Blog

What caused today’s Internet hiccup

Posted by Andree Toonk - August 13, 2014 - BGP instability
0

Like others, you may have noticed some instability and general sluggishness on the Internet today.  In this post we’ll take a closer look at what happened, including some of the BGP details! At around 8am UTC Internet users on different mailing lists, forums and twitter, reported slow connectivity and intermediate outages.  Examples can be found [...]

Read More

The Canadian Bitcoin Hijack

Posted by Andree Toonk - August 12, 2014 - Hijack
0

A few days ago researchers at Dell SecureWorks published the details of an attacker repeatedly hijacking BGP prefixes for numerous large providers such as Amazon, OVH, Digital Ocean, LeaseWeb, Alibaba and more. The goal of the operation was to intercept data between Bitcoin miners and Bitcoin mining pools. They estimated that $83,000 was made with this [...]

Read More

Hijack event today by Indosat

Posted by Andree Toonk - April 3, 2014 - Hijack, News and Updates
1

Today we observed a large-scale ‘hijack’ event that affected many of the prefixes on the Internet. This blog post is to provide you with some additional information. What happened? Indosat, AS4761, one of Indonesia’s largest telecommunication networks normally originates about 300 prefixes. Starting at 18:26 UTC (April 2, 2014) AS4761 began to originate 417,038 new [...]

Read More

Turkey Hijacking IP addresses for popular Global DNS providers

Posted by Andree Toonk - March 29, 2014 - Hijack, News and Updates
26

At BGPmon we see numerous BGP hijacks every single day, some are interesting because of the size and scale of the hijack or as we’ve seen today because of the targeted hijacked prefixes.  It all started last weekend when the Turkish president ordered the censorship of twitter.com. This started with a block of twitter by [...]

Read More

Looking at the spamhaus DDOS from a BGP perspective

Posted by Andree Toonk - March 30, 2013 - BGP instability, Hijack
3

It’s been a busy week for network engineers world wide, rerouting around broken optical links and of course the 300Gb/s DDOS attack towards Spamhaus and Cloudflare. This DDOS has been classified as the largest DDOS attack ever recorded and has been written about quite a bit in mainstream media. There’s been a bit of discussion [...]

Read More

Accidentally stealing the Internet

Posted by Andree Toonk - January 8, 2013 - Hijack, News and Updates
7

Just a few days ago we learned  about an incident involving a mis-issued SSL certificate that was used in a Man in the Middle attack to intercept Gmail data. In this blog post we’ll talk about how Man in the Middle (MITM) attacks work and we’ll look at recent BGP MITM event that caused traffic [...]

Read More

Syria shuts down the Internet

Posted by Andree Toonk - November 29, 2012 - BGP instability
9

As of 10:27 UTC this morning the majority of the Internet in Syria is no longer connected to the rest of the world and can be considered as offline. Syria has only one major provider, AS29256 The Syrian Telecommunications Establishment. This provider is government owned and originates 56 out of 62 Syrian prefixes. This morning between [...]

Read More

New version of BGPmon.net

Posted by Andree Toonk - October 3, 2012 - BGPmon.net, News and Updates
0

As many of you are aware, BGPmon.net has been offered as a free service since becoming publically available in 2008. From its inception the service has been funded largely by myself. Now, due to ever-increasing popularity, it has become unsustainable to run the service on personal funds and my available time. I have reached a [...]

Read More

A BGP leak made in Canada

Posted by Andree Toonk - August 8, 2012 - Uncategorized
2

A BGP leak made in Canada Today many network operators saw their BGP session flap, RTT’s increase and CPU usage on routers spike.  While looking at our BGP data we determined the root cause to be a large BGP leak in Canada that quickly affected networks worldwide. Dery Telecom Based on our analysis it seems [...]

Read More

Internet outage in Lebanon continues into second day

Posted by Andree Toonk - July 6, 2012 - BGP instability
0

It’s not often we see large-scale outages such as the one that currently affect Internet users in Lebanon where Internet access has been severely damaged for over 36 hours now. The problems started on July 4th, 16:16 (UTC), which is 19:16 Lebanese time. The cause of the outage according to the Telecoms Ministry in Lebanon [...]

Read More

How the Internet in Australia went down under

Posted by Andree Toonk - February 27, 2012 - BGP instability
2

This Wednesday for about 30 minutes  many Australians found themselves without Internet access. All these users were relying either directly of indirectly on the Telstra network, which at that point was isolated from the Internet. This story quickly hit the local headlines, in this blog we’ll look at the technical details of this event and [...]

Read More

F-Root DNS server moved to Beijing

Posted by Andree Toonk - October 3, 2011 - Hijack
6

F-Root DNS server moved to Beijing Systems such as DNS (root) servers often rely on anycast technology to improve availability and response time. The idea behind anycast is that the same prefix is announced from multiple geographically separated systems. As a result the client should always end-up at the closest (as seen from a BGP [...]

Read More

Internet Syria offline

Posted by Andree Toonk - June 3, 2011 - BGP instability, BGPmon.net
1

The unrest in Syria continues and as of this morning it seems that the Syrian government has shutdown about of all Syrian networks. The Internet in Syria is dominated by “The Syrian Telecommunications Establishment”, which routes its networks from AS29256 and AS29386. Besides these providers there are AS6453 – Tata communications which routes 6 Syrian [...]

Read More

Facebook’s detour through China and Korea

Posted by Andree Toonk - March 26, 2011 - Hijack
1

Many of you remember the story of about a year ago, when we reported that a Chinese network was announcing a significant part of the prefixes on the Internet.  Networks affected by this incident included big names such as dell.com and cnn.com as well as U.S. government (.gov) and military (.mil) sites, including those for [...]

Read More

Egypt Back Online

Posted by Andree Toonk - February 2, 2011 - News and Updates
6

A few moments ago I noticed the first signs of life from the previously unreachable Egyptian networks. We saw the first BGP announcements for Egypt come in at at 09:30:48 UTC. And as of 10:52 UTC the website of Noor data networks was reachable again. It looks like the majority of the providers are now [...]

Read More

Internet in Egypt offline

Posted by Andree Toonk - January 28, 2011 - BGP instability, BGPmon.net
56

Click for latest updates:  Last updated at January 31, 21:00 UTC Different media are reporting that Internet and other forms of electronic communications are being disrupted in Egypt.  Presumably after a government order in response to the protests. Looking at BGP data we can confirm that according to our analysis 88% of the ‘Egyptian Internet’ [...]

Read More

Securing BGP routing with RPKI and ROA’s

Posted by Andree Toonk - January 19, 2011 - Hijack, IRR, RPKI
8

Securing BGP has been on the todo list of the IETF and the community at large for many years. Over the years we’ve seen several proposals, the Resource Public Key Infrastructure (RPKI) is the latest and most successful initiative. RPKI solves one of the most fundemental problems. It allows us to verify whether an Autonomous [...]

Read More

‘Hijack’ by AS4761 – Indosat, a quick report

Posted by Andree Toonk - January 15, 2011 - Hijack
10

This is just a quick post to address some of the emails I’ve received today. Quite a bit of BGPmon.net users have received a notification regarding a possible hijack of their address space. On Friday January 14th AS4761, INDOSAT-INP-AP, started to originate a large number of new prefixes. A quick check show that AS4761 originated [...]

Read More

The State of IPv6 in Canada

Posted by Andree Toonk - January 5, 2011 - IPv6
8

IPv6 deployment statics in Canada, demonstrate that the Canadian transit market is being taken over by large global transit providers

Read More

IPv6 deployment in 2010, how far are we?

Posted by Andree Toonk - December 20, 2010 - IPv6
3

We are nearing the end of 2010 and while we’re all sitting around the Christmas tree something else is nearing its end. We’re just a few months away from IPv4 exhaustion; the end of the IPv4 lifetime is insight. This will have many organizations rush to implement IPv6 in their networks.  So how far are [...]

Read More

Chinese BGP hijack, putting things into perspective

Posted by Andree Toonk - November 21, 2010 - Hijack
2

China denies hijacking a huge chunk of US net traffic
Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Networks

Read More

Google’s services redirected to Romania and Austria

Posted by Andree Toonk - August 23, 2010 - Hijack
1

BGP hijacks happen every day, the majority of them don’t affect a large geographic region and only are noticed a small number of users. Every now and then however we see an event that affects many users, either because of the geographic scale or simply because of the specific prefix that is affected. The latter [...]

Read More

Strange IPv6 bogon Announcements

Posted by Andree Toonk - June 11, 2010 - bogons, IPv6
0

This Friday a number of BGPmon.net users have received an alert message informing them that their AS was announcing a new IPv6 prefix. I too got an alert email and was surprised to when I saw the prefix that was detected, as the prefix detected was an ‘invalid’ IPv6 prefix. This is the message I [...]

Read More

Chinese ISP hijacks the Internet

Posted by Andree Toonk - April 8, 2010 - Hijack
25

This morning many BGPmon.net users received an alert regarding a possible prefix hijack by a Chinese network. AS23724 is one of the Data Centers operated by China Telecom, China’s largest ISP. Normally AS23724 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation only originates about 40 prefixes, however today for about 15 minutes they originated about ~37,000 unique prefixes [...]

Read More

Issues with allocating from 1.0.0.0/8

Posted by Andree Toonk - January 24, 2010 - bogons
7

This week it was announced that IANA has allocated 1.0.0.0/8 to APNIC. This prefix must look familiar to many as we see it often in examples and documentation. And let’s be honest haven’t you used 1.1.1.1 on one of your test routers to quickly test something? Receiving a prefix from this range might result in [...]

Read More