China did not hijack 15% of the Net, counters researcher
- — 20 November, 2010 11:41
Talk that China hijacked 15% of the Internet earlier this year is overblown, a researcher said today.
"There's been some confusion over routing versus traffic," Craig Labovitz, chief scientist at Arbor Networks, said in an interview today. "While maybe 10% to 15% of the routes to other peers may have been diverted, a lot of those routes didn't propagate."
Instead of the widely-reported 15%, Labovitz estimated that the actual amount of Internet traffic affected by the April 2010 incident was much lower, on the order of just 0.015%.
Labowitz was reacting to media reports, many of which he said got it wrong, on the disclosure this week by the U.S.-China Economic and Security Review Commission that for 18 minutes on April 8, a significant portion of the Internet's destinations were routed through servers belonging to China Telecom.
The Commissions' report to Congress noted that the route redirection had affected U.S. government and military networks, as well as major U.S. commercial sites such as Microsoft's and Dell's.
"China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers," the report stated. "Other servers around the world quickly adopted these paths, routing all traffic to about 15% of the Internet's destinations through servers located in China."
But routes do not equal traffic, argued Labovitz.
"Think of it like a telephone book," said Labovitz. "A telephone book could have millions of phone numbers. Say 15% of those numbers are corrupted. But you have to ask how widely were those [corrupted] telephone books distributed."
Based on data from Arbor Networks' ATLAS (Active Threat Level Analysis System), Labovitz said that the amount of traffic through the hijacked routes was much, much smaller than 15%.
"There was no statistically significant increase in traffic [through China Telecom] due to the hijack," said Labowitz. "Most of the re-routing [propagation] didn't make it very far."
The Internet relies on a routing system where numerous servers exchange information with each other to determine the best path for traffic to take to a specific URL. The protocol that decides such routing is called Border Gateway Protocol, or BGP.
Last April, China Telecom's servers started advertising themselves as the best routes for approximately 15% of the Internet's total routes. China Telecom has denied hijacking the routes, and experts today said that the incident was probably an accident, not a deliberate attack.
ATLAS provides carriers, providers and others with what Labovitz called "a 20,000-foot view" of how much of the Internet's traffic goes through any of the 110 to 120 carriers that the system monitors.
"[ATLAS] is the largest data set in the world of traffic impact," claimed Labovitz. "It gives a really good coarse-grained picture of the Internet."
While the confusion over routes versus traffic created what Labovitz dubbed "hyperbole" in the media, he refused to downplay the significance of the incident.
"Any corruption of the Internet's infrastructure is significant," he said. "What this shows is that routing has a number of critical security problems, and that the industry is on borrowed time."
In a blog post earlier Friday, Labovitz called BGP "incredibly insecure," and bemoaned the lack of progress in the last 15 years, even in the face of numerous demonstrations of the routing system's fragility.
"The Internet routing system still relies primarily on trust, or 'routing by rumor' if you are more cynical," he wrote.
But he was still optimistic that change might come.
"We talked DNS security even longer than BGP, [and although] it took something that was so scary, we're now seeing a community will to make the changes in DNS happen," Labovitz said.
The "scary" DNS event Labovitz referred to occurred in 2008, when researcher Dan Kaminsky uncovered a critical design flaw in the DNS (domain name system) routing protocol, and then led a months-long effort to coordinate a large-scale, multivendor patching effort in July 2008.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is email@example.com.