china telecom incident
play

China Telecom Incident Rahul Hiran 1 , Niklas Carlsson 1 , Phillipa - PowerPoint PPT Presentation

Jul 15, 2023 •413 likes •735 views

Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident Rahul Hiran 1 , Niklas Carlsson 1 , Phillipa Gill 2 1 Linkping University, Sweden 2 University of Toronto, Canada 19 th March2013 China Telecom incident

  1. Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident Rahul Hiran 1 , Niklas Carlsson 1 , Phillipa Gill 2 1 Linköping University, Sweden 2 University of Toronto, Canada 19 th March2013

  2. China Telecom incident 3/28/2013 2

  3. China Telecom incident • The incident occurred on 8 th April 2010 • The congress report, 2010 in USA mentions the incident • Questions about what was done with the data, attack or accident • We characterize this incident using only publicly available data (e.g., Routeviews and iPlane)

  4. BGP (Border Gateway Protocol) refresher ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 AS 22394 66.174.0.0/16

  5. BGP (Border Gateway Protocol) refresher ISP 1 VZW, 22394 66.174.0.0/16 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 AS 22394 66.174.0.0/16

  6. BGP (Border Gateway Protocol) refresher Level3, VZW, 22394 66.174.0.0/16 ISP 1 VZW, 22394 66.174.0.0/16 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 AS 22394 66.174.0.0/16

  7. BGP (Border Gateway Protocol) refresher ChinaTel 66.174.0.0/ 16 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom 66.174.0.0/16

  8. BGP (Border Gateway Protocol) refresher ChinaTel path is shorter ? ChinaTel 66.174.0.0/ 16 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom 66.174.0.0/16

  9. BGP (Border Gateway Protocol) refresher ChinaTel prefix is more specific ? ChinaTel 66.174.161.0/ 24 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom 66.174.0.0/16

  10. BGP (Border Gateway Protocol) refresher ChinaTel 66.174.161.0/ 24 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom Traffic for some prefixes was possibly intercepted 66.174.0.0/16

  11. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure $$ National ISP National ISP National ISP Local ISP Local ISP Local ISP Local ISP Local ISP 3/28/2013 11

  12. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Loal ISP Local ISP 3/28/2013 12

  13. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Local ISP Customer route Local ISP 3/28/2013 13

  14. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Local ISP Peer route Customer route Local ISP 3/28/2013 14

  15. BGP routing policies: Business relationships • Heirarchical Internet Provider route $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Local ISP Peer route Customer route Local ISP 3/28/2013 15

  16. BGP routing policies: Business relationships • Heirarchical Internet Provider route $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP • Preference order Local ISP Local ISP – Customer route (high) Peer route Customer route – Peer route Local ISP – Provider route (low) 3/28/2013 16

  17. Analysis outline • Prefix hijack analysis Country-based analysis • Subprefix hijack analysis • Interception analysis Reasons for interception 3/28/2013 17

  18. Country-based analysis • Was any country targeted? • Geographic distribution of prefixes 3/28/2013 18

  19. Country-based analysis Distribution of hijacked prefixes do not deviate from global distribution of prefixes 3/28/2013 19

  20. Subprefix hijack analysis • 21% (9,082) prefixes longer than existing prefixes at all six Routeviews monitors • 95% of this prefixes belong to China Telecom • <1% (86) prefixes subprefix hijacked excluding the top-3 ASes in table 3/28/2013 20

  21. Subprefix hijack analysis No evidence for intentional subprefix hijacking 3/28/2013 21

  22. How did interception occur? Two required routing decisions for traffic interception: China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 22

  23. How did interception occur? Two required routing decisions for traffic interception: 1. A neighbor routes to China Telecom for hijacked prefix China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 23

  24. How did interception occur? Two required routing decisions for traffic interception: 1. A neighbor routes to China Telecom for hijacked prefix 2. Another neighbor does not do so China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 24

  25. How did interception occur? Two required routing decisions for traffic interception: 1. A neighbor routes to China Telecom for hijacked prefix 2. Another neighbor does not do so China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 25

  26. Interception analysis • Identification of interception instances • Used traceroute data from iPlane project 1575 3/28/2013 26

  27. Interception analysis • Identification of interception instances • Used traceroute data from iPlane project 357 3/28/2013 27

  28. Interception analysis Reasons for neighbors not choosing 4134 3/28/2013 28

  29. Interception analysis: Reasons for neighbors not choosing 4134 • Routing policies and business relationships resulted in interception • Accidental interception possible 3/28/2013 29

  30. Conclusion and discussion • Characterized the China Telecom incident – Accidental interception possible – Sheds light on properties of announced prefixes – Supports the conclusion that incident was a leak of random prefixes – However, it does not rule out malicious intent • Our study highlights – Challenges of diagnosing routing incidents – Importance of public and rich available data 3/28/2013 30

  31. Linköping University expanding reality Questions? Rahul Hiran rahul.hiran@liu.se

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KEY DATA CENTERS IN BEIJING,SHANGHAI &amp; GUANGDONG WHY CHINA TELECOM? China Telecom has

KEY DATA CENTERS IN BEIJING,SHANGHAI &amp; GUANGDONG WHY CHINA TELECOM? China Telecom has

CHINA TELECOM KEY DATA CENTERS IN BEIJING,SHANGHAI &amp; GUANGDONG WHY CHINA TELECOM? China Telecom has hundreds of Internet Data Centers (IDCs) Fully redundant power, cooling, security and network worldwide, with the highest concentration

775 views • 18 slides
OPEN-O Unified NFV/SDN Open Source Orchestrator Hui Deng, China Mobile Kai Liu, China Telecom

OPEN-O Unified NFV/SDN Open Source Orchestrator Hui Deng, China Mobile Kai Liu, China Telecom

OPEN-O Unified NFV/SDN Open Source Orchestrator Hui Deng, China Mobile Kai Liu, China Telecom Eun Kyoung Paik, KT Chris Donley, Huawei Jim Zemlin, Linux Foundation Disclaimer The following represents general proposals being worked on by a

409 views • 27 slides
RADITEK Telecom www.raditek.com/telecom A California USA corporation RADITEK TELECOM

RADITEK Telecom www.raditek.com/telecom A California USA corporation RADITEK TELECOM

RADITEK Telecom www.raditek.com/telecom A California USA corporation RADITEK TELECOM PRESENTATION www.raditek.com/telecom 1 Component and System Products Founded in 1 9 9 3 By Malcolm Lee &amp; Peter Corbett RF/ Microw ave Com ponents m

768 views • 32 slides
RADITEK Telecom www.raditek.com/telecom 2015 A California USA corporation RADITEK 2015 TELECOM

RADITEK Telecom www.raditek.com/telecom 2015 A California USA corporation RADITEK 2015 TELECOM

RADITEK Telecom www.raditek.com/telecom 2015 A California USA corporation RADITEK 2015 TELECOM PRESENTATION 1 www.raditek.com/ telecom Component and System Products Founded in 1 9 9 3 By Malcolm Lee &amp; Peter Corbett RF/ Microw ave

589 views • 29 slides
RADITEK Telecom www.raditek.com/telecom 2016 A California USA corporation RADITEK 2016 TELECOM

RADITEK Telecom www.raditek.com/telecom 2016 A California USA corporation RADITEK 2016 TELECOM

RADITEK Telecom www.raditek.com/telecom 2016 A California USA corporation RADITEK 2016 TELECOM PRESENTATION www.raditek.com/ telecom 1 Component and System Products Founded in 1 9 9 3 By Malcolm Lee &amp; Peter Corbett RF/ Microw ave

1.02k views • 32 slides
draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr http://perso.telecom-paristech.fr/~urien/hiprfid/ http://www.telecom-paristech.fr 1 /11 Pascal URIEN, IETF 79 th , Tuesday 9 th November 2010, Beijing, China What

373 views • 11 slides
Development Scenario of SoftSwitch Development Scenario of SoftSwitch Standards in China and

Development Scenario of SoftSwitch Development Scenario of SoftSwitch Standards in China and

Development Scenario of SoftSwitch Development Scenario of SoftSwitch Standards in China and China Telecom s s Standards in China and China Telecom Considerations on Network Evolution Considerations on Network Evolution Ms. Zhao

404 views • 22 slides
DNS based IP NetLocation Service China Telecom Guangzhou Institute dingsy@gsta.com What is

DNS based IP NetLocation Service China Telecom Guangzhou Institute dingsy@gsta.com What is

DNS based IP NetLocation Service China Telecom Guangzhou Institute dingsy@gsta.com What is network location service To provide the targets position in the network given its IP address It focuses on network location instead of

203 views • 19 slides
ICT &amp; Oil &amp; Gas Power Telecom YOUR ENERGY PARTNER IN SOUTHEAST ASIA BANGLADESH .

ICT &amp; Oil &amp; Gas Power Telecom YOUR ENERGY PARTNER IN SOUTHEAST ASIA BANGLADESH .

PROJECT MANAGEMENT &amp; TURNKEY SERVICES | MANPOWER CONTRACTING TECHNICAL SERVICES | RECRUITMENT &amp; HR SOLUTIONS ICT &amp; Oil &amp; Gas Power Telecom YOUR ENERGY PARTNER IN SOUTHEAST ASIA BANGLADESH . CAMBODIA . CHINA . HONG KONG .

352 views • 24 slides
Incident Action Planning in the EOC GGC NHC 2018 GGC NHC 2018 Incident Action Planning EOC

Incident Action Planning in the EOC GGC NHC 2018 GGC NHC 2018 Incident Action Planning EOC

Incident Action Planning in the EOC GGC NHC 2018 GGC NHC 2018 Incident Action Planning EOC plans are typically more strategic than field IAPs A planning process helps synchronize operations and ensure they support incident objectives

510 views • 34 slides
Grating Incident resulting in LTI Agenda Background and Medical Condition Incident

Grating Incident resulting in LTI Agenda Background and Medical Condition Incident

Grating Incident resulting in LTI Agenda Background and Medical Condition Incident Description Immediate Causes and Latent Failures Swiss Cheese Model Key HSSE Themes from the Grating Incident Weak Signals from

564 views • 14 slides
Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp;

Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp;

Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp; Evidence Management Management Management Management CIPS Brandon Chapter November 28 2002 Dr. Marc Rogers PhD,

629 views • 27 slides
Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

V olunteer C ommunications N etwork (V-C-N) Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization Radio Nets for ZR Incidents - A V-C-N.org Academy Course - 2012-04.08-0237 264: Incident Mobilization

753 views • 20 slides
Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

V olunteer C ommunications N etwork (V-C-N) Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization Radio Nets for ZR Incidents - A V-C-N.org Academy Course - 2012-04.08-0237 264: Incident Mobilization

773 views • 50 slides
An introduction to Loquendo GRUPPO TELECOM ITALIA Company Profile TELECOM ITALIA GROUP

An introduction to Loquendo GRUPPO TELECOM ITALIA Company Profile TELECOM ITALIA GROUP

0 An introduction to Loquendo GRUPPO TELECOM ITALIA Company Profile TELECOM ITALIA GROUP Founded in 2001 as spin-off di Telecom Italia Lab, thanks to the 30yrs experience and know-how about voice processing. HC: 100 persons. Global

556 views • 12 slides
Electricity Use of U.S. Electricity Use of U.S. Telecom Networks Telecom Networks H. Scott

Electricity Use of U.S. Electricity Use of U.S. Telecom Networks Telecom Networks H. Scott

Electricity Use of U.S. Electricity Use of U.S. Telecom Networks Telecom Networks H. Scott Matthews Carnegie Mellon University AT&amp;T Industrial Ecology Faculty Fellow Agenda Re-motivation - Why we need to care about electricity use

305 views • 16 slides
IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite

IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite

IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at the internet layer. Handles addressing and routing TCP: at the transport layer. Setting up channels (between

418 views • 21 slides
Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan

Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan

Internet Protocol: Routing Algorithms Internet Protocol: Routing Algorithms Srinidhi Varadarajan Routing Routing Rout ing prot ocol 5 Goal: det ermine good pat h (sequence of rout ers) t hru 3 B C net work f rom source t o dest .

636 views • 40 slides
Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF,

Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF,

Chapter 8 Communication Networks and Services 1. IPv6 2. Internet Routing Protocols: OSPF, RIP, BGP 3. Other protocols: DHCP, NAT, and Mobile IP Chapter 8 Communication Networks and Services IPv6 Fall 2012 Prof. Chung-Horng Lung 2 IPv6

552 views • 52 slides
Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug

Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug

Formal Semantics and Automated Verification for the Border Gateway Protocol Konstantin Doug Emina Michael Arvind Zachary Weitz Woos Torlak D. Ernst Krishnamurthy Tatlock The Border Gateway Protocol The Border Gateway Protocol AS AS

645 views • 29 slides
Selecting new BGP feeders to Address the Incompleteness of the Internet AS-level Graph Luca Sani

Selecting new BGP feeders to Address the Incompleteness of the Internet AS-level Graph Luca Sani

Selecting new BGP feeders to Address the Incompleteness of the Internet AS-level Graph Luca Sani Enrico Gregori, Alessandro Improta, Luciano Lenzini, Lorenzo Rossi InfQ Workshop - Lucca - July 5-6, 2012 Luca Sani Selecting new BGP feeders to

743 views • 26 slides
Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017

Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017

Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017 Team Members Verification Team Scion Design &amp; Development Team Information Security David Basin Tobias

696 views • 55 slides
End-to-end principle All control in end stations by Dave Clark e.g. error and flow

End-to-end principle All control in end stations by Dave Clark e.g. error and flow

Introduction to routing in the Internet Internet architecture IPv4, ICMP, ARP Addressing, routing principles (Chapters 23 in Huitema) Internet-1 S-38.121 / Fall-04 / RKa, NB Internet Architecture Principles End-to-end principle All

893 views • 21 slides
ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition

ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition

ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition 7 1 6 6 2 0-1500 0-46 4 DA SA Data Pad CRC Preamble SFD Type Gap Destination MAC address Source MAC address Type (of

1.03k views • 47 slides

More recommend