Jun. 8, 2019
For more than two hours on Thursday, June 6, a large chunk of European mobile traffic was rerouted through the infrastructure of China Telecom, China’s third-largest telco and internet service provider (ISP). The incident occurred because of a BGP route leak at Swiss data center colocation company Safe Host, which accidentally leaked over 70,000 routes from its internal routing table to the Chinese ISP. The Border Gateway Protocol (BGP), which is used to reroute traffic at the ISP level, has been known to be problematic to work with, and BGP leaks happen all the time.
Nov. 14, 2018
Google lost control of several million of its IP addresses for more than an hour on Monday in an event that intermittently made its search and other services unavailable to many users and also caused problems for Spotify and other Google cloud customers. While Google said it had no reason to believe the mishap was a malicious hijacking attempt, the leak appeared suspicious to many, in part because it misdirected traffic to China Telecom, the Chinese government-owned provider that was recently caught improperly routing traffic belonging to a raft of Western carriers though mainland China. Further ReadingStrange snafu misroutes domestic US Internet traffic through China TelecomThe leak started at 21:13 UTC when MainOne Cable Company, a small ISP in Lagos, Nigeria, suddenly updated tables in the Internet’s global routing system to improperly declare that its autonomous system 37282 was the proper path to reach 212 IP prefixes belonging to Google.
Nov. 14, 2018
A large chunk of the hijacked traffic passed through the network of a controversial Chinese state-owned telecom provider that was previously accused of intentionally misdirecting internet traffic. A tiny Nigerian ISP has hijacked internet traffic meant for Google’s data centers. The incident, called a BGP hijack, occurred yesterday, on November 12, between 13:12 and 14:35, Pacific time, according to Google.
The incident was first detected and reported by BGPmon, an online service that monitors the routes that internet traffic takes through the smaller internet service provider (ISP) networks that make up the larger internet. According to BGPmon, the incident was caused by a small Nigerian ISP named MainOne Cable Company (AS37282), which announced to nearby ISPs that it was hosting IP addresses that were normally assigned to Google’s data center network. BGPmon says the Nigerian ISP incorrectly announced it was hosting 212 Google network prefixes in five different waves, for a total of 74 minutes.
Aug. 8, 2018
In the past month, we have observed additional BGP hijacks of authoritative DNS servers with a technique similar to what was used in April. This time the targets included US payment processing companies. In April 2018, we detailed a brazen BGP hijack of Amazon’s authoritative DNS service in order to redirect users of a crypto currency wallet service to a fraudulent website ready to steal their money.
Apr. 26, 2018
The broad definition of a BGP leak would be IP space that is announced by somebody not allowed by the owner of the space. When a transit provider picks up Cloudflare’s announcement of 1.1.1.0/24 and announces it to the Internet, we allow them to do so. They are also verifying using the RIR information that only Cloudflare can announce it to them.
Source: cloudflare.com