china telecom incident
play

China Telecom Incident Rahul Hiran 1 , Niklas Carlsson 1 , Phillipa - PowerPoint PPT Presentation

Jul 15, 2023 •413 likes •735 views

Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident Rahul Hiran 1 , Niklas Carlsson 1 , Phillipa Gill 2 1 Linkping University, Sweden 2 University of Toronto, Canada 19 th March2013 China Telecom incident

  1. Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident Rahul Hiran 1 , Niklas Carlsson 1 , Phillipa Gill 2 1 Linköping University, Sweden 2 University of Toronto, Canada 19 th March2013

  2. China Telecom incident 3/28/2013 2

  3. China Telecom incident • The incident occurred on 8 th April 2010 • The congress report, 2010 in USA mentions the incident • Questions about what was done with the data, attack or accident • We characterize this incident using only publicly available data (e.g., Routeviews and iPlane)

  4. BGP (Border Gateway Protocol) refresher ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 AS 22394 66.174.0.0/16

  5. BGP (Border Gateway Protocol) refresher ISP 1 VZW, 22394 66.174.0.0/16 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 AS 22394 66.174.0.0/16

  6. BGP (Border Gateway Protocol) refresher Level3, VZW, 22394 66.174.0.0/16 ISP 1 VZW, 22394 66.174.0.0/16 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 AS 22394 66.174.0.0/16

  7. BGP (Border Gateway Protocol) refresher ChinaTel 66.174.0.0/ 16 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom 66.174.0.0/16

  8. BGP (Border Gateway Protocol) refresher ChinaTel path is shorter ? ChinaTel 66.174.0.0/ 16 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom 66.174.0.0/16

  9. BGP (Border Gateway Protocol) refresher ChinaTel prefix is more specific ? ChinaTel 66.174.161.0/ 24 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom 66.174.0.0/16

  10. BGP (Border Gateway Protocol) refresher ChinaTel 66.174.161.0/ 24 ISP 1 Level 3 Verizon China Wireless 22394 Telecom 66.174.0.0/16 This prefix and 50K others were announced by AS 22394 China Telecom Traffic for some prefixes was possibly intercepted 66.174.0.0/16

  11. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure $$ National ISP National ISP National ISP Local ISP Local ISP Local ISP Local ISP Local ISP 3/28/2013 11

  12. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Loal ISP Local ISP 3/28/2013 12

  13. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Local ISP Customer route Local ISP 3/28/2013 13

  14. BGP routing policies: Business relationships • Heirarchical Internet $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Local ISP Peer route Customer route Local ISP 3/28/2013 14

  15. BGP routing policies: Business relationships • Heirarchical Internet Provider route $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP Local ISP Local ISP Peer route Customer route Local ISP 3/28/2013 15

  16. BGP routing policies: Business relationships • Heirarchical Internet Provider route $$ Transit ISP Transit ISP structure • Different $$ relationships National ISP National ISP National ISP – Customer-Provider – Peer-Peer Local ISP Local ISP • Preference order Local ISP Local ISP – Customer route (high) Peer route Customer route – Peer route Local ISP – Provider route (low) 3/28/2013 16

  17. Analysis outline • Prefix hijack analysis Country-based analysis • Subprefix hijack analysis • Interception analysis Reasons for interception 3/28/2013 17

  18. Country-based analysis • Was any country targeted? • Geographic distribution of prefixes 3/28/2013 18

  19. Country-based analysis Distribution of hijacked prefixes do not deviate from global distribution of prefixes 3/28/2013 19

  20. Subprefix hijack analysis • 21% (9,082) prefixes longer than existing prefixes at all six Routeviews monitors • 95% of this prefixes belong to China Telecom • <1% (86) prefixes subprefix hijacked excluding the top-3 ASes in table 3/28/2013 20

  21. Subprefix hijack analysis No evidence for intentional subprefix hijacking 3/28/2013 21

  22. How did interception occur? Two required routing decisions for traffic interception: China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 22

  23. How did interception occur? Two required routing decisions for traffic interception: 1. A neighbor routes to China Telecom for hijacked prefix China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 23

  24. How did interception occur? Two required routing decisions for traffic interception: 1. A neighbor routes to China Telecom for hijacked prefix 2. Another neighbor does not do so China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 24

  25. How did interception occur? Two required routing decisions for traffic interception: 1. A neighbor routes to China Telecom for hijacked prefix 2. Another neighbor does not do so China Telecom, China Telecom DC, Level3, Verizon, Verizon W China Telecom DC 66.174.161.0/24 66.174.161.0/24 AT&T China Level 3 Telecom China Telecom Verizon Verizon data centre wireless 3/28/2013 25

  26. Interception analysis • Identification of interception instances • Used traceroute data from iPlane project 1575 3/28/2013 26

  27. Interception analysis • Identification of interception instances • Used traceroute data from iPlane project 357 3/28/2013 27

  28. Interception analysis Reasons for neighbors not choosing 4134 3/28/2013 28

  29. Interception analysis: Reasons for neighbors not choosing 4134 • Routing policies and business relationships resulted in interception • Accidental interception possible 3/28/2013 29

  30. Conclusion and discussion • Characterized the China Telecom incident – Accidental interception possible – Sheds light on properties of announced prefixes – Supports the conclusion that incident was a leak of random prefixes – However, it does not rule out malicious intent • Our study highlights – Challenges of diagnosing routing incidents – Importance of public and rich available data 3/28/2013 30

  31. Linköping University expanding reality Questions? Rahul Hiran rahul.hiran@liu.se

Recommend

KEY DATA CENTERS IN BEIJING,SHANGHAI &amp; GUANGDONG WHY CHINA TELECOM? China Telecom has

KEY DATA CENTERS IN BEIJING,SHANGHAI &amp; GUANGDONG WHY CHINA TELECOM? China Telecom has

CHINA TELECOM KEY DATA CENTERS IN BEIJING,SHANGHAI &amp; GUANGDONG WHY CHINA TELECOM? China Telecom has hundreds of Internet Data Centers (IDCs) Fully redundant power, cooling, security and network worldwide, with the highest concentration

775 views • 18 slides
OPEN-O Unified NFV/SDN Open Source Orchestrator Hui Deng, China Mobile Kai Liu, China Telecom

OPEN-O Unified NFV/SDN Open Source Orchestrator Hui Deng, China Mobile Kai Liu, China Telecom

OPEN-O Unified NFV/SDN Open Source Orchestrator Hui Deng, China Mobile Kai Liu, China Telecom Eun Kyoung Paik, KT Chris Donley, Huawei Jim Zemlin, Linux Foundation Disclaimer The following represents general proposals being worked on by a

409 views • 27 slides
RADITEK Telecom www.raditek.com/telecom A California USA corporation RADITEK TELECOM

RADITEK Telecom www.raditek.com/telecom A California USA corporation RADITEK TELECOM

RADITEK Telecom www.raditek.com/telecom A California USA corporation RADITEK TELECOM PRESENTATION www.raditek.com/telecom 1 Component and System Products Founded in 1 9 9 3 By Malcolm Lee &amp; Peter Corbett RF/ Microw ave Com ponents m

768 views • 32 slides
RADITEK Telecom www.raditek.com/telecom 2015 A California USA corporation RADITEK 2015 TELECOM

RADITEK Telecom www.raditek.com/telecom 2015 A California USA corporation RADITEK 2015 TELECOM

RADITEK Telecom www.raditek.com/telecom 2015 A California USA corporation RADITEK 2015 TELECOM PRESENTATION 1 www.raditek.com/ telecom Component and System Products Founded in 1 9 9 3 By Malcolm Lee &amp; Peter Corbett RF/ Microw ave

589 views • 29 slides
RADITEK Telecom www.raditek.com/telecom 2016 A California USA corporation RADITEK 2016 TELECOM

RADITEK Telecom www.raditek.com/telecom 2016 A California USA corporation RADITEK 2016 TELECOM

RADITEK Telecom www.raditek.com/telecom 2016 A California USA corporation RADITEK 2016 TELECOM PRESENTATION www.raditek.com/ telecom 1 Component and System Products Founded in 1 9 9 3 By Malcolm Lee &amp; Peter Corbett RF/ Microw ave

1.02k views • 32 slides
draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr http://perso.telecom-paristech.fr/~urien/hiprfid/ http://www.telecom-paristech.fr 1 /11 Pascal URIEN, IETF 79 th , Tuesday 9 th November 2010, Beijing, China What

373 views • 11 slides
Development Scenario of SoftSwitch Development Scenario of SoftSwitch Standards in China and

Development Scenario of SoftSwitch Development Scenario of SoftSwitch Standards in China and

Development Scenario of SoftSwitch Development Scenario of SoftSwitch Standards in China and China Telecom s s Standards in China and China Telecom Considerations on Network Evolution Considerations on Network Evolution Ms. Zhao

404 views • 22 slides
DNS based IP NetLocation Service China Telecom Guangzhou Institute dingsy@gsta.com What is

DNS based IP NetLocation Service China Telecom Guangzhou Institute dingsy@gsta.com What is

DNS based IP NetLocation Service China Telecom Guangzhou Institute dingsy@gsta.com What is network location service To provide the targets position in the network given its IP address It focuses on network location instead of

203 views • 19 slides
ICT &amp; Oil &amp; Gas Power Telecom YOUR ENERGY PARTNER IN SOUTHEAST ASIA BANGLADESH .

ICT &amp; Oil &amp; Gas Power Telecom YOUR ENERGY PARTNER IN SOUTHEAST ASIA BANGLADESH .

PROJECT MANAGEMENT &amp; TURNKEY SERVICES | MANPOWER CONTRACTING TECHNICAL SERVICES | RECRUITMENT &amp; HR SOLUTIONS ICT &amp; Oil &amp; Gas Power Telecom YOUR ENERGY PARTNER IN SOUTHEAST ASIA BANGLADESH . CAMBODIA . CHINA . HONG KONG .

352 views • 24 slides
Incident Action Planning in the EOC GGC NHC 2018 GGC NHC 2018 Incident Action Planning EOC

Incident Action Planning in the EOC GGC NHC 2018 GGC NHC 2018 Incident Action Planning EOC

Incident Action Planning in the EOC GGC NHC 2018 GGC NHC 2018 Incident Action Planning EOC plans are typically more strategic than field IAPs A planning process helps synchronize operations and ensure they support incident objectives

510 views • 34 slides
Grating Incident resulting in LTI Agenda Background and Medical Condition Incident

Grating Incident resulting in LTI Agenda Background and Medical Condition Incident

Grating Incident resulting in LTI Agenda Background and Medical Condition Incident Description Immediate Causes and Latent Failures Swiss Cheese Model Key HSSE Themes from the Grating Incident Weak Signals from

564 views • 14 slides
Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp;

Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp;

Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp; Evidence Incident Response &amp; Evidence Management Management Management Management CIPS Brandon Chapter November 28 2002 Dr. Marc Rogers PhD,

629 views • 27 slides
Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

V olunteer C ommunications N etwork (V-C-N) Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization Radio Nets for ZR Incidents - A V-C-N.org Academy Course - 2012-04.08-0237 264: Incident Mobilization

753 views • 20 slides
Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization

V olunteer C ommunications N etwork (V-C-N) Incident Mobilization Incident Mobilization (R- -T T- -S) Nets S) Nets (R Mobilization Radio Nets for ZR Incidents - A V-C-N.org Academy Course - 2012-04.08-0237 264: Incident Mobilization

773 views • 50 slides
An introduction to Loquendo GRUPPO TELECOM ITALIA Company Profile TELECOM ITALIA GROUP

An introduction to Loquendo GRUPPO TELECOM ITALIA Company Profile TELECOM ITALIA GROUP

0 An introduction to Loquendo GRUPPO TELECOM ITALIA Company Profile TELECOM ITALIA GROUP Founded in 2001 as spin-off di Telecom Italia Lab, thanks to the 30yrs experience and know-how about voice processing. HC: 100 persons. Global

556 views • 12 slides
Electricity Use of U.S. Electricity Use of U.S. Telecom Networks Telecom Networks H. Scott

Electricity Use of U.S. Electricity Use of U.S. Telecom Networks Telecom Networks H. Scott

Electricity Use of U.S. Electricity Use of U.S. Telecom Networks Telecom Networks H. Scott Matthews Carnegie Mellon University AT&amp;T Industrial Ecology Faculty Fellow Agenda Re-motivation - Why we need to care about electricity use

305 views • 16 slides
Core Utilities Corporate New Energy &amp; Telecom 2 2016 INTERIM RESULTS OVERVIEW 3 New

Core Utilities Corporate New Energy &amp; Telecom 2 2016 INTERIM RESULTS OVERVIEW 3 New

The Ho Hong Kong &amp; Ch Chin ina Gas Gas Co. Co. L Ltd. . (3 HK) K) inc incorpo porated Towng wngas Chin China Co Co. Ltd. d. (108 083 3 HK) K) Hong Kong Mainland Core Utilities Corporate New Energy &amp; Telecom 2 2016

989 views • 47 slides
GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response Investing in new talent &amp; capabilities Incident response Cyber intelligence Digital forensics Security architecture Identity management

609 views • 42 slides
BC Oil and Gas Commission Incident Reporting 1 Incident Reporting: Systems and Processes

BC Oil and Gas Commission Incident Reporting 1 Incident Reporting: Systems and Processes

BC Oil and Gas Commission Incident Reporting 1 Incident Reporting: Systems and Processes Regulatory Framework In British Columbia, oil and gas incidents are managed in accordance with the following legislation and regulations: 1. The Oil and

277 views • 12 slides
Engineering School Tlcom SudParis Tlcom SudParis Telecom SudParis (former Telecom

Engineering School Tlcom SudParis Tlcom SudParis Telecom SudParis (former Telecom

Joachim FEROUX Engineering School Tlcom SudParis Tlcom SudParis Telecom SudParis (former Telecom INT) is a French state-funded Grande cole for engineers, accredited by the Commission des titres d'ingnieur. It produces

185 views • 16 slides
INCIDENT INVESTIGATION ANALYSIS Nalicia Stevenson Addo Safety Manager, Cutrale What Is An

INCIDENT INVESTIGATION ANALYSIS Nalicia Stevenson Addo Safety Manager, Cutrale What Is An

INCIDENT INVESTIGATION ANALYSIS Nalicia Stevenson Addo Safety Manager, Cutrale What Is An Incident Major Reasons For Conducting Incident Investigations Incident Investigation AGENDA Procedures 5 W 1 H Problem Statement

418 views • 13 slides
ZR Incident Communications ZR Incident Communications Center (ICC) Specialist Center (ICC)

ZR Incident Communications ZR Incident Communications Center (ICC) Specialist Center (ICC)

Category Z R adio I ncident C ommand S ystem ZR Incident Communications ZR Incident Communications Center (ICC) Specialist Center (ICC) Specialist Introduction to the ZR2R Position - A V-C-N.org Academy Course - 2012-04.04-1002 223:

496 views • 14 slides
Incident Response: Goals of Incident Management Steps to Preparation Risk Assessment

Incident Response: Goals of Incident Management Steps to Preparation Risk Assessment

6/19/2015 Incidents Are Not Necessarily Emergencies Incident Laboratory Incidences and An event thats likely to have adverse consequences Emergency Response Programs Emergency Unanticipated circumstances resulting in

564 views • 5 slides
Incident Cause Analysis Method (ICAM) Report LDVs HEAD ON COLLISION POINTS OF DISCUSSION

Incident Cause Analysis Method (ICAM) Report LDVs HEAD ON COLLISION POINTS OF DISCUSSION

Incident Cause Analysis Method (ICAM) Report LDVs HEAD ON COLLISION POINTS OF DISCUSSION Incident information Incident description Incident Scene Sequence of events Failure analysis Root cause process flow Key

452 views • 12 slides

More recommend