Russian
Internet traffic, including the domestic one, has continuously been
re-routed outside the country due to routing errors by China Telecom, which could result in compromising the security of Russian communications.
Internet monitoring service Dyn reported Thursday in a blog post that the apparent networking fault is due to the weakness in the Border gateway protocol (BGP), which forms the underpinning of the Internet's global routing system.
The problem started after the BGP peering agreement signed between the China Telecom and top Russian mobile provider Vimpelcom
in order to save money on transit operators, so that some of the
domestic traffic may carried over the other's network rather than
through a more expensive transit operator. Under this deal, Russian
domestic traffic was repeatedly being routed to routers operated by
China Telecom.
Routing Traffic allows law enforcement agencies and hackers with the ability to monitor. “Unlike
other routing leak scenarios, such as Indosat originating the entire
global routing table or VolumeDrive leaking nearly the entire BGP table
from one transit provider to another, the leaks described above occur
with much greater frequency and with little fanfare. In fact, typically
the parties involved are unaware of the glitch and, as a result, these
more limited problems can persist much longer than the larger
catastrophic incidents.” Doug Madory, Director of Internet Analysis at Dyn said.
Unlike other routing leak scenarios, such as Indosat originating the
entire global routing table or VolumeDrive leaking nearly the entire BGP
table from one transit provider to another, the leaks described above
occur with much greater frequency and with little fanfare. In fact,
typically the parties involved are unaware of the glitch and, as a
result, these more limited problems can persist much longer than the
larger catastrophic incidents.
"During [one] incident, over 7000 routes from Vimpelcom’s customer cone were globally announced by China Telecom," Doug Madory wrote in the blog post. "The August 5 event was one of the times that China Telecom briefly announced nearly a full BGP table [of] 326,622 routes to Vimpelcom, placing itself in the path of outbound traffic from Vimpelcom to the outside world — including Russian routes."
"The traceroute (below) shows Vimpelcom taking traffic to Frankfurt, handing it over to China Telecom which takes it to Shanghai before handing it over to Chello Broadband, which peers with China Telecom in Los Angeles. Chello then takes it from New York to Frankfurt again and then into the German countryside."
Traceroutes from Moscow to other Russian locations were pushed by
Vimpelcom to China Telecom infrastructure in Frankfurt and redirected
back to Russia via Megafon without getting directed out to Shanghai.
"If this routing arrangement is intended to provide Vimpelcom low-latency access to the Far East, it isn't working that well," Madory said.
Madory suggests networks operators to carefully routes their traffic traverses and to filter the routes they receive. "Without
both measures, your traffic could be easily misdirected, potentially
hurting both the performance and security of your Internet
communications," he warned.
0 comments:
Post a Comment