BGP route hijack by AS10990

Sat Aug 1 19:31:34 UTC 2020

> On Aug 1, 2020, at 12:03 , Sabri Berisha <sabri at cluecentral.net> wrote:
> 
> Hi,
> 
> ----- On Aug 1, 2020, at 8:49 AM, Owen DeLong owen at delong.com wrote:
> 
>> In fact, there are striking parallels between Asiana 214 and this incident.
> 
> Yes. Children of the magenta line. Depending on automation, and no clue what to
> do when the Instrument Landing System goes down.

This wasn’t a case of the ILS going down. This was a case where the automation was
put in the wrong mode (accidentally) without any of the pilots in the cockpit noticing
it until it was too late. The problem was discovered and power applied 8 seconds before impact.
It takes 19 seconds for the engines on a 777 to spool up to adequate power for a go-around
at the airspeed and in the configuration that existed at the time.

> But, the most important parallel is (hopefully) yet to come. One major outcome of
> the Asiana investigation was the call for more training, as the crew did not
> properly understand how the aircraft worked.

That’s true in virtually every human factors accident, but in reality, failure to understand
the automation was a tiny contributing factor in this accident. Every pilot is taught
early in their ab initio training that they must monitor the approach carefully and make
sure not to bleed off too much energy (airspeed) in the process.

There’s a very common and easily identifiable pattern to an under-powered approach
on autopilot that all of the pilots in the cockpit should have readily recognized if they
were even paying the slightest attention to the approach…

1. Airplane begins to dip below glide slope.
2. Autopilot raises nose to reduce descent rate and recapture glide slope.
3. Increased pitch = greater induced drag = lower airspeed.
4. Lower airspeed = less lift = goto 1.

Until power is applied, this process will repeat until one of the following events occurs:
	1.	Landing short of the runway (as in the case of Asiana 214)
	2.	Power is applied and the approach is stabilized
	3.	The pitch attitude exceeds the critical angle of attack and the wings stall,
		causing an abrupt pitch down.

This cycle is well understood by every student pilot before they can be endorsed
for their first solo flight.

No amount of training will make up for the utter and complete failure to pay attention
to the approach. This is one of the reasons US carriers have a “sterile cockpit” rule.

In most cases, the sterile cockpit rule is approximately this: “Below 10,000 feet or in
other critical phases of flight (emergency situations, unusual climbs or descents,
mechanical difficulties, etc.), cockpit communications are limited to those related to
the safe operation of the aircraft.”

> The same can be said here. Noction and/or its operators appear to not understand
> how BGP works, and/or what safety measures must be deployed to ensure that the
> larger internet will not be hurt by misconfiguration.

On one level, there’s validity to your claim here. On the other hand, there’s a certain
extent to which your telling hammer manufacturers that they have to make it impossible
for a carpenter to injure his thumb by missing the nail.

> I also agree with Job, that Noction has some responsibility here. And as I
> understand more and more about it, I must now agree with Mark T that this
> was an avoidable incident (although not because of Telia, but because Noction's
> decision to not enable NO_EXPORT by default).

I disagree. I think Noction and Telia are both culpable here. Most of the top 200 providers
manage to do prefix filtering at the customer edge, so I don’t see any reason to give
Telia a free pass here.

Owen