Re: How about a game of chess? (was Re: Vulnerbilities of Interconnection)

[<sgorman1 () gmu edu>]

Actually I do not know how to play chess maybe *Risk*, but your point 
is well taken.  The intent is not provide a public recipe for taking 
down the Internet, that would be the opposite goal of the research to 
begin with.  Regardless it is difficult line to tread and it is best 
to err on the side of caution.  

As for sampling biases - that is why it is only anecdotal evidence and 
the need for it to be questioned.   Reports of Vinny accidently 
announcing his router as AS701 do not make it to the media very often.

That aside the suggestion of how to model the Internet are very useful 
and the closer these models can get to operational reality the 
better.  The intent being methodology not revealing data.  Waites' 
approach is a good first step, but what next.  Also if you know 
capacties how do you model a cascading effect that encompasses intra-
network and inter-network traffic flows.

Also it might be easier to calculate transition probabilities by 
summing across the rows of the adjaceny matrix then dividing the row 
components by the sum.

 

----- Original Message -----
From: Sean Donelan <sean () donelan com>
Date: Friday, September 6, 2002 12:52 pm
Subject: How about a game of chess? (was Re: Vulnerbilities of 
Interconnection)

> On Thu, 5 Sep 2002 sgorman1 () gmu edu wrote:
> > Is there a general consensus that cyber/internal attacks are more
> > effective/dangerous than physical attacks.  Anecdotally it seems 
the
> > largest Internet downages have been from physical cuts or failures.
>
> I think you have a sampling bias problem.
>
> The "biggest" national/international network disruptions have 
> generallybeen the result of operator error or software error.  Its 
> not always easy
> to tell the difference. It may be better for carrier PR spin 
> control to
> blame a software/router/switch vendor.
>
> Until recently physical disruptions have been due to causes which 
> don'teffect the stock price, carriers were more willing to talk 
> about them.
> Carriers usually don't fire people due to backhoes, hurricanes, 
> floods, or
> train derailments.
>
> What does this say about the effect of an external or internal
> cyber-attack?
>
> Not much.  Naturally occuring physical and procedural disruptions 
have
> different properties than a directed attack.  Not the least is 
> hurricanesand trains don't read NANOG, and generally don't alter 
> their behavior
> based on the "recommendations" posted.
>
> Wouldn't you prefer a good game of chess?