Blog

Popular Destinations rerouted to Russia

Posted by Andree Toonk - December 12, 2017 - Hijack
0

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System. Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing […]

Read More

Today’s BGP leak in Brazil

Posted by Andree Toonk - October 21, 2017 - News and Updates
0

Earlier today several people noticed network reachability problems for networks such as Twitter, Google and others. The root cause turned out to be another BGP mishap. Some Google services seem to have been hijacked for roughly 15 minutes. Seen anything? @atoonk @bgpmon @bgpstreamMTR: https://t.co/RyCoE7zMld pic.twitter.com/DCT2JpKgsc— Fusl Neko Shy Dash (@OhNoItsFusl) October 21, 2017 Between 11:09 […]

Read More

BGP leak causing Internet outages in Japan and beyond.

Posted by Andree Toonk - August 26, 2017 - BGP instability
0

Yesterday some Internet users would have seen issues with their Internet connectivity, experiencing slowness or parts of the Internet as unreachable. This incident hit users in Japan particularly hard and it caused the Internal Affairs and Communications Ministry of Japan to start an investigation into what caused the large-scale internet disruption that slowed or blocked […]

Read More

BGPstream and The Curious Case of AS12389

Posted by Andree Toonk - April 27, 2017 - Hijack
0

The world of BGP routing is a fascinating place with lots of interesting BGP events happening every day. It can be challenging to keep track of it all and so two years ago we started the BGPstream website where we keep track of large scale outages and BGP hijacks. We list the events, basic info and visualize […]

Read More

Large hijack affects reachability of high traffic destinations

Posted by Andree Toonk - April 22, 2016 - Hijack
10

April 23, Update: NOC Team at innofield posted an explanation of the Incident in the comments section below. Starting today at 17:09 UTC our systems detected a large scale routing incident affecting hundreds of Autonomous systems. Many BGPmon users have received an email informing them of this change. Our initial investigation shows that the scope […]

Read More

Country wide outage in Azerbaijan

Posted by Andree Toonk - November 16, 2015 - BGP instability
2

It doesn’t happen often that a country with hundreds of prefixes is affected by a massive outage, however earlier today this unfortunately happened to Azerbaijan. Starting at 12:04 UTC approximately 94% of the prefixes out of Azerbaijan became unreachable.   The event was reported on @bgpstream and details plus a replay can be found here: […]

Read More

Large scale BGP hijack out of India

Posted by Andree Toonk - November 6, 2015 - Hijack
1

BGP hijacks happen every day, some of them affect more networks than others and every now and then there’s a major incident that affects thousands of networks. Our monitoring systems keep an eye out for our users and if you would like to have a general idea of what’s going on in the world of […]

Read More

How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack

Posted by Andree Toonk - July 12, 2015 - Hijack
0

By Andree Toonk and Dhia Mahjoub As part of the Hacking Team fall out and all the details published on Wikileaks, it became public knowledge that Hacking Team helped one of their customers Special Operations Group (ROS), regain access to Remote Access Tool (RAT) clients. As first reported here: http://blog.bofh.it/id_456 ROS recommended using BGP hijacking […]

Read More

Massive route leak causes Internet slowdown

Posted by Andree Toonk - June 12, 2015 - BGP instability
0

Earlier today a massive route leak initiated by Telekom Malaysia (AS4788) caused significant network problems for the global routing system. Primarily affected was Level3 (AS3549 – formerly known as Global Crossing) and their customers. Below are some of the details as we know them now. Starting at 08:43 UTC today June 12th,  AS4788 Telekom Malaysia started […]

Read More

BGP Optimizer Causes Thousands Of Fake Routes

Posted by Andree Toonk - March 27, 2015 - Hijack
0

Earlier today many BGPmon users received one or more alerts informing them that their autonomous system (AS) started to announce a more-specific prefix. BGPmon classified many of these alerts as possible BGP man-in-the-middle (MITM) attacks. Here is an example alert: ==================================================================== Possible BGP MITM attack (Code: 21) ==================================================================== Your prefix: 23.20.0.0/15: Prefix Description: acxiom-online.com — […]

Read More

BGPMon Joins OpenDNS

Posted by Andree Toonk - March 12, 2015 - BGPmon.net, News and Updates
0

Dear BGPmon.net user, I’m excited to announce that BGPmon has been acquired by OpenDNS. OpenDNS is a leading cloud-delivered network security company known for engineering predictive intelligence technology that stops malicious activity before it can threaten a network. Over the last few years BGPmon has grown from a community service into a successful business that […]

Read More

What caused the Google service interruption?

Posted by Andree Toonk - March 12, 2015 - BGP instability
0

This morning people on twitter reported that they were unable to reach Google services. Businessinsider followed up with a story in which they mentioned that the Google service interruption primarily involved European and Indian users. In this blog we’ll take a quick look at what exactly happened by looking at our BGP data. The first […]

Read More

BGP routing incidents in 2014, malicious or not?

Posted by Andree Toonk - February 17, 2015 - BGPmon.net, Hijack
0

Over the last year we have seen and written about numerous BGP routing incidents that looked out of the ordinary, straight-up suspicious or were just configuration mistakes. In this blog post we will highlight a few of them and look at the impact and cause of each of the observed incidents and try to determine […]

Read More

BGP hijack incident by Syrian Telecommunications Establishment

Posted by Andree Toonk - December 9, 2014 - Hijack
2

The Syrian national Telecommunications Establishment (STE) has been in the news numerous times over the last few years, mostly because of the long lasting large scale Internet outages in Syria. This morning however we observed a new incident involving the two Autonomous systems for STE (AS29386 and AS29256). Starting at 08:33 UTC we detected  that hundreds of […]

Read More

Using BGP data to find Spammers

Posted by Andree Toonk - September 3, 2014 - Hijack
4

It’s long been assumed that Spammers use a technique called IP squatting to get around IP reputation lists and to make it harder to find the real source of the spammers. In this blog we’ll take a closer look at Spam operations and their techniques. IP Squatting We’ve all read the reports about IPv4 running […]

Read More

What caused today’s Internet hiccup

Posted by Andree Toonk - August 13, 2014 - BGP instability
0

Like others, you may have noticed some instability and general sluggishness on the Internet today.  In this post we’ll take a closer look at what happened, including some of the BGP details! At around 8am UTC Internet users on different mailing lists, forums and twitter, reported slow connectivity and intermediate outages.  Examples can be found […]

Read More

The Canadian Bitcoin Hijack

Posted by Andree Toonk - August 12, 2014 - Hijack
0

A few days ago researchers at Dell SecureWorks published the details of an attacker repeatedly hijacking BGP prefixes for numerous large providers such as Amazon, OVH, Digital Ocean, LeaseWeb, Alibaba and more. The goal of the operation was to intercept data between Bitcoin miners and Bitcoin mining pools. They estimated that $83,000 was made with this […]

Read More

Hijack event today by Indosat

Posted by Andree Toonk - April 3, 2014 - Hijack, News and Updates
1

Today we observed a large-scale ‘hijack’ event that affected many of the prefixes on the Internet. This blog post is to provide you with some additional information. What happened? Indosat, AS4761, one of Indonesia’s largest telecommunication networks normally originates about 300 prefixes. Starting at 18:26 UTC (April 2, 2014) AS4761 began to originate 417,038 new […]

Read More

Turkey Hijacking IP addresses for popular Global DNS providers

Posted by Andree Toonk - March 29, 2014 - Hijack, News and Updates
26

At BGPmon we see numerous BGP hijacks every single day, some are interesting because of the size and scale of the hijack or as we’ve seen today because of the targeted hijacked prefixes.  It all started last weekend when the Turkish president ordered the censorship of twitter.com. This started with a block of twitter by […]

Read More

Looking at the spamhaus DDOS from a BGP perspective

Posted by Andree Toonk - March 30, 2013 - BGP instability, Hijack
3

It’s been a busy week for network engineers world wide, rerouting around broken optical links and of course the 300Gb/s DDOS attack towards Spamhaus and Cloudflare. This DDOS has been classified as the largest DDOS attack ever recorded and has been written about quite a bit in mainstream media. There’s been a bit of discussion […]

Read More

Accidentally stealing the Internet

Posted by Andree Toonk - January 8, 2013 - Hijack, News and Updates
7

Just a few days ago we learned  about an incident involving a mis-issued SSL certificate that was used in a Man in the Middle attack to intercept Gmail data. In this blog post we’ll talk about how Man in the Middle (MITM) attacks work and we’ll look at recent BGP MITM event that caused traffic […]

Read More

Syria shuts down the Internet

Posted by Andree Toonk - November 29, 2012 - BGP instability
9

As of 10:27 UTC this morning the majority of the Internet in Syria is no longer connected to the rest of the world and can be considered as offline. Syria has only one major provider, AS29256 The Syrian Telecommunications Establishment. This provider is government owned and originates 56 out of 62 Syrian prefixes. This morning between […]

Read More

New version of BGPmon.net

Posted by Andree Toonk - October 3, 2012 - BGPmon.net, News and Updates
0

As many of you are aware, BGPmon.net has been offered as a free service since becoming publically available in 2008. From its inception the service has been funded largely by myself. Now, due to ever-increasing popularity, it has become unsustainable to run the service on personal funds and my available time. I have reached a […]

Read More

A BGP leak made in Canada

Posted by Andree Toonk - August 8, 2012 - Uncategorized
2

A BGP leak made in Canada Today many network operators saw their BGP session flap, RTT’s increase and CPU usage on routers spike.  While looking at our BGP data we determined the root cause to be a large BGP leak in Canada that quickly affected networks worldwide. Dery Telecom Based on our analysis it seems […]

Read More

Internet outage in Lebanon continues into second day

Posted by Andree Toonk - July 6, 2012 - BGP instability
0

It’s not often we see large-scale outages such as the one that currently affect Internet users in Lebanon where Internet access has been severely damaged for over 36 hours now. The problems started on July 4th, 16:16 (UTC), which is 19:16 Lebanese time. The cause of the outage according to the Telecoms Ministry in Lebanon […]

Read More