Chinese ISP 'hijacks' bits of the web
According to reports, a configuration error on a Border Gateway Protocol (BGP) router resulted in IDC China, a small Chinese ISP, briefly declaring itself responsible for routing to around 37,000 IP networks. The Border Gateway Protocol is used by routers to indicate which networks (autonomous systems, AS) they are responsible for and which other networks they can access.
The networks (BGP prefixes) to which the Chinese ISP announced routes primarily belonged to ISPs in the US and China. The affected networks are reported to have included Dell, CNN, Apple, www.amazon.de, www.rapidshare.com and www.geocities.jp.
On attempting to visit affected websites, some users found themselves directed to the Chinese ISP's network. According to BGPmon.net, Deutsche Telekom also temporarily adopted the erroneous routes, but because existing known routes to the networks in question were generally shorter, in most cases the packets were not misdirected via IDC China. BGPmon.net reports that this was also the case for the majority of US ISPs. Users in Asia are likely to have been most affected by the problem.
This kind of incident is not unprecedented, but it reiterates how sensitive linking autonomous systems via BGP is and how easily it can be manipulated. By releasing specially crafted BGP information, an ISP can in principle divert traffic to specific networks through its own network and eavesdrop on that traffic. Hackers at the Defcon 2008 security conference demonstrated that they were also able to divert and eavesdrop on internet data by manipulating BGP. An attempt by Pakistan to block access to YouTube has achieved legendary status. They announced on their border gateway a special route to the YouTube servers which pointed to the null device. This rapidly propagated through the internet, resulting in packets addressed to YouTube from all over the world landing in a digital waste pile in Pakistan.
'Prefix Hijacking Mitigation
' details potential methods of manipulation and proposed defensive measures. Network operators are also considering protecting routing information cryptographically.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
