Home · Security · Mystery traffic redirection attack pulls net traffic through Belarus, Iceland

Mystery traffic redirection attack pulls net traffic through Belarus, Iceland

Tons of internet traffic is being deliberately diverted through locations including Belarus and Iceland, and intercepted by crooks or worse, security experts fear.

Network intelligence firm Renesys warns that victims including financial institutions, VoIP providers, and governments have been targeted by the man-in-the-middle attacks. It reckons the diversions are malicious, and probably pulled off by manipulating BGP routing tables.

BGP (Border Gateway Protocol) is a core routing protocol that maps out the connections for internet traffic to flow through, from source to destination. As things stand, BGP has no built-in security. Routers may accept dodgy connection routes advertised by peers, internet exchanges or transit suppliers.

These suspect routes, once accepted, can have local, regional or global effects. Routers look for the shortest logical path (the least number of hops, in other words) and place blind trust in any path that's advertised. And the shortest logical path can take weird and wonderful physical geographical routes.

In 2008, changes by Pakistan Telecom intended to restrict access to YouTube solely within the country had the affect of briefly diverting ALL YouTube traffic into a global blackhole, rendering the site unreachable for hours. Two years later, China Telecom rerouted up to 15 per cent of the world's internet destinations on two brief occasions, after advertising false BGP route information that directed traffic through its networks. More...

11-25-2013 21:03