Re: FUD: 15% of world's internet traffic hijacked

Wed, 01 Dec 2010 12:43:06 -0800 

Dear Randy;

On Dec 1, 2010, at 3:28 PM, Randy Bush wrote:

>> At the very least you might want to review:
>> http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
>> Renesys provides one data point but there are others that clearly show
>> traffic routed *through* China (meaning they did indeed
>> originate/hijack, and then pass data on to the original destination).
> 
> as usual i see no traffic measurements in the renesys note.  i see
> inference of traffic based on some control plane measurements.  and, has
> been shown, such inferences are highly suspect.
> 

Doesn't this traceroute (from the above) seem fairly convincing of transit ? 
(Not of the _amount_ of transit, just of its _existence_ ?) 

...here's one of the typical traceroutes we saw during the incident, between 
the London Internet Exchange and a host in the USA, passing through China 
Telecom. This trace was collected at 16:03 UTC, about 13 minutes into the 
event. Total time in transit is 525ms (this trace typically takes no more than 
110ms under normal conditions).

1. <our host>   0.785ms         # London
2. 195.66.248.229       1.752ms         # London
3. 195.66.225.54        1.371ms         # London
4. 202.97.52.101        399.707ms               # China Telecom
5. 202.97.60.6  408.006ms               # China Telecom
6. 202.97.53.121        432.204ms               # China Telecom
7. 4.71.114.101 323.690ms               # Level3
8. 4.68.18.254  357.566ms               # Level3
9. 4.69.134.221 481.273ms               # Level3
10. 4.69.132.14 506.159ms               # Level3
11. 4.69.132.78 463.024ms               # Level3
12. 4.71.170.78 449.416ms               # Level3
13. 66.174.98.66        456.970ms               # Verizon
14. 66.174.105.24       459.652ms               # Verizon
[.. four more Verizon hops ..]                          
19. 69.83.32.3  508.757ms               # Verizon
20. <last hop>  516.006ms               # Verizon

And doesn't the graph in  Craig Labovitz's blog seem consistent with a modest 
(not overwhelming, or even unusual) 
amount of excess traffic during the event ? 

http://asert.arbornetworks.com/2010/11/china-hijacks-15-of-internet-traffic/

So, putting this, and everything else, together, wouldn't it be reasonable to 
conclude, that

- some traffic was diverted but
- nowhere near 15% of the Internet, by orders of magnitude ?

Regards
Marshall


> randy
> 
>

Reply via email to