Geo-Political Instability = Network Instability

It was an incredible time to be in the tech business. Al Gore had kick-started the Internet, and the World Wide Web was just beginning to form – like a cluster of stars in an ever-expanding galaxy. Little did we know it also marked the beginning of more sinister things.

During that time I was a systems administrator for a networked set of IBM RT PC workstations running a Unix variant operating system from Carnegie Mellon. The systems were running the first wide area networked file system – the Andrew File System (AFS). They were part of a project initially funded by IBM. The project was tasked with introducing networked graphical workstations into the Thayer School of Engineering curriculum at Dartmouth College.

In the beginning we had about twenty or so workstations networked together using bridges, thick wire Ethernet and some thin wire. Broadcast storms were a nasty reality on shared Ethernet hubs, and vamp taps had nothing to do with Twilight. Life was simpler then.

The project was called “Northstar” and if you Google it you’ll probably get some hits – heck it may still be rocking but with definitely newer objectives then we started with.

Monitoring the systems was an easy project then. Simple pings were enough to make sure systems were still running. One of our software engineers used our graphical toolkit to create a map of the Northstar workstations and color them red if they didn’t respond to the pings. That was the birth of NMS – Network Management Systems – at least in our corner of the galaxy.

I remember having to shut down our Sun Server and restore from backup tapes, because the very first virus – or worm in this case – started to bring down nascent systems around the various academic sites. Sendmail was one of the very first software utilities that began to evolve in order to stay ahead of the malicious hackers. *Sigh*

A husband and wife lawyer team in Arizona introduced the next stain to tarnish the perfect world of the foundling Internet: unsolicited commercial email – aka SPAM. Remarkably, this trend eventually got so bad that various governments passed laws to stem the tide. There is some irony here.

Fast-forward twenty years. The professionals are here now. We have hactivists, nation states with special cyber forces, and organized crime taking down personal, commercial and government computing systems. Government and military organizations are now responsible for creating the worst security breaches around the globe.

Take the most recent conflict between Ukraine and Russia. Both sides have been using sophisticated cyberattacks in order to disrupt information flow. An international crisis anywhere around the globe increases the incidences of cyber espionage, and no one connected to the Internet or hosting services is immune to the disruption that can ripple around the world.

At the beginning of this year I was schooled first hand in this area of study. Part of my role as Network Operator with Packet Design means making sure we have a stable Internet connection from our two border routers. A simple protocol that tries to keep time – Network Time Protocol – was misconfigured on one of our border routers, making us a pawn in the latest cyber wars. Using the protocol to make our router participate in a denial of service attack was enough to cause our Internet peering to drop and reestablish repeatedly over a twenty-four hour period.

The days of simply using Ping to manage a network are long, long gone. The reality today is that you need sophisticated tools that give you more information about the state of your network than the simple up/down status of the old days. Now you need to know the state of more esoteric objects like Internet BGP routes to make sure you can reach your critical cloud-based data. To properly protect networks today, tools are needed to see where information is flowing and even better tools to alert you immediately when those protections have failed.

Tools with route analytics – such as Packet Design’s Route Explorer – can help. Here are just a couple of examples: (1) Setting a watch list on all routes to the DNS root name servers can trigger an early warning if someone tries to use BGP to highjack the service and direct unsuspecting users to bogus or infected web sites; (2) Traps on BGP peerings can quickly alert operators when potential man-in-the-middle attempts are made.

I wish we were still dealing with the bored kiddy hackers that just wanted bragging rights instead of malicious groups trying to bring down services and systems of governments and companies they have grievances against. As for me, I’m thankful that route analytics alerted me to the significant BGP route shifts that indicated something was wrong and helped us avoid being a casualty of geo-political cyber warfare.