Sprint, Windstream traffic routing errors hijacked other ISPs

The errors, which can shut off traffic, are occurring more frequently with little explanation, said Renesys

Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues.

Both of the errors involved Border Gateway Protocol (BGP), an aging but crucial protocol that is used by networking equipment to route traffic between different providers. Traffic routes are "announced" using BGP, and the changes are then taken up by routers around the world.

But network providers frequently make erroneous announcements -- known as "route hijacking" -- which can shut off services, causing reliability issues or be used for certain kinds of cyberattacks.

For about a day starting last Tuesday, Sprint made a BGP announcement that directed Internet traffic from an ISP in Macedonia through its own network, wrote Doug Madory, a senior analyst with Dyn's Renesys division, which monitors how global Internet traffic is routed.

On the same day, Windstream commandeered traffic destined for Saudi Telecom, and then a day later for networks in Gaza and Iceland, besides three in China, Madory wrote.

It's not uncommon for operators to make such errors through misconfiguration. But Madory wrote that the problem of BGP route hijacking "has gone from bad to downright strange."

"While we now detect suspicious routing events on an almost daily basis, in the last couple of days we have witnessed a flurry of hijacks that really make you scratch your head," he wrote.

In the case of Sprint, the traffic destined for the Macedonian ISP Telesmart did actually make it there, albeit through a circuitous route. Renesys did a trace route, an exercise that involves watching how traffic flows from one location to another.

Traffic that originated in Sofia, Bulgaria, should only take about 6 milliseconds to end up at Telesmart in Skopje, Macedonia.

But during the time the traffic was under Sprint's control, the traffic went from Sofia to Frankfurt, then to Paris, back to Frankfurt, through Munich and Vienna, back to Sofia and then to Skopje. That scenic route took 10 times longer than it should have, Madory wrote.

Windstream's takeover of Saudi Telecom's traffic, however, made that network unavailable for any ISP that accepted Windstream's BGP announcements, he wrote.

Sprint and Windstream officials could not immediately be reached for comment on Sunday.

There's nothing to suggest that either Sprint or Windstream had malicious intentions. But such traffic diversions could give malicious actors visibility to the traffic passing through their equipment, known as a man-in-the-middle attack. That could pose privacy and security issues if the traffic isn't encrypted.

Even if the text of an email is encrypted, subject lines and metadata -- such as the email address that is sending the communication and the email address of its intended recipient -- would be in such a traffic stream.

Security analysts have long warned that BGP is vulnerable, as it lacks a way to authenticate that a particular network route belongs to a specific entity, allowing the route to be easily taken over.

There are fixes, such as using whitelisting and cryptography, but it is questionable if ISPs would see an economic incentive to make changes, wrote Sharon Goldberg an assistant professor in the Computer Science Department at Boston University, on the Association for Computing Machinery's website.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags DynsprintWindstreamsecurityRenesys

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?