China did not hijack 15% of the Net, counters researcher

Routes versus traffic confuses media, says expert

Talk that China hijacked 15% of the Internet earlier this year is overblown, a researcher said today.

"There's been some confusion over routing versus traffic," Craig Labovitz, chief scientist at Arbor Networks, said in an interview today. "While maybe 10% to 15% of the routes to other peers may have been diverted, a lot of those routes didn't propagate."

Instead of the widely-reported 15%, Labovitz estimated that the actual amount of Internet traffic affected by the April 2010 incident was much lower, on the order of just 0.015%.

Labowitz was reacting to media reports, many of which he said got it wrong, on the disclosure this week by the U.S.-China Economic and Security Review Commission that for 18 minutes on April 8, a significant portion of the Internet's destinations were routed through servers belonging to China Telecom.

The Commissions' report to Congress noted that the route redirection had affected U.S. government and military networks, as well as major U.S. commercial sites such as Microsoft's and Dell's.

"China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers," the report stated. "Other servers around the world quickly adopted these paths, routing all traffic to about 15% of the Internet's destinations through servers located in China."

But routes do not equal traffic, argued Labovitz.

"Think of it like a telephone book," said Labovitz. "A telephone book could have millions of phone numbers. Say 15% of those numbers are corrupted. But you have to ask how widely were those [corrupted] telephone books distributed."

Based on data from Arbor Networks' ATLAS (Active Threat Level Analysis System), Labovitz said that the amount of traffic through the hijacked routes was much, much smaller than 15%.

"There was no statistically significant increase in traffic [through China Telecom] due to the hijack," said Labowitz. "Most of the re-routing [propagation] didn't make it very far."

The Internet relies on a routing system where numerous servers exchange information with each other to determine the best path for traffic to take to a specific URL. The protocol that decides such routing is called Border Gateway Protocol, or BGP.

Last April, China Telecom's servers started advertising themselves as the best routes for approximately 15% of the Internet's total routes. China Telecom has denied hijacking the routes, and experts today said that the incident was probably an accident, not a deliberate attack.

ATLAS provides carriers, providers and others with what Labovitz called "a 20,000-foot view" of how much of the Internet's traffic goes through any of the 110 to 120 carriers that the system monitors.

"[ATLAS] is the largest data set in the world of traffic impact," claimed Labovitz. "It gives a really good coarse-grained picture of the Internet."

While the confusion over routes versus traffic created what Labovitz dubbed "hyperbole" in the media, he refused to downplay the significance of the incident.

"Any corruption of the Internet's infrastructure is significant," he said. "What this shows is that routing has a number of critical security problems, and that the industry is on borrowed time."

In a blog post earlier Friday, Labovitz called BGP "incredibly insecure," and bemoaned the lack of progress in the last 15 years, even in the face of numerous demonstrations of the routing system's fragility.

"The Internet routing system still relies primarily on trust, or 'routing by rumor' if you are more cynical," he wrote.

But he was still optimistic that change might come.

"We talked DNS security even longer than BGP, [and although] it took something that was so scary, we're now seeing a community will to make the changes in DNS happen," Labovitz said.

The "scary" DNS event Labovitz referred to occurred in 2008, when researcher Dan Kaminsky uncovered a critical design flaw in the DNS (domain name system) routing protocol, and then led a months-long effort to coordinate a large-scale, multivendor patching effort in July 2008.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.

Join the PC World newsletter!

Error: Please check your email address.

Tags arbor networksinternet

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?