North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What Worked - What Didn't

  • From: Chris Woodfield
  • Date: Mon Sep 17 17:13:50 2001

I can think of one particular ISP's POP where the fiber comes into the 
building from a conduit that comes out of the ground, into a small metal
box, and then into the front of the building. In front of this exposed 
conduit, a small bush was planted. At the time, I joked about how one
well-placed shotgun blast from a car in the parking lot would be all it
took to destroy most, if not all, of that building's connectivity.

As an employee of one of the many companies who have service points at 25
Broadway, I think I'll stop joking about things like that.

-C

On Mon, Sep 17, 2001 at 04:11:26PM -0400, Daniel Golding wrote:
> 
> Gee, the only major ISP that uses MD5 for peering links is Verio. That what
> you were looking for, Randy? :)
> 
> Seriously, BGP session hijacking is the least of our worries. If you want to
> hit internet infrastructure, the points of weakness are obvious and
> physical. Car bombs at a dozen sites that we all know so well would be
> enough to seriously degrade internet communications, particularly if they
> were detonated near the fiber entrance facilities.
> 
> This underscores the previous concerns mentioned by some about the common
> colocation of private peering by major internet carriers. Looks a little
> riskier now, yes?
> 
> - Daniel Golding
> 
> -----Original Message-----
> From: Randy Bush [mailto:[email protected]]
> Sent: Monday, September 17, 2001 2:19 PM
> To: Daniel Golding
> Cc: [email protected]
> Subject: RE: What Worked - What Didn't
> 
> 
> > The big winners were cable TV, email, packet networks and IM applications.
> > The big losers with cell phones, circuit switching, PSTN, non-akamized
> > news sites.
> 
> no one went after the comms infrastructure.  when they do, i suspect that
> we will find the internet is extremely vulnerable.  how many folk even
> have md5 auth turned on their bgp peering sessions?  what nievete!
> 
> randy