Categories: Network Security

Large Amount Of European ISP’s Mobile Traffic Rerouted Through China Telecom

On 6th June, a large amount of European mobile network Traffic rerouted via China Telecom for nearly two hours, which begins at 09:43 UTC 6 June 2019.

The incident occurred due to BGP route leak from a Swiss-based data center colocation company Safe Host (AS21217) and it leads over 70,000 Traffic rerouted to China Telecom (AS4134) which is controlled by Chinese-government.

The routing incidents were noticed only for a few minutes, but many of the leaked routes were circulated more than 2 hours and more-specifics of routed prefixes.

70,000 Internet routes roughly compared with more than 300 million IP’s traffic and some of the most impacted European networks included Swisscom (AS3303) of Switzerland, KPN (AS1130) of Holland, and Bouygues Telecom (AS5410) and Numericable-SFR (AS21502) of France.

“China Telecom then announced these routes on to the global internet redirecting large amounts of internet traffic destined for some of the largest European mobile networks through China Telecom’s network”

There are various ISP prefixes were in this leak including, 1,300 Dutch prefixes, 200 Swiss prefixes, 150 Bouygues Telecom (AS5410) prefixes.

For an example, Based on the Oracle Internet Intelligence measurements, a traceroute in the following image below begins from Google in Ashburn and it destined for Vienna, Austria but it rerouted through China Telecom (hops 5-8).

Another traceroute from an Oracle datacenter is Toronto to Numericable-SFR in France that gets diverted through China Telecom (hops 8-10).

Oracle concludes with the statement says, Today’s incident shows that the internet has not yet eradicated the problem of BGP route leaks.

“It also reveals that China Telecom, a major international carrier, has still implemented neither the basic routing safeguards necessary both to prevent propagation of routing leaks nor the processes and procedures necessary to detect and remediate them in a timely manner when they inevitably occur. “

“Two hours is a long time for a routing leak of this magnitude to stay in circulation, degrading global communications,” said Doug Madory, director of Oracle’s internet analysis division.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

A New Massive DDoS Attack bit-and-Piece Pattern Targeting Internet Service Providers

Hackers Launching DNS Hijacking Attack to Gain Access to Telecommunication & ISP Networks

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago