For Two Hours, European Mobile Traffic Was Rerouted Through China (zdnet.com) 57
An anonymous reader quotes a report from ZDNet: For more than two hours on Thursday, June 6, a large chunk of European mobile traffic was rerouted through the infrastructure of China Telecom, China's third-largest telco and internet service provider (ISP). The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes from its internal routing table to the Chinese ISP. But instead of ignoring the BGP leak, like most ISPs, China Telecom re-announced Safe Host's routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host's network and other nearby European telcos and ISPs. "But if any other ISP would have caused this incident, it would have likely been ignored," the reader adds. "Alas, it was China Telecom, and there's a backstory, as this is the same Chinese ISP that was accused last year in an academic paper of 'hijacking the vital internet backbone of western countries' for intelligence gathering purposes."
TLS (Score:3, Insightful)
Thankfully most traffic nowadays is secured using TLS. I'm glad we all agree to trust honest, independent certificate providers like the Honk Kong Post Office.
Re: (Score:2)
Well, geese do anyway.
Lets see the Huawei defenders back this (Score:5, Interesting)
Why do you think a telecom company would WANT a huge volume of traffic to flow through its network that it had nothing to do with?
Now what other large organization in China might be interested in seeing all mobile traffic from a different country...
If you are arguing that Huawei has nothing to do with the Chinese government, how would you separate that argument from what just happened here.
Re: (Score:2)
Re: (Score:1)
TL;DR I'm an ad hominem spouting twit with nothing better to do than shitpost slashdot
Re: (Score:1)
idiots don't get it.
the issue was the initial routing from europe. not the counter routing to get the traffic back to europe.
Re:Lets see the Huawei defenders back this (Score:5, Informative)
Why do you think a telecom company would WANT a huge volume of traffic to flow through its network that it had nothing to do with?
Shit like this happens from time to time by accident due to operator fuck ups combined with piss poor route filtering.
The assumption it was the Chinese and they did it on purpose!! Is completely unsupported by *ANY* publically available evidence.
Now what other large organization in China might be interested in seeing all mobile traffic from a different country...
Why don't you tell us?
If you are arguing that Huawei has nothing to do with the Chinese government,
Who is arguing Huawei has nothing to do with the Chinese government?
Does Microsoft have nothing to do with the United States government? What about Google, Oracle or Amazon? They all have large contracts with government including the military and three letter agencies like CIA and NSA.
how would you separate that argument from what just happened here.
Separate? How would you even link it in the first place?
Re:Lets see the Huawei defenders back this (Score:4, Insightful)
Shit like this happens from time to time by accident due to operator fuck ups combined with piss poor route filtering." = You didn't read, that's not how this happened, it was deliberate and they've done it before.
Literally the very first sentence of TFA says it was an *accident* by *Safe Host* a *Swiss* company.
"The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes from its internal routing table to the Chinese ISP."
Stop shilling faggot.
Stop trying to teabag yourself. Your not that flexible.
Re: (Score:2)
The issue is with the second sentence:
"But instead of ignoring the BGP leak, like most ISPs, China Telecom re-announced Safe Host's routes as its own, and by doing so, interposed itself as one of the shortest ways to reach Safe Host's network and other nearby European telcos and ISPs. "
China Telecom took an accidental leak, and abused it.
Re: (Score:2, Interesting)
As career ISP netop I can tell you're talking shite. Of course shit like this happens all the time, people crew up BGP on a daily basis. They even screw it up on both ends of the peering link in such a way that the same routing ''phenomenon" that happened with China Telecom happens all the time.
Re: Lets see the Huawei defenders back this (Score:2)
This is not the 12-15 aol chat, on any semi-serious website people are usually who they say they are so long as they're not obviously trolling or scamming.
Re: (Score:2)
Re: (Score:2)
Holy crap you're a tinfoil hat nutcase. These things literally happen all the time by various providers who own various equipment in various countries around the world. Hell we've only been talking about BGP security for the best part of 15 years, long before the Huawei and China were talking points, and long before you went off your meds.
Re: (Score:1)
Huawei has nothing to do with this, dumb-ass. And to ask you the same, how would you defend the times the U.S. has "accidentally" done the same? Or how about when they "accidentally" tapped under-sea fiber optic cables?
You can stop trying to demonize China and Chinese IT giants for anything and everything that happens. It's not working.
Re: (Score:2)
huawei defenders will simply ignore it, and if pointedly questioned about it will shift the topic to Mr.Trump's anti-chinee actions with which they have NO trouble showing false-concern about.
How the fack does this even happen? (Score:1)
How is this even an option when rerouting data??????
How would you call a US company that mass MITM SSL (Score:2, Insightful)
For the display purpose of providing faster access with a content delivery network, CloudFront not only poses as the DNS service proxy for domains worldwide, but man-in-the middle decipher and cache unencrypted data from a huge number of websites worldwide, to serve it re-encoded from there.
Do you think for even a split second that this huge clear data-pool is not monetized in any way?
Even CloudFront advertises its ability to inject HTML into SSL delivered webpages.
https://notabug.org/crimeflare... [notabug.org]
If a Chin
Your whattaboutism is nobly attempted, comrade. (Score:1)
Cloudflare is audited. Cloudflare is a US company = it can be sued for violations of US law. Ostensibly that would happen. You want to whine about them repackaging SSL as if that "proves" they're abusing the capability.
NONE of what you posted relates to BGP route-switching the likes of which Russia, China, and Korean hacker teams have done for short periods like this. China Telecom ITSELF has been caught doing this before.
You want to play whattaboutism without any actual story to point to, your motivati
Re: (Score:2)
Oups, meant CloudFlare, not CloudFront
Re:How would you call a US company that mass MITM (Score:5, Informative)
For the display purpose of providing faster access with a content delivery network, CloudFront not only poses as the DNS service proxy for domains worldwide, but man-in-the middle decipher and cache unencrypted data from a huge number of websites worldwide, to serve it re-encoded from there.
Do you think for even a split second that this huge clear data-pool is not monetized in any way?
Even CloudFront advertises its ability to inject HTML into SSL delivered webpages.
https://notabug.org/crimeflare [notabug.org]...
It's a reverse proxy service that people have to explicitly sign up for and authorize their domains and sites to be used with.
If a Chinese Telecom company rerouting traffic raises concerns:
A US company MITM internet content world-wide would certainly deserve same concerns, at least outside the US.
Cloudflare is not a MITM attack against anyone. It's a SERVICE that people actively sign up to use. It does not work with other secure sites that are not using this service.
Intentionally rerouting traffic that does not belong to you and nobody asked you to take in the first place is not even remotely the same thing as what Cloudflare does.
Finally it needs repeating in this specific case there is no publically available evidence of China doing squat.
Re: (Score:2, Interesting)
Your assessment only takes the web site owner's point of view into account. From a web site user's point of view, Cloudfront is a usually unwanted and unexpected third party which breaks the end-to-end encryption.
Cloudflare CEO Matthew Prince in an interview: Back in 2003, Lee Holloway and I started Project Honey Pot as an open-source project to track online fraud and abuse. The Project allowed anyone with a website to install a piece of code and track hackers and spammers. We ran it as a hobby and didn't t
"Safe Host" (Score:5, Funny)
Mobile traffic? (Score:3)
How do routers know if traffic is mobile?
Do they mean MIP/MIPv6 vs other IP? or some other distinguishing characteristic?
BGP sanity (Score:2)
So, why TF do backbone routers accept BGP updates without running a sanity check on the information?
Re: (Score:2)
So, why TF do backbone routers accept BGP updates without running a sanity check on the information?
Normally a lot can be done. My understanding is most routing problems that have occurred could have been mitigated with schemes like ROA / prefix filtering.
Yet an important question remains. Are there no circumstances where routing traffic thru China isn't the prudent thing to do? BGP is a team sport. To work at all requires coordination and trust among peers. At some level the network will only be as good as the competence and integrity of participating operators regardless of technical measures deplo
Re: (Score:1)
Because the tools to do this a complex, unintuitive and understood by only a few. And even when operated by experts, are frequently fat fingered and otherwise misconfigured. Consequently, once you get it working you lay off any further 'sanity checks' in case you screw up the BGP routes again ...
Pass (Score:2)
That was quite a successful test, I would say.
accident? (Score:2)
Sure its easy to jump to conclusions, but i have been around the block too long to not simply blame a crappy admin. I have not done hardly any BGP stuff ever so maybe someone could explain if this is even remotely possible to be a simple misconfiguration of china telecoms routers.