Because of unpreventable incident, mobile Internet traffic of several European telecom operators for two hours went through the Chinese telecommunications company China Telecom.
Internet traffic moves around the world through many networks. This movement is carried out on strictly defined routes established by network policies and rules. Autonomous systems of Internet providers use BGP protocol to exchange traffic routing information.In the definition of the Internet Engineering Council, leakage of BGP routes is “the propagation of routing messages beyond the limits”, which may lead to the redirection of traffic along the route, allowing it to be intercepted or analyzed.
According to Bleeping Computer, the problem arose on June 6 of this year in the Swiss Safe Host data center (AS21217 autonomous system number). As a result of the incident, more than 70 thousand routes were sent through China Telecom (AS4134).
According to Oracle Internet Analysis Director Doug Madory (Doug Madory), incident affected networks of the Swiss company Swisscom (AS3303), Dutch KPN (AS1130), French Bouygues Telecom (AS5410) and Numericable-SFR (AS21502).
“Users remarks on Twitter. For instance, the city of Haarlem and Amsterdam has taken a distance between two countries”, – said Doug Madory.
Having received leaked routes, China Telecom announced them further on the Internet, actually placing itself between the source of traffic and its destination.
In order to prevent further spread of leaked BGP routes to autonomous systems, should be established special protection mechanisms. There are also procedures for quickly detecting and repairing a leak if it occurs. Obviously, China Telecom did not take these measures, and the company distributed the leaked routes as its own.
As a rule, such incidents last for several minutes, but in this case, traffic of European companies went through China Telecom for more than two hours.
Source: https://www.bleepingcomputer.com
