Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking

• Previous message (by thread): Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
• Next message (by thread): Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/11/2018 10:54, Tore Anderson wrote:
> * Harley H
>
>> Curious to hear others' thoughts on this. 
>> https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1050&context=mca
>>
>> This paper presents the view that several BGP hijacks performed by China Telecom had malicious intent. The incidents are:
>> * Canada to Korea - 2016
>> * US to Italy - Oct 2016
>> * Scandinavia to Japan - April-May 2017
>> * Italy to Thailand - April-July 2017
>>
>> The authors claim this is enabled by China Telecom's presence in North America.
> Hi,
>
> I looked a bit into the Scandinavia to Japan claim last week for a Norwegian
> journalist, who obviously found this rather sensational claim very intriguing.
> The article (Norwegian, but Google Translate does a decent job) is found at 
> https://www.digi.no/artikler/internettrafikk-fra-norge-og-sverige-ble-kapret-og-omdirigert-til-kina/449797?key=vS1EOiG1
> in case you're interested.
>
> >From what I can tell from looking at routeviews data from the period, what
> happened was that SK Broadband (AS9318) was leaking a bunch of routes to
> China Telecom (AS4134). The leak included the transit routes from SKB's
> upstream Verizon (AS703) and customers of theirs in turn, including well-
> known organisations such as Bloomberg (AS10361) and Time Warner (AS36032),
> which I suppose might be the ones the paper is referring to.
>
> The routes in question then propagated from CT to Telia Carrier (AS1299),
> probably in North America somewhere. Scandinavia is TC's home turf, it
> makes sense that the detour via CT was easily observed from here.
>
> If you want to see for yourself, look for «1299 4134 9318 703» in
> http://archive.routeviews.org/route-views.linx/bgpdata/2017.04/RIBS/rib.20170430.2200.bz2
>
> Anyway, in my opinion the data for this particular incident (I haven't
> looked into the other three) does not indicate foul play on CT's behalf,
> but rather a pretty standard leak by SKB followed by sloppy filtering
> by CT and TC both.
>
> Tore
>
Internet Vulnerability Takes Down Google
https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/

-Hank

• Previous message (by thread): Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
• Next message (by thread): Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]