[olug] OT: Internet traffic was routed via Chinese servers
Phil Brutsche
phil at brutsche.us
Fri Nov 19 19:33:11 UTC 2010
Unfortunately it's not as simple as "not trusting ChiComm".
>From a network engineering perspective, what they did was perfectly
legitimate. It's how anycast IP addresses work:
http://en.wikipedia.org/wiki/Anycast
BGP is specifically designed to allow what they've done.
If you want to design some anti-malice protections into BGP you'll need
to start talking to the appropriate IETF working groups.
Oh, and I will guarantee you that the .gov and .mil BGP routers *are*
*not* talking to ChiComm. ChiComm was independently announcing the
address space.
On 11/19/2010 1:15 PM, Kevin D. Snodgrass wrote:
> --- On Fri, 11/19/10, Phil Brutsche <phil at brutsche.us> wrote:
>> I've been reading that such goof ups
>> are incredibly common.
>>
>> The only reasons it's newsworthy a) that it was someone in
>> China that
>> goofed up and b) the scope of the goof up.
>>
>> As long as computer networks are designed and configured by
>> humans, and
>> as long as BGP routers trust each other, these things will
>> continue to
>> happen.
>
> Maybe all .gov and .mil BGP routers should be configured to not trust ChiComm BGP routers.
>
> Maybe all BGP routers in the free world should be configured to not trust ChiComm BGP routers...
>
> I know I don't trust anything ChiComm. But I read various sources
> about the espionage that the ChiComm are involved in against the US and
> Europe.
--
Phil Brutsche
phil at brutsche.us
More information about the OLUG
mailing list