I don't think so. When you're in the middle and neither the source nor the destination of a route implements MANRS, there is not much to protect/verify. MANRS does protect you from becoming a leak, among other things. (I am not a total expert on routing, so please take this with a grain of salt)
Would someone explain to a scrub what "route leaking" is? Would this be an issue because the leak receiver could inspect traffic that it wouldn't have gotten otherwise?
The way inter-ISP routing works is that every ISP advertises its IP ranges† (prefixes) to each ISP it's connected to, who in turn stamp them with their own addresses and relay them to all their connections; in this way, advertisements are eventually propagated to every ISP on the Internet.
A prefix can be connected to several ISPs, and thus be advertised multiple times from multiple places. Each ISP resolves all the advertisements and computes paths to each prefix, sending traffic towards the shortest path received.
The protocol that conducts this process, BGP4, is unauthenticated and managed by a combination of fiddly filtering configurations (often based on regular expressions) and trust. An ISP can advertise any prefix and stand a chance of getting some other ISPs to route that prefix towards them.
Here, what appears to have happened was that a Dutch ISP advertised a bunch of prefixes incorrectly (they may have been advertised in such a way as to make them unattractive options for routing, as a safeguard, but that proved ineffective). China Telecom picked them up and propagated them, and, in doing so, made itself an attractive path for the prefixes for many other ISPs.
Yes, this would allow China Telecom to inspect traffic mistakenly routed to them, though it's extraordinarily unlikely that anything like that occurred.
† ISPs themselves have their own short numeric addresses, called ASNs.
That's exactly right. Think of it like modifying your GPS to get you to drive to a bad part of town (so that your car/valuables are stolen).
The fact that it's China Telecom speaks volumes to this being a suspected route hijack. It's possible it was just an error on the Swiss colo companies part but somehow I doubt that.
Is there still enough unencrypted traffic to make this attack have any value? Or are they like the NSA where they care more about who and when and not so much the content of the conversations.
>It also reveals that China Telecom, a major International carrier, has still implemented neither the basic routing safeguards necessary both to prevent the propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur.
So basically a lack of external pressure combined with a lack of caring about preventing this.
China Telecom has minimum routing safeguards. I don't know how it works exactly, but I've heard anecdotes from Chinese network operators on multiple occasions, they say you can even steal free IP addresses from China Telecom through BGP, and normally they don't even care...
> So basically a lack of external pressure combined with a lack of caring about preventing this
Could someone who's paranoid guess that this is done on purpose, the goal being to capture all the packets before sending them back towards the correct ISPs?
Agreed. It’s remarkably easy to screw up BGP by misconfiguration by changing (or deleting) a route map or prefix list. There’s over 800K autonomous systems participating in BGP now, so I’m certain mistakes happen all the time but don’t get reported.
This rule is over applied. If someone doesn't hold the door for you then don't assume they did it out of malice. That would be an appropriate use of this rule. Applying it in cases where there are known and obvious instances of malice doesn't make sense.
>Today’s incident shows that the Internet has not yet eradicated the problem of BGP route leaks. It also reveals that China Telecom, a major International carrier, has still implemented neither the basic routing safeguards necessary both to prevent the propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur.
What incentives do they have not to route data from foreign adversaries through their networks? :')
The whole thing was a mistaken configuration made by a European company. If anything, the Chinese company is a victim who got a ton of unwanted traffic routed through them.
I agree it's more newsworthy when countries known for generally being enemies of human rights and privacy have traffic that isn't theirs routed through them, and just happen to publish prefixes.
They didn't just happen to publish anything, one of CT's _European_ customers leaked prefixes to them and CT didn't have filters in place to block it. Which is how peering has worked from day 1, you know the openness and doing things based on mutual trust that the Internet has been 'plagued' with since forever has also applies to peering relationships.
The notion that they did this on purpose to record traffic is just silly.
> China Telecom then announced these routes onto the global Internet redirecting large amounts of Internet traffic destined for some of the largest European mobile networks through China Telecom’s network.
How is China recording internet traffic silly given their expansive use of facial recognition, their crackdown on journalists, interdiction of VPN services, and use of apps to monitor ethnic minorities? Capturing a bit of foreign internet traffic isn't anything, and would be extensively useful to a police state.
If China wants to convince the rest of the world that every single BGP hijack and leak isn't intelligence gathering, then they can implement the same standards and safeguards everyone else does...
That part is not silly. But the way it happened in this case (and most cases like this) makes it silly to think they did it on purpose because they didn't actually do anything, no active choice or action on their part was required for it to happen. You could suggest that they are dragging their feet on implementing safeguards and just hoping that one of their customers leaks some routes to them so they can capture some random data, but I would call that silly as well. When they do it will be targeted and effective.
https://www.manrs.org/