[CII] terms and conditions

Łukasz Bromirski lukasz at bromirski.net
Sun Nov 29 16:20:39 UTC 2009 

On 2009-11-29 13:54, bmanning at vacation.karoshi.com wrote:
> On Sun, Nov 29, 2009 at 02:22:40PM +0200, Gadi Evron wrote:
>> bmanning at vacation.karoshi.com wrote:
>>> 	I have "everything you need to make this work".  I have no need of
>>> 	Brazilian or Norwegian infrastructure.  They are not critical to me.
>>
>> What would happen to your connectivity if the Brazilian and Norwegian
>> localized internet infrastructures were to stop working?
>
> 	nothing.  zero.  nada.  zilch.
> 	
> 	not critical to me.   the point being, critical has a reference,
> 	usually an end user.

Somebody already called for defining the 'critical infrastructure', as
we can easily go into many discussions without actually definining why
we disagree :)

So, even if You're not living in the Brazil or Norway, they
infrastructure may be critical for you. Think about shared hubs for
banks, C&C systems for ATM machines and the card readers in shops,
gas stations, etc. It doesn't have to be a bunch of DNS root servers,
it may be a GSM IP network that is connecting you via a dialin to
the internet, or a AAA server somewhere around the world (we're already
in the era of cloud computing, please remember that), that just breaks.
And in terms of daily life, you're reduced to what you have in your
house. Shops won't sell you anything, they won't take orders, your
cell phone won't connect you anywhere, nor paid phone. If you have
cash, the TAXI may get you somewhere (if they still have fuel), but the
train system may not be able - precisely because of the fact, that
some set of IP networks used by a just a couple of companies in your
country just became unreachable.

And that's a fact that some of the networks in just three countries
are very important to most of the international companies operating
around the world. Without them, we're going to 'backup' plan, and
sometimes the backup plan really doesn't exist, or was tested
'well, three years ago'.

When you have a chance to work for couple of companies dealing with
internet connectivity on a "it's a something on our checklist to have
our project complete" or a "it always did work!" basis, you may change
your idea about being always safe very fast.

I wonder if Raoul Chiesa is on the list to share his experience. And
I expect we all have our own and sometimes it's really scary to
become aware during auditing, discussing architecture or redesigning
a network that just a simple error in ONE place may render whole
set of 'entities' disconnected.

And to show some real example: two years ago in Poland, we've had a
rather small DDoS. The DDoS was aimed at one of the international
bank. As the bot C&C apparently missed the fact, that the bank had
only something like /24 allocated, he brought down entire /19.
Along it went away two other banks (one national), a big newspaper
and independent company doing ATM 'services', and part of the network
of a gas station company.

People at the edge of Christmas Eve were unable to withdraw money
from ATMs, and pay by credit cards in shops. They were unable to pay
at gas stations, not to mention other 'difficulties' I can't actually
discuss in public. If the /19 would be further extended to say /16,
I see other countries would begin to see the 'problem'.

That's how it works - it's interconnected. Everything with everything
else.

So, that's my hello to the list :)

-- 
"Everything will be okay in the end. |                  Łukasz Bromirski
  If it's not okay, it's not the end. |       http://lukasz.bromirski.net

More information about the CII mailing list