[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
- Subject: Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking
- From: blake at ispn.net (Blake Hudson)
- Date: Fri, 26 Oct 2018 11:30:22 -0500
- In-reply-to: <CAGRHET8K2TZFvhbG2HJbPEZP9JyBSug5qrM-fC1eqNJj==HkxQ@mail.gmail.com>
- References: <CAGRHET8K2TZFvhbG2HJbPEZP9JyBSug5qrM-fC1eqNJj==HkxQ@mail.gmail.com>
Harley H wrote on 10/26/2018 8:52 AM:
> Curious to hear others' thoughts on this.
> https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1050&context=mca
>
> This paper presents the view that several BGP hijacks performed by
> China Telecom had malicious intent. The incidents are:
> * Canada to Korea - 2016
> * US to Italy - Oct 2016
> * Scandinavia to Japan - April-May 2017
> * Italy to Thailand - April-July 2017
>
> The authors claim this is enabled by China Telecom's presence in North
> America.
Not sure I agree with the author's argument of having Access Reciprocity
between nations/governments (both as a technical solution or on
political principle). Moving towards an ecosystem where prefix
advertisements and AS paths are validated to prevent both accidental and
intentional hijacks is probably a better solution to improve
availability, integrity, and confidentiality. Encrypting traffic so
that, even if it does go through a hostile network, it remains
confidential and the integrity is validated is also probably a better
solution than the proposed access reciprocity. With the number of
players involved, neither of these will be short term changes. But, over
time, we seem to be moving in that direction already.