Hey! You! Get off of my cloud!

September 9, 2010 Earl Zmijewski
dns-r

dns-f

We’ve all heard about the wonders of cloud computing. Take your corporate web server, your email servers, your calendar software and even your business plans and other important documents and throw them all into “the cloud”. No more finicky hardware to maintain, buggy software to patch or data backups to worry about. Outsource all of those headaches and enjoy reading your email from the beach on your phone.

Of course, nothing is ever that simple. Like any outsourced solution, you will need to perform due diligence. Is your cloud service provider technically and financially sound? Have they acquired sufficient diversity with respect to their Internet connectivity? Do they comply with all applicable regulations for your jurisdiction? Are there potential physical problems at their hosting locations, such as exposure to the threat of earthquakes or hurricanes? You can probably figure all of this out. But there is another threat that your due diligence will certainly fail to expose: the threat of your cloud neighbors. If you end up with the wrong ones, you may suffer as a result of their bad behavior or simply because of the content they host. This blog examines a few examples of this potential problem.

doveworld.jpg

Burning down the house

As has been endlessly reported in the media, the Dove World Outreach Center decided to antagonize a large fraction of humanity by scheduling a book burning on September 11th. Being pragmatists, our first thought was “Why on earth would anyone elect to offend this many people and become the object of so much hostility?” Being technologists, our second thought was “They must have a web site and it is probably having a bad day. What else might be hosted there?”

Until today, the Dove World Outreach Center could be found at www.doveworld.org, which resolved to IP address 65.61.140.175. This IP address is part of a much larger blocks of IP addresses (65.61.128.0/18) hosted by Rackspace Hosting (AS 10532). Rackspace just ended their relationship with the center, citing that they “violated the hate-speech provision of our acceptable-use policy”. We can also imagine that this IP was (or would have been) the target of cyber mischief, such as DDoS attacks designed to flood web servers and make them inaccessible. So what about the other web sites hosted behind this same IP? Would they have suffered collateral damage as a result?

When you move your services to the cloud, you really have no easy way of viewing your neighbors, nor do you have any control over who your future neighbors may be. There are no zoning laws on the Internet. At the time of this writing, there were over 400 domains hosted at the same IP address that used to host www.doveworld.org. As would be true of almost any hosting site, the domains vary considerably. gaygadget.gif
There are sites devoted to vacation rentals, video taping weddings, wilderness excursions and even interesting “gadgets”. A wide variety of languages are also on display such as Greek, Italian, Spanish and Russian. About the only thing these sites have in common is that they share a common IP address and common cloud provider. As such, they share a common fate.

China Girl

Keeping with our old rock song theme (have you figured them all out?), we next turn our attention to China. Thumbnail image for Thumbnail image for falundafa.png A Canadian registered non-profit organization aimed at promoting the practice of Falun Gong has a web site hosted by the Atlanta-based provider, Global Net Access (AS 3595). The IP address of this domain is currently 209.51.136.27 and, as in the earlier example, hundreds of other domains share this one IP address. As of this writing, access to this IP address is blocked in China — not just the one Falun Gong domain, but the IP address it resides on. Even simple pings and traceroutes that reach this IP when initiated from outside of China, fail at the Great Firewall when initiated from inside of China. This site is completely off limits to the Chinese. So what is the collateral damage? A site devoted to Coronary Artery Rehabilitation, an Arabic language site devoted to Guantanamo prisoners, an RSS news feed compendium and many others are blocked in China since they happen to be in the “wrong” neighborhood. And the Chinese won’t be booking Caribbean vacation rentals anytime soon either. They are also hosted at this banned IP address.

(I Can’t Get No) Satisfaction

In conclusion, this blog entry should not be construed as an attack on cloud computing. Cloud computing is better, faster and cheaper for many applications and a wide variety of providers offer excellent service. But resource issues aside, the key difference between in-house and out sourced solutions is with respect to control of the neighborhood. In the former, control is absolute and there should never be any surprises. In the latter, you can’t even see the neighbors and so have no idea who they are or what they are doing. You and all of your cloud neighbors are essentially blind in a zoning-free Internet.

And this just in …

While I was writing this blog, www.doveworld.org was apparently resurrected at IP address 184.91.77.199 and visiting the site currently gives an “under construction” banner. Road Runner (AS 13343), a division of Time Warner Cable, manages the corresponding block of IP addresses (184.91.72.0/21). Stay tuned.

The post Hey! You! Get off of my cloud! appeared first on Dyn Research.

Read more...

About the Author

Earl leads a peerless team of data scientists who are committed to analyzing Dyn’s vast Internet Performance data resources and applying their expertise to continually improve upon Dyn’s products and services.

More Content by Earl Zmijewski
Previous Article
Iran: Exporting the Internet (1)
Iran: Exporting the Internet (1)

Until this year, Iranian companies participated in the Internet primarily as...

Next Article
House of Cards
House of Cards

Time flies. Although it was over 18 months ago, it seems just like yesterday...