Traffic Hijacking Makes Google Services Unreachable
On Monday 12 November services from Google were rendered unavailable for around two hours after a traffic hijacking incident. Users trying to reach the services were guided through operators in Russia and Nigeria before hitting the Great Firewall of China.
The normal traffic route was changed after Google prefixes were leaked to China Telecom.
ThousandEyes, a network monitoring company first noticed the issues when its offices couldn’t connect to Google’s G Suite products. The issues became more serious when all the traffic dropped after reaching a router connected to China Telecom’s infrastructure.
They also noticed that TransTelecom was on the path, a Russian ISP. This prompted them to investigate further.
Our analysis indicates that the origin of this leak was the BGP peering relationship between MainOne, the Nigerian provider, and China Telecom. MainOne has a peering relationship with Google via IXPN [Internet Exchange Point] in Lagos and has direct routes to Google, which leaked into China Telecom.
It is thought that at the very minimum, the issues caused a massive denial of service (DoS).
Appears that Nigerian ISP AS37282 'MainOne Cable Company' leaked many @google prefixes to China telecom, who then advertised it to AS20485 TRANSTELECOM (russia). From there on others appear to have picked this up.
— Cisco BGPmon (@bgpmon) November 12, 2018
BGP is a solution that helps route traffic to specific destinations through autonomous systems. The solution was designed in the 80s and is vulnerable to traffic hijacking. Some of these misdirected traffic issues can be accidental when a company makes a mistake with the routing. However, it can also be a malicious attack. It is thought that this incident is a traffic hijacking attack.
In addition to @Google downstream networks from The Nigerian ISP AS37282 Mainone, were affected. Including for example this @Cloudflare prefixhttps://t.co/wq8x4kl3w2 pic.twitter.com/z4Ep2lcyxQ
— Cisco BGPmon (@bgpmon) November 13, 2018
Until further investigation is carried out, we won’t know the origins of the issue, or whether it was intentional with any certainty, although it looks this way. It’s been argued that BGP needs to advance its security solution by implementing a verification and filtering mechanism.
We will provide any updates on this story as and when they come in.