Slashdot Mirror

← Back to Stories (view on slashdot.org)

For 18 Minutes, 15% of the Internet Routed Through China

Posted by CmdrTaco on from the i-bet-it's-nice-to-visit dept.

olsmeister writes "For 18 minutes this past April, 15% of the world's internet traffic was routed through servers in China. This includes traffic from both .gov and .mil US TLDs." The crazy thing is that this happened months ago, and nobody noticed. Hope you're encrypting your super-secret stuff.

4 of 247 comments (clear)

  1. There goes the neighborhood... by digitaldc · · Score: 4, Interesting

    It remains unclear whether the redirection was intentional, the report says, but it demonstrates that it is possible for malicious actors to seize control of the Internet and redirect traffic.
    On April 8, according to Web security specialists, a small Chinese Internet service provider published a set of instructions under the Border Gateway Protocol, that directed Web traffic from about 37,000 networks to route itself via computer servers in China.
    The list was republished by China Telecom and briefly propagated itself across the global Web, which works on a trust system, with each server updating its routing instructions based on data provided by others in the network.

    What the hell is a 'trust system' anyway? Is that part of the Border Gateway Protocol?
    Maybe someone needs to take a closer look at this 'trust system.'

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  2. So? 100% of US traffic goes through NSA "closets" by thesandbender · · Score: 4, Interesting

    Well, maybe not 100% but it's established that the bulk of US traffic is trunked off to closets in AT&T (and other) switch rooms. This is going to include any communications going to points outside the US and (more importantly) any traffic that happens to be routed through the US while going between two points outside the US.

  3. Re:This points to obvious fact by arivanov · · Score: 5, Interesting

    Or it is.

    It is just that the USA has forgotten the Internet basics. It has also forgotten major past incidents like that case from 10 years back when one small ISP in Florida directed most of the Internet traffic through itself and fell over.

    USA internet has very little redundancy. Most of the peering is private, in very few locations and the routes announced by ISPs to each other are not filtered based on declared ISP announcement policy. As the few remaining ISPs are so big the announcement lists have grown to a size where filtering them poses a technical difficulty. In addition to that because the ISPs are big they trust each others change control that routes for blocks which are "somebody's elses will not be announced". Bad Idea (TM). And that is why this was possible in the first place.

    Compared to that in Europe most of the peering is public and nearly all ISPs heavily filter the route announcements coming from other peers. A Chinese ISP which would announce blocks it does not own would simply be ignored. It is of course possible for the ISP in question to add the policy to its official export list, post it to RIPE, get it propagated to other ISPs and then announce the routes, but that will take time and will have a big chance to be noticed. It will also be clear that there is "no mistake" there so the ISP in question will really get kicked off the internet for this one.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  4. Re:As designed by janeuner · · Score: 2, Interesting

    Yes. It worked as designed. That is the crazy thing.