On Wed, 17 Nov 2010 11:45:14 -0500, Bob Poortinga <bobp+nanog@webster.tsc.com> wrote:
This is starting to be picked up by mainstream media, but was was first reported here (I believe):
<http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249>
"Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet Traffic"
"For 18 minutes in April, China.s state-controlled telecommunications company hijacked 15 percent of the world.s Internet traffic, including data
from
U.S. military, civilian organizations and those of other U.S. allies."
This article, which quotes Dmitri Alperovitch of McAfee, is full of false data as far as I can tell. I assert that much less than 15%, probably on the order of 1% to 2% (much less in the US) was actually diverted. The correct statement is that 15% of the world's network prefixes were "hijacked", but the impact was minimal in the US.
My concern is that this "report" will be presented to the US Congress without being refuted by experts in the know.
My request is that someone with some gravitas please issue a press release setting the facts straight on this matter. I have been in contact with Dan Goodin at The Register but I'm just a lowly grunt with a small network.
Also worth pointing out that if this was a normal prefix hijack without them actually delivering the packets to the intended recipient (unlikely the case), then there would be very little TCP data seen. A few packets on existing connections before they time out, and SYNs on new connection attempts. Unless they were able to push the traffic back to another ISP which didn't see their originated routes, things would break more likely than be "routed via" the hijacking AS. Ryan