Slashdot Mirror
For 18 Minutes, 15% of the Internet Routed Through China
olsmeister writes "For 18 minutes this past April, 15% of the world's internet traffic was routed through servers in China. This includes traffic from both .gov and .mil US TLDs." The crazy thing is that this happened months ago, and nobody noticed. Hope you're encrypting your super-secret stuff.
The crazy thing is that this happened months ago, and nobody noticed.
Odd, Slashdot reported the day afterward: Chinese ISP Hijacks the Internet (Again).
My work here is dung.
That summary and article didn't report the .mil or .gov traffic.
I guess we just assumed it was only youtube videos or pokes on facebook.
From National Defense Magazine: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249#
"If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they can send you their public key with their public certificate and you will not know any better," he said. The holder of this certificate has the capability to decrypt encrypted communication links, whether it's web traffic, emails or instant messaging, Alperovitch said. "It is a flaw in the way the Internet operates," said Yoris Evers, director of worldwide public relations at McAfee.
What makes this really annoying is that a lot of .mil sites use self-signed certificates. When doing mil-2-mil browsing, you just get used to clicking whatever to get into the site. So, I can easily see how China could do a MITM without alarming any of the end users.
I'd rather you do it wrong, than for me to have to do it at all.
They hijacked prefixes, not data. At least not directly. If you sent a packet during that time, it may have been routed to China. I doubt they stood up a big infrastructure to close TCP sessions with all of that incoming traffic and actually capture anything. Perhaps for a very targetted attack they could have, but then there'd be better ways than this to do it, I imagine.
http://www.eff.org/nsa/
with BGP if I advertise my self as a route to a subnet others around me will try to send me that traffic IF they trust me.
now with a small company like mine.. my telco doesn't accept any routes other than my own subnets so instead i would just black hole my self.
now take a large telco or backbone provider .. say Level 3.. if they started advertising a route to my subnets then everyone who is closer to them then me (basically everyone) they will send L3 the traffic..
this type of attack/what ever you want to call it - only works if you are a big enough player for your neighbors to believe what you are advertising.
with my L3 example.. not every telco (or any really) would review that route change.. as for all they know i got a leased line from L3 or set up a peering agreement..
the cardinal sin of BGP is to advertise a route that isn't yours. but that is all it is.. and advertisement.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Sorry to be AC.
as an IP engineer at a major backbone provider, I can safely comment on the hyperbole of this incident.
China Telcom -4134- would have to either send very/more specific routes and get max prefixes blown out, or send very general routes and loose to smaller routes.
yes, for a little while any "tier 1" player, or major government player, can convince another provider to send routes to an inappropriate AS, the game soon ends. anyone who isn't running at the very least a max prefix is a cluetard and needs their peering revoked anyway. From my 20%, 4134 is always a hair's breath away from getting a smackdown.
tldr; they can't really steal the whole internet, but we need to watch out for smaller route hyjacking.
Since when has a low UID meant anything? Or, indeed, positive karma?
They're trolling, pure and simple. And quite well given you took the bait!