Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Network The Internet China Communications Security

For Two Hours, European Mobile Traffic Was Rerouted Through China (zdnet.com) 57

An anonymous reader quotes a report from ZDNet: For more than two hours on Thursday, June 6, a large chunk of European mobile traffic was rerouted through the infrastructure of China Telecom, China's third-largest telco and internet service provider (ISP). The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes from its internal routing table to the Chinese ISP. But instead of ignoring the BGP leak, like most ISPs, China Telecom re-announced Safe Host's routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host's network and other nearby European telcos and ISPs. "But if any other ISP would have caused this incident, it would have likely been ignored," the reader adds. "Alas, it was China Telecom, and there's a backstory, as this is the same Chinese ISP that was accused last year in an academic paper of 'hijacking the vital internet backbone of western countries' for intelligence gathering purposes."
This discussion has been archived. No new comments can be posted.

For Two Hours, European Mobile Traffic Was Rerouted Through China

Comments Filter:
  • TLS (Score:3, Insightful)

    by Anonymous Coward on Friday June 07, 2019 @05:21PM (#58727704)

    Thankfully most traffic nowadays is secured using TLS. I'm glad we all agree to trust honest, independent certificate providers like the Honk Kong Post Office.

    • ... glad we all agree to trust honest, independent certificate providers like the Honk Kong Post Office.

      Well, geese do anyway.

  • by SuperKendall ( 25149 ) on Friday June 07, 2019 @05:24PM (#58727726)

    Why do you think a telecom company would WANT a huge volume of traffic to flow through its network that it had nothing to do with?

    Now what other large organization in China might be interested in seeing all mobile traffic from a different country...

    If you are arguing that Huawei has nothing to do with the Chinese government, how would you separate that argument from what just happened here.

    • by tomhath ( 637240 )
      This was just a test. Nothing to be worried about...
    • by Anonymous Coward

      idiots don't get it.

      the issue was the initial routing from europe. not the counter routing to get the traffic back to europe.

    • by WaffleMonster ( 969671 ) on Friday June 07, 2019 @06:00PM (#58727902)

      Why do you think a telecom company would WANT a huge volume of traffic to flow through its network that it had nothing to do with?

      Shit like this happens from time to time by accident due to operator fuck ups combined with piss poor route filtering.

      The assumption it was the Chinese and they did it on purpose!! Is completely unsupported by *ANY* publically available evidence.

      Now what other large organization in China might be interested in seeing all mobile traffic from a different country...

      Why don't you tell us?

      If you are arguing that Huawei has nothing to do with the Chinese government,

      Who is arguing Huawei has nothing to do with the Chinese government?

      Does Microsoft have nothing to do with the United States government? What about Google, Oracle or Amazon? They all have large contracts with government including the military and three letter agencies like CIA and NSA.

      how would you separate that argument from what just happened here.

      Separate? How would you even link it in the first place?

    • by AHuxley ( 892839 )
      Wait for the comment about really low cost peering?
    • Holy crap you're a tinfoil hat nutcase. These things literally happen all the time by various providers who own various equipment in various countries around the world. Hell we've only been talking about BGP security for the best part of 15 years, long before the Huawei and China were talking points, and long before you went off your meds.

    • by Anonymous Coward

      Huawei has nothing to do with this, dumb-ass. And to ask you the same, how would you defend the times the U.S. has "accidentally" done the same? Or how about when they "accidentally" tapped under-sea fiber optic cables?

      You can stop trying to demonize China and Chinese IT giants for anything and everything that happens. It's not working.

    • by solitas ( 916005 )

      huawei defenders will simply ignore it, and if pointedly questioned about it will shift the topic to Mr.Trump's anti-chinee actions with which they have NO trouble showing false-concern about.

  • by Anonymous Coward

    How is this even an option when rerouting data??????

  • For the display purpose of providing faster access with a content delivery network, CloudFront not only poses as the DNS service proxy for domains worldwide, but man-in-the middle decipher and cache unencrypted data from a huge number of websites worldwide, to serve it re-encoded from there.
    Do you think for even a split second that this huge clear data-pool is not monetized in any way?
    Even CloudFront advertises its ability to inject HTML into SSL delivered webpages.
    https://notabug.org/crimeflare... [notabug.org]

    If a Chin

    • Cloudflare is audited. Cloudflare is a US company = it can be sued for violations of US law. Ostensibly that would happen. You want to whine about them repackaging SSL as if that "proves" they're abusing the capability.

      NONE of what you posted relates to BGP route-switching the likes of which Russia, China, and Korean hacker teams have done for short periods like this. China Telecom ITSELF has been caught doing this before.

      You want to play whattaboutism without any actual story to point to, your motivati

    • by La Gris ( 531858 )

      Oups, meant CloudFlare, not CloudFront

    • by WaffleMonster ( 969671 ) on Friday June 07, 2019 @06:30PM (#58728056)

      For the display purpose of providing faster access with a content delivery network, CloudFront not only poses as the DNS service proxy for domains worldwide, but man-in-the middle decipher and cache unencrypted data from a huge number of websites worldwide, to serve it re-encoded from there.
      Do you think for even a split second that this huge clear data-pool is not monetized in any way?
      Even CloudFront advertises its ability to inject HTML into SSL delivered webpages.
      https://notabug.org/crimeflare [notabug.org]...

      It's a reverse proxy service that people have to explicitly sign up for and authorize their domains and sites to be used with.

      If a Chinese Telecom company rerouting traffic raises concerns:
      A US company MITM internet content world-wide would certainly deserve same concerns, at least outside the US.

      Cloudflare is not a MITM attack against anyone. It's a SERVICE that people actively sign up to use. It does not work with other secure sites that are not using this service.

      Intentionally rerouting traffic that does not belong to you and nobody asked you to take in the first place is not even remotely the same thing as what Cloudflare does.

      Finally it needs repeating in this specific case there is no publically available evidence of China doing squat.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Your assessment only takes the web site owner's point of view into account. From a web site user's point of view, Cloudfront is a usually unwanted and unexpected third party which breaks the end-to-end encryption.

        Cloudflare CEO Matthew Prince in an interview: Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't t

  • "Safe Host" (Score:5, Funny)

    by yanestra ( 526590 ) on Friday June 07, 2019 @05:45PM (#58727820) Journal
    Latest news: Company "Safe Host" to be renamed officially to "Unsafe Host".
  • by TechyImmigrant ( 175943 ) on Friday June 07, 2019 @06:15PM (#58727980) Homepage Journal

    How do routers know if traffic is mobile?

    Do they mean MIP/MIPv6 vs other IP? or some other distinguishing characteristic?

  • So, why TF do backbone routers accept BGP updates without running a sanity check on the information?

    • So, why TF do backbone routers accept BGP updates without running a sanity check on the information?

      Normally a lot can be done. My understanding is most routing problems that have occurred could have been mitigated with schemes like ROA / prefix filtering.

      Yet an important question remains. Are there no circumstances where routing traffic thru China isn't the prudent thing to do? BGP is a team sport. To work at all requires coordination and trust among peers. At some level the network will only be as good as the competence and integrity of participating operators regardless of technical measures deplo

    • by Anonymous Coward

      Because the tools to do this a complex, unintuitive and understood by only a few. And even when operated by experts, are frequently fat fingered and otherwise misconfigured. Consequently, once you get it working you lay off any further 'sanity checks' in case you screw up the BGP routes again ...

  • That was quite a successful test, I would say.

  • Sure its easy to jump to conclusions, but i have been around the block too long to not simply blame a crappy admin. I have not done hardly any BGP stuff ever so maybe someone could explain if this is even remotely possible to be a simple misconfiguration of china telecoms routers.

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Working...