Report sounds alarm on China's rerouting of U.S. Internet traffic

Substantial portion of traffic was routed through China earlier this year, says U.S.-China commission

By , Computerworld |  Security, network security

Incidents such as those reported by the commission highlight some of the fundamental vulnerabilities of the Internet, said Dmitri Alperovitch, an Internet threat researcher with McAfee.

Traffic flow on the Internet is enabled by routing servers, which essentially exchange information with each other on the best routes for traffic to take to get to a particular Internet destination. Each server implicitly trusts the information provided by other servers in the system.

The Internet hijacking incident of April 8 resulted when China Telecom's servers erroneously started advertising themselves as the best routes for a large chunk of Internet traffic. Such rerouting has happened before from simple configuration errors, though it can certainly be caused by deliberate actions as well.

There is no way of knowing for sure whether the April incident was done with malicious intent or was caused by accident as China Telecom has suggested, Alperovitch said.

"The takeaway here is that the foundation on which the Internet is built is insecure," Alperovitch said. "It is based on trust. We trust ISPs to tell us which networks they own. There is no validation [of the information.]"

"Not only can this problem happen again, but it probably will," he said.

With most routing errors, traffic is either dropped or misdirected, said Craig Labovitz, chief technology officer at Arbor Networks. Even a single misplaced line of code in a core router can resulting in wrong routing information being propagated through the Internet and cause all sorts of problems, he said.

"The underlying plumbing relies on trust," Labovitz said. "You got a lot of different telecoms all telling each other what address space they have and what they can reach. You believe what address space they have and you send traffic to them."

This is not the first time the commission has raised Internet security concerns related to China. In a similar report last year, it noted that China was using its maturing network exploitation capabilities to leach intelligence information from the U.S. government, military and industry.

"The problem is characterized by disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks, and an ability to sustain activities," the earlier report had noted.

Originally published on Computerworld |  Click here to read the original story.
Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question