MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: Random -vs- deliberate failures of the Internet AS infrastructure. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Random -vs- deliberate failures of the Internet AS infrastructure
by Acidus at 7:25 pm EST, Mar 4, 2005

I just finished a really cool project for my CS Theory class. We were given the information about how the various Autonomous Systems on the Internet were connected for 1997, 1999, 2002, and 2004. The assignment was to find things like what the average number of connections (called degree) nodes had with each other, what the largest number of hops between 2 nodes could be (Called the diameter), average distances, etc.

The cool part was when we investigated how the system reacts to failure of nodes. I have attached the reports here:

http://www.msblabs.org/as-attack/report-100.txt
http://www.msblabs.org/as-attack/report-500.txt

Basically, here is what these reports say:

If 100 or even 500 random nodes failed all at the same time, over 99.5% of the nodes stay connected in 1 mass, and can still talk to each other. If the largest nodes were deliberately attacked and removed, the shit hit the fan.

When 100 ASes are attacked and removed, only 55% of the nodes remained in 1 mass, and the average distances between any 2 nodes as well as the max distance inside the mass doubled. Now only half the internet is reachable (if you were lucky), while the speed tanks and the bottlenecks double.

When 500 ASes are attacked and removed, the Internet fractures into an unusable mess. Over 11000 little "islands" of 1 or two nodes are created (remember there were only ~17000 nodes to begin with!). The largest single mass only has 1388 nodes. Only 8% of the Internet is reachable, if you are luckily enough to be in that mass. The speed is now 1/5 of what it was as the average number of hops jumps from 3.7 to over 21.

I'm going to do some more reseach on AS systems and how protected they are, but I think I understand what Mike meant about the Internet being taken out without poisoning the DNS trees.

RE: Random -vs- deliberate failures of the Internet AS infrastructure
by Decius at 12:48 pm EST, Mar 5, 2005

Acidus wrote:
] I'm going to do some more reseach on AS systems and how
] protected they are

Understand that an AS is a big thing. An AS is a whole network, like an ISP. UUnet is 1 AS. Thousands or maybe tens of thousands of routers.

RE: Random -vs- deliberate failures of the Internet AS infrastructure
by Acidus at 10:05 pm EST, Mar 5, 2005

Decius wrote:
] Acidus wrote:
] ] I'm going to do some more reseach on AS systems and how
] ] protected they are
]
] Understand that an AS is a big thing. An AS is a whole
] network, like an ISP. UUnet is 1 AS. Tens or hundreds of
] thousands of routers.

Yes Tom. They more than covered that in my 2 networking specialization courses

RE: Random -vs- deliberate failures of the Internet AS infrastructure
by Decius at 11:05 pm EST, Mar 6, 2005

Acidus wrote:
] Decius wrote:
] ] Acidus wrote:
] ] ] I'm going to do some more reseach on AS systems and how
] ] ] protected they are
] ]
] ] Understand that an AS is a big thing. An AS is a whole
] ] network, like an ISP. UUnet is 1 AS. Tens or hundreds of
] ] thousands of routers.
]
] Yes Tom. They more than covered that in my 2 networking
] specialization courses

I'm not trying to be a dick here. The answer to your question is that AS systems are "protected" only in the sense that the "nation's infrastructure" is protected. Each individual router is it's own case. One might guess that connectivity resiliance within ASes is similar to inter-AS connectivity resiliance, and that the whole matter might be thought of like a fractal. Each AS is going to have different policies. Some will have good security practices. Some will have poor practices.

Honestly, Cisco routers do not lend themselves to good security practices. They don't ship SSH2. ACLs cause significant load. There is no central management system that makes configuration backups easy. I'll bet most ISPs have poor practices and I'll bet those that have good practices poorly enforce them.

There is a significant need for an internet wide effort to improve the state of network security, but ultimately you can bring a horse to water but you can't make him drink. People learn at this by getting burned by it. Nanog has been compiling practical information on good operational practices for a long time:

http://www.nanog.org/ispsecurity.html

RE: Random -vs- deliberate failures of the Internet AS infrastructure
by Jeremy at 10:02 am EST, Mar 6, 2005

Acidus wrote:
] I just finished a really cool project for my CS Theory class.

Presumably this was your assignment?

http://www.cc.gatech.edu/classes/AY2005/cs3510_spring/prg/program-assignment2.pdf

] The cool part was when we investigated how the system reacts
] to failure of nodes.

The paper to read is "Error and attack tolerance of complex networks" from the July 27, 2000 issue of Nature. Download it at

http://www.nd.edu/~networks/Papers/nature_attack.pdf

I was surprised to find that your assignment did not mention this paper. I suppose the professors wanted to encourage you to analyze the data on your own. Did they at least mention it?

] I have attached the reports here:
]
] http://www.msblabs.org/as-attacks/report-100.txt
] http://www.msblabs.org/as-attacks/report-500.txt

These URLs don't seem to work.

RE: Random -vs- deliberate failures of the Internet AS infrastructure
by Acidus at 12:36 pm EST, Mar 6, 2005

]
] ] I have attached the reports here:
] ]
] ] http://www.msblabs.org/as-attacks/report-100.txt
] ] http://www.msblabs.org/as-attacks/report-500.txt
]
] These URLs don't seem to work.

Whoops. Thats

http://www.msblabs.org/as-attack/report-100.txt

and report-500.txt

Thanks for the heads up about the paper.