Menu
Sprint, Windstream traffic routing errors hijacked other ISPs

Sprint, Windstream traffic routing errors hijacked other ISPs

The errors, which can shut off traffic, are occurring more frequently with little explanation, said Renesys

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

Both of the errors involved Border Gateway Protocol (BGP), an aging but crucial protocol that is used by networking equipment to route traffic between different providers. Traffic routes are "announced" using BGP, and the changes are then taken up by routers around the world.

But network providers frequently make erroneous announcements -- known as "route hijacking" -- which can shut off services, causing reliability issues or be used for certain kinds of cyberattacks.

For about a day starting last Tuesday, Sprint made a BGP announcement that directed Internet traffic from an ISP in Macedonia through its own network, wrote Doug Madory, a senior analyst with Dyn's Renesys division, which monitors how global Internet traffic is routed.

On the same day, Windstream commandeered traffic destined for Saudi Telecom, and then a day later for networks in Gaza and Iceland, besides three in China, Madory wrote.

It's not uncommon for operators to make such errors through misconfiguration. But Madory wrote that the problem of BGP route hijacking "has gone from bad to downright strange."

"While we now detect suspicious routing events on an almost daily basis, in the last couple of days we have witnessed a flurry of hijacks that really make you scratch your head," he wrote.

In the case of Sprint, the traffic destined for the Macedonian ISP Telesmart did actually make it there, albeit through a circuitous route. Renesys did a trace route, an exercise that involves watching how traffic flows from one location to another.

Traffic that originated in Sofia, Bulgaria, should only take about 6 milliseconds to end up at Telesmart in Skopje, Macedonia.

But during the time the traffic was under Sprint's control, the traffic went from Sofia to Frankfurt, then to Paris, back to Frankfurt, through Munich and Vienna, back to Sofia and then to Skopje. That scenic route took 10 times longer than it should have, Madory wrote.

Windstream's takeover of Saudi Telecom's traffic, however, made that network unavailable for any ISP that accepted Windstream's BGP announcements, he wrote.

Sprint and Windstream officials could not immediately be reached for comment on Sunday.

There's nothing to suggest that either Sprint or Windstream had malicious intentions. But such traffic diversions could give malicious actors visibility to the traffic passing through their equipment, known as a man-in-the-middle attack. That could pose privacy and security issues if the traffic isn't encrypted.

Even if the text of an email is encrypted, subject lines and metadata -- such as the email address that is sending the communication and the email address of its intended recipient -- would be in such a traffic stream.

Security analysts have long warned that BGP is vulnerable, as it lacks a way to authenticate that a particular network route belongs to a specific entity, allowing the route to be easily taken over.

There are fixes, such as using whitelisting and cryptography, but it is questionable if ISPs would see an economic incentive to make changes, wrote Sharon Goldberg an assistant professor in the Computer Science Department at Boston University, on the Association for Computing Machinery's website.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags DynsprintWindstreamsecurityRenesys

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments