back to article Oracle 'net-watcher agrees, China Telecom is a repeat offender for misdirecting traffic

Oracle has backed claims that China Telecom Border Gateway Protocol (BGP) announcements regularly take internet traffic on an unwanted tour of the Middle Kingdom. At the end of October, a paper by Chris Demchak of the US Naval War College and Yuval Shavit from Tel Aviv University documented what the pair said were "unusual and …

  1. Tigra 07 Silver badge

    All your base packets are belong to us?

  2. Anonymous Coward
    Anonymous Coward

    This is hardly new

    I used to run into this regularly more than a decade ago: on call you would get a ticket for "high latency", where the traceroute would show big jumps in latency, while routing through a series of IP's with no rDNS, whose whois data would reveal them to be owned by China Telecom. Aggressive filtering of China Telecom's AS from free and transit peers sort of fixed it, but obviously it's not a complete solution.

    Having a Beijing dark fiber ring as well was also interesting: IKE packets going across the ring would magically disappear, in an obvious attempt to force unencrypted traffic. It's almost as if the Middle Kingdom wants to live up to it's name :-)

  3. Anonymous Coward
    Anonymous Coward

    Ah, the good old days

    When traffic from Smyrna, GA, to Atlanta, GA*, was ocasionally routed via Reston, VA** because my client just happened to change their ipsec keying, regular as clockwork.

    * - yes, they actually border each other

    ** - a suburb of Washington, D.C. where the rule of law doesn't apply for national security reasons.

  4. Anonymous Coward
    Anonymous Coward

    The Chinese seem to have a lot of route confusion. Maybe this is why so many Chinese IP's are constantly bumping against my firewall and wandering into my login services.

  5. JimmyPage Silver badge
    Coat

    Perhaps, as Willy Wonka once noted

    every time they Wing they get the Wong number ?

    Already there ->

  6. Anonymous Coward
    Anonymous Coward

    Meh!

    The traceroutes of my US based packets make regular detours through Canada and the UK or US Army bases on their way to their intended destination.

    Also interesting to note the logcat logs of my Sprint serviced phone throwing errors that it it's having trouble removing an IP address for the Dept of Defense from the rmnet routing table.

    But OK, I'm supposed to be concerned about China. (Or is it Russia this week?)

    1. Spazturtle Silver badge

      Re: Meh!

      The US military had lots of involvement with early internet infrastructure so it makes sense that router nodes would be in or around bases as that's where all the backbone cables meet up.

      The US and UK don't do wide scale interception like that themselves, it would cost too much tax money. Instead they pass laws mandating that the people running the backbone intercept data. That way the cost is spread around and pass on to customers.

  7. naive

    How FFS can they allow to let this happen ?

    Already over 50% of the hack attempts come from China, and then as a bonus they serve them ALL the traffic on a silver tray.

    Lenin was in hindsight a modest man, he assumed capitalism would SELL him the rope with which he would hang the capitalists, we give it China for free.

    More and more the impression creeps up, China is already nested like a incurable cancer in our society. Maybe responsible people need to pick a knife and start slashing away.

  8. elgarak1

    Isn't that the point of the Internet?

    Isn't it the point of the internet/http that each packet can go any number of ways? So that if one route fails, there are multiple other routes to take? ;)

    Kidding aside:

    1) If all traffic always fails to take better routes, it could be an error/glitch/bug.

    2) If all traffic gets routed in certain patterns, there may be malicious intent.

  9. Anonymous Coward
    Anonymous Coward

    Raises hand

    Oh, Oh, I know, we can use AI to solve this, or the cloud, *eyes glaze over and drool begins to form* Or better yet, AI in the cloud. Paradigm shift for the win. Bingo.

    But seriously FFS, I don't see why anyone would accept BGP updates from an untrusted source. And where was the networking staff that failed to audit this. 2.5 years? Really?

    1. Tigra 07 Silver badge
      Trollface

      Re: Raises hand

      Or blockchain!

      1. Michael Wojcik Silver badge

        Re: Raises hand

        Or blockchain!

        Tigra 07 uses Trollface! Trollface fails!

        Come on - you had to know someone had already proposed this. Indeed, lots of people have. This is one of those use cases where it might even make some sense - except, of course, blockchain settlement networks are routinely attacked using BGP partitioning hijacking.

        Chicken, meet egg.

  10. Nate Amsden Silver badge

    low priority traffic?

    Routing something that far away will of course kill latency and perhaps short of something like residential broadband or mobile connections would result in the customers seeing that drop in performance/throughput and reporting it.

    I was involved with one such incident that I kept the traceroute for in 2004, the story I was told was there was a fiber cut in the midwest of the U.S. that caused some previously unused BGP broadcasts to route traffic for the company I was with(AT&T customer at an AT&T facility near Seattle) to go through Russia. Packet loss got as high as 98%, and being we were an online application had to take our site down since it was wrecking havoc with transactions. Took AT&T and friends 6-7 hours to put the filters in place etc to resolve the issue.

    Traceroute from the time (source and destination addresses both in Seattle area)

    http://elreg.nateamsden.com/funkyroute.txt

    32 hops, 98% packet loss and 280ms later arriving at the destination.

    1. Down not across Silver badge

      Re: low priority traffic?

      http://elreg.nateamsden.com/funkyroute.txt

      32 hops, 98% packet loss and 280ms later arriving at the destination.

      Ok, that is a pretty funky route. Talk about taking the long way around.

  11. DougS Silver badge

    Some good samaritan should fix this

    It should be doable for someone with a BGP connected router to write a script that checks worldwide route advertisements and compares them to the destinations, and "fixes" routes that have been hijacked. Or at least publishes the information when it happens so things don't go 2 1/2 years without correction.

    1. Pascal Monett Silver badge

      Don't worry, we're talking about humans. There is zero chance that we can put in place a procedure without at least one fucking idiot not respecting it.

    2. Michael Wojcik Silver badge

      Re: Some good samaritan should fix this

      If only the hundreds of people who work with and research Internet routing issues had thought of this!

      Or, perhaps, they have, and it is not in fact "doable".

      As it happens, there are quite a few people (and systems) who watch BGP announcements and sound the alarm about suspicious ones. There are Twitter posts when a suspicious announcement is made - see Madory's blog post, linked to in TFA. There's a whole complex theory about what makes a "good" route (starting with the "valley-free property", originally defined by Gao in 2000, and about which a great deal has subsequently been written).

      Complex problems rarely have simple solutions. Complex problems being examined by a lot of smart people, with significant benefits attached to solving those problems, almost never have simple solutions - if they did, they'd already be solved.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019