On 05/11/2018 10:54, Tore Anderson wrote: > * Harley H > >> Curious to hear others' thoughts on this. >> https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1050&context=mca >> >> This paper presents the view that several BGP hijacks performed by China >> Telecom had malicious intent. The incidents are: >> * Canada to Korea - 2016 >> * US to Italy - Oct 2016 >> * Scandinavia to Japan - April-May 2017 >> * Italy to Thailand - April-July 2017 >> >> The authors claim this is enabled by China Telecom's presence in North >> America. > Hi, > > I looked a bit into the Scandinavia to Japan claim last week for a Norwegian > journalist, who obviously found this rather sensational claim very intriguing. > The article (Norwegian, but Google Translate does a decent job) is found at > https://www.digi.no/artikler/internettrafikk-fra-norge-og-sverige-ble-kapret-og-omdirigert-til-kina/449797?key=vS1EOiG1 > in case you're interested. > > >From what I can tell from looking at routeviews data from the period, what > happened was that SK Broadband (AS9318) was leaking a bunch of routes to > China Telecom (AS4134). The leak included the transit routes from SKB's > upstream Verizon (AS703) and customers of theirs in turn, including well- > known organisations such as Bloomberg (AS10361) and Time Warner (AS36032), > which I suppose might be the ones the paper is referring to. > > The routes in question then propagated from CT to Telia Carrier (AS1299), > probably in North America somewhere. Scandinavia is TC's home turf, it > makes sense that the detour via CT was easily observed from here. > > If you want to see for yourself, look for «1299 4134 9318 703» in > http://archive.routeviews.org/route-views.linx/bgpdata/2017.04/RIBS/rib.20170430.2200.bz2 > > Anyway, in my opinion the data for this particular incident (I haven't > looked into the other three) does not indicate foul play on CT's behalf, > but rather a pretty standard leak by SKB followed by sloppy filtering > by CT and TC both. > > Tore > Internet Vulnerability Takes Down Google https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/
-Hank