Friday, November 19, 2010

China stole my packets

I read in Dark Reading today that researchers in McAfee had discovered that:
"At 15:54 GMT on April 8, 2010, McAfee detected a routing announcement from China’s state-controlled telecommunications company, China Telecom, which advertised 15 percent of the world’s Internet routes. For at least the next 18 minutes -- up until China Telecom withdrew the announcement -- a significant portion of the world's Internet traffic was redirected through China to reach its final destination."
Basically for 18 minutes a great portion of global internet traffic went through China, what was done with the traffic while it was redirected is anyones guess. They could easily have sniffed packets, performed Man in the Middle type attacks or simply inspected the contents of all the packets and potentially gotten sensitive information.

The basic problem is that essentially all IP protocols and routing protocols are designed for fault tolerance and openness. Security for the most part is a secondary consideration in there design and it is only in recent years that the focus has shifted to include a strong emphasis on security.

The fact that a malicious (or idiotic) person with the right access can cause the majority of the internet traffic to change routes is a massive flaw in BGP and other protocols, but it is also a strength, a few simple commands can redirect traffic around a broken node or link in a matter of seconds.

Moving forward the balance between fault tolerance, reliability and security will be one of the biggest challenges facing network engineers working at the elite level of global backbone routing. I can only see such attacks continuing to grow in severity and frequency over the coming years.

No comments:

Post a Comment