The National Academies Press

Currently Skimming:

4 Perspectives on the Internet Experience of September 11
Pages 49-60

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 49... ... Yet quantifying that observation has proved difficult. There are neither general norms of Internet performance nor infrastructure to monitor the network comprehensively. Read the entire page →
From page 50... ... Rather than relying on BGP, one can measure Internet connectivity directly by attempting to communicate with a number of systems scattered throughout the network and reporting on one's actual ability to exchange data. In the following paragraphs, these metrics are used to examine some recent Internet events that most people consider exceptional and to compare them with those of September 11. Read the entire page →
From page 51... ... Figure 4.1 illustrates the effects on the global Internet of one such type of fault, a "fiber cut," on November 23, 1999, when a major Internet link was severed. The figure plots Internet reachability using the same methodology as was used in Figure 2.2 in Chapter 2. Read the entire page →
From page 52... ... http://www.matrixnetsystems.com GMT Nov 23 03:00 05:00 07:00 09:00 1 1:00 13:00 15:00 17:00 19:00 21:00 23:00 CST Nov22 9 PM 11 PM 2 AM 4AM 6 AM 8 AM 10AM noon 2 PM 4 PM FIGURE 4.1 Impact of a 1999 fiber cut on the reachability of two representative sets of Internet hosts (1, 2) and the Domain Name System root servers (3~. Read the entire page →
From page 53... ... As detailed in Chapter 2, the effects of the terrorist attacks were complex, but by simplifying somewhat, some broad patterns emerge: � Most of the attacks' effects were local. The majority of the serious communications disruptions were suffered by networks and customerssuch as the stock exchanges, Covad DSL customers, and the parts of NYSERNet in Lower Manhattan physically close to 140 West Street. Read the entire page →
From page 54... ... The power outage at Telehouse had an effect on Internet connectivity that was comparable to that of the Towers' collapses earlier. Extended power outages tend to be a feature of physical disasters (whether they have human or natural causes) Read the entire page →
From page 55... ... Moreover, such incidents could lead to indirect effects along the lines of the degradation of South Africa's DNS capability following the World Trade Center attacks. The principal issue with international connectivity is that most of the transoceanic fiber-optic communications cables land in North America at a few sites. Read the entire page →
From page 56... ... Finally, the committee learned during its workshop that a carefully designed distributed attack against a number of physical locations, especially if done in a repeating pattern, could be highly disruptive. An attack at a single point, however, is survivable. Read the entire page →
From page 57... ... PERSPECTIVES ON THE INTERNET EXPERIENCE OF SEPTEMBER 11 57 POSSIBLE EFFECTS OF A DELIBERATE ELECTRONIC ATTACK WITH THE AID OF, OR AGAINST, THE INTERNET As previously noted, the Internet itself was not a target on September 11, 2001, nor, apparently, was it used by terrorists for anything more than their own information-acquisition or communication needs. However, the Internet could plausibly play a more central role in future terrorist attacks. Read the entire page →
From page 58... ... This could be done directly, by altering the contents of Internet news sites. Alternatively, information in the Domain Name System database could be changed to redirect names to incorrect addresses, or the routing system could be tampered with so that users would be connected to substitute servers.4 Each technique could expose users to Web pages, seemingly authentic, that contained either subtly or grossly incorrect information crafted by the attackers. Read the entire page →
From page 59... ... Furthermore, recent theoretical work has pointed to more efficient spreading strategies that appear to enable a worm to compromise a vulnerable population of a million servers in a matter of minutes, perhaps even in tens of seconds.5 And a plausible potential exists for compromising perhaps 10 million Internet hosts in a surreptitious "contagion" fashion that, while taking longer than the quick propagation of worms such as Code Red, would make the worm much harder to detect; it would not exhibit the telltale scanning used by rapidly propagating worms. The ability to acquire hundreds of thousands or even millions of hosts would enable terrorists to launch truly Internet-wide attacks. Read the entire page →
From page 60... ... For example, they could plausibly target all of the root name servers (of which 13 are currently deployed and operated by various organizations) and all of the major Internet news outlets and the cybersecurity analysis and response sites. Read the entire page →

From page 49...

... Yet quantifying that observation has proved difficult. There are neither general norms of Internet performance nor infrastructure to monitor the network comprehensively.

Read the entire page →

From page 50...

... Rather than relying on BGP, one can measure Internet connectivity directly by attempting to communicate with a number of systems scattered throughout the network and reporting on one's actual ability to exchange data. In the following paragraphs, these metrics are used to examine some recent Internet events that most people consider exceptional and to compare them with those of September 11.

Read the entire page →

From page 51...

... Figure 4.1 illustrates the effects on the global Internet of one such type of fault, a "fiber cut," on November 23, 1999, when a major Internet link was severed. The figure plots Internet reachability using the same methodology as was used in Figure 2.2 in Chapter 2.

Read the entire page →

From page 52...

... http://www.matrixnetsystems.com GMT Nov 23 03:00 05:00 07:00 09:00 1 1:00 13:00 15:00 17:00 19:00 21:00 23:00 CST Nov22 9 PM 11 PM 2 AM 4AM 6 AM 8 AM 10AM noon 2 PM 4 PM FIGURE 4.1 Impact of a 1999 fiber cut on the reachability of two representative sets of Internet hosts (1, 2) and the Domain Name System root servers (3~.

Read the entire page →

From page 53...

... As detailed in Chapter 2, the effects of the terrorist attacks were complex, but by simplifying somewhat, some broad patterns emerge: � Most of the attacks' effects were local. The majority of the serious communications disruptions were suffered by networks and customerssuch as the stock exchanges, Covad DSL customers, and the parts of NYSERNet in Lower Manhattan physically close to 140 West Street.

Read the entire page →

From page 54...

... The power outage at Telehouse had an effect on Internet connectivity that was comparable to that of the Towers' collapses earlier. Extended power outages tend to be a feature of physical disasters (whether they have human or natural causes)

Read the entire page →

From page 55...

... Moreover, such incidents could lead to indirect effects along the lines of the degradation of South Africa's DNS capability following the World Trade Center attacks. The principal issue with international connectivity is that most of the transoceanic fiber-optic communications cables land in North America at a few sites.

Read the entire page →

From page 56...

... Finally, the committee learned during its workshop that a carefully designed distributed attack against a number of physical locations, especially if done in a repeating pattern, could be highly disruptive. An attack at a single point, however, is survivable.

Read the entire page →

From page 57...

... PERSPECTIVES ON THE INTERNET EXPERIENCE OF SEPTEMBER 11 57 POSSIBLE EFFECTS OF A DELIBERATE ELECTRONIC ATTACK WITH THE AID OF, OR AGAINST, THE INTERNET As previously noted, the Internet itself was not a target on September 11, 2001, nor, apparently, was it used by terrorists for anything more than their own information-acquisition or communication needs. However, the Internet could plausibly play a more central role in future terrorist attacks.

Read the entire page →

From page 58...

... This could be done directly, by altering the contents of Internet news sites. Alternatively, information in the Domain Name System database could be changed to redirect names to incorrect addresses, or the routing system could be tampered with so that users would be connected to substitute servers.4 Each technique could expose users to Web pages, seemingly authentic, that contained either subtly or grossly incorrect information crafted by the attackers.

Read the entire page →

From page 59...

... Furthermore, recent theoretical work has pointed to more efficient spreading strategies that appear to enable a worm to compromise a vulnerable population of a million servers in a matter of minutes, perhaps even in tens of seconds.5 And a plausible potential exists for compromising perhaps 10 million Internet hosts in a surreptitious "contagion" fashion that, while taking longer than the quick propagation of worms such as Code Red, would make the worm much harder to detect; it would not exhibit the telltale scanning used by rapidly propagating worms. The ability to acquire hundreds of thousands or even millions of hosts would enable terrorists to launch truly Internet-wide attacks.

Read the entire page →

From page 60...

... For example, they could plausibly target all of the root name servers (of which 13 are currently deployed and operated by various organizations) and all of the major Internet news outlets and the cybersecurity analysis and response sites.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

4 Perspectives on the Internet Experience of September 11 Pages 49-60

4 Perspectives on the Internet Experience of September 11
Pages 49-60