back to article Boffins devise 'cyberweapon' to take down internet

University Boffins say they've devised a way to take down the internet by turning core parts of its routing protocol against itself. The attack, which was presented last week at the Network and Distributed System Security Symposium in San Diego, California, attacks functionality in the BGP, or Border Gateway Protocol. The …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Been there and seen it

    A few years ago we had a major router malfunction. The tables got scrambled and propagated to all of our routers. The result was such that to get to a site the route would go all over the place with many hops or not reach the destination.

    We had to shut down all routers, then bring them up one at a time so they could download the accurate tables.

    This outage cost us $230 a MINUTE because our factory was impacted too.

    This sounds similar to our "Router flap' incident.

    1. Yes Me Silver badge

      A bit more than a router flap, I think...

      > This sounds similar to our "Router flap' incident.

      Well, if operators really had to isolate and reboot all the BGP4 speakers in the world, it would be a bit more of a news story than that, I think. $230/minute wouldn't come near to covering it.

      However, I suspect there is more robustness in the real world than the paper assumes, and operators do talk to each other when things go funny. Admittedly, they usually talk by email, and they might have to revert to steam-powered telephones in this case.

      1. copsewood

        Could take the phones down too ?

        "Admittedly, they usually talk by email, and they might have to revert to steam-powered telephones in this case."

        A growing proportion of phone traffic is routed using TCP/IP. I worked directly on this infrastructure a long time ago when it was a genuinely seperate network, but from what I've read more recently major trunks circuits are increasingly routed using TCP/IP.

      2. TeeCee Gold badge

        Snag #2.

        "...they might have to revert to steam-powered telephones in this case."

        And good luck to them finding one that doesn't rely on IP telephony somewhere in the connection between the two point.....

        Oh noes, is End of Wurld yes?

        1. Donovan Hill

          When all else fails....

          They could use HAM radio to make contact!

    2. Anonymous Coward


      ....we've all seen it. A few router bitchfight over control. But as poitned out elsewhere, they should start suppressing the info, but not always. We simply downed the ports on a couple fo rogue ones, let the other recover then booted the bastard.

      And $230 a minute is micky mouse.

      We're a Midsize Enterprise and even we are talking £1m / hour. Happen to a bank and you're talking 100x that upwards.

      1. mark 63 Silver badge

        losing money , or just not making it?

        "And $230 a minute is micky mouse.We're a Midsize Enterprise and even we are talking £1m / hour. Happen to a bank and you're talking 100x that upwards."

        100 million dollars per hour ? lost ?

        sounds a little exagerrated in my completely uneducated guesstimate

        I've never liked the capitalistic " were losing x per hour" no - your just not making x per hour at the moment. I remember it from that IBM ad where systum gon down

        no wonder banks can lose our money so fast

  2. Anonymous Coward
    Anonymous Coward

    Everyone who has ever run BGP has seen the issue

    However, building such a bot-net requires 10's of thousands of what will be primarily residential computer systems, and more and more residential Internet service providers are blocking ICMP traffic to protect their networks from being analyzed. Already about half of the residential and small business connections that I come across can no longer do simple diagnostics such as pings or traceroutes, as well as either block or proxy outgoing port 25 traffic. I expect this trend to continue as ISPs take ever-increasing steps to secure (or stated more accurately - obscure) their networks.

  3. Anonymous Coward

    Wait for IPv6

    This sort of thing is much easier to do with IPv6 since you already have the info that the IPv4 system needs a botnet for.

  4. Anonymous Coward
    Anonymous Coward


    does it take in to account route flap dampening which all the major networks do as standard specifically to stop flapping routes causing a problem? if a link keeps flapping up and down then updates from it are suppressed and stop being propagated, this causes a slightly longer outage of the flapping link, but protects the rest of the internet from having to process the updates

    route flapping isn't uncommon, if it caused widescale outages every time it happened then we'd have serious problems

  5. Alex Brett

    Re: seriously?

    Well, firstly it's route flap damping not dampening (you're not making them wet!), but I think you could probably get round that by ensuring the time between the link going down and up was enough not to trigger the damping logic - plus it's my understanding that a lot of ASs only implement RFD on external links, so if you hit the 'right' link within an AS you could still cause lots of issues...

    1. Sir Runcible Spoon


      I used to work on the help desk at a major Uk ISP in the 90's and there were regular periods when there were route flaps on the network generated in US which would result in the eventual melt-down of the entire net.

      It used to take around 4 hours to sort out. This was plenty of time to head to the pub for an extended lunch.

      However, after about 6 months of this the peering operators got so practiced at sorting it out we eventually got a phone call to come back to the office just as we were about to order our first pint. In the end they could sort it out in about 20 minutes (this was before route flap damping btw).

      This whole situation led to one of my fondest memories of the period when someone on the helpdesk stood up and announced (in a VERY loud voice) that 'They've got huge flaps in the States!' (Will you ever live that down Sam? :)

  6. M7S

    recovery "network operators actually talking to each other"

    And there's the potential flaw.

    One reason we've moved from a certain ISP (with a name very similar to a low cost airline using orange as its main colour) is because when they had a big routing issue affecting quite a few customers (not that we could know that at the time), we could not get hold of tech support as they were all on VoIP phones. FFS.

    Unless every ISP maintains POTS and keeps a large paper based phone book, recovery from any such strike could take a little longer to effect than we all hope. Given that the telco's are increasingly using VoIP, and that everyone in the world will increase their telephone traffic to compensate for the loss of email etc should this happen, I think that unless there's a reserve POTS capability, and the means of ensuring the techies get a reasonable priority of access (essential services, government etc will also need some immediately), it could all "go quiet" for quite some time.

    Shame the Telex was too expensive to keep as a backup.

  7. John Smith 19 Gold badge

    So how are plans for the next gen BGP going?

    Only this seems to be one of a number of exploits that have relied on the implicit trust in management servers.

    Is IP6 the silver bullet?

  8. Ubuntu Is a Better Slide Rule

    Amateur Radio To The Rescue !

    This should be a reason for network ops people to have their boss give them time&money for an amateur radio license. Plus a proper HF transmitter (with at least 1kW of power).

    Looking at IBM offices, it seems some companies did this for decades :-)

  9. Neal 5


    who needs all that, just whack all your iPhones, iPads and whatever else onto AT&T network and just data gouge the whole system. Seems to have worked perfectly well upto now.

  10. Marco van Beek

    Trust no one

    Hasn't that been the basic fundamental of network security since IP Spoofing? Most of the time we don't even trust our own networks. In any other situation if you said it was okay for a device that you have no control over, that is external to your network, that could make fundamental changes to your system the rest of us would laugh and point and await the fun.

  11. Phil 54

    Whew, good thing

    I backed it up

  12. Version 1.0 Silver badge
    Thumb Up

    Nice try

    That's an imaginative attack but it sounds like it would be fairly easy to fix now that it's been spelled out.

  13. This post has been deleted by a moderator

  14. Luther Blissett

    Error correction at parse time

    Consensus here seems to support my impression that the apostrophes in the title flapped onto the wrong word.

    Cyberweapon is a simple concept, not requiring quote marks.. Your granny could understand you if you told her it was something which blocked the intertubes. Now this 'research' may be a good weapon, or an ineffective one, but neither of those appraisals require quoting, Neither would the absence of some empirical 'proof of concept'. That would mean for example, always writing 'expedition to Mars' or 'Higgs boson' until such things manifest. Maybe the quotes are really insinuating this thingy is a piece of disinformation, but if so, the story is then in the comments, not the article.

    OTOH the occurrence of boffin cries out for quotes, e.g, it wasn't a real boffin involved, but a trainee wanna-be; or again, it is so far a conjecture rather than an experimental result, so its author is less like a boffin and more like an airy-fairy arts grad. Or have I hit the sematics of your NaN here?

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022