• Total Posts: 28023
  • Total Topics: 8050
  • Online Today: 753
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Research Experiment Disrupts Internet Traffic, All Over The World  (Read 1556 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7151
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

An experiment run by Duke University and a European group responsible for managing Internet resources went wrong Friday, disrupting a small percentage of Internet traffic.

The damage could have been far worse however, and the incident shows just how fragile one of the Internet's core protocols really is, security experts say.

The problem started just before 9 a.m. Greenwich Mean Time Friday and lasted less than half an hour. It was kicked off when RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and Duke ran an experiment that involved the Border Gateway Protocol (BGP) -- used by routers to know where to send their traffic on the Internet. RIPE started announcing BGP routes that were configured a little differently from normal because they used an experimental data format. RIPE's data was soon passed from router to router on the Internet, and within minutes it became clear that this was causing problems.

"During this announcement, some Internet service providers reported problems with their networking infrastructure," wrote RIPE NCC's Erik Romijn in a note posted to the NANOG (North American Network Operators Group) discussion list. "Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers":

That shouldn't have happened on systems that were properly configured to support BGP, Romijn said, but nonetheless for a brief period Friday morning, about 1 percent of all the Internet's traffic was affected by the snafu, as routers could not properly process the BGP routes they were being sent.

"Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this 'experiment' started," wrote Earl Zmijewski, a general manager with Internet security firm Renesys. "Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted."

Security experts have warned for years that attackers could cause serious Internet disruptions by messing with BGP routes. Two years ago, YouTube was temporarily cut off from the Internet after a Pakistani BGP route that censored the video service was inadvertently spread worldwide.

Earlier this year, bad routes announced out of China ended up briefly disrupting some Internet traffic.

The damage from Friday's experiment was minimal, but if someone had been able to intentionally announce bad routes, it would have been much worse, said Paul Ferguson, a researcher with security firm Trend Micro.

It's unclear why RIPE NCC and Duke were trying out these new route formats.

One of the researchers behind the experiment, Duke assistant professor Xiaowei Yang, declined to talk in detail about the experiment, citing legal concerns. But she said that the work was for a research paper, and the BGP data that was sent was "100 percent standard compliant."

"It is an experiment initiated by my student and I," she wrote in an e-mail message. "It unexpectedly triggered some vendor bugs."

RIPE NCC could not immediately be reached for comment.


Samker's Computer Forum -


  • SCF Member
  • **
  • Posts: 39
  • KARMA: 10
    • Free Virus Spyware Adware Registry Scan

Ah well, hope there was something significant to learn.
Think before you think you'll do something.
Easy PC Security Tips


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising