DDoS – POTs and PANs

Putting COVID-19 Traffic Growth into Perspective

Nokia Deepfield is another company that works in the background on the web and that analyzes data traffic patters for the big ISPs. Their June 4 report on web traffic reports about the same thing we’re hearing from most large ISPs – that the volume of web traffic suddenly shot up since the onset of the pandemic.

Nokia Deepfield says that the increase in traffic has settled in at about a 25% increase over pre-COVID levels. The most important aspect of the increase has been that almost all of the increases have been during the daytime, including on weekends. Networks have not seen any surge (or decrease) in the evening busy hour traffic.

To people who don’t follow the industry, those increases likely sound astronomical. Any other businesses would find a sudden 25% increase in business to be an extraordinary event. Imagine the impact of a sudden and sustained 25% increase in customer demand at a coffee shop, a bank, or a drug store. A business would have to scramble to increase inventory and staff to keep up with the new demand.

But in the world of ISPs this kind of growth is a lot less astounding. Cisco has been reporting for years that residential web traffic has been growing by 21% annually and business broadband by 24%. The ISP industry just absorbed in a single month the growth that would have normally been expected for all of 2020 – but any ISP worth their salt was already braced for this kind of growth this year.

It’s probably hard for the average person to digest that fact that the ISP industry has been coping with this kind of sustained growth for decades. If an ISP makes an expensive investment to double network capacity they’ll see the newly-created capacity filled within three or four years. ISP network engineers face a never-ending task of staying a step ahead of constant and relentless broadband growth.

It’s also worth noting that the growth due to COVID was less dramatic than the industry press might make you believe. Networks are engineered to satisfy the demands at the busy hour – those times of the day when networks are the busiest. During the rest of the day much of the network sits idle since the data pipes aren’t as full. The business hour for residential neighborhoods has been the evenings when homes watch video. Almost all of the growth from COVID came during the workday as students and employees worked from home. For most ISPs, the busy hour is still the evenings, and so there has been far less than a 25% increase in busy-hour demand. Most network should have been able to absorb this burst in growth.

This is not to say that all networks handled COVID growth well. For example, it’s been clear that the big telcos haven’t been investing money in their DSL networks for many years. Performance in those networks has been degrading every year as broadband usage increases. Customers in neighborhood with any significant number of DSL customers have seen broadband speeds decrease year after year as their the demand for broadband has increased. Anybody who has been working at home on DSL during the pandemic saw the network performance in the daytime nearly die.

The Nokia Deepfield blog introduces a new fact that I’d not heard before. They report that distributed denial of service (DDoS) attacks are up 50% during the COVID crisis. At first blush this seems counterintuitive because a lot of businesses have been shut down during the pandemic. Nokia Deepfield says the increased DDoS traffic comes from gamers. Apparently gamers can pay $30 to launch a custom 5-minute DDoS attack against an opponent. Anybody that has seen their neighborhood broadband become useless for five minutes might have been the unintended victim of such an attack. If we had an FCC that regulated broadband they might be investigating this kind of destructive web practice – but this is something they will leave to somebody else.

The bottom line on traffic growth is that. overall, most networks should have been prepared to absorb the growth in traffic due to the pandemic. Most of the growth happened during non-busy hours, and so, while the networks saw a lot of growth in traffic volumes they didn’t see an equal growth in network stress. The bad news for network engineers is that a lot of the recent growth looks like it will stick around, and the overall volumes of web traffic will probably continue to grow at 20% annually on top of the COVID growth.

How Vulnerable is Our Web?

We all live under the assumption that the web is unbreakable. After all, it has thousands of different nodes and is so decentralized that there isn’t even as many as a handful of places that control the Internet. But does that mean that something couldn’t do enough harm to it to cripple it or bring it down?

Before I look at disaster scenarios, which certainly exist, there is one other thing to consider. The big global Internet as we think about it has probably already died. The Internet security firm Kaspersky reports that by the end of 2014 there were dozens of countries that had effectively walled themselves off from the global Internet. A few examples like China are well known, but numerous other countries, including some in Europe, have walled off their Internet to some degree in response to spying being done by the NSA and other governments.

So the question that is probably more germane to ask is whether or not there is anything that could bring down the US Internet for any substantial amount of time? In the US there are a handful of major hubs in places like Atlanta, Dallas, San Francisco, Northern Virginia, and Chicago. A large percentage of Internet traffic passes through these major portals. But there are also secondary hubs in almost every major city that act as regional Internet switching hubs, and so even if a major hub is disrupted somehow, these regional hubs can pick up a lot of the slack. Additionally, there is a lot of direct peering between Internet companies, and companies like Google and Netflix have direct connections to numerous ISPs using routes that often don’t go through major hubs.

But still, it certainly could be disastrous for our economy if more than one of the major hubs went down at the same time. Many people do not appreciate the extent that we have moved a large chunk of our economy to the Internet as part of the migration to the cloud. A large portion of the daily work of most companies would come to a screeching halt without the Internet and many employees would be unable to function during an outage.

There have been numerous security and networking experts who have looked at threats to the Internet and they have identified a few:

Electromagnetic Pulse. A large EMP could knock out Internet hubs in ways that make them difficult to restart immediately. While it’s probably unlikely that we have to be too worried about nuclear war (and if we do, the Internet is one of my smaller worries), there is always the possibility of a huge and prolonged solar flare. We have been tracking solar flares for less than a century and we don’t really know that the sun doesn’t occasionally pump out flares much larger than the ones that we expect.
Introducing Noise. It is possible for saboteurs to introduce noise into the Internet such that it would accumulate to make it hard to communicate. This could be done by putting black boxes into numerous remote fiber switching points that would inject enough noise into the system to garble the signals. If enough of these were initiated at the same time the Internet wouldn’t stop, but most of what is being sent would have enough errors to make it unusable.
Border Gateway Hijacking. The border gateway protocol is the system on the Internet that tells packets where to go. If the BGP routers at major Internet hubs could be infected or hacked at the same time the Internet could lose the ability to route traffic.
Denial of Service Attacks. DDoS attacks have become common and for the most part these are more of a nuisance than a threat. But network experts say that prolonged DDoS attacks from numerous locations directed against the Internet hubs might be able to largely halt other web traffic. Certainly nothing of that magnitude has ever been undertaken.
Cyberwarfare. Perhaps the biggest worry in coming years will be cyberattacks that are aimed at taking down the US Internet. Certainly we have enough enemies in the world who might try such a thing. While the US government has recently beefed up funding and emphasis on defending against cyberattacks, many experts don’t think this effort will make much improvement in our security.

Perhaps one of the biggest issues we have in protecting against these various kinds of attacks is that there is no ‘Internet’ infrastructure that is under the control of any one company or entity. There are numerous firms that own internet electronics and the fibers that feed the Internet; most of these companies don’t seem to be making cybersecurity a high priority. I’m not even sure that most of them know what they ought to do. How do you really defend against an all-out cyberattack when you can’t know ahead of time what it might look like?

This isn’t the kind of thing that should keep us up all night worrying, but the threats are there and there are people in the world who would love to see the US economy take a huge hit. It certainly will not be surprising to see a few such attempts over the coming decades – let’s just hope we are ready for it.

Share this:

Share this: