Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese ISP Hijacks the Internet (Again)

Posted by Soulskill on from the phase-two-test-complete dept.

CWmike writes "For the second time in two weeks, bad networking information spreading from China has disrupted the Internet. On Thursday morning, bad routing data from a small Chinese ISP called IDC China Telecommunication was re-transmitted by China's state-owned China Telecommunications, and then spread around the Internet, affecting Internet service providers such as AT&T, Level3, Deutsche Telekom, Qwest Communications, and Telefonica. 'There are a large number of ISPs who accepted these routes all over the world,' said Martin A. Brown, technical lead at Internet monitoring firm Renesys. Brown said the incident started just before 10 am Eastern and lasted about 20 minutes. During that time the Chinese ISP transmitted bad routing information for between 32,000 and 37,000 networks, redirecting them to IDC instead of their rightful owners. These networks included about 8,000 US networks, including those operated by Dell, CNN, Starbucks, and Apple. More than 8,500 Chinese networks, 1,100 in Australia, and 230 owned by France Telecom were also affected."

20 of 171 comments (clear)

  1. Accident by rmushkatblat · · Score: 5, Insightful

    It was an accident, of course.

    1. Re:Accident by Anonymous Coward · · Score: 5, Insightful

      "Once is an accident.
      Twice is a coincidence.
      Three times is enemy action."
      -- Gen. Douglas MacArthur

  2. cut out the middleman by Michael+Kristopeit · · Score: 5, Funny

    now you can order iPad direct from china through apple.com

  3. Not unintentional by Nickodeemus · · Score: 5, Interesting

    All that data routed to the wrong place accidentally... hmmm sounds like a perfect excuse to me - for intelligence gathering. If it passes through their routers, they have the data.

  4. Blacklist 'em by DogDude · · Score: 5, Interesting

    Until China learns how to act as responsible Internet citizens, I'll continue to blackhole as many of Chinese subnets as I can find both at work and home. Spam, malware, and every kind of crap comes from China, and I don't do business with any Chinese, so it's a no-brainer.

    --
    I don't respond to AC's.
    1. Re:Blacklist 'em by pv2b · · Score: 5, Informative

      Blacklisting China's IP ranges would do nothing to protect you against bad routing - something you as an end user don't have any control over.

    2. Re:Blacklist 'em by PNutts · · Score: 5, Interesting

      Until China learns how to act as responsible Internet citizens, I'll continue to blackhole as many of Chinese subnets as I can find both at work and home. Spam, malware, and every kind of crap comes from China, and I don't do business with any Chinese, so it's a no-brainer

      Well, since more SPAM comes from the US I assume you'll block those subnets too? http://www.spamhaus.org/statistics/countries.lasso

      Also, in March the US was the source of most malware, but since you already have that blocked for SPAM you should also block Korea who for some reason in the month of April took the lead. http://www.infosecurity-us.com/view/8547/korea-reigns-as-king-of-malware-threats-/

      In regard to China learning how to act as responsible Internet citizens, you are not leading by example.

    3. Re:Blacklist 'em by merc · · Score: 4, Informative

      I use http://www.countryipblocks.net/ -- they seem to do a pretty decent job of keeping their database up-to-date. It will also provide the output in varying formats (net/mask, CIDR, ip range, etc).

      --
      It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
  5. An old saying... by marmoset · · Score: 4, Insightful

    "Once is an Accident, twice is a Coincidence, and three times is a Pattern."

    1. Re:An old saying... by MagikSlinger · · Score: 4, Informative

      The correct quote is:

      "Once is happenstance. Twice is coincidence. Three times is enemy action."

      -- Auric Goldfinger, "Goldfinger" by Ian Fleming

      --
      The bitter lessons of a veteran coder: http://bitterprogrammer.blogspot.com
    2. Re:An old saying... by BJ_Covert_Action · · Score: 5, Funny

      Yeah, but it came from Confucius so it can't be trusted.

      --
      Motorcycles, Robots, Space Gossip and More!
    3. Re:An old saying... by DriedClexler · · Score: 4, Funny

      Confucius say, Man who walk through airport turnstile sideways is going to Bangkok.

      *GONG*

      --
      Information theory is life. The rest is just the KL divergence.
  6. Wiskey Tango Foxtrot by Archangel+Michael · · Score: 4, Insightful

    Any sufficient level of Incompetence is indistinguishable from Malice.

    Solution however is exactly the same.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  7. What about signing & certificates? by Turzyx · · Score: 5, Interesting

    The ISP in question only controls 30 networks, yet other routers blindly accepted thousands. Why isn't there basic verification of such re-configurations? I'm actually very shocked, the potential for abuse is huge; and TWICE as well.

  8. Gotta Build A Fence by MrTripps · · Score: 5, Funny

    Obviously the only way to protect the Border Gateway Protocol is to build a fence around it. (Spits. Scratches ass.)

    --
    "I'm not a quack, I'm a mad scientist! There's a difference." - Dr. Cockroach
  9. Re:Fall guy by Paralizer · · Score: 4, Informative

    The internet runs the BGP routing protocol. It is by design a 'trust' system. You explicitly neighbor with autonomous systems you want to directly connect to and you freely exchange routes. It's possible to filter that routing information if you wanted (both in and out), but because you explicitly connected with them there's a certain level of "I trust anything you tell me, as I you should of me."

  10. Re:Chinese bashing? by Blackbrain · · Score: 5, Interesting

    This kind of thing happens all of the time. Subscribe to the operators list at http://www.nanog.org/ and you will see reports of mis-announced prefixes every month or two. This is just China bashing and media sensationalism. (Which I do mind very much, thank you)

    --
    Where would we be if Wheel had hid her round rock in a cave instead of showing everyone how it rolls?
  11. Almost Certainly Unintentional by billstewart · · Score: 5, Informative

    Limited-scope attacks like the Pakistani YouTube diversion are much more likely to be a deliberate attack; broad-spectrum attacks are obviously either mistakes (or really clever DDOS.) Advertising that you're the best route to half the world isn't exactly un-stealthy enough for intelligence gathering - and China doesn't have the bandwidth to handle that much traffic, either inside their entire country's network or especially across the Pacific; the only carriers with a chance of absorbing some fraction of AT&T's plus Level3's traffic are Verizon or possibly Google, and they're both competent enough not to do that.

    This kind of thing happens occasionally with BGP, which was designed to be run in a relatively trusted environment by relatively-to-extremely-competent people, which means that it only explodes occasionally and most major carriers do a good job of filtering routing announcements that look seriously wrong, and detecting when other people advertise bogus information about their networks. The typical cause used to be bad conversions between external BGP routes and internal OSPF or RIP routes, especially back when some random customer would have left autosummarization on so they'd take their two Class C subnets, combine them into the Class A that they're both in, and announce to everybody in the world that they were the best route to reach the Tier 1 carrier who's their upstream (or who's the upstream of their local ISP, who wasn't bothering to filter their BGP announcements.)

    The first time this happened in a big way was a bit of a surprise, as some little ISP announced that their T1 line was the best way to reach all of MAE-EAST (i.e. half the world), so suddenly there were gigabits of traffic headed that direction, at least until their self-DDOS killed off most of the BGP sessions and somebody fixed it. Since then, if you try to advertise being the best route to some large carrier who has a /8, you'll find they're also advertising a pair of /9s (which win), and that they'll be calling your upstream carrier within a couple of minutes to get your BGP session shut down. On the other hand, if this happens, it also means your upstream carrier wasn't filtering your BGP announcements for sanity, so they may also not be good at having somebody who can answer the phone and quickly resolve that level of problem.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  12. Re:Why the FUCK does china still have internet acc by zero_out · · Score: 4, Interesting

    Our Grand Communist Party of the Great Nation of China plan to get the rest of the world to leave us alone about our glorious firewall, and desire, nay, duty to protect our citizens:

    Step 1: Push out Google

    Step 2: Muck up their internet

    Step 3: They kick us off "their" internet

    Step 4: Setup our own, national, internet

    Step 5: Be praised by the lesser nations for staying off their internet, rather than chastised for walling ourselves off and keeping their realfacts out

    Step 6: Spread propaganda, er... goodfacts about our Grand Communist Party of the Great Nation of China

    Step 7: Unlimited, eternal power to do whatever we please

  13. Fat Chance that IPv6 actually fixes this problem by billstewart · · Score: 4, Interesting

    By "old-school principles", you did mean "pre-ARIN IPv4 Swamp Addresses", didn't you? :-)

    Yeah, the people who designed IPv6 hoped that by having a big enough address space with no pre-existing reservations, they could make routing simpler and cleaner and delay the problem of routers running out of special route table memory and routing protocol horsepower, but that was pretty much a pipe dream:

    • Medium-large businesses want to own their own address space instead of using provider-owned space so they've got the ability to change carriers without renumbering,
    • businesses that want multi-homing for diversity need to have routing table presence regardless of what size their address blocks are,
    • geographical addressing may be ok for single-site businesses, but tends to fail for businesses with multiple offices (at least multiple offices with public presence),
    • and anybody who wants to be an early adopter (i.e. actually be using IPv6 long enough to be stable before the IPv4 ship sails off the edge of the world and everybody else notices the dragons and their ISP does something useful about IPv6) is likely to spend the ~$1250 to get their own public IPv6 space as opposed to just building a tunnel to SiXXs or Hurricane Electric,

    so the IPv6 world's going to be a non-hierarchical mess just like the IPv4 world.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks