[AusNOG] "How China diverts, then spies on Australia's internet traffic"

Grahame Lynch grahamelynch at commsdaymail.com
Wed Nov 21 23:04:35 EST 2018


Paul my comments were prompted by this discussion on reddit. The report
authors haven't established that all the routing they described was a
hijack, they just assume it because it was a longer route.

https://www.reddit.com/r/netsec/comments/9rlehd/chinese_telecom_performing_bgp_hijacking/

On Wed, 21 Nov 2018 at 18:55, Paul Brooks <pbrooks-ausnog at layer10.com.au>
wrote:

> On 21/11/2018 5:42 PM, Grahame Lynch wrote:
>
> How much of this is "hijacking" and how much is just "least cost routing"?
> It is really hard to tell.
>
> Its not 'least cost routing', BGP doesn't work like that, unless the
> target networks really were customers of China Telecom, or
> customers-of-a-customer.
> China Telecom must have started advertising that those networks were
> reachable, and then stopped advertising, for the traffic to be sent into
> their network in the first place.
>
> This can happen by accident/incompetence/error, although that usually
> results in the affected site being blackholed - thats what happened with
> the Telstra BGP hijack of prefixes recently.  In this 'diversion' case the
> traffic is being rerouted and eventually finding its way back out of the
> network and forwarded to the original destination - that is more difficult
> to make happen by accident.
>
> Its arguably laziness on the part of the other networks that China Telecom
> interconnects BGP with - peers, upstreams, and customers - although to be
> fair the various proposals for validating BGP route advertising permissions
> is not widely deployed and still being developed.
>
> Most ISPs filter BGP routing advertisements from customers, but very few
> filter route advertisements from upstreams and peers.
> Securing BGP is a hot topic in recent years, but is taking a long long
> time to get critical mass.
>
> Everyone running BGP-4 should take a look at:
>
>    - MANRS (Mutually Agreed Norms for Routing Security -
>    https://www.internetsociety.org/issues/manrs)
>    - RFC7454 = BCP-194 - BGP Operations and Security -
>    https://tools.ietf.org/html/rfc7454
>    - NIST "Protecting the Integrity of Internet Routing: Border Gateway
>    Protocol (BGP) Route Origin Validation",
>    https://csrc.nist.gov/publications/detail/sp/1800-14/draft
>
> ...and plan to implement RPKI for all your routes.
>
> Paul.
>
>
> On Wed, 21 Nov 2018 at 17:38, Christian Heinrich <
> christian.heinrich at cmlh.id.au> wrote:
>
>> Has anyone observed
>>
>> https://www.smh.com.au/technology/how-china-diverts-then-spies-on-australia-s-internet-traffic-20181120-p50h80.html
>> or not?
>>
>> --
>> Regards,
>> Christian Heinrich
>>
>> http://cmlh.id.au/contact
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181121/0337f75b/attachment.html>


More information about the AusNOG mailing list