Re: FUD: 15% of world's internet traffic hijacked

[Ryan Rawdon <ryan () u13 net>]

On Wed, 17 Nov 2010 11:45:14 -0500, Bob Poortinga
<bobp+nanog () webster tsc com> wrote:
> This is starting to be picked up by mainstream media, but was was first
> reported here (I believe):
<http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249>
> "Cyber Experts Have Proof That China Has Hijacked U.S.-Based Internet
> Traffic"
>
> "For 18 minutes in April, China.s state-controlled telecommunications
> company
>  hijacked 15 percent of the world.s Internet traffic, including data
from
>  U.S.
>  military, civilian organizations and those of other U.S. allies."
>
> This article, which quotes Dmitri Alperovitch of McAfee, is full of
false
> data as far as I can tell.  I assert that much less than 15%, probably
on
> the order of 1% to 2% (much less in the US) was actually diverted.  The
> correct statement is that 15% of the world's network prefixes were
> "hijacked",
> but the impact was minimal in the US.
>
> My concern is that this "report" will be presented to the US Congress
> without
> being refuted by experts in the know.
>
> My request is that someone with some gravitas please issue a press
release
> setting the facts straight on this matter.  I have been in contact with
Dan
> Goodin at The Register but I'm just a lowly grunt with a small network.

Also worth pointing out that if this was a normal prefix hijack without
them actually delivering the packets to the intended recipient (unlikely
the case), then there would be very little TCP data seen.  A few packets on
existing connections before they time out, and SYNs on new connection
attempts.  Unless they were able to push the traffic back to another ISP
which didn't see their originated routes, things would break more likely
than be "routed via" the hijacking AS.

Ryan