I deal with data transport at a national level. Take down a few backbone connections in the US and i see no issue at all taking down the network nationwide. It would be ugly, there would be spotty connectivity and you wouldn't get everything, but it would sure seem like everything to a normal user.
Not an expert, more of a novice. CCNP. Think internet backbone. Think large scale "hacks" ie solarwinds. Backdoors. Killswitches probably baked in. Your idea about a malicious data frame is good, but it would be isolated to one network segment (one broadcast domain). Could be a killswitch packet of sorts. Could also be something we never thought of.
I don't have the knowledge or desire to cause a major communications disruption of such scale. Besides, the FBI would come knocking on my door and I would not look good in an orange jumpsuit. Anyway, I would be upset if there was a nationwide blackout of the internet.
No. L2 is not passed from router to router.
BGP poisoning could be a thing; it's been problematic in the past and major IXPs still don't have a ton of protection against it. Basically, it could cause wide swaths of the Internet to send their traffic to random routers with no path to the real destination, until the token falls out of the ring. A small steel company in PA took a big chunk of the East Coast down last year for half a day because of a BGP configuration mistake that propagated where it shouldn't.
DNS poisoning could be a thing, but after the Dyn outages in 06, DNS providers have good resistance (well, OpenDNS, Cloudflare, probably Quad9). Google, Verizon and your local ISP may be still playing fast and loose.
I think something more like VPNFilter / Mirai / TR-069 vulnerabilities would be a fairly effective kill switch. Your ISP's router they send to your home or you buy on eBay are generally lowest-bidder stuff with vulnerabilities they don't really put any effort into patching. A German kid took down most of Germany's home Internet services a couple years ago almost by accident, and the same techniques have been weaponized by nation-state operators and organized crime. The most attractive part of this option is that it could be used very selectively- killing home Internet without disrupting critical B2B traffic, shutting off a state or city, or even turning those modems into a distributed attack infrastructure.
Or they could go old school with a couple backhoe-induced fiber cuts and watch routing tables shit themselves for a day or two.
I did say router to router in my question. Poisoning of BGP routes would work. I think that the intentional cutting of fiber optic cables would be their best bet as they could cut at segments in rural and remote areas where they'd be least likely to be caught in the process. I however, hope they don't attempt to cause a nationwide communications blackout.
The best they could do with fiber cuts is to segment the Internet geographically until the cuts were repaired... alternate routes would be partially successful in the interim, but the performance (congestion and latency) would generally be terrible.
Stupid BGP tricks would work in the short term, but china, iran, etc have already been doing that sort of thing for a while, and countermeasures have been worked out. The white hats know a bit about network engineering and the Internet, so it's not as if the world is defenseless against DS sabotage.
It would probably make more sense to takeover DNS at the root level and cause problems there.
I deal with data transport at a national level. Take down a few backbone connections in the US and i see no issue at all taking down the network nationwide. It would be ugly, there would be spotty connectivity and you wouldn't get everything, but it would sure seem like everything to a normal user.
Are you referring to social media companies or actual carriers?
Not an expert, more of a novice. CCNP. Think internet backbone. Think large scale "hacks" ie solarwinds. Backdoors. Killswitches probably baked in. Your idea about a malicious data frame is good, but it would be isolated to one network segment (one broadcast domain). Could be a killswitch packet of sorts. Could also be something we never thought of.
Hmm your right. Or backdoors and malicious data frames used in combination. However, the data frame would have to be routed to every major router.
Secretly known 0-days and or physical sabotage.
Yes that is possible too. However, there would need to be a major coordination between enough ISP techs and the DS to pull off something like that.
Depends on the vulnerability. This one happened to be found by a Good guy
Aaaand he's gone https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/
You are talking about shutting down a network that was specifically designed by DARPA to survive a nuclear war... Good luck with that.
You could slow it down, but there is too much redundancy (by design) to completely shut it down.
That's what I thought. The DS would have to resort to physical sabotage.
DARPA has its own segmentation and infrastructure, they never had an AOL account, If that makes sense.
All they have to do is flip that one switch at the main internet building and it turns it all off. The whole world's internet...lol.
EMP
Somebody gonna be knocking on your door....
I don't have the knowledge or desire to cause a major communications disruption of such scale. Besides, the FBI would come knocking on my door and I would not look good in an orange jumpsuit. Anyway, I would be upset if there was a nationwide blackout of the internet.
I know. I’m just always concerned when I see posts like yours because I know there are folks monitoring places like this. Take care.
I realize that and I just hope the context doesn't confuse them. I know that the NSA, FBI, and CIA would monitor places like this.
What if every Winblows computer in existence starts pinging at once and doesn't stop? Add in the Macs.
Guess what's running our men-o-war?
No. L2 is not passed from router to router. BGP poisoning could be a thing; it's been problematic in the past and major IXPs still don't have a ton of protection against it. Basically, it could cause wide swaths of the Internet to send their traffic to random routers with no path to the real destination, until the token falls out of the ring. A small steel company in PA took a big chunk of the East Coast down last year for half a day because of a BGP configuration mistake that propagated where it shouldn't.
DNS poisoning could be a thing, but after the Dyn outages in 06, DNS providers have good resistance (well, OpenDNS, Cloudflare, probably Quad9). Google, Verizon and your local ISP may be still playing fast and loose.
I think something more like VPNFilter / Mirai / TR-069 vulnerabilities would be a fairly effective kill switch. Your ISP's router they send to your home or you buy on eBay are generally lowest-bidder stuff with vulnerabilities they don't really put any effort into patching. A German kid took down most of Germany's home Internet services a couple years ago almost by accident, and the same techniques have been weaponized by nation-state operators and organized crime. The most attractive part of this option is that it could be used very selectively- killing home Internet without disrupting critical B2B traffic, shutting off a state or city, or even turning those modems into a distributed attack infrastructure.
Or they could go old school with a couple backhoe-induced fiber cuts and watch routing tables shit themselves for a day or two.
But the best plan already seems to have been hatched and failed: Blow up the AWS datacenter in VA and pin it on Trump supporters: https://www.wired.com/story/far-right-extremist-allegedly-plotted-blow-up-amazon-data-centers/
I did say router to router in my question. Poisoning of BGP routes would work. I think that the intentional cutting of fiber optic cables would be their best bet as they could cut at segments in rural and remote areas where they'd be least likely to be caught in the process. I however, hope they don't attempt to cause a nationwide communications blackout.
The best they could do with fiber cuts is to segment the Internet geographically until the cuts were repaired... alternate routes would be partially successful in the interim, but the performance (congestion and latency) would generally be terrible.
Stupid BGP tricks would work in the short term, but china, iran, etc have already been doing that sort of thing for a while, and countermeasures have been worked out. The white hats know a bit about network engineering and the Internet, so it's not as if the world is defenseless against DS sabotage.