No. L2 is not passed from router to router.
BGP poisoning could be a thing; it's been problematic in the past and major IXPs still don't have a ton of protection against it. Basically, it could cause wide swaths of the Internet to send their traffic to random routers with no path to the real destination, until the token falls out of the ring. A small steel company in PA took a big chunk of the East Coast down last year for half a day because of a BGP configuration mistake that propagated where it shouldn't.
DNS poisoning could be a thing, but after the Dyn outages in 06, DNS providers have good resistance (well, OpenDNS, Cloudflare, probably Quad9). Google, Verizon and your local ISP may be still playing fast and loose.
I think something more like VPNFilter / Mirai / TR-069 vulnerabilities would be a fairly effective kill switch. Your ISP's router they send to your home or you buy on eBay are generally lowest-bidder stuff with vulnerabilities they don't really put any effort into patching. A German kid took down most of Germany's home Internet services a couple years ago almost by accident, and the same techniques have been weaponized by nation-state operators and organized crime. The most attractive part of this option is that it could be used very selectively- killing home Internet without disrupting critical B2B traffic, shutting off a state or city, or even turning those modems into a distributed attack infrastructure.
Or they could go old school with a couple backhoe-induced fiber cuts and watch routing tables shit themselves for a day or two.
I did say router to router in my question. Poisoning of BGP routes would work. I think that the intentional cutting of fiber optic cables would be their best bet as they could cut at segments in rural and remote areas where they'd be least likely to be caught in the process. I however, hope they don't attempt to cause a nationwide communications blackout.
The best they could do with fiber cuts is to segment the Internet geographically until the cuts were repaired... alternate routes would be partially successful in the interim, but the performance (congestion and latency) would generally be terrible.
Stupid BGP tricks would work in the short term, but china, iran, etc have already been doing that sort of thing for a while, and countermeasures have been worked out. The white hats know a bit about network engineering and the Internet, so it's not as if the world is defenseless against DS sabotage.
No. L2 is not passed from router to router. BGP poisoning could be a thing; it's been problematic in the past and major IXPs still don't have a ton of protection against it. Basically, it could cause wide swaths of the Internet to send their traffic to random routers with no path to the real destination, until the token falls out of the ring. A small steel company in PA took a big chunk of the East Coast down last year for half a day because of a BGP configuration mistake that propagated where it shouldn't.
DNS poisoning could be a thing, but after the Dyn outages in 06, DNS providers have good resistance (well, OpenDNS, Cloudflare, probably Quad9). Google, Verizon and your local ISP may be still playing fast and loose.
I think something more like VPNFilter / Mirai / TR-069 vulnerabilities would be a fairly effective kill switch. Your ISP's router they send to your home or you buy on eBay are generally lowest-bidder stuff with vulnerabilities they don't really put any effort into patching. A German kid took down most of Germany's home Internet services a couple years ago almost by accident, and the same techniques have been weaponized by nation-state operators and organized crime. The most attractive part of this option is that it could be used very selectively- killing home Internet without disrupting critical B2B traffic, shutting off a state or city, or even turning those modems into a distributed attack infrastructure.
Or they could go old school with a couple backhoe-induced fiber cuts and watch routing tables shit themselves for a day or two.
But the best plan already seems to have been hatched and failed: Blow up the AWS datacenter in VA and pin it on Trump supporters: https://www.wired.com/story/far-right-extremist-allegedly-plotted-blow-up-amazon-data-centers/
I did say router to router in my question. Poisoning of BGP routes would work. I think that the intentional cutting of fiber optic cables would be their best bet as they could cut at segments in rural and remote areas where they'd be least likely to be caught in the process. I however, hope they don't attempt to cause a nationwide communications blackout.
The best they could do with fiber cuts is to segment the Internet geographically until the cuts were repaired... alternate routes would be partially successful in the interim, but the performance (congestion and latency) would generally be terrible.
Stupid BGP tricks would work in the short term, but china, iran, etc have already been doing that sort of thing for a while, and countermeasures have been worked out. The white hats know a bit about network engineering and the Internet, so it's not as if the world is defenseless against DS sabotage.