back to article A glitch in the Matrix, or a hungry exploit?

Sûnnet Beskerming researchers observed an interesting deviation in global network traffic over the last 24 hours, particularly for South American, Asian, and Australian networks. Normally, global Internet traffic (as observed by the Internet Traffic Report) oscillates around nine per cent packet loss, with global response times …


This topic is closed for new posts.
  1. Sergei Andropov


    That's somewhat unsettling. I hope it doesn't turn out to be anything serious.

  2. Anonymous Coward
    Anonymous Coward

    Looks like the NSA f*cked up

    Seems they rated their new packet sniffer as being able to handle 11% more traffic than it actually does.

  3. Xander

    The current turf war?

    Given this story:

    Any chance the two gangs DDosing each other could hit these continents? It's reported that at least one of the gangs is russian, which would explain asia.

  4. Graham Dawson Silver badge

    Chaotic systems

    It could also be an entirely random event. A large complex system with a certain amount of randomness built in will sometimes display large deviations from the norm. I'd be more inclined to think it's that, or the exploit mentioned in the article, than any packet sniffing thing.

  5. Anonymous Coward
    Anonymous Coward


    ActiveX is extremely, ridiculously popular in the east. Not so in the west.

  6. Greg Nelson

    For What It's Worth

    I make a considerable effort to stay current with security issues but haven't the time to do much more than play defense. ActiveX has a bad reputation and has been a thorn in the side of security for a long time. IIRC initially MS pimped ActiveX as if it was as sexy as a Paris Hilton clone. Now, on the rare occasions I fire up IE, there's generally a warning inviting me to allow AcitveX stuff at my own peril. If ActiveX is to blame and enough people get burnt then maybe it'll turn another big batch of people to Firefox. There's something happening here; what it is ain't exactly clear. There's a man with a GNU over there telling me I've got to beware. :)

  7. Dan Finch

    Yet Another Internet FUD

    Yeah, here is goes again. Another news article that goes on about something trouble the internet. I wonder how long before the Symantec FUD crew comes rolling out alerting everyone to a major security problem with the internet? I figure at least 3 weeks after everyone else does. 3 weeks after that, CERT be releasing their alert as well.

    Frankly, anyone running ActiveX deserved what they get. A security fix is not patching something to ask a user (who has no idea of the implications) to decide if its safe to run on their box. Hell, 90% of people won't open e-mails that aren't from someone they know these days because of that.

    Come on people, we hear all the time about this kind of thing, and nothing becomes of it. The internet isn't run by a bunch of retards, it just got a large population of them inhabiting it, and they just happen to be more vocal.

    I highly doubt the NSA has gotten a packet sniffer of that caliber online. It'd take one hell of a cluster to sniff that kind of data and with all the wrist slapping going on with their wiretapping lately, I imagine they're just doing business as usual, waiting for the right time to slip a bill in to take away some more freedom from the people.

    Dan Finch

    Gods of NOS

  8. Mother Hubbard

    Scotty, check the sensor array ...

    If I saw an anomoly in one group of one type of sensor, but not in another group of the same type or of any other type of sensor, then I'd be checking the sensors, before checking the target.

    The alleged mining of the Internet by the NSA is reminiscent of the passive acoustic array and its parent, the passive acoustic barrier strategy, of the US Navy circa 1968-ish. Good times - then and now.

  9. freshage

    hmmm, interesting

    there is no point in worrying, just think about us poor gamers, pings are riseing each day (miss the days of quake 3 and 10 ping even during peak hours)

    hope the world is under attack by internet.


  10. Anonymous Coward
    Anonymous Coward

    Wiretap systems...

    are inherently passive. This means that the flow of traffic is not disturbed by the tap and the only problem that could arise is dropped packets in the interceptor hardware. The same should be true for cisco wiretap modules in most internet routers.

    However, since there are dropped packets, one could trace the point where the packets are dropped and inspect the router in question if it is either hacked, under 100 percent load or carrying malicious packets.

    In many cases, the problem turn out to be a bad router configuration where one link gets less than 100 percent load while others get more than they could carry.

  11. Robert Hirst

    100% packet loss?

    Hmm, when you drill down into response time/packet loss across Europe, apparently Belgium, Denmark, Romania and Switzerland all have 100% packet loss. Perhaps a contributing factor to the packet loss average? However, since still comes up, I'd have to assume that data is not correct...

  12. Matt W

    10ms ping ?

    <python>You lucky, lucky...</python>

    <old git>back in my day of dial-up Q2 anything under 100ms was a cause for celebration</old git>

    Q3 was rubbish anyway - All the cool kids were playing UT by then.

  13. norman

    Another reason?

    I wonder how this relates to Vista deployment?

  14. Rich Bryant

    The usual

    It's just Shub-Internet again. Hit it with a stick.

  15. Brian


    NOOOOOOOOOOOOOOOOO The lag!!!!!!!!!!

  16. Stu

    Another candidate for El-Reg banned words-

    Normalcy used in this article. Clearly an americanis(Z)ation of a word intended to reduce the amount of thought required during language use.

    There is an alternative to this word that happens also to be in the Oxford English dictionary, because it actually exists -


    God, writing is all you people do!!

    Sorry to rant and all, but this really gets on my nerves being a UK website.

    Couldn't the editors have Anglicised it?

  17. Anonymous Coward
    Anonymous Coward Black Hole servers?

    Isn't that caused by all the Windoze machines and misconfigured routers lauching reverse DNS resolutions on private IP address range across open Internet, that IANA blackhole servers are supposed to drop? I've seen somewhere that this traffic causes significant spikes exactly at the same time, like exactly midnight (GMT or local, I don't remember).

    Please correct me, if that isn't the actual reason for IANA blackhole servers, dropping some traffic that was not supposed to be there, regarding reverse DNS queries, and if that couldn't be related to global alteration on latencies.

  18. steve lampros

    Live Free or . . . .

    Maybe someone saw the plot of the new die hard movie. Where's John McClain or Jack Bauer when you need 'em?

    It's a FIRE SALE!

  19. Chris Stephens

    AMX hardware has become self aware

    The company mentioned makes corporate automation hardware with powerful computing engines which run a dedicated OS with god knows what in them.

    They obviously all linked up and became self aware.

    In fact this a important fact for the ROTM guru's i feel.


  20. Anonymous Coward
    Anonymous Coward

    Green issues

    I don't know if the recent worldwide "1 hour no power" that took place on 1st July made any difference as it would have resulted in many computers being turned off.

  21. Rob Munn

    blackhole servers

    I think the poster who fingered the blackhole servers might be right on the money. I can't believe no one has covered this story yet. APEWS ( is one of those blacklists. Until very recently, APEWS was a private list that only invited email admins could use for their spam filters.

    Within the last month, APEWS opened its list to any and all email admins. I believe this change has caused a huge problem for Internet email traffic. Specifically, APEWS have blacklisted entire segments of the Internet. The Class B address block for my home Internet connection (TimeWarner) is on the APEWS blacklist, as (apparently) are other large address blocks.

    What is really interesting about the story is why APEWS is blacklisting entire address blocks. APEWS has a political agenda, and they are using the blacklist to further that political agenda. Specifically, they are trying to force users like me to switch ISPs or complain to their ISPs to put pressure on those ISPs to do a better job blocking spam that emanates from their networks. A laudable goal, to be sure, but their tactics strike me as unethical and potentially illegal- and they certainly represent a breach of trust of the blacklist system.

    I would like to see a journalist find out who the original nine members of the APEWS organization are, what companies they work for, and whether the executives at those companies have any knowledge of the actions of their employees.

    The APEWS domain was registered in Brazil, has its DNS servers in Germany, and is hosted in Canada. All public information, and maybe somewhere to start the investigation.


  22. Luiz Abdala

    Ooops... BlackHOLE servers has nothing to do with BlackLIST servers.

    I'm the poster on the first comment about IANA.ORG blackhole servers, and I guess you didn't understand me.

    IANA Blackhole servers are actually good for the health of Web traffic. They drop reverse DNS queries that shouldn't exist on open Web, only on local networks, on non-routable IP ranges like Without them, this traffic would keep repeating itself in search of a reply, when nobody will answer. It is like shouting "Hello" on the mountains, the echo will fill the place with noise. Without this IANA servers, chaos would ensue. Following the analogy, IANA blackhole servers would shout back "Shut the f*** up, nobody will answer you!", so the DNS queries stop. I heard Windows machines do that once every 24 hrs.

    BlackLIST servers are entirely a different thing, they are blocking spam traffic, or listing spammers IP's, (so you said), and I can't foresee how would their absence would affect global latency. Only stupid spammers use their local ISP IP as the originating point, anyway.

This topic is closed for new posts.

Other stories you might like