Post 9jbWNGSFVMvemIuL7Q by letthewatersroar@toot.cafe
(DIR) More posts by letthewatersroar@toot.cafe
(DIR) Post #9jbUTNlh1gbPI2nABM by fribbledom@mastodon.social
2019-06-07T12:42:24Z
2 likes, 3 repeats
Apparently parts of European internet traffic were routed via China for about two hours yesterday:https://blog.apnic.net/2019/06/07/large-european-routing-leak-sends-traffic-through-china-telecom/
(DIR) Post #9jbUn4oPDNGkI2S4Qa by letthewatersroar@toot.cafe
2019-06-07T12:44:41Z
1 likes, 0 repeats
@fribbledom This seems to happen with increasingly alarming frequency. Feels like I'm reading about mysterious traffic diversions through China every few months...always passed off as innocent and some individual user error. Hmm...
(DIR) Post #9jbVGEWACwxWn1p20W by Wolf480pl@niu.moe
2019-06-07T12:51:37Z
0 likes, 0 repeats
@letthewatersroar @fribbledom I think it's less likely to be a malicious attack than it sounds from the headline.It's not something the chinese telecom could pull off on their own - the root cause was a misconfiguration on the German side. Do you think it's likely that they pwned the German DC, or had an insider there who'd misconfigure that on purpose?
(DIR) Post #9jbVLn9Os4k9eKpDvM by Wolf480pl@niu.moe
2019-06-07T12:52:36Z
0 likes, 0 repeats
@letthewatersroar @fribbledom IMO it's more likely that they just leave the filters on their side disabled, hoping that some day one of their peers will have a misconfiguration that will leak routes, which they'll be able to opportunistically take advantage of.
(DIR) Post #9jbVgbkuQtF6OEIOUC by letthewatersroar@toot.cafe
2019-06-07T12:56:22Z
0 likes, 0 repeats
@Wolf480pl Well IIRC, last time it was a similar explanation from a switch in Nigeria, chalked up to a single user error.So is it likely China have planted spies within international telecom operators? Absolutely. In fact, when I say it out loud, that sounds exactly like the sort of thing they're doing in other industries across the globe.Maybe that's not the case here though, and once again it was just an innocent misconfiguration. Couldn't say.@fribbledom
(DIR) Post #9jbVtiYyQxlXGdxqFs by Wolf480pl@niu.moe
2019-06-07T12:58:46Z
0 likes, 0 repeats
@letthewatersroar @fribbledom Even if I had a spy in all kinds of foreign ISPs, I think a passive waiting for someone's honest misconfiguration would still be my strategy - less risk, easier deniability, errors are gonna happen anyway, and I'd just need to queue up all the MITMs I want to do to, waiting for a leak to happen.
(DIR) Post #9jbWAqhtPNvDRqIxbE by letthewatersroar@toot.cafe
2019-06-07T13:01:50Z
0 likes, 0 repeats
@Wolf480pl The only exception to that would be specific testing or operational purposes. We have no idea what was done with that data during that time, maybe it was a planned operation that required a user activation.Not intending to go too far down the rabbit hole, just something to ponder@fribbledom
(DIR) Post #9jbWJ7asVW7u8dy6O8 by Wolf480pl@niu.moe
2019-06-07T13:03:21Z
0 likes, 0 repeats
@letthewatersroar @fribbledom If I was to guess, I'd say: DNS hijacking and getting letsencrypt certificates for not-your domains.Has someone checked Certificate Transparency logs?
(DIR) Post #9jbWNGSFVMvemIuL7Q by letthewatersroar@toot.cafe
2019-06-07T13:04:04Z
0 likes, 0 repeats
@Wolf480pl Not personally ;)@fribbledom
(DIR) Post #9jcRrks2g6hnBceTXE by grumpysmiffy@aus.social
2019-06-07T23:47:47Z
1 likes, 0 repeats
@fribbledom Oops. Probably best that the general Internet-using population doesn't get to know about BGP, and just how chewing gum, string, and dumb luck it is.
(DIR) Post #9jcRzxT9ikEmZpvHua by jeff@social.i2p.rocks
2019-06-07T23:49:48.208409Z
0 likes, 0 repeats
@grumpysmiffy @fribbledom basically godforsaken protocol.