back to article China routing snafu briefly mangles interweb

Bad routing information sourced from China has disrupted the internet for the second time in a fortnight. Global BGP (Border Gateway Routing) lookup tables sucked in data from a small ISP called IDC China Telecommunication, apparently accidentally broadcast by state-owned carrier China Telecommunications, IDG reports. ISPs …

COMMENTS

This topic is closed for new posts.
  1. Stone Fox
    Black Helicopters

    traffic routed through unknown systems in China

    am I the only one that finds this suspicious?

  2. Justin 11
    Big Brother

    Reminds me of an old saying...

    "Never assume malignant intent when it could just be pure incompetence."

    Or something like that.

    Still, with their track record...

    1. Stone Fox
      Happy

      it's called

      Hanlons razor.

      "Never attribute to malice that which can be adequately explained by stupidity."

  3. Robert Carnegie Silver badge

    Three times is enemy action; twice is, um, ...

    Let's suppose that gov.cn wanted samples of all Internet traffic to be routed through Chinese networks for purpose of hacking.

    For instance, if they have an anti-encryption exploit - or have an idea for one. Or maybe it's just for massive spoofing.

    Maybe it was about hacking a few web sites and services under cover of disrupting thousands of sites.

    Also: how about this for cyber warfare? Worldwide denial of service?

  4. Ralph B
    Happy

    Easy Target

    > Most likely it’s because of configuration issue, i.e. fat fingers.

    Yeah, that's right. Blame Budai.

    Stoutists.

  5. Anonymous Coward
    Anonymous Coward

    While on the subject of BGP screw ups

    Will the Reg be publishing any stories about Colt's problems yesterday (8th of April)?

    Or were we the only Reg readers affected?

  6. Anonymous Coward
    Anonymous Coward

    AS4134 China Telecom

    AS4134 blew my BGP peering session with them yesterday evening but only for a period of about 20 mins. I think this was as a result of mis-configuration. Normally I would only see 5000 prefixes announced by them.

    The likes of Level3 et al should know better. Any downstream customer of a Tier 1 should only ever announce infrastructure routes and customer routes. It follows therefore that the upstream provider should set a limit on the number of prefixes they will accept before the peering session is torn down and disabled until the downstream customer corrects their mistake.

  7. TeeCee Gold badge
    Joke

    A series of tubes?

    I've just thought of a better analogy for the Internet, airline baggage handling.

    Millions of things routed all over the place daily. One cockup and your* luggage gets sent to China.

    *Well, mine anyway.

  8. Anonymous Coward
    Anonymous Coward

    Fix it.

    So anyone could do this deliberately? shouldn't that be fixed before Kim Ill or someone decides to have some fun?

    1. Anonymous Coward
      Anonymous Coward

      AS4134 China Telecom - FIXIT

      Internet is held together with BGP duct tape. There are BCP's to prevent or mitigate mis-configuration issues. But it does happen. It's easily done.

      It did happen with Pakistan Telecom a few years back. They started to announce a prefix assigned to AIDSBook (a more specific prefix of one of AIDSBook's RIR allocation). This sucked traffic destined for AIDSBook toward Pakistan Telecom and into a black-hole, taking that associated part of AIDSBook infrastructure offline in a Denial-of-Service.

      The standard practice at reputable ISPs is that you document what you or your customers will announce in a RIR such as RIPE - the upstream ISP is supposed to check this is valid and has been rightfully assigned to you/ your downstream customers AS before they will update their prefix/ AS-path filters and propagate into the core.

      But you can imagine that in Pakistan this sort of thing might get easily over-looked.

      Behind the Great FW of Chna that is China Telecom, AS4134 - there is a very, very powerful network.

    2. Nexox Enigma

      Almost...

      """So anyone could do this deliberately?"""

      Not /anyone/ could do this, you have to have some sort of access to BGP as an AS, which isn't super easy to come by, but also not impossible.

      And this isn't new at all - people have been doing interesting things with BGP for years, but there's no good way to fix the many problems with the protocol, so everyone just sort of ignores them. Someone managed to hijack the defcon16 internet connection, and did it sneakily enough that they didn't add hops to traceroute or affect TTL or anything. A fair amount of people can pretty much do that for any network they want. Yes it's scary, no, it's not going away soon.

  9. Grahame 2
    Boffin

    BGP

    There are methods to filter route updates, but these are almost never implemented between carriers. However, the threat of loosing peering and not getting it back keeps everyone in line.

  10. John A Blackley

    What happens when you assume

    Particularly when you assume that, when on two recent occasions 'foreign' net traffic 'accidentally' got routed throuogh China, that it's "just fat fingers.

    Talk to Silicon valley companies about what happens when China takes in interest in your 'net traffic.

    1. Tom Samplonius
      Go

      Intent

      If it was deliberate, China would have used a out of country network, like an black sheep ISP in the US. It is too obvious to actually route the traffic to China. And if you think it is so obvious, with the intent to make it appear more accidental, China's connection to the outside world are terrible. Tons of congestion, and terrible latency. There isn't enough capacity for their own needs, let alone back-hauling intercepted traffic.

      As far as BGP goes, as someone who has worked on a national US ISP network that peered with 100+ networks, there are a variety of practices used. BGP isn't bad, but is sometimes used badly. In this case, a few ISPs got burned by a bad update. And those were big ISPs, so someone noticed. In the future, they are going to be keeping their BGP input filters updated. Sometimes it takes a small outage like this, to get the ops staff to start taking engineering seriously again.

  11. Mike Flugennock

    Perhaps neither a conspiracy nor a cock-up...

    ...but a test?

    Somewhere in China, an official State geek is saying "no, but thanks for the tip!"

  12. James Woods

    wake-up call

    This is a wake up call. All it takes to get an ASN is paying Arin a fee. As far as whatever else you have to pay to do it, China surely can afford it.

    China spews so much garbage on the internet that it only makes sense that something like this happens. This doesn't sound like a mistake to me, it sounds like something China has been crafting accidently or intentionally made it's debut to see how the interwebz would handle it.

    We see how the interwebz handled it. All we hear is "cyberattack cyberattack" and here is a form of a cyberattack and we're told it's a mistake.

    Yeah im sorry that our cloned FBI network we host connected to our public. Im sure the FBI would say, okay mistake.

    More garbage from China, these uplinks of ours know better. They're too busy bitching about having competition.

  13. This post has been deleted by its author

  14. ph0b0s

    Don't panic!

    Let's not get too hysterical about this. All we need is for the US to go all 'War on Cyber Terror' about this and to use it as an excuse start locking down the internet for your own safety, of course. If fact we should be putting in stuff that allows the internet to stay working even when states, good or evil try to do this kind off thing. Yeah, BGP has been around for a while....

    Maybe they need to develop a certificate system for source address / AS advertisement, so that even if two places are advertising the same source, routers can tell which route is authentic even if a better metric is offered along a bogus routes.

    BTW have my CCDP exam Monday wish me luck....

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020