[LINK] All your internets are belong to us

Stilgherrian stil at stilgherrian.com
Tue Nov 23 10:03:30 AEDT 2010

On 23/11/2010, at 9:41 AM, Birch, Jim wrote:
> Crispin Harris wrote:
>> The 20% figure I quoted on the podcast was a flipant one - as you may
>> well appreciate.
> Am I missing something here?  Isn't there another big problem with the
> x% figures - unless there is a machine set up at the target ip address -
> i.e. one that should be at the Pentagon, Citibank HQ, etc - to do the
> receiving side, and, an appropriate receiving side of the protocol
> running at the counterfeited ip address, then won't packets be ditched
> by a router?  Setting up such a collection system would be such a
> massive effort.  BGP routes, but it doesn't do the actual data receive.
> Is there any evidence of fake servers set up to actually collect
> communications?  Eg, mail apparently received that went the wrong way?

Yep, you're confusing application layer (email that went the wrong way) with the packet layer (routing packets through China).

Take an email. At the application, the email was still sent from the sender's SMTP server to the recipient's. But during The 8 April Event the individual packets hopped from router to router via a path that took them through China instead of more directly.

The email headers will still only show the application layer hops, i.e. which sending host, SMTP relays and receiving SMTP server processed the email. There's no record in the email itself of how the packets were routed. Which is as it should be. The layers are kept separate.

At the packet layer, a router received a packet from somewhere, looks up its destination IP address in its routing table, and transmits it to the adjacent router which looks like it'll be the quickest path.


Stilgherrian http://stilgherrian.com/
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 8569 2006
Twitter: stilgherrian
Skype: stilgherrian
ABN 25 231 641 421

More information about the Link mailing list