All your base packets are belong to us?
Oracle 'net-watcher agrees, China Telecom is a repeat offender for misdirecting traffic
Oracle has backed claims that China Telecom Border Gateway Protocol (BGP) announcements regularly take internet traffic on an unwanted tour of the Middle Kingdom. At the end of October, a paper by Chris Demchak of the US Naval War College and Yuval Shavit from Tel Aviv University documented what the pair said were "unusual and …
COMMENTS
-
Tuesday 6th November 2018 12:31 GMT Anonymous Coward
This is hardly new
I used to run into this regularly more than a decade ago: on call you would get a ticket for "high latency", where the traceroute would show big jumps in latency, while routing through a series of IP's with no rDNS, whose whois data would reveal them to be owned by China Telecom. Aggressive filtering of China Telecom's AS from free and transit peers sort of fixed it, but obviously it's not a complete solution.
Having a Beijing dark fiber ring as well was also interesting: IKE packets going across the ring would magically disappear, in an obvious attempt to force unencrypted traffic. It's almost as if the Middle Kingdom wants to live up to it's name :-)
-
Tuesday 6th November 2018 13:12 GMT Anonymous Coward
Ah, the good old days
When traffic from Smyrna, GA, to Atlanta, GA*, was ocasionally routed via Reston, VA** because my client just happened to change their ipsec keying, regular as clockwork.
* - yes, they actually border each other
** - a suburb of Washington, D.C. where the rule of law doesn't apply for national security reasons.
-
-
Tuesday 6th November 2018 14:44 GMT Anonymous Coward
Meh!
The traceroutes of my US based packets make regular detours through Canada and the UK or US Army bases on their way to their intended destination.
Also interesting to note the logcat logs of my Sprint serviced phone throwing errors that it it's having trouble removing an IP address for the Dept of Defense from the rmnet routing table.
But OK, I'm supposed to be concerned about China. (Or is it Russia this week?)
-
Tuesday 6th November 2018 15:53 GMT Spazturtle
Re: Meh!
The US military had lots of involvement with early internet infrastructure so it makes sense that router nodes would be in or around bases as that's where all the backbone cables meet up.
The US and UK don't do wide scale interception like that themselves, it would cost too much tax money. Instead they pass laws mandating that the people running the backbone intercept data. That way the cost is spread around and pass on to customers.
-
-
Tuesday 6th November 2018 14:53 GMT naive
How FFS can they allow to let this happen ?
Already over 50% of the hack attempts come from China, and then as a bonus they serve them ALL the traffic on a silver tray.
Lenin was in hindsight a modest man, he assumed capitalism would SELL him the rope with which he would hang the capitalists, we give it China for free.
More and more the impression creeps up, China is already nested like a incurable cancer in our society. Maybe responsible people need to pick a knife and start slashing away.
-
Tuesday 6th November 2018 15:22 GMT elgarak1
Isn't that the point of the Internet?
Isn't it the point of the internet/http that each packet can go any number of ways? So that if one route fails, there are multiple other routes to take? ;)
Kidding aside:
1) If all traffic always fails to take better routes, it could be an error/glitch/bug.
2) If all traffic gets routed in certain patterns, there may be malicious intent.
-
Tuesday 6th November 2018 16:17 GMT Anonymous Coward
Raises hand
Oh, Oh, I know, we can use AI to solve this, or the cloud, *eyes glaze over and drool begins to form* Or better yet, AI in the cloud. Paradigm shift for the win. Bingo.
But seriously FFS, I don't see why anyone would accept BGP updates from an untrusted source. And where was the networking staff that failed to audit this. 2.5 years? Really?
-
-
Friday 9th November 2018 23:44 GMT Michael Wojcik
Re: Raises hand
Or blockchain!
Tigra 07 uses Trollface! Trollface fails!
Come on - you had to know someone had already proposed this. Indeed, lots of people have. This is one of those use cases where it might even make some sense - except, of course, blockchain settlement networks are routinely attacked using BGP partitioning hijacking.
Chicken, meet egg.
-
-
-
Tuesday 6th November 2018 16:26 GMT Nate Amsden
low priority traffic?
Routing something that far away will of course kill latency and perhaps short of something like residential broadband or mobile connections would result in the customers seeing that drop in performance/throughput and reporting it.
I was involved with one such incident that I kept the traceroute for in 2004, the story I was told was there was a fiber cut in the midwest of the U.S. that caused some previously unused BGP broadcasts to route traffic for the company I was with(AT&T customer at an AT&T facility near Seattle) to go through Russia. Packet loss got as high as 98%, and being we were an online application had to take our site down since it was wrecking havoc with transactions. Took AT&T and friends 6-7 hours to put the filters in place etc to resolve the issue.
Traceroute from the time (source and destination addresses both in Seattle area)
http://elreg.nateamsden.com/funkyroute.txt
32 hops, 98% packet loss and 280ms later arriving at the destination.
-
Tuesday 6th November 2018 17:26 GMT Anonymous Coward
Some good samaritan should fix this
It should be doable for someone with a BGP connected router to write a script that checks worldwide route advertisements and compares them to the destinations, and "fixes" routes that have been hijacked. Or at least publishes the information when it happens so things don't go 2 1/2 years without correction.
-
Friday 9th November 2018 23:53 GMT Michael Wojcik
Re: Some good samaritan should fix this
If only the hundreds of people who work with and research Internet routing issues had thought of this!
Or, perhaps, they have, and it is not in fact "doable".
As it happens, there are quite a few people (and systems) who watch BGP announcements and sound the alarm about suspicious ones. There are Twitter posts when a suspicious announcement is made - see Madory's blog post, linked to in TFA. There's a whole complex theory about what makes a "good" route (starting with the "valley-free property", originally defined by Gao in 2000, and about which a great deal has subsequently been written).
Complex problems rarely have simple solutions. Complex problems being examined by a lot of smart people, with significant benefits attached to solving those problems, almost never have simple solutions - if they did, they'd already be solved.