Dears, just sharing some news, BGP & International Gateways
*For 18 minutes, about 15 percent of all web traffic was redirected through
China, including traffic to and from the sites of the U.S. Army, Navy,
Marine Corps, Air Force, the office of the Secretary of Defense, the Senate
and NASA, according to a report delivered to Congress by the U.S.-China
Economic and Security Review Commission.*
*The report says that the irregular routing could have allowed the
surveillance of users or sites, the disruption or diversion of
communications and the compromising of supposedly secure encrypted sessions.
*
*The report alleges that the diversion was caused when China Telecom briefly
offered a false electronic notification to internet traffic on the web,
causing some traffic to mistakenly conclude that the quickest way to reach
its destination was to travel through the company's servers in China.*
*
http://edition.cnn.com/2010/US/11/17/websites.chinese.servers/index.html?hpt=T1
*
* *
*Solution: filters that deny BGP updates about your prefixes that is
originated from your country, including some bgp reg_exp, accepting only
this prefixes from trusted BGP (e or i)sources*
*
A new update about this from Network World magazine:*
The incident could have been an
accident<http://www.pcworld.com/article/193849/a_chinese_isp_momentarily_hijacks_the_internet.html>that
stems from a weakness of the Border Gateway Protocol (BGP), which is
used to help route traffic and connect the Internet together.
BGP data is sent from small service providers like IDC China
Telecommunication and then shared with larger providers. Small providers
generally direct Internet traffic to about 30 routes. For some reason, on
April 8 IDC China Telecommunication began directing to tens of thousands of
networks. The bad information was then accepted by larger Internet providers
like China Telecom, which then propagated the data.
* *
*
http://www.networkworld.com/news/2010/111810-china-telecom-operator-denies-hijacking.html?hpg1=bn
*
-- Thanks & B.regards Ahmed Elhoussiny,2x CCIE# 21988 (R&S-SP) Network Consultant & Cisco Academy Instructor Blogs and organic groups at http://www.ccie.netReceived on Fri Nov 19 2010 - 00:20:11 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART