# Targeted Internet Traffic Misdirection



## peterw (Nov 26, 2013)

The New Threat: Targeted Internet Traffic Misdirection



> Traffic interception has certainly been a hot topic in 2013.
> The world has been focused on interception carried out the old fashioned way,
> by getting into the right buildings and listening to the right cables.
> But there’s actually been a significant uptick this year in a completely different kind of attack,
> ...





> Example 2: Icelandic Traffic Diversion
> 
> After this “first light” from Iceland in May, there were
> no more route hijacks from Iceland for more than two months.
> ...











> Implications
> 
> In practical terms, this means that Man-In-the-Middle BGP route hijacking
> has now moved from a theoretical concern to something that happens fairly regularly,
> ...


True words. Can't believe that this is happening and nobody cares.


----------



## KuJoe (Nov 26, 2013)

This happened to us earlier this year. The problem is with upstream providers (i.e. Level3, Cogent, HE, etc...) that don't confirm ownership of IPs and even worse some allow clients to announce IPs without any human intervention. Announcing only /24s is the best method to prevent it but not 100% effective.

I'm pretty sure that's why BGPMon changed their pricing earlier this year also (the owner was awesome enough to contact us after our BGP hijack to discuss the details although I didn't have much to provide).


----------



## drmike (Nov 26, 2013)

I wonder who the providers/facilities involved in this illustration are...


----------



## peterw (Nov 26, 2013)

drmike said:


> I wonder who the providers/facilities involved in this illustration are...



Belarusian ISP GlobalOneBel (AS 28849)
Opin Kerfi (AS 48685)
Síminn (AS 6677)



> We contacted them again recently while researching this story.
> 
> 
> We were told that the problems were the result of a bug in vendor software,
> ...


----------



## Mun (Nov 26, 2013)

Yeah that looks like routing protocols when they can't find the next hop in there databanks.

Mun


----------



## wlanboy (Nov 27, 2013)

If that is true the second chain of trust is broken.


SSL CAs
Autonomous System owners


----------

