Chinese BGP incident: was it a traffic hijack?
You’re probably familiar with the April fat fingers incident in which Chinanet (AS 23724) originated ~37.000 prefixes for about 15 minutes. The incident made it into the annual report of US Congress’ U.S.-China Economic and Security Review Commission (page 243 of this PDF) and the media was more than happy to pick it up (Andree Toonk has a whole list of links in his blog post). We might never know whether the misleading statements in the report were intentional or just a result of clueless technical advisors, but the facts are far away from what they claim:
- Chinese ISP advertised ~37.000 prefixes. Most of the world ignored those prefixes as there were better paths to the destination AS.
- Even if the Chinese managed to attract traffic destined to third-party AS, the amount of traffic was not significant.
- It’s possible to hijack the Internet traffic and perform a true man-in-the-middle attack, but there are ways to detect the hijack remotely. I haven’t seen an article supporting the intercept-and-analyze hypothesis yet.
- There were a few packets taking the long route around the world (Renesys has an excellent analysis), but the Chinese probably saw just one half of the traffic, unless they inserted a proxy server in the path ... in which case the logs at the affected web servers would show significant increase in the number of requests originating in China.
The publicity of this incident might be a good thing if the lesson learned would be “we have to secure BGP routing”. Fat chance, we made no progress in over a decade. The reason we’re making no progress – people who would have to invest in the infrastructure (ISPs) are different from the people who would benefit most (content providers). Yet another failure of the current Internet business models that I’m describing in the Upcoming Internet Challenges webinar.
Surely companies like level3, cogent, ... would be fans of secure bgp I think.
The main problem, it seems to me, is agreeing
(1) who signs IP address space requests, and therefore gets the option to knock anyone offline world-wide (this is going to be the American govt. probably, and too many nutcases shit themselves when they hear this)
(2) getting pressure on router makers (ie. cisco, and juniper, if you have those behind you, you're pretty much done I think)
A possible change could be replacing existing distributed routing with source-based routing model, where ingress point enforces a given path across the internetwork. This is possible using cryptographic method, but obviously such solution will have scalability issues.
The modern internet operates loosely based on "free market" principles, or in other words its behavior might be described by game theory. As long as all independent agents agree to some rules of "rational" behavior (e.g. I do not abuse TCP congestion rules.. or I do not engineer traffic to gain local avantage...), they all get some "fair" share of "benefits". However, there is no stable state of equilibrium in such complex system - one cannot be sure that all agents behave rationally and seek profit (e.g. government intervention may circumvent this assumption) plus you cannot avoid various temporary "coalitions" seeking better margins above their average share.
One good example is the "best effort" QoS model we have in the internet now. It is assumed that every individual member follows some "honest" rules of congestion control behavior, resulting in more or less equilibrium state. However if multiple nodes start abusing those rules (e.g. opening multiple TCP sessions to overcome TCP slow start limitations) the global equilibrium could be broken.
Once again, the problem of security could never be solved completely - just alleviated to some extent. Unless a group of agents is under common control you cannot enforce a security policy for the group. Just like real people, independent agents follow the rules of the "economy", resulting in complex dynamics, which could be classified as "secure" only to the extent we believe in "rational" behavior of each and every agent.