Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Twitter Network

Some Twitter Traffic Briefly Funneled Through Russian ISP, Thanks To BGP Mishap (arstechnica.com) 14

An anonymous reader quotes a report from Ars Technica: Some Internet traffic in and out of Twitter on Monday was briefly funneled through Russia after a major ISP in that country misconfigured the Internet's routing table, network monitoring services said. The mishap lasted for about 45 minutes before RTCOMM, a leading ISP in Russia, stopped advertising its network as the official way for other ISPs to connect to the widely used Twitter IP addresses. Even before RTCOMM dropped the announcement, safeguards prevented most large ISPs from abiding by the routing directive. A visualization of what the event looked like is illustrated on this page from BGPStream.

Doug Madory, the director of Internet analysis at network analytics company Kentik, said that what little information is known about Monday's BGP event suggests that the event was the result of the Russian government attempting to block people inside the country from accessing Twitter. Likely by accident, one ISP made those changes apply to the Internet as a whole. "There are multiple ways to block traffic to Twitter," Madory explained in an email. "Russian telecoms are on their own to implement the government-directed blocks, and some elect to use BGP to drop traffic to certain IP ranges. Any network that accepted the hijacked route would send their traffic to this range of Twitter IP space into Russia -- where it likely was just dropped. It is also possible that they could do a man-in-the-middle and let the traffic continue on to its proper destination, but I don't think that is what happened in this case."

This discussion has been archived. No new comments can be posted.

Some Twitter Traffic Briefly Funneled Through Russian ISP, Thanks To BGP Mishap

Comments Filter:
  • But yeah, that's a good explanation too.

  • Fortunately, those ISPs that had deployed RPKI ROA validation in enforcing mode limited the blast radius. While some of the ISPs already have enabled RPKI validation enforcement (including both big and small ones), not all ISPs do, and hopefully the laggards will start to feel more and more pressure from their customers to enable enforcing mode to minimize the impacts of such accidents.
  • BGP "mishap", maybe it wasn't a mishap.

    • BGP "mishap", maybe it wasn't a mishap.

      Russia involved in another border-related incident, who'd a thought? :-)

  • It seems incredibly stupid to trust a network when that network says "hey, I'm the new route to the following block of addresses". That's the same general problem that many/most of the really egregious security bugs have exploited - naively trusting the client.

    I'm not sure what the solution is in this case, though.

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...