Re: [AusNOG] "How China diverts, then spies on Australia's internet traffic"

Tue, 20 Nov 2018 23:56:01 -0800 

On 21/11/2018 5:42 PM, Grahame Lynch wrote:
> How much of this is "hijacking" and how much is just "least cost routing"? It 
> is
> really hard to tell.
Its not 'least cost routing', BGP doesn't work like that, unless the target 
networks
really were customers of China Telecom, or customers-of-a-customer.
China Telecom must have started advertising that those networks were reachable, 
and
then stopped advertising, for the traffic to be sent into their network in the 
first
place.

This can happen by accident/incompetence/error, although that usually results 
in the
affected site being blackholed - thats what happened with the Telstra BGP 
hijack of
prefixes recently.  In this 'diversion' case the traffic is being rerouted and
eventually finding its way back out of the network and forwarded to the original
destination - that is more difficult to make happen by accident.

Its arguably laziness on the part of the other networks that China Telecom
interconnects BGP with - peers, upstreams, and customers - although to be fair 
the
various proposals for validating BGP route advertising permissions is not widely
deployed and still being developed.

Most ISPs filter BGP routing advertisements from customers, but very few filter 
route
advertisements from upstreams and peers.
Securing BGP is a hot topic in recent years, but is taking a long long time to 
get
critical mass.

Everyone running BGP-4 should take a look at:

  * MANRS (Mutually Agreed Norms for Routing Security -
    https://www.internetsociety.org/issues/manrs)
  * RFC7454 = BCP-194 - BGP Operations and Security - 
https://tools.ietf.org/html/rfc7454
  * NIST "Protecting the Integrity of Internet Routing: Border Gateway Protocol 
(BGP)
    Route Origin Validation", 
https://csrc.nist.gov/publications/detail/sp/1800-14/draft

...and plan to implement RPKI for all your routes.

Paul.

>
> On Wed, 21 Nov 2018 at 17:38, Christian Heinrich 
> <christian.heinr...@cmlh.id.au
> <mailto:christian.heinr...@cmlh.id.au>> wrote:
>
>     Has anyone observed
>     
> https://www.smh.com.au/technology/how-china-diverts-then-spies-on-australia-s-internet-traffic-20181120-p50h80.html
>     or not?
>
>     -- 
>     Regards,
>     Christian Heinrich
>
>     http://cmlh.id.au/contact
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Reply via email to