Abstract
China Telecom’s hijack of approximately 50,000 IP prefixes in April 2010 highlights the potential for traffic interception on the Internet. Indeed, the sensitive nature of the hijacked prefixes, including US government agencies, garnered a great deal of attention and highlights the importance of being able to characterize such incidents after they occur. We use the China Telecom incident as a case study, to understand (1) what can be learned about large-scale routing anomalies using public data sets, and (2) what types of data should be collected to diagnose routing anomalies in the future. We develop a methodology for inferring which prefixes may be impacted by traffic interception using only control-plane data and validate our technique using data-plane traces. The key findings of our study of the China Telecom incident are: (1) The geographic distribution of announced prefixes is similar to the global distribution with a tendency towards prefixes registered in the Asia-Pacific region, (2) there is little evidence for subprefix hijacking which supports the hypothesis that this incident was likely a leak of existing routes, and (3) by preferring customer routes, providers inadvertently enabled interception of their customer’s traffic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ager, B., Chatzis, N., Feldmann, A., Sarrar, N., Uhlig, S., Willinger, W.: Anatomy of a large European IXP. In: Proc. of ACM SIGCOMM (2012)
ATLAS - Arbor Networks (2012), http://atlas.arbor.net
Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the Internet. In: Proc. of ACM SIGCOMM (2007)
BGPMon. China telecom hijack (2010), http://bgpmon.net/blog/?p=282
Blumenthal, D., Brookes, P., Cleveland, R., Fiedler, J., Mulloy, P., Reinsch, W., Shea, D., Videnieks, P., Wessel, M., Wortzel, L.: Report to Congress of the US-China Economic and Security Review Commission (2010), http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf
Brown, M.: Renesys blog: Pakistan hijacks YouTube, http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
Chi, Y., Oliveira, R., Zhang, L.: Cyclops: The Internet AS-level observatory. ACM SIGCOMM Computer Communication Review (2008)
Cowie, J.: Renesys blog: China’s 18-minute mystery, http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml
Gao, L., Rexford, J.: Stable Internet routing without global coordination. Transactions on Networking (2001)
Gill, P., Schapira, M., Goldberg, S.: Modeling on quicksand: Dealing with the scarcity of ground truth in interdomain routing data. ACM SIGCOMM Computer Communication Review (2012)
Gregori, E., Improta, A., Lenzini, L., Rossi, L., Sani, L.: On the incompleteness of the AS-level graph: a novel methodology for BGP route collector placement. In: ACM Internet Measurement Conference (2012)
Hiran, R., Carlsson, N., Gill, P.: Characterizing large-scale routing anomalies: A case study of the China Telecom incident (2012), http://www.ida.liu.se/~nikca/papers/pam13.html
Khare, V., Ju, Q., Zhang, B.: Concurrent prefix hijacks: Occurrence and impacts. In: ACM Internet Measurement Conference (2012)
Labovitz, C.: China hijacks 15% of Internet traffic (2010), http://ddos.arbornetworks.com/2010/11/china-hijacks-15-of-internet-traffic/
Madhyastha, H., Isdal, T., Piatek, M., Dixon, C., Anderson, T., Krishnamurthy, A., Venkataramani, A.: iPlane: An information plane for distributed services. In: Proc. of OSDI (2006)
Mao, Z., Rexford, J., Wang, J., Katz, R.H.: Towards an accurate AS-level traceroute tool. In: Proc. of ACM SIGCOMM (2003)
McMillan, R.: A Chinese ISP momentarily hijacks the Internet (2010), http://www.nytimes.com/external/idg/2010/04/08/08idg-a-chinese-isp-momentarily-hijacks-the-internet-33717.html
Misel, S.: Wow, AS7007! Merit NANOG Archive (1997), http://www.merit.edu/mail.archives/nanog/1997-04/msg00340.html
U. of Oregon. Route views project, http://www.routeviews.org/
Oliveira, R., Pei, D., Willinger, W., Zhang, B., Zhang, L.: Quantifying the completeness of the observed internet AS-level structure. UCLA Computer Science Department - Techical Report TR-080026-2008 (September 2008)
Pilosov, A., Kapela, T.: Stealing the Internet: An Internet-scale man in the middle attack. Presentation at DefCon 16 (2008), http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hiran, R., Carlsson, N., Gill, P. (2013). Characterizing Large-Scale Routing Anomalies: A Case Study of the China Telecom Incident. In: Roughan, M., Chang, R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36516-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-36516-4_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36515-7
Online ISBN: 978-3-642-36516-4
eBook Packages: Computer ScienceComputer Science (R0)