Chinese ISP Hijacks the Internet (Again) 171
CWmike writes "For the second time in two weeks, bad networking information spreading from China has disrupted the Internet. On Thursday morning, bad routing data from a small Chinese ISP called IDC China Telecommunication was re-transmitted by China's state-owned China Telecommunications, and then spread around the Internet, affecting Internet service providers such as AT&T, Level3, Deutsche Telekom, Qwest Communications, and Telefonica. 'There are a large number of ISPs who accepted these routes all over the world,' said Martin A. Brown, technical lead at Internet monitoring firm Renesys. Brown said the incident started just before 10 am Eastern and lasted about 20 minutes. During that time the Chinese ISP transmitted bad routing information for between 32,000 and 37,000 networks, redirecting them to IDC instead of their rightful owners. These networks included about 8,000 US networks, including those operated by Dell, CNN, Starbucks, and Apple. More than 8,500 Chinese networks, 1,100 in Australia, and 230 owned by France Telecom were also affected."
Not unintentional (Score:5, Interesting)
Blacklist 'em (Score:5, Interesting)
What about signing & certificates? (Score:5, Interesting)
Fall guy (Score:4, Interesting)
Why can one "small" ISP do this? I mean from a technical point of view how can they spread routing information for endpoints their network doesn't own? While they have clearly dropped the ball, I struggle to understand how they could accomplish this even if they tried, that is if everyone else's equipment is configured correctly *cough*
Re:Blacklist 'em (Score:5, Interesting)
Until China learns how to act as responsible Internet citizens, I'll continue to blackhole as many of Chinese subnets as I can find both at work and home. Spam, malware, and every kind of crap comes from China, and I don't do business with any Chinese, so it's a no-brainer
Well, since more SPAM comes from the US I assume you'll block those subnets too? http://www.spamhaus.org/statistics/countries.lasso [spamhaus.org]
Also, in March the US was the source of most malware, but since you already have that blocked for SPAM you should also block Korea who for some reason in the month of April took the lead. http://www.infosecurity-us.com/view/8547/korea-reigns-as-king-of-malware-threats-/ [infosecurity-us.com]
In regard to China learning how to act as responsible Internet citizens, you are not leading by example.
Re:Chinese bashing? (Score:5, Interesting)
Does Narus do business with China? (Score:3, Interesting)
Re:Not unintentional (Score:3, Interesting)
Re:Why the FUCK does china still have internet acc (Score:5, Interesting)
Our Grand Communist Party of the Great Nation of China plan to get the rest of the world to leave us alone about our glorious firewall, and desire, nay, duty to protect our citizens:
Step 1: Push out Google
Step 2: Muck up their internet
Step 3: They kick us off "their" internet
Step 4: Setup our own, national, internet
Step 5: Be praised by the lesser nations for staying off their internet, rather than chastised for walling ourselves off and keeping their realfacts out
Step 6: Spread propaganda, er... goodfacts about our Grand Communist Party of the Great Nation of China
Step 7: Unlimited, eternal power to do whatever we please
Fat Chance that IPv6 actually fixes this problem (Score:5, Interesting)
By "old-school principles", you did mean "pre-ARIN IPv4 Swamp Addresses", didn't you? :-)
Yeah, the people who designed IPv6 hoped that by having a big enough address space with no pre-existing reservations, they could make routing simpler and cleaner and delay the problem of routers running out of special route table memory and routing protocol horsepower, but that was pretty much a pipe dream:
so the IPv6 world's going to be a non-hierarchical mess just like the IPv4 world.
Re:Blacklist 'em (Score:3, Interesting)
Of course, you are right about the routing. But since giving in to my baser impulses and blacklisting the entire country on my one humble web server, I've had a remarkable decrease in my annoyance factor in terms of crap like port scans, login attempts, comment spam in the blogs, and even a respite from the damned Baidu spiders who won't observe anybody's robots.txt file. Along about the fall of last year, I began observing what looked like attempts at ddos attacks--all originating from China. None of them succeeded, but my annoyance levels grew by leaps and bounds. When they started in with the UDP port scans (which I confess baffle me), I'd had enough. Incidentally, if you try to contact Baidu to see about their injudicious crawling, your email will most likely be returned with a note that your email provider has been blacklisted in China. I don't know what I'll do with all the time I'm saving--take up a hobby, perhaps.
does this imply large scale packet sniffing ? (Score:2, Interesting)
So while this was going on could the chinese save off the network traffic? They have the infrastructure Cisco routers, etc. ...
Could they decrypt SSL packets ? It may take awhile but they're not doing this real-time.
Go through any interesting attachments ? Spreadsheets, documents,
I think I'll read up more on asymmetric warfare and the Red Army officer's paper on the subject.
Re:Chinese bashing? (Score:3, Interesting)
Don't get me wrong, this was a really big mistake. It doesn't happen often at this scale, but it does happen.
In this case the prefixes what were mis-broadcast were sequential for the most part and covered several networks and countries, not a specific target. The bulk of the misrouted addresses were actually in China. They also didn't leak the routes (as in the Pakistan incident) but re-originated the prefixes, pre-pending their AS number to the announcement. This means "origin AS" based filters would have stopped the incident form even happening. I think that some poor technician fat fingered his BGP announcement, trying to do some traffic shaping. An actual attack would have been much more sophisticated.
You will have to make your own decision about your paranoia against China.
Re:cut out the middleman (Score:3, Interesting)
now you can order iPad direct from china through apple.com
Nothing new here. When I ordered this Macbook Pro last year, I was able to follow online its progress from the warehouse in Shanghai to my porch. Apple is now effectively a delivery and customer-support service for Asian manufacturers.
Maybe eventually they will cut out the middleman, as IBM did a while ago with its Thinkpad laptops. Now you order them directly from Lenovo, which is a Chinese firm. The pretense that they were an IBM product has ended.