It’s been a busy week for network engineers world wide, rerouting around broken optical links and of course the 300Gb/s DDOS attack towards Spamhaus and Cloudflare. This DDOS has been classified as the largest DDOS attack ever recorded and has been written about quite a bit in mainstream media. There’s been a bit of discussion [...]
Read MoreJust a few days ago we learned about an incident involving a mis-issued SSL certificate that was used in a Man in the Middle attack to intercept Gmail data. In this blog post we’ll talk about how Man in the Middle (MITM) attacks work and we’ll look at recent BGP MITM event that caused traffic [...]
Read MoreF-Root DNS server moved to Beijing Systems such as DNS (root) servers often rely on anycast technology to improve availability and response time. The idea behind anycast is that the same prefix is announced from multiple geographically separated systems. As a result the client should always end-up at the closest (as seen from a BGP [...]
Read MoreMany of you remember the story of about a year ago, when we reported that a Chinese network was announcing a significant part of the prefixes on the Internet. Networks affected by this incident included big names such as dell.com and cnn.com as well as U.S. government (.gov) and military (.mil) sites, including those for [...]
Read MoreSecuring BGP has been on the todo list of the IETF and the community at large for many years. Over the years we’ve seen several proposals, the Resource Public Key Infrastructure (RPKI) is the latest and most successful initiative. RPKI solves one of the most fundemental problems. It allows us to verify whether an Autonomous [...]
Read MoreThis is just a quick post to address some of the emails I’ve received today. Quite a bit of BGPmon.net users have received a notification regarding a possible hijack of their address space. On Friday January 14th AS4761, INDOSAT-INP-AP, started to originate a large number of new prefixes. A quick check show that AS4761 originated [...]
Read MoreChina denies hijacking a huge chunk of US net traffic
Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Networks
BGP hijacks happen every day, the majority of them don’t affect a large geographic region and only are noticed a small number of users. Every now and then however we see an event that affects many users, either because of the geographic scale or simply because of the specific prefix that is affected. The latter [...]
Read MoreThis morning many BGPmon.net users received an alert regarding a possible prefix hijack by a Chinese network. AS23724 is one of the Data Centers operated by China Telecom, China’s largest ISP. Normally AS23724 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation only originates about 40 prefixes, however today for about 15 minutes they originated about ~37,000 unique prefixes [...]
Read MoreFriday morning around 07:22:08 UTC AS9035 (Wind Telecomunicazioni) started to announce approximately 85.000 prefixes with an invalid origin AS. The origin AS was set to AS9035 while these prefixes did not belong to AS9035. The impact was local to a number of Italian providers, all Telecom Italia customers. The incident was resolved in about ~2 [...]
Read MoreThis morning there was a discussion about a possible prefix hijack by AS13214 on the Nanog list. Cyclops users received a notification email notifying them that AS13214 was announcing their prefix. I just went trough some of the raw data and this is what I found. It seems it was picked up by the route-views4 [...]
Read MoreI am happy to announce that BGPmon now has full IPv6 support! This means that you can now monitor your IPv6 prefixes just as you are monitoring your IPv4 prefixes. All the codes, alarm messages etc are they same as for IPv4. It took a while because I had to write a few new libraries [...]
Read MoreMany BGPmon.net users received a notification email regarding a possible prefix hijack. I just went over the data files manually and verified the leak. For those interested, let me share with you what I saw in the raw data. Between 01:55 UTC and 02:15 267947 distinct prefixes were originated from AS16735 (Companhia de Telecomunicacoes [...]
Read MoreCopyright © 2013 BGPmon Network Solutions Inc. 2012. All rights reserved.