Monday, November 22, 2010

April BGP Route Hijack: Sifting Through the Confusion

Via McAfee Research Blog -

A lot has been written in recent days since we have posted the blog on the 18 minute traffic redirection issue earlier this week and the U.S. – China Economic and Security Review Commission report came out discussing it. Unfortunately, some media did get a few points wrong that I would like to address:

1. There is absolutely no proof that this was an intentional attack. Routing hijacks happen fairly frequently and most of them are accidental nature. We believe they do demonstrate a frightening lack of security in the fundamental building blocks on the Internet and that the security and the routing communities need to take steps to address those vulnerabilities — and soon.

2. A lot of media reports have claimed that ’15% of Internet traffic was hijacked’. That is a false statement. Based on our analysis, there were 53,353 network routing prefixes that had been announced false on April 8th, out of a total of roughly 330,000 network routes that existed in routing tables at that time. That amounts to 15% of the networks on the Internet, not necessarily 15% of the traffic. It is very difficult to estimate how much of the traffic was actually redirected and the true estimate can only come from the owner of the network that has routed all of this traffic

3. Craig Labovitz from Arbor Networks has posted a very good and detailed analysis of Arbor’s traffic estimate on this hijack. Unfortunately, Craig posted this analysis for the IDC Beijing China Telecom (AS23724), which was indeed the original announcer of the incorrect routes. However, China Telecom (AS4134) was the network that actually distributed that route to the public Internet. Thus, that is the network whose traffic levels should be measured to determine the true impact of the route redirection, as it would be the first (and quite likely last) recipient of the packets which would have been redirected.

This topic is unfortunately highly technical and very difficult to explain to people not fully immersed into the BGP routing jargon. Nevertheless, this incident underscores the very serious problems that exist on the Internet due to the system of trust that has been put in place more than 3 decades ago when this network was first invented. As Vint Cerf, the father of the Internet, as he is known, has said – ‘The Internet was an experiment that never ended’. It is now time for us as a community to come together to build more security into the core of the Internet to protect this vital global economic resource.

No comments:

Post a Comment