nanog mailing list archives
Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
From: Hank Nussbacher <hank () efes iucc ac il>
Date: Tue, 13 Nov 2018 18:57:53 +0200
On 05/11/2018 10:54, Tore Anderson wrote:
* Harley HCurious to hear others' thoughts on this. https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1050&context=mca This paper presents the view that several BGP hijacks performed by China Telecom had malicious intent. The incidents are: * Canada to Korea - 2016 * US to Italy - Oct 2016 * Scandinavia to Japan - April-May 2017 * Italy to Thailand - April-July 2017 The authors claim this is enabled by China Telecom's presence in North America.Hi, I looked a bit into the Scandinavia to Japan claim last week for a Norwegian journalist, who obviously found this rather sensational claim very intriguing. The article (Norwegian, but Google Translate does a decent job) is found at https://www.digi.no/artikler/internettrafikk-fra-norge-og-sverige-ble-kapret-og-omdirigert-til-kina/449797?key=vS1EOiG1 in case you're interested.From what I can tell from looking at routeviews data from the period, whathappened was that SK Broadband (AS9318) was leaking a bunch of routes to China Telecom (AS4134). The leak included the transit routes from SKB's upstream Verizon (AS703) and customers of theirs in turn, including well- known organisations such as Bloomberg (AS10361) and Time Warner (AS36032), which I suppose might be the ones the paper is referring to. The routes in question then propagated from CT to Telia Carrier (AS1299), probably in North America somewhere. Scandinavia is TC's home turf, it makes sense that the detour via CT was easily observed from here. If you want to see for yourself, look for «1299 4134 9318 703» in http://archive.routeviews.org/route-views.linx/bgpdata/2017.04/RIBS/rib.20170430.2200.bz2 Anyway, in my opinion the data for this particular incident (I haven't looked into the other three) does not indicate foul play on CT's behalf, but rather a pretty standard leak by SKB followed by sloppy filtering by CT and TC both. Tore
Internet Vulnerability Takes Down Google https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/ -Hank
Current thread:
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Tore Anderson (Nov 05)
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Hank Nussbacher (Nov 07)
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Hank Nussbacher (Nov 13)
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Christopher Morrow (Nov 13)
- <Possible follow-ups>
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Alfie Pates (Nov 14)
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Scott Weeks (Nov 14)
- Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Scott Weeks (Nov 26)