Forgot your password?
typodupeerror
Bug Networking The Internet Technology

Duke Research Experiment Disrupts Internet Traffic 80

Posted by timothy
from the oopsie-daisy dept.
alphadogg writes with this excerpt from Network World about an experiment gone wrong which affected a big chunk of internet traffic yesterday morning: "It was kicked off when RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and Duke ran an experiment that involved the Border Gateway Protocol (BGP) — used by routers to know where to send their traffic on the Internet. RIPE started announcing BGP routes that were configured a little differently from normal because they used an experimental data format. RIPE's data was soon passed from router to router on the Internet, and within minutes it became clear that this was causing problems. ... [f]or a brief period Friday morning, about 1 percent of all the Internet's traffic was affected by the snafu, as routers could not properly process the BGP routes they were being sent."
This discussion has been archived. No new comments can be posted.

Duke Research Experiment Disrupts Internet Traffic

Comments Filter:
  • Re:Wow (Score:2, Informative)

    by Anonymous Coward on Saturday August 28, 2010 @09:59AM (#33402788)

    Yes, where have you been?

    The internet has been nulled before, Youtube has been blocked, countless other huge breakages before.
    The internet is a very frail entity, mainly kept together by trust in the organizations who run the main backbones of each country / continent.
    And DoSing, more commonly botnet controlled DDoSing tools, are becoming a very popular for blackmarkets of the net these days.

    Hell, there was that time where someone, somehow, managed to run a rogue DNS root server for a while and got away with god knows what kinds of information.
    This was all down to simple human error in configuring IPs and forgetting that one was moved to an entirely different IP.
    (Anyone know if there has there been any follow-up to that?)

  • by Ilgaz (86384) on Saturday August 28, 2010 @10:13AM (#33402860) Homepage

    Yesterday, there were a lot of feedback regarding some really mysterious cuts to popular sites. As .tr Govt. is known to censor Internet, people thought something was wrong at the boxes which does the censoring job.

    That experiment really went out of hand I think. And, 1% of Internet in 2010 is... Huge. Really huge.

  • Re:Hmm... (Score:5, Informative)

    by phyrexianshaw.ca (1265320) on Saturday August 28, 2010 @10:41AM (#33403034) Homepage
    Fake it? Not in the last five years!
    unless you know of some BGP peers that refuse the standard peering protocol, 1) they are required to only listen to routes from known surrounding peers, 2) will not be listening to what's being advertised by your router unless you have instructed them ahead of time what AS you manage and what prefixes you will be advertising to them.

    if for some strange reason, you manage to be adjacent to a backbone CORE router, and wanted to spend a few years moving traffic from core's to edges of the internet, you could start injecting routes for a short span of time after having been trusted and your metric's lowered, (at some point BGP will fail to converge and your advertisements will begin being ignored by the AS)

    for research purposes here in Canada, we have access to a major core router, and are able to inject routes to get traffic routed through a particular peer for a few minutes at a time. wirecapping the lines at that router, we can then monitor for organisational security compliance for penetration testing. (you'd be surprised how often usernames and passwords get sent in clear text, or how often people THINK intra building traffic is being encrypted via a VPN only to find out it's badly midconfigured.)

    I too am far from all knowing on the ins and outs of global BGP, but every peering agreement I've read (from about twelve countries and almost a hundred cities) have always been the same. "you are required to listen to ASxxxxx for advertisments for this super block, you are required to listen to these private peers with multi-homing agreements, you are required to advertise with the AS number assigned to you only, you are required to advertise only the prefixes you privately manage, and to contact and update the peers directly adjacent to you if assigned a new superblock. etc"
  • Re:Hmm... (Score:5, Informative)

    by phyrexianshaw.ca (1265320) on Saturday August 28, 2010 @03:23PM (#33404780) Homepage
    What "big boys" are you talking about?

    for every major carrier that I've worked with, filtering isn't optional, it's mandatory.

    at the tier one level, Qwest, AT&T, Sprint and L3 all dampen their allowable routes to what they know the immediate peers will advertise. at tier two, there will be many smaller ISP's who will haply pass routes to whomever wants to advertise them, but is not going to be listening to BGP messages on customer facing ports. (unless that customer has already made an agreement with that peer to make an AS entry on both sides)
  • by rwyoder (759998) on Saturday August 28, 2010 @04:49PM (#33405220)

    Is this the same vulnerability that was on slashdot over a year ago? http://tech.slashdot.org/article.pl?sid=09/02/22/0310236 [slashdot.org] The summary tried to make it sound like Mikrotik was to blame, because it sent the bad bgp information, but it was the Cisco that errored out.

    No.
    That was a configuration error made on a Mikrotik resulting in massive prepending of the BGP path.
    This was a flaw in how unrecognized BGP attributes are handled.

No amount of genius can overcome a preoccupation with detail.

Working...