Sunday, May 19, 2024

Large Amount Of European ISP’s Mobile Traffic Rerouted Through China Telecom

On 6th June, a large amount of European mobile network Traffic rerouted via China Telecom for nearly two hours, which begins at 09:43 UTC 6 June 2019.

The incident occurred due to BGP route leak from a Swiss-based data center colocation company Safe Host (AS21217) and it leads over 70,000 Traffic rerouted to China Telecom (AS4134) which is controlled by Chinese-government.

The routing incidents were noticed only for a few minutes, but many of the leaked routes were circulated more than 2 hours and more-specifics of routed prefixes.

70,000 Internet routes roughly compared with more than 300 million IP’s traffic and some of the most impacted European networks included Swisscom (AS3303) of Switzerland, KPN (AS1130) of Holland, and Bouygues Telecom (AS5410) and Numericable-SFR (AS21502) of France.

“China Telecom then announced these routes on to the global internet redirecting large amounts of internet traffic destined for some of the largest European mobile networks through China Telecom’s network”

There are various ISP prefixes were in this leak including, 1,300 Dutch prefixes, 200 Swiss prefixes, 150 Bouygues Telecom (AS5410) prefixes.

For an example, Based on the Oracle Internet Intelligence measurements, a traceroute in the following image below begins from Google in Ashburn and it destined for Vienna, Austria but it rerouted through China Telecom (hops 5-8).

China Telecom

Another traceroute from an Oracle datacenter is Toronto to Numericable-SFR in France that gets diverted through China Telecom (hops 8-10).

China Telecom

Oracle concludes with the statement says, Today’s incident shows that the internet has not yet eradicated the problem of BGP route leaks.

“It also reveals that China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur. “

“Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications,” said Doug Madory, director of Oracle’s internet analysis division.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

A New Massive DDoS Attack bit-and-Piece Pattern Targeting Internet Service Providers

Hackers Launching DNS Hijacking Attack to Gain Access to Telecommunication & ISP Networks

Website

Latest articles

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...

Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles