You’re probably familiar with the April fat fingers incident in which Chinanet (AS 23724) originated ~37.000 prefixes for about 15 minutes. The incident made it into the annual report of US Congress’ U.S.-China Economic and Security Review Commission (page 243 of this PDF) and the media was more than happy to pick it up (Andree Toonk has a whole list of links in his blog post). We might never know whether the misleading statements in the report were intentional or just a result of clueless technical advisors, but the facts are far away from what they claim:
- Chinese ISP advertised ~37.000 prefixes. Most of the world ignored those prefixes as there were better paths to the destination AS.
- Even if the Chinese managed to attract traffic destined to third-party AS, the amount of traffic was not significant.
- It’s possible to hijack the Internet traffic and perform a true man-in-the-middle attack, but there are ways to detect the hijack remotely. I haven’t seen an article supporting the intercept-and-analyze hypothesis yet.
- There were a few packets taking the long route around the world (Renesys has an excellent analysis), but the Chinese probably saw just one half of the traffic, unless they inserted a proxy server in the path ... in which case the logs at the affected web servers would show significant increase in the number of requests originating in China.
The publicity of this incident might be a good thing if the lesson learned would be “we have to secure BGP routing”. Fat chance, we made no progress in over a decade. The reason we’re making no progress – people who would have to invest in the infrastructure (ISPs) are different from the people who would benefit most (content providers). Yet another failure of the current Internet business models that I’m describing in the Upcoming Internet Challenges webinar.