Sprint, Windstream traffic routing errors hijacked other ISPs

The errors, which can shut off traffic, are occurring more frequently with little explanation, said Renesys

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

Both of the errors involved Border Gateway Protocol (BGP), an aging but crucial protocol that is used by networking equipment to route traffic between different providers. Traffic routes are "announced" using BGP, and the changes are then taken up by routers around the world.

But network providers frequently make erroneous announcements -- known as "route hijacking" -- which can shut off services, causing reliability issues or be used for certain kinds of cyberattacks.

For about a day starting last Tuesday, Sprint made a BGP announcement that directed Internet traffic from an ISP in Macedonia through its own network, wrote Doug Madory, a senior analyst with Dyn's Renesys division, which monitors how global Internet traffic is routed.

On the same day, Windstream commandeered traffic destined for Saudi Telecom, and then a day later for networks in Gaza and Iceland, besides three in China, Madory wrote.

It's not uncommon for operators to make such errors through misconfiguration. But Madory wrote that the problem of BGP route hijacking "has gone from bad to downright strange."

"While we now detect suspicious routing events on an almost daily basis, in the last couple of days we have witnessed a flurry of hijacks that really make you scratch your head," he wrote.

In the case of Sprint, the traffic destined for the Macedonian ISP Telesmart did actually make it there, albeit through a circuitous route. Renesys did a trace route, an exercise that involves watching how traffic flows from one location to another.

Traffic that originated in Sofia, Bulgaria, should only take about 6 milliseconds to end up at Telesmart in Skopje, Macedonia.

But during the time the traffic was under Sprint's control, the traffic went from Sofia to Frankfurt, then to Paris, back to Frankfurt, through Munich and Vienna, back to Sofia and then to Skopje. That scenic route took 10 times longer than it should have, Madory wrote.

Windstream's takeover of Saudi Telecom's traffic, however, made that network unavailable for any ISP that accepted Windstream's BGP announcements, he wrote.

Sprint and Windstream officials could not immediately be reached for comment on Sunday.

There's nothing to suggest that either Sprint or Windstream had malicious intentions. But such traffic diversions could give malicious actors visibility to the traffic passing through their equipment, known as a man-in-the-middle attack. That could pose privacy and security issues if the traffic isn't encrypted.

Even if the text of an email is encrypted, subject lines and metadata -- such as the email address that is sending the communication and the email address of its intended recipient -- would be in such a traffic stream.

Security analysts have long warned that BGP is vulnerable, as it lacks a way to authenticate that a particular network route belongs to a specific entity, allowing the route to be easily taken over.

There are fixes, such as using whitelisting and cryptography, but it is questionable if ISPs would see an economic incentive to make changes, wrote Sharon Goldberg an assistant professor in the Computer Science Department at Boston University, on the Association for Computing Machinery's website.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags DynsprintWindstreamsecurityRenesys

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?