North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Vulnerbilities of Interconnection
The thing is, the major cuts are not "attacks;" the backhoe operators aren't gunning for our fiber (no matter how much it seems like they are). If I wanted to disrupt traffic, intentionally and maliciously, I would not derail a train into a fiber path. Doing so would be very difficult, and the legal ramifications (murder, destruction of property, etc, etc) are quite clear and severe. However, if I ping-bomb you from a thousand "0wn3d" PCs on cable modems, I never had to leave my parents' basement, I'm harder to trace by normal police methods, and the question of which laws that can be applied to me is less clear. -Dave On 9/5/2002 at 15:38:56 -0400, [email protected] said: > > "Again, it seems more likely and more technically effective to attack > internally than physically. Focus again here on the cost/benefit > analysis from both the provider and disrupter perspective and you will > see what I mean." > > Is there a general consensus that cyber/internal attacks are more > effective/dangerous than physical attacks. Anecdotally it seems the > largest Internet downages have been from physical cuts or failures. > > 2001 Baltimore train tunnel vs. code red worm (see keynote report) > 1999 Mclean fiber cut - cement truck > AT&T cascading switch failure > Utah fiber cut (date??) > Not sure where the MAI mess up at MAE east falls > Utah fiber cut (date??) > > Then again this is the biased perspetive of the facet I'm researching > > Secondly it seems that problems arise from physical cuts not because > of a lack of redundant paths but a bottlneck in peering and transit - > resulting in ripple effects seen with the Baltimore incident. > > > > ----- Original Message ----- > From: "William B. Norton" <[email protected]> > Date: Thursday, September 5, 2002 3:04 pm > Subject: Re: Vulnerbilities of Interconnection > > > > > At 02:45 PM 9/5/2002 -0400, [email protected] wrote: > > >This obviously would be a thesis of Equinix and other collo space > > providers,>since this is exactly the service that they provide. It > > won't, hower, be a > > >thesis of any major network that either already has a lot of > > infrastructure>in place or has to be a network that is supposed to > > survive a physical > > >attack. > > > > Actually, the underlying assumption of this paper is that major > > networks > > already have a large global backbone that need to interconnect in > > n-regions. The choice between Direct Circuits and Colo-based cross > > connects > > is discussed and documented with costs and tradeoffs. Surviving a > > major > > attack was not the focus of the paper...but... > > > > When I did this research I asked ISPs how many Exchange Points > > they felt > > were needed in a region. Many said one was sufficient, that they > > were > > resilient across multiple exchange points and transit > > relationships, and > > preferred to engineer their own diversity separate from regional > > exchanges. > > A bunch said that two was the right number, each with different > > operating > > procedures, geographic locations, providers of fiber, etc. , as > > different > > as possible. Folks seemed unanimous about there not being more > > than two > > IXes in a region, that to do so would splinter the peering > population. > > > > Bill Woodcock was the exception to this last claim, positing > > (paraphrasing) > > that peering is an local routing optimization and that many > > inexpensive > > (relatively insecured) IXes are acceptable. The loss of any one > > simply > > removes the local routing optimization and that transit is always > > an > > alternative for that traffic. > > > > > > > > > A couple physical security considerations came out of that > > research:> > 1) Consider that man holes are not always secured, > > providing access to > > > > metro fiber runs, while there is generally greater security > within > > > > colocation environments > > > > > >This is all great, except that the same metro fiber runs are used > > to get > > >carriers into the super-secure facility, and, since neither those > who > > >originate information, nor those who ultimately consume the > > information are > > >located completely within facility, you still have the same > > problem. If we > > >add to it that the diverse fibers tend to aggregate in the > > basement of the > > >building that houses the facility, multiple carriers use the same > > manholes>for their diverse fiber and so on. > > > > Fine - we both agree that no transport provider is entirely > > protected from > > physical tampering if its fiber travels through insecure > > passageways. Note > > that some transport capacity into an IX doesn't necessarily travel > > along > > the same path as the metro providers, particularly those IXes > > located > > outside a metro region. There are also a multitude of paths, > > proportional > > to the # of providers still around in the metro area, that provide > > alternative paths into the IX. Within an IX therefore is a > > concentration of > > alternative providers, and these alternative providers can be > > used as > > needed in the event of a path cut. > > > > > > > > 2) It is faster to repair physical disruptions at fewer > > points, leveraging > > > > cutovers to alternative providers present in the collocation > > IX model, as > > > > opposed to the Direct Circuit model where provisioning additional > > > > capacities to many end points may take days or months. > > > > > >This again is great in theory, unless you are talking about > > someone who > > >is planning on taking out the IX not accidently, but > > deliberately. To > > >illustrate this, one just needs to recall the infamous fiber cut > > in McLean > > >in 1999 when a backhoe not just cut Worldcom and Level(3) > > circuits, but > > >somehow let a cement truck to pour cement into Verizon's manhole > > that was > > >used by Level(3) and Worldcom. > > > > Terrorists in cement trucks? > > > > Again, it seems more likely and more technically effective to > > attack > > internally than physically. Focus again here on the cost/benefit > > analysis > > from both the provider and disrupter perspective and you will see > > what I mean. > > > > > > >Alex > > > > > > > -- Dave Israel Senior Manager, DNE SE
|