mikemol@gmail.com> wrote:
> >
>
> ---- >8 snippage
>
> >
> > And it's not so easy to take the Internet down with injected BGP
> > routes any more, either; most network operators apply some sort of
> > filtering.
> >
>
> Yes, there *are* filters against injecting BGP from non-trusted sources.
>
> But if the government somehow controls a Network Service Provider
> (NSP, the maintainers of Internet backbones), they can easily poison
> the BGP updates. Routers connected to the NSP will happily accept the
> poisoned updates since they rely on the NSP to provide "big picture"
> traffic management.
>
> Rgds,
> --
> FdS Pandu E Poluan
> ~ IT Optimizer ~
>
>  • LOPSA Member #15248
>  • Blog : http://pepoluan.tumblr.com
>  • Linked-In : http://id.linkedin.com/in/pepoluan
>
>

[-- Attachment #2: Type: text/html, Size: 1820 bytes --]

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 955 bytes --]

On Feb 19, 2012 1:15 AM, "Michael Mol" <mikemol@gmail.com> wrote:
>
> (Sorry for the top-post...I'm mobile atm.)
>
> My understanding is that core network operators filter ASs for which they
don't have a contract for transit. I.e, if I were to get my own PI space,
I'd have to pay tier 1 networks (or pay someone to ride on *their*
contract) for a contract to have packets destined for my AS to be able to
reach me across their network.
>

Well, yes, but it's the other way around.

It's an operator saying "I don't want traffic for $AS_LIST" or "I want
traffic only for $AS_LIST". The contents of AS_LIST is set by the operator
on the receiving side statically, based on the transit contract.

The routers, being the workhorse brutes that they are, don't waste time
checking on contracts.

So, if a neighbor router suddenly advertise it has a 1-hop distance to
*any* AS... the router will immediately begin switching packets toward that
neighbor.

Rgds,

[-- Attachment #2: Type: text/html, Size: 1161 bytes --]

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Volker Armin Hemmann]

Am Samstag, 18. Februar 2012, 06:39:27 schrieb Dale:
> Volker Armin Hemmann wrote:
> > Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
> >> I don't really think they can unless they just cut power to all the
> >> computers.  After all, the internet is supposed to be redundant right?
> >> If there is a few computers still running that have a connection, it is
> >> still working.  Sort of anyway.
> >> 
> >> Does make one wonder tho.  They have been talking about having a
> >> internet "off switch" but I'm not sure it would be that easy.
> > 
> > basically, yes. Take down the core routers and backbones and everything
> > falls apart.
> 
> But how long would it take to actually do this?

minutes

-- 
#163933

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Michael Mol]

On Sat, Feb 18, 2012 at 11:21 AM, Volker Armin Hemmann
<volkerarmin@googlemail.com> wrote:
> Am Samstag, 18. Februar 2012, 06:39:27 schrieb Dale:
>> Volker Armin Hemmann wrote:
>> > Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
>> >> I don't really think they can unless they just cut power to all the
>> >> computers.  After all, the internet is supposed to be redundant right?
>> >> If there is a few computers still running that have a connection, it is
>> >> still working.  Sort of anyway.
>> >>
>> >> Does make one wonder tho.  They have been talking about having a
>> >> internet "off switch" but I'm not sure it would be that easy.
>> >
>> > basically, yes. Take down the core routers and backbones and everything
>> > falls apart.
>>
>> But how long would it take to actually do this?
>
> minutes
>

Risk of physical destruction is why the price location of the core
routers was generally kept secret.


-- 
:wq

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 2697 bytes --]

On Feb 18, 2012 7:27 PM, "Volker Armin Hemmann" <volkerarmin@googlemail.com>
wrote:
>
> Am Samstag, 18. Februar 2012, 06:00:00 schrieb Dale:
> > Alan McKinnon wrote:
> > > On Sat, 18 Feb 2012 04:26:02 -0600
> > >
> > > Dale <rdalek1967@gmail.com> wrote:
> > >> Howdy,
> > >>
> > >> I ran across this and though it was a joke.  Did a news search and
> > >> sure enough, it is reported in lots of places.  Random linky:
> > >>
> > >>
http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-Ma
> > >> rch-8-virus-concerns.html?ito=feeds-newsxml
> > >>
> > >> Is there any truth to this mess?  My bigger and better question, how
> > >> is shutting down the internet going to fix this?  When the net comes
> > >> back up, they are still going to be infected.  Right?
> > >>
> > >> I'm glad I run a really nice Linux OS.
> > >
> > > Gawd, I hate it when morons write sensational articles that attempt to
> > > make sense to other morons. You get crap like that.
> > >
> > > So if this is legit, and I'm not saying it is, what happened is this:
> > >
> > > The malware changes the DNS cache settings on infected machines,
> > > sending the user to rogue caches. The FBI captured some (or all) of
> > > these rogue caches and (possibly) tried to fix them. A court has now
> > > said those rogue caches must now be shut down.
> > >
> > > So if the morons reading the article do nothing, on March 8 the DNS
> > > caches they use will be down. The user's DNS will not work.
> > >
> > > OMFG!!!!!!! Da intartubes is broken!!!!!
> > >
> > > <sigh>
> > >
> > > Instead, why not just set the DNS caches to something NOT owned by
Ivan
> > > The Russian Spammer?
> > >
> > > And no, the intartubes will NOT be switched off.
> >
> > I don't really think they can unless they just cut power to all the
> > computers.  After all, the internet is supposed to be redundant right?
> > If there is a few computers still running that have a connection, it is
> > still working.  Sort of anyway.
> >
> > Does make one wonder tho.  They have been talking about having a
> > internet "off switch" but I'm not sure it would be that easy.
>
> basically, yes. Take down the core routers and backbones and everything
falls
> apart.
>
> --
> #163933
>

Indeed. In fact, easier than that.

Just inject false BGP routes into one of the backbone level routers, and
see how wide the Internet becomes 'impacted'. Do it to maybe 5 or 6 other
routers that watch guard over the transatlantic and transpacific routes,
and watch as the Internet fold upon itself.

I was once a certified Network Engineer before I became a System Admin, so
I know. The soft underbelly of the Intartubes is depressingly very
vulnerable.

Rgds,

[-- Attachment #2: Type: text/html, Size: 3741 bytes --]

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Dale]

Pandu Poluan wrote:

> Indeed. In fact, easier than that.
> 
> Just inject false BGP routes into one of the backbone level routers, and
> see how wide the Internet becomes 'impacted'. Do it to maybe 5 or 6
> other routers that watch guard over the transatlantic and transpacific
> routes, and watch as the Internet fold upon itself.
> 
> I was once a certified Network Engineer before I became a System Admin,
> so I know. The soft underbelly of the Intartubes is depressingly very
> vulnerable.
> 
> Rgds,
> 


Sounds like the internet could be switched off.  So, next question, how
easy would it be to get it going again?  Hours?  Days?  Weeks?

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1167 bytes --]

On Feb 18, 2012 8:21 PM, "Dale" <rdalek1967@gmail.com> wrote:
>
> Pandu Poluan wrote:
>
> > Indeed. In fact, easier than that.
> >
> > Just inject false BGP routes into one of the backbone level routers, and
> > see how wide the Internet becomes 'impacted'. Do it to maybe 5 or 6
> > other routers that watch guard over the transatlantic and transpacific
> > routes, and watch as the Internet fold upon itself.
> >
> > I was once a certified Network Engineer before I became a System Admin,
> > so I know. The soft underbelly of the Intartubes is depressingly very
> > vulnerable.
> >
> > Rgds,
> >
>
>
> Sounds like the internet could be switched off.  So, next question, how
> easy would it be to get it going again?  Hours?  Days?  Weeks?
>

1 router? In THEORY, 24 hours (but see below).

5 routers? Not sure. The unoptimized route due to the loss of optimal
routing info will severely impact everything. Maybe two or three weeks.
Maybe more than one month.

Heck, when a major Internet hub (i.e., one of the backbone routers) in
Taiwan got hit by an earthquake, it took almost one month after the router
got recommissioned before things return to normal.

Rgds,

[-- Attachment #2: Type: text/html, Size: 1493 bytes --]

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Alan McKinnon]

On Sat, 18 Feb 2012 07:18:10 -0600
Dale <rdalek1967@gmail.com> wrote:

> Pandu Poluan wrote:
> 
> > Indeed. In fact, easier than that.
> > 
> > Just inject false BGP routes into one of the backbone level
> > routers, and see how wide the Internet becomes 'impacted'. Do it to
> > maybe 5 or 6 other routers that watch guard over the transatlantic
> > and transpacific routes, and watch as the Internet fold upon itself.
> > 
> > I was once a certified Network Engineer before I became a System
> > Admin, so I know. The soft underbelly of the Intartubes is
> > depressingly very vulnerable.
> > 
> > Rgds,
> > 
> 
> 
> Sounds like the internet could be switched off.  So, next question,
> how easy would it be to get it going again?  Hours?  Days?  Weeks?

Nobody knows as we've never had to do it.

We have no idea how to reboot the internet or even if we can.



-- 
Alan McKinnnon
alan.mckinnon@gmail.com

[gentoo-user] Re: Somewhat OT: Any truth to this mess?

[walt]

On 02/18/2012 05:18 AM, Dale wrote:

> Sounds like the internet could be switched off.  So, next question, how
> easy would it be to get it going again?  Hours?  Days?  Weeks?

My guess is that the old farts that read this list could have their old
dialup bulletin boards back on line in a day.  Probably on the original
hardware gathering dust in the attic :p

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Paul Hartman]

On Sun, Feb 19, 2012 at 3:08 PM, walt <w41ter@gmail.com> wrote:
> On 02/18/2012 05:18 AM, Dale wrote:
>
>> Sounds like the internet could be switched off.  So, next question, how
>> easy would it be to get it going again?  Hours?  Days?  Weeks?
>
> My guess is that the old farts that read this list could have their old
> dialup bulletin boards back on line in a day.  Probably on the original
> hardware gathering dust in the attic :p

I just need to figure out how to pull the backups off my old QIC-80
tapes so I can run them in dosbox. ;)

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Dale]

Paul Hartman wrote:
> On Sun, Feb 19, 2012 at 3:08 PM, walt <w41ter@gmail.com> wrote:
>> On 02/18/2012 05:18 AM, Dale wrote:
>>
>>> Sounds like the internet could be switched off.  So, next question, how
>>> easy would it be to get it going again?  Hours?  Days?  Weeks?
>>
>> My guess is that the old farts that read this list could have their old
>> dialup bulletin boards back on line in a day.  Probably on the original
>> hardware gathering dust in the attic :p
> 
> I just need to figure out how to pull the backups off my old QIC-80
> tapes so I can run them in dosbox. ;)
> 
> 


To me, this is not much difference than the SOPA/PIPA mess.  If they
implemented that, people would have a workaround in a matter of days and
it would be common knowledge.  So, everyone would be doing just like
they did before

I still recall the days when you connected directly to a website.  Our
shop could connect directly to IBM to get updates, technical info and
even some tech support.  The shop was a IBM dealer.  We also had Leading
Edge computers too.  < Pardon me while I puke>   I just don't see any
way for the Government to shut us down from information.  It could
change elections tho.  Whoever did shut it down would have a problem
keeping his/her job.

Dale

:-)  :-)


-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS="--quiet-build=n"

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Todd Goodman]

* walt <w41ter@gmail.com> [120219 15:37]:
> On 02/18/2012 05:18 AM, Dale wrote:
> 
> > Sounds like the internet could be switched off.  So, next question, how
> > easy would it be to get it going again?  Hours?  Days?  Weeks?
> 
> My guess is that the old farts that read this list could have their old
> dialup bulletin boards back on line in a day.  Probably on the original
> hardware gathering dust in the attic :p
> 

Naw, uucp on dialup on a Telebit Trailblazer 9600.  :-)

Todd

[gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Grant Edwards]

On 2012-02-20, Todd Goodman <tsg@bonedaddy.net> wrote:
> * walt <w41ter@gmail.com> [120219 15:37]:
>> On 02/18/2012 05:18 AM, Dale wrote:
>> 
>> > Sounds like the internet could be switched off.  So, next question, how
>> > easy would it be to get it going again?  Hours?  Days?  Weeks?
>> 
>> My guess is that the old farts that read this list could have their
>> old dialup bulletin boards back on line in a day.  Probably on the
>> original hardware gathering dust in the attic :p
>
> Naw, uucp on dialup on a Telebit Trailblazer 9600.  :-)

It's been a while since I set up a uucp node, but I think I could
manage it in a couple hours if required.  To paraphrase Damon Wayans,
"Homey don't play BBS."  I think I've got a USR sportster sitting
around somewhere.  What I don't have is a POTS line.

-- 
Grant Edwards               grant.b.edwards        Yow! Not SENSUOUS ... only
                                  at               "FROLICSOME" ... and in
                              gmail.com            need of DENTAL WORK ... in
                                                   PAIN!!!

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Michael Mol]

On Mon, Feb 20, 2012 at 3:49 PM, Grant Edwards
<grant.b.edwards@gmail.com> wrote:
> On 2012-02-20, Todd Goodman <tsg@bonedaddy.net> wrote:
>> * walt <w41ter@gmail.com> [120219 15:37]:
>>> On 02/18/2012 05:18 AM, Dale wrote:
>>>
>>> > Sounds like the internet could be switched off.  So, next question, how
>>> > easy would it be to get it going again?  Hours?  Days?  Weeks?
>>>
>>> My guess is that the old farts that read this list could have their
>>> old dialup bulletin boards back on line in a day.  Probably on the
>>> original hardware gathering dust in the attic :p
>>
>> Naw, uucp on dialup on a Telebit Trailblazer 9600.  :-)
>
> It's been a while since I set up a uucp node, but I think I could
> manage it in a couple hours if required.  To paraphrase Damon Wayans,
> "Homey don't play BBS."  I think I've got a USR sportster sitting
> around somewhere.  What I don't have is a POTS line.

Hey, my family ran a 53-line MajorBBS/Worldgroup setup back in the
day, with between 30-50 consumer hardware modems. (Those v.Everythings
were sweet... 3coms were good, too. Anything Motorola after their 14.4
model...not so much.) Don't knock the BBS. :)

Also, Citadel is still alive and kicking, too. :)

-- 
:wq

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Mark Knecht]

On Mon, Feb 20, 2012 at 1:04 PM, Michael Mol <mikemol@gmail.com> wrote:
<SNIP>
> Don't knock the BBS. :)

<hehe> I met my wife on a Bay Area BBS called Matchmaker in the late
1980's. Modems worked for me. ;-)

- Mark

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Michael Mol]

On Mon, Feb 20, 2012 at 4:16 PM, Mark Knecht <markknecht@gmail.com> wrote:
> On Mon, Feb 20, 2012 at 1:04 PM, Michael Mol <mikemol@gmail.com> wrote:
> <SNIP>
>> Don't knock the BBS. :)
>
> <hehe> I met my wife on a Bay Area BBS called Matchmaker in the late
> 1980's. Modems worked for me. ;-)

My parents (well, mother and stepfather) got together via the same BBS
they later bought and operated. :)

CyberSpace BBS, in Grand Rapids, MI. 616-454-7800 was the base number
for the hunt group. Doubled as an early dial-up ISP. Got my first bit
of tech support experience answering the support line; we supported
any OS, as long as I could figure out how to set up your DUN over the
phone. Not many ISPs offered to support Dreamcast. :)

-- 
:wq

[gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Grant Edwards]

On 2012-02-20, Michael Mol <mikemol@gmail.com> wrote:
> On Mon, Feb 20, 2012 at 3:49 PM, Grant Edwards
><grant.b.edwards@gmail.com> wrote:
>> On 2012-02-20, Todd Goodman <tsg@bonedaddy.net> wrote:
>>> * walt <w41ter@gmail.com> [120219 15:37]:
>>>> On 02/18/2012 05:18 AM, Dale wrote:
>>>>
>>>> > Sounds like the internet could be switched off. ??So, next question, how
>>>> > easy would it be to get it going again? ??Hours? ??Days? ??Weeks?
>>>>
>>>> My guess is that the old farts that read this list could have their
>>>> old dialup bulletin boards back on line in a day. ??Probably on the
>>>> original hardware gathering dust in the attic :p
>>>
>>> Naw, uucp on dialup on a Telebit Trailblazer 9600. ??:-)
>>
>> It's been a while since I set up a uucp node, but I think I could
>> manage it in a couple hours if required. ??To paraphrase Damon Wayans,
>> "Homey don't play BBS." ??I think I've got a USR sportster sitting
>> around somewhere. ??What I don't have is a POTS line.
>
> Hey, my family ran a 53-line MajorBBS/Worldgroup setup back in the
> day, with between 30-50 consumer hardware modems. (Those v.Everythings
> were sweet... 3coms were good, too. Anything Motorola after their 14.4
> model...not so much.) Don't knock the BBS. :)

I didn't mean to knock them (though I guess Homey the Clown was always
being a bit derogatory when he said that line) -- I just never used
them and wouldn't have a clue how to run one [it always seemed like
they were a DOS thing, and I was a Unix guy]. Aside from that, they
also don't really seem like something analogous to the Internet.  They
all seemed like "walled gardens" whereas UUCP was a way to do
networking between peers.  In the days before "The Internet" UUCP was
how we transferred files, e-mail, and Usenet postings between hosts.

-- 
Grant Edwards               grant.b.edwards        Yow! I wonder if there's
                                  at               anything GOOD on tonight?
                              gmail.com            

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Paul Hartman]

On Mon, Feb 20, 2012 at 3:04 PM, Michael Mol <mikemol@gmail.com> wrote:
> Hey, my family ran a 53-line MajorBBS/Worldgroup setup back in the
> day, with between 30-50 consumer hardware modems. (Those v.Everythings
> were sweet...

Courier HST Dual Standard was my favorite modem, 16800 baud seemed so fast. :)

I still have my v.Everything in the original box with the receipt and
all... just in case I ever need it.

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[pk]

On 2012-02-18 13:24, Volker Armin Hemmann wrote:

> basically, yes. Take down the core routers and backbones and everything falls 
> apart.

Which is easier said than done, IMO... but on the other hand, five of
the major tier 1's is in the good old USA so if you take those down you
still have five more tier 1's, which may or may not comply with an
american request... and if they did, how long before people start
screaming because they can't access their facebook accounts? :-/

Best regards

Peter K

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Walter Dnes]

On Sat, Feb 18, 2012 at 03:30:50PM +0100, pk wrote

> Which is easier said than done, IMO... but on the other hand, five of
> the major tier 1's is in the good old USA so if you take those down you
> still have five more tier 1's, which may or may not comply with an
> american request... and if they did, how long before people start
> screaming because they can't access their facebook accounts? :-/

  I don't do Fecesbook, so it wouldn't affect me, but I imagine that a
lot modern-day AOL-luser-equivalants would be up in arms.  And so would
many law-enforcement agencies.  People are stupid with their personal
data.  The Onion is a satire/parody website, but their video skit about
Facebook being a CIA front http://www.youtube.com/watch?v=Ks3do5l6-dE is
so believable.

-- 
Walter Dnes <waltdnes@waltdnes.org>

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Alan McKinnon]

On Sat, 18 Feb 2012 06:00:00 -0600
Dale <rdalek1967@gmail.com> wrote:

> > And no, the intartubes will NOT be switched off.
> >   
> 
> I don't really think they can unless they just cut power to all the
> computers.  After all, the internet is supposed to be redundant right?
> If there is a few computers still running that have a connection, it
> is still working.  Sort of anyway.
> 
> Does make one wonder tho.  They have been talking about having a
> internet "off switch" but I'm not sure it would be that easy.

To switch off the internet, you don't switch off the computers on the
internet. You switch off the routers that drive the internet.

There is no "kill switch", what there is is the
old-fashioned method called "making a phone call" and that conversation
has all sorts of references to broken knees and such. This is how
Egypt did it a year ago.

But the internet is full of rogue and maverick sysadmins who don't take
kindly to strong-arming, so coverage won't be complete. 

Unless of course Cisco and Huawei put magic firmware code into their
router interface hardware that we don't know about. If you are worried
about that internet, *that* is the part of it you should be worried
about.

-- 
Alan McKinnnon
alan.mckinnon@gmail.com

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Pandu Poluan]

On Sat, Feb 18, 2012 at 21:36, Alan McKinnon <alan.mckinnon@gmail.com> wrote:
> On Sat, 18 Feb 2012 06:00:00 -0600
> Dale <rdalek1967@gmail.com> wrote:
>
>> > And no, the intartubes will NOT be switched off.
>> >
>>
>> I don't really think they can unless they just cut power to all the
>> computers.  After all, the internet is supposed to be redundant right?
>> If there is a few computers still running that have a connection, it
>> is still working.  Sort of anyway.
>>
>> Does make one wonder tho.  They have been talking about having a
>> internet "off switch" but I'm not sure it would be that easy.
>
> To switch off the internet, you don't switch off the computers on the
> internet. You switch off the routers that drive the internet.
>

You don't need to turn off the routers.

Just inject BGP poison.

I just re-found the news:

http://www.computerworld.com/s/article/9197019/Update_Report_sounds_alarm_on_China_s_rerouting_of_U.S._Internet_traffic

The article I linked above contains 2 incidents:

The first incident rerouted traffic for a huge swath of Internet,
including traffic destined to Microsoft, the Office of the USA SecDef,
and others.

The second incident blocked traffic for some sites, notably Twitter,
Yahoo, and Facebook.

BOTH incidents happened because of BGP poisoning. BOTH incidents
affected traffic FROM the USA to destinations IN the USA even though
the poisoning happened from OUTSIDE of the USA.

The country where both incidents happened (in these cases, China) is
not essential. ANY country with a BGP router connected to the backbone
can easily poison other international backbone routers. Especially if
said country has a HUGE International bandwidth.

Rgds,
-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pepoluan.tumblr.com
 • Linked-In : http://id.linkedin.com/in/pepoluan

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Michael Mol]

[-- Attachment #1: Type: text/plain, Size: 2526 bytes --]

And every time that's successful,  it's because some idiot admin wasn't
filtering their incoming BGP traffic properly. Ditto the network in Florida
which acted as a black hole for the entire Internet in the late 90s.

Proper training and filtering helps prevent these kinds of issues. It's
happened, sure. And it will happen again. And it will be recovered from
again. Policies will be adapted, trained and forgotten, again.

ZZ
On Feb 18, 2012 1:15 PM, "Pandu Poluan" <pandu@poluan.info> wrote:

> On Sat, Feb 18, 2012 at 21:36, Alan McKinnon <alan.mckinnon@gmail.com>
> wrote:
> > On Sat, 18 Feb 2012 06:00:00 -0600
> > Dale <rdalek1967@gmail.com> wrote:
> >
> >> > And no, the intartubes will NOT be switched off.
> >> >
> >>
> >> I don't really think they can unless they just cut power to all the
> >> computers.  After all, the internet is supposed to be redundant right?
> >> If there is a few computers still running that have a connection, it
> >> is still working.  Sort of anyway.
> >>
> >> Does make one wonder tho.  They have been talking about having a
> >> internet "off switch" but I'm not sure it would be that easy.
> >
> > To switch off the internet, you don't switch off the computers on the
> > internet. You switch off the routers that drive the internet.
> >
>
> You don't need to turn off the routers.
>
> Just inject BGP poison.
>
> I just re-found the news:
>
>
> http://www.computerworld.com/s/article/9197019/Update_Report_sounds_alarm_on_China_s_rerouting_of_U.S._Internet_traffic
>
> The article I linked above contains 2 incidents:
>
> The first incident rerouted traffic for a huge swath of Internet,
> including traffic destined to Microsoft, the Office of the USA SecDef,
> and others.
>
> The second incident blocked traffic for some sites, notably Twitter,
> Yahoo, and Facebook.
>
> BOTH incidents happened because of BGP poisoning. BOTH incidents
> affected traffic FROM the USA to destinations IN the USA even though
> the poisoning happened from OUTSIDE of the USA.
>
> The country where both incidents happened (in these cases, China) is
> not essential. ANY country with a BGP router connected to the backbone
> can easily poison other international backbone routers. Especially if
> said country has a HUGE International bandwidth.
>
> Rgds,
> --
> FdS Pandu E Poluan
> ~ IT Optimizer ~
>
>  • LOPSA Member #15248
>  • Blog : http://pepoluan.tumblr.com
>  • Linked-In : http://id.linkedin.com/in/pepoluan
>
>

[-- Attachment #2: Type: text/html, Size: 3385 bytes --]

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Pandu Poluan]

[-- Attachment #1: Type: text/plain, Size: 1247 bytes --]

On Feb 19, 2012 1:27 AM, "Michael Mol" <mikemol@gmail.com> wrote:
>
> And every time that's successful,  it's because some idiot admin wasn't
filtering their incoming BGP traffic properly. Ditto the network in Florida
which acted as a black hole for the entire Internet in the late 90s.
>
> Proper training and filtering helps prevent these kinds of issues. It's
happened, sure. And it will happen again. And it will be recovered from
again. Policies will be adapted, trained and forgotten, again.

Not necessarily. BGP routers at network borders are already configured to
filter practically all BGP traffic that do not come from their trusted
neighbors.

They have to be able to respond quickly to outages, to switch to another
neighbor.

In both incidents in the article, the causes are the same: misconfiguration
(accidental or deliberate) of the China backbone router. This
misconfiguration got propagated to the neighbor router, which are
explicitly configured to trust the China backbone routers.

Remember that, unlike IP addresses, AS numbers are not assigned
hierarchically. So, impacted routers have no way to detect if the China
router is actually authorized to route for the ASes it advertised (except
directly connected ASes).

Rgds,

[-- Attachment #2: Type: text/html, Size: 1412 bytes --]

Re: [gentoo-user] Somewhat OT: Any truth to this mess?

[Mike Edenfield]

On 2/18/2012 5:26 AM, Dale wrote:
> Howdy,
>
> I ran across this and though it was a joke.  Did a news search and sure
> enough, it is reported in lots of places.  Random linky:
>
> http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml
>
> Is there any truth to this mess?  My bigger and better question, how is
> shutting down the internet going to fix this?  When the net comes back
> up, they are still going to be infected.  Right?

As usual, the headline has things completely backwards; if 
you actually read the article and ignore the headline you 
will get something closer to reality:

* There is a fairly large botnet that works by hijacking the 
DNS settings of the machines it infects, and redirecting 
them to rogue DNS servers.

* The rogue DNS servers resolve all DNS requests by 
returning the IPs of various scam sites etc. that the botnet 
owners get paid for.

* The FBI and the Dutch national police, stepped in and 
arrested those in charge of the botnet.

* 120 days ago -- Nov 8 -- they dismantled the botnet's core 
network and replaced the rogue DNS servers with legitimate 
ones serving legitimate DNS zone information.

* On March 8 the FBI will turn off their stand-in DNS servers.

If you aren't infected by this botnet you won't notice 
anything. If you are still infected by this botnet your DNS 
servers will vanish (and, in theory, someone could step in 
and replace them, depending on what happens to the allocated 
IPs).

--Mike

[gentoo-user] Re: Somewhat OT: Any truth to this mess?

[walt]

On 02/18/2012 08:35 AM, Mike Edenfield wrote:

> * On March 8 the FBI will turn off their stand-in DNS servers.

The FBI has people that know how to run a DNS server?  I feel better
about my tax dollars now ;)  Oh, wait, I'll bet they outsource it to
Google.

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[wdk@moriah]

On 20/02/2012, at 5:14, walt <w41ter@gmail.com> wrote:

> On 02/18/2012 08:35 AM, Mike Edenfield wrote:
> 
>> * On March 8 the FBI will turn off their stand-in DNS servers.
> 
> The FBI has people that know how to run a DNS server?  I feel better
> about my tax dollars now ;)  Oh, wait, I'll bet they outsource it to
> Google.
> 
> 
Not unless google can supply them with detailed logs for tracking/analysis ...

BillK

Re: [gentoo-user] Re: Somewhat OT: Any truth to this mess?

[Todd Goodman]

* wdk@moriah <billk@iinet.net.au> [120219 17:58]:
> 
> 
> On 20/02/2012, at 5:14, walt <w41ter@gmail.com> wrote:
> 
> > On 02/18/2012 08:35 AM, Mike Edenfield wrote:
> > 
> >> * On March 8 the FBI will turn off their stand-in DNS servers.
> > 
> > The FBI has people that know how to run a DNS server?  I feel better
> > about my tax dollars now ;)  Oh, wait, I'll bet they outsource it to
> > Google.
> > 
> > 
> Not unless google can supply them with detailed logs for tracking/analysis ...
> 
> BillK

Google could have shown J. Edgar Hoover a thing or two about tracking
and keeping records on people...

Todd