Sprint, Windstream traffic routing errors hijacked other ISPs

The errors, which can shut off traffic, are occurring more frequently with little explanation, said Renesys

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

Both of the errors involved Border Gateway Protocol (BGP), an aging but crucial protocol that is used by networking equipment to route traffic between different providers. Traffic routes are "announced" using BGP, and the changes are then taken up by routers around the world.

But network providers frequently make erroneous announcements -- known as "route hijacking" -- which can shut off services, causing reliability issues or be used for certain kinds of cyberattacks.

For about a day starting last Tuesday, Sprint made a BGP announcement that directed Internet traffic from an ISP in Macedonia through its own network, wrote Doug Madory, a senior analyst with Dyn's Renesys division, which monitors how global Internet traffic is routed.

On the same day, Windstream commandeered traffic destined for Saudi Telecom, and then a day later for networks in Gaza and Iceland, besides three in China, Madory wrote.

It's not uncommon for operators to make such errors through misconfiguration. But Madory wrote that the problem of BGP route hijacking "has gone from bad to downright strange."

"While we now detect suspicious routing events on an almost daily basis, in the last couple of days we have witnessed a flurry of hijacks that really make you scratch your head," he wrote.

In the case of Sprint, the traffic destined for the Macedonian ISP Telesmart did actually make it there, albeit through a circuitous route. Renesys did a trace route, an exercise that involves watching how traffic flows from one location to another.

Traffic that originated in Sofia, Bulgaria, should only take about 6 milliseconds to end up at Telesmart in Skopje, Macedonia.

But during the time the traffic was under Sprint's control, the traffic went from Sofia to Frankfurt, then to Paris, back to Frankfurt, through Munich and Vienna, back to Sofia and then to Skopje. That scenic route took 10 times longer than it should have, Madory wrote.

Windstream's takeover of Saudi Telecom's traffic, however, made that network unavailable for any ISP that accepted Windstream's BGP announcements, he wrote.

Sprint and Windstream officials could not immediately be reached for comment on Sunday.

There's nothing to suggest that either Sprint or Windstream had malicious intentions. But such traffic diversions could give malicious actors visibility to the traffic passing through their equipment, known as a man-in-the-middle attack. That could pose privacy and security issues if the traffic isn't encrypted.

Even if the text of an email is encrypted, subject lines and metadata -- such as the email address that is sending the communication and the email address of its intended recipient -- would be in such a traffic stream.

Security analysts have long warned that BGP is vulnerable, as it lacks a way to authenticate that a particular network route belongs to a specific entity, allowing the route to be easily taken over.

There are fixes, such as using whitelisting and cryptography, but it is questionable if ISPs would see an economic incentive to make changes, wrote Sharon Goldberg an assistant professor in the Computer Science Department at Boston University, on the Association for Computing Machinery's website.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags DynsprintWindstreamsecurityRenesys

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?